FaunaDB unauthorized access from docker container. Works find in local terminal

I’m able to connect to faundb from the local terminal and all works fine. However, the same code, when put in a docker container, gives:

worker_1  | 11:29:21,372 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): pypi.org:443
worker_1  | 11:29:21,475 urllib3.connectionpool DEBUG https://pypi.org:443 "GET /pypi/faunadb/json HTTP/1.1" 200 6235
worker_1  | 11:29:21,481 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): db.fauna.com:443
worker_1  | 11:29:22,604 urllib3.connectionpool DEBUG https://db.fauna.com:443 "POST / HTTP/1.1" 401 65
worker_1  | Traceback (most recent call last):
worker_1  |   File "/usr/local/lib/python3.9/runpy.py", line 197, in _run_module_as_main
worker_1  |     return _run_code(code, main_globals, None,
worker_1  |   File "/usr/local/lib/python3.9/runpy.py", line 87, in _run_code
worker_1  |     exec(code, run_globals)
worker_1  |   File "/opt/trader/app/app.py", line 27, in <module>
worker_1  |     FaunaDB.login(token=settings.DB_MANAGER_PYTHON)
worker_1  |   File "/opt/trader/app/db/fauna_db.py", line 23, in login
worker_1  |     raise e
worker_1  |   File "/opt/trader/app/db/fauna_db.py", line 21, in login
worker_1  |     c.query(q.paginate(q.match(q.index("trade_log_index_by_name"))))
worker_1  |   File "/usr/local/lib/python3.9/site-packages/faunadb/client.py", line 292, in query
worker_1  |     return self._execute("POST", "", _wrap(expression), with_txn_time=True, query_timeout_ms=timeout_millis)
worker_1  |   File "/usr/local/lib/python3.9/site-packages/faunadb/client.py", line 388, in _execute
worker_1  |     FaunaError.raise_for_status_code(request_result)
worker_1  |   File "/usr/local/lib/python3.9/site-packages/faunadb/errors.py", line 30, in raise_for_status_code
worker_1  |     raise Unauthorized(request_result)
worker_1  | faunadb.errors.Unauthorized: ErrorData(code='unauthorized', description='Unauthorized', position=None, failures=None)

Can anyone guide me on how to fix this error?

Hi @abbazs and welcome!

Are you saying you put your python script in a docker container, or are you trying to access the Fauna Dev docker instance?

From the log output, it looks like you are using the Python driver. What versions of the Python driver, and Python itself, are installed in the Docker image?

The error message is a Fauna “unauthorized” error. Did you include a valid secret in your Docker image so that a client object can be created properly?

Fauna Driver version:

Metadata-Version: 2.1

Name: faunadb

Version: 4.1.1

Summary: FaunaDB Python driver 

python version : 3.9

Yes indeed a valid secret is added to the docker image via env.

Ironically the same setup works in herok, just wouldn’t work from locally run docker…

I’m not trying to access the Fauna Dev docker instance. Python script is definitely inside the container. In fact same docker file executed in heroku works fine.

1 Like

If the identical Docker image runs fine in Heroku, but not locally, there must be something different about your local environment that is causing a problem.

Do you, by chance, override host lookups for db.fauna.com, via a hosts file or local DNS server?

Are you going through a proxy of VPN that might be modifying HTTP headers?

I also noticed the use of urllib3 in the output you shared. The Python driver just uses urllib. I have no idea if that makes any difference in this case, but I’d be curious to know if it does.

I’m not overriding hosts. And I’ve set up the DB as a classic so db.fauna.com shall work fine. In fact, I also access dropbox API from the same container it works fine.

The network is not going through a proxy or VPN etc.

Sometimes it is like this only, for no reason things will not work :roll_eyes:

There is always a reason. :slight_smile: Whether we find that out depends on whether we give up before finding it.

Since you’ve demonstrated that a connection to Fauna has been made (because of the “unauthorized” response), it still seems most likely that the secret used in the query is either missing, or is invalid. The second most likely problem is that there is an ABAC role that is preventing the query from running.