-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NoPermissionError when using AWS ElastiCache #396
Comments
@carltongibson, how do you feel about updating the exception message to hint that maybe a prefix is required? |
@bigfootjon That might be OK. (I'd be sceptical of adding anything too vendor specific, but an appropriate message here my be generally helpful.) |
@carltongibson I think the error would happen with any vendor's Redis service if the ACL didn't give you permission. |
@epicserve how do you feel about submitting a PR that updates the error message to mention common things to check to fix things? (i.e. "make sure you have prefix set correctly..." type things) |
@bigfootjon, I'm fine submitting a PR, but I'm wondering if you could point me in the right direction on how you would write a test that fails this way and assert that the exception message is correct. That seems like the hard part. Do you guys mock Redis or run Redis in docker for tests? If you run Redis in docker, you would have to figure out how change the ACL for a user temporality for the test to fail the way you want. |
@epicserve — I think in that case I would mock it out, just to always error. We're checking only that our code responds correctly, and overriding redis configs for a single seems... erm... delicate 😅 |
When trying to deploy Django Channels for the first time in production, I got the Redis
NoPermissionError
exception when using thegroup_send()
function.Example code that would produce the error:
The Traceback from the Exception:
I spent a long time debugging this and trying to figure out why it was failing because there wasn't anything I could find in the docs or searching the internet, and using ChatGPT wasn't helping much. It wasn't until I used the
redis-cli
in production and tried running theACL GETUSER <username>
command, which returned an error that then led me to discover that the user I was using only had the access stringon ~app-test/* +@all -@dangerous +keys +info
set. Looking at the docs, it says that the default prefix it uses isasgi
, which explains why I was getting the error. When I added the prefix toRedisChannelLayer()
(e.g.,channel_layer = RedisChannelLayer(hosts=[{"address": redis_url, "db": 0, "ssl_cert_reqs": None}], prefix="app-test/")
), thegroup_send()
function worked. So I then updated the Django settings with the following:Is there an explanation that could be added to the docs to make this easier to troubleshoot, or could a
try/except
be added in the code so that when it raises the exception, it gives a letter a better hint of what is going on? Maybe it could include the key it was trying to write to in the exception and suggest looking at the ACL for the Redis user.The text was updated successfully, but these errors were encountered: