Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit e8927b9

Browse filesBrowse files
fix(google-auth): remove deprecated rsa dependency (#16020)
Coping over googleapis/google-auth-library-python#1930 to the new repo This PR removes `rsa` as a required dependency, now that it has been replaced with `cryptography` (with warnings issued) This change has been released as [the 2.49.0.dev0 pre-release](https://pypi.org/project/google-auth/2.49.0.dev0/) --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
1 parent ea8ddeb commit e8927b9
Copy full SHA for e8927b9

6 files changed

+45-16Lines changed: 45 additions & 16 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎packages/google-auth/google/auth/crypt/rsa.py‎

Copy file name to clipboardExpand all lines: packages/google-auth/google/auth/crypt/rsa.py
+6-1Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@
2424

2525
from google.auth import _helpers
2626
from google.auth.crypt import _cryptography_rsa
27-
from google.auth.crypt import _python_rsa
2827
from google.auth.crypt import base
2928

3029
RSA_KEY_MODULE_PREFIX = "rsa.key"
@@ -37,6 +36,7 @@ class RSAVerifier(base.Verifier):
3736
public_key (Union["rsa.key.PublicKey", cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey]):
3837
The public key used to verify signatures.
3938
Raises:
39+
ImportError: if called with an rsa.key.PublicKey, when the rsa library is not installed
4040
ValueError: if an unrecognized public key is provided
4141
"""
4242

@@ -45,6 +45,8 @@ def __init__(self, public_key):
4545
if isinstance(public_key, RSAPublicKey):
4646
impl_lib = _cryptography_rsa
4747
elif module_str.startswith(RSA_KEY_MODULE_PREFIX):
48+
from google.auth.crypt import _python_rsa
49+
4850
impl_lib = _python_rsa
4951
else:
5052
raise ValueError(f"unrecognized public key type: {type(public_key)}")
@@ -85,6 +87,7 @@ class RSASigner(base.Signer, base.FromServiceAccountMixin):
8587
public key or certificate.
8688
8789
Raises:
90+
ImportError: if called with an rsa.key.PrivateKey, when the rsa library is not installed
8891
ValueError: if an unrecognized public key is provided
8992
"""
9093

@@ -93,6 +96,8 @@ def __init__(self, private_key, key_id=None):
9396
if isinstance(private_key, RSAPrivateKey):
9497
impl_lib = _cryptography_rsa
9598
elif module_str.startswith(RSA_KEY_MODULE_PREFIX):
99+
from google.auth.crypt import _python_rsa
100+
96101
impl_lib = _python_rsa
97102
else:
98103
raise ValueError(f"unrecognized private key type: {type(private_key)}")
Collapse file

‎packages/google-auth/noxfile.py‎

Copy file name to clipboardExpand all lines: packages/google-auth/noxfile.py
+17-4Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141
"3.13",
4242
"3.14",
4343
]
44-
ALL_PYTHON = UNIT_TEST_PYTHON_VERSIONS
44+
ALL_PYTHON = UNIT_TEST_PYTHON_VERSIONS.copy()
4545
ALL_PYTHON.extend(["3.7"])
4646

4747
# Error if a python version is missing
@@ -100,7 +100,7 @@ def blacken(session):
100100
@nox.session(python=DEFAULT_PYTHON_VERSION)
101101
def mypy(session):
102102
"""Verify type hints are mypy compatible."""
103-
session.install("-e", ".[aiohttp]")
103+
session.install("-e", ".[aiohttp,rsa]")
104104
session.install(
105105
"mypy",
106106
"types-certifi",
@@ -115,16 +115,29 @@ def mypy(session):
115115

116116

117117
@nox.session(python=ALL_PYTHON)
118-
def unit(session):
118+
@nox.parametrize(["install_deprecated_extras"], (True, False))
119+
def unit(session, install_deprecated_extras):
119120
# Install all test dependencies, then install this package in-place.
120121

121122
if session.python in ("3.7",):
122123
session.skip("Python 3.7 is no longer supported")
124+
min_py, max_py = UNIT_TEST_PYTHON_VERSIONS[0], UNIT_TEST_PYTHON_VERSIONS[-1]
125+
if not install_deprecated_extras and session.python not in (min_py, max_py):
126+
# only run double tests on first and last supported versions
127+
session.skip(
128+
f"Extended tests only run on boundary Python versions ({min_py}, {max_py}) to reduce CI load."
129+
)
123130

124131
constraints_path = str(
125132
CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt"
126133
)
127-
session.install("-e", ".[testing]", "-c", constraints_path)
134+
extras_str = "testing"
135+
if install_deprecated_extras:
136+
# rsa and oauth2client were both archived and support dropped,
137+
# but we still test old code paths
138+
session.install("oauth2client")
139+
extras_str += ",rsa"
140+
session.install("-e", f".[{extras_str}]", "-c", constraints_path)
128141
session.run(
129142
"pytest",
130143
f"--junitxml=unit_{session.python}_sponge_log.xml",
Collapse file

‎packages/google-auth/setup.py‎

Copy file name to clipboardExpand all lines: packages/google-auth/setup.py
+3-5Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,6 @@
2525
DEPENDENCIES = (
2626
"pyasn1-modules>=0.2.1",
2727
cryptography_base_require,
28-
# TODO: remove rsa from dependencies in next release (replaced with cryptography)i
29-
# https://github.com/googleapis/google-auth-library-python/issues/1810
30-
"rsa>=3.1.4,<5",
3128
)
3229

3330
requests_extra_require = ["requests >= 2.20.0, < 3.0.0"]
@@ -46,14 +43,14 @@
4643
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1739): Add bounds for urllib3 and packaging dependencies.
4744
urllib3_extra_require = ["urllib3", "packaging"]
4845

