Cloud Composer in Google - Resolving - DPY-3001: Native Network Encryption and Data Integrity is only supported in python-oracledb thick mode

Question

Cloud Composer in Google - Resolving - DPY-3001: Native Network Encryption and Data Integrity is only supported in python-oracledb thick mode

32bit opened this issue 7 months ago · 1 comments

I am using python-oracledb version 3.0.0

We are attempting to use python-oracledb's thick driver to connect to Oracle databases from within Google Cloud Composer. Composer runs Apache Airflow on a managed GKE cluster. The documentation implies that the thick driver should be usable in this scenario, but we have encountered significant issues that prevent its successful implementation.

Observed Behavior:

Shared Library Loading Failure: The GKE containers within Composer fail to load the Oracle client's shared libraries. Attempts to configure LD_LIBRARY_PATH or include the Oracle client in the DAG storage (Cloud Storage) have been unsuccessful.
Airflow Connection Initialization Failure: Configuring the thick driver through Airflow connections results in a failure during Oracle client initialization. This is likely due to the shared library loading problem.
Inability to use a custom image: Google Cloud Composer does not allow users to directly modify the underlying container image to pre-install the Oracle client. This prevents us from creating a custom image that includes the necessary libraries.
Google Support: Google support was unable to provide a solution for direct Oracle connections within Composer.

This request is to provide support to implement the NNE in driver in Thin mode, I believe other thin drivers including jdbc oracle etc supports this already.

Answer 1 · 2025-03-28T21:29:06.000Z

I appreciate you sharing the business case. We are still trying to convince management to allow us to support NNE so your request is useful for our argument. I was most recently discussing this a few days ago. The difference between JDBC and python-oracledb is that python-oracledb code is open source.

Overall, the Oracle DB security team would prefer users move to TLS. They have these resources:

https://docs.oracle.com/en/database/oracle/oracle-database/23/dbseg/configuring-transport-layer-security-encryption.html

https://livelabs.oracle.com/pls/apex/f?p=133:100:112306450264738::::SEARCH:TLS

https://www.youtube.com/watch?v=MvGcGQspg2A

I'll close this issue but will continue to have NNE on the wish-list.

Also see #94