46+
rsa_extra_require = ["rsa>=3.1.4,<5"]
47+
4948
# Unit test requirements.
5049
testing_extra_require = [
5150
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1735): Remove `grpcio` from testing requirements once an extra is added for `grpcio` dependency.
5251
"grpcio",
5352
"flask",
5453
"freezegun",
55-
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1736): Remove `oauth2client` from testing requirements once an extra is added for `oauth2client` dependency.
56-
"oauth2client",
5754
*pyjwt_extra_require,
5855
"pytest",
5956
"pytest-cov",
@@ -86,6 +83,7 @@
8683
"requests": requests_extra_require,
8784
"testing": testing_extra_require,
8885
"urllib3": urllib3_extra_require,
86+
"rsa": rsa_extra_require,
8987
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1735): Add an extra for `grpcio` dependency.
9088
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1736): Add an extra for `oauth2client` dependency.
9189
}
Collapse file

‎packages/google-auth/testing/constraints-3.8.txt‎

Copy file name to clipboardExpand all lines: packages/google-auth/testing/constraints-3.8.txt
-1Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@
77
# Then this file should have foo==1.14.0
88
pyasn1-modules==0.2.1
99
setuptools==40.3.0
10-
rsa==3.1.4
1110
cryptography==38.0.3
1211
aiohttp==3.6.2
1312
requests==2.20.0
Collapse file

‎packages/google-auth/tests/crypt/test__python_rsa.py‎

Copy file name to clipboardExpand all lines: packages/google-auth/tests/crypt/test__python_rsa.py
+5-1Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,11 @@
1919

2020
from pyasn1_modules import pem # type: ignore
2121
import pytest # type: ignore
22-
import rsa # type: ignore
22+
23+
try:
24+
import rsa
25+
except ImportError:
26+
pytest.skip("rsa module not available", allow_module_level=True)
2327

2428
from google.auth import _helpers
2529
from google.auth.crypt import _python_rsa
Collapse file

‎packages/google-auth/tests/crypt/test_rsa.py‎

Copy file name to clipboardExpand all lines: packages/google-auth/tests/crypt/test_rsa.py
+14-4Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,15 @@
1818
from cryptography.hazmat import backends
1919
from cryptography.hazmat.primitives import serialization
2020
import pytest
21-
import rsa as rsa_lib
21+
22+
try:
23+
import rsa as rsa_lib
24+
from google.auth.crypt import _python_rsa
25+
except ImportError:
26+
rsa_lib = None # type: ignore
27+
_pyrhon_rsa = None # type: ignore
2228

2329
from google.auth.crypt import _cryptography_rsa
24-
from google.auth.crypt import _python_rsa
2530
from google.auth.crypt import rsa
2631

2732

@@ -70,11 +75,13 @@ def test_init_with_cryptography_key(self, cryptography_public_key):
7075
assert isinstance(verifier._impl, _cryptography_rsa.RSAVerifier)
7176
assert verifier._impl._pubkey == cryptography_public_key
7277

78+
@pytest.mark.skipif(not rsa_lib, reason="rsa library not installed")
7379
def test_init_with_rsa_key(self, rsa_public_key):
7480
verifier = rsa.RSAVerifier(rsa_public_key)
7581
assert isinstance(verifier._impl, _python_rsa.RSAVerifier)
7682
assert verifier._impl._pubkey == rsa_public_key
7783

84+
@pytest.mark.skipif(not rsa_lib, reason="rsa library not installed")
7885
def test_warning_with_rsa(self, rsa_public_key):
7986
with pytest.warns(DeprecationWarning, match="The 'rsa' library is deprecated"):
8087
rsa.RSAVerifier(rsa_public_key)
@@ -114,12 +121,14 @@ def test_init_with_cryptography_key(self, cryptography_private_key):
114121
assert signer._impl._key == cryptography_private_key
115122
assert signer._impl.key_id == "123"
116123

124+
@pytest.mark.skipif(not rsa_lib, reason="rsa library not installed")
117125
def test_init_with_rsa_key(self, rsa_private_key):
118126
signer = rsa.RSASigner(rsa_private_key, key_id="123")
119127
assert isinstance(signer._impl, _python_rsa.RSASigner)
120128
assert signer._impl._key == rsa_private_key
121129
assert signer._impl.key_id == "123"
122130

131+
@pytest.mark.skipif(not rsa_lib, reason="rsa library not installed")
123132
def test_warning_with_rsa(self, rsa_private_key):
124133
with pytest.warns(DeprecationWarning, match="The 'rsa' library is deprecated"):
125134
rsa.RSASigner(rsa_private_key, key_id="123")
@@ -130,8 +139,8 @@ def test_init_with_unknown_key(self):
130139
with pytest.raises(ValueError):
131140
rsa.RSASigner(unknown_key)
132141

133-
def test_sign_delegates(self, rsa_private_key):
134-
signer = rsa.RSASigner(rsa_private_key)
142+
def test_sign_delegates(self, cryptography_private_key):
143+
signer = rsa.RSASigner(cryptography_private_key)
135144

136145
with mock.patch.object(
137146
signer._impl, "sign", return_value=b"signature"
@@ -164,6 +173,7 @@ def test_end_to_end_cryptography_lib(self, private_key_bytes, public_key_bytes):
164173
assert isinstance(verifier._impl, _cryptography_rsa.RSAVerifier)
165174
assert isinstance(signer._impl, _cryptography_rsa.RSASigner)
166175

176+
@pytest.mark.skipif(not rsa_lib, reason="rsa library not installed")
167177
def test_end_to_end_rsa_lib(self, rsa_private_key, rsa_public_key):
168178
signer = rsa.RSASigner(rsa_private_key)
169179
message = b"Hello World"

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.