Skip to content

Refactor: Remove rsa and make cryptography a core dependency #1771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Refactor: Remove rsa and make cryptography a core dependency #1771

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
370bc35
Refactor: Remove rsa and make cryptography a core dependency
google-labs-jules[bot] May 23, 2025
1d665b3
update secret
sai-sunder-s May 23, 2025
c6ad0e6
fix doc issue
sai-sunder-s May 24, 2025
2c461ce
fix es256 sphix error
sai-sunder-s May 27, 2025
6170a48
lint
sai-sunder-s May 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions docs/conf.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,47 @@
# texinfo_no_detailmenu = False


# -- Options for autodoc --------------------------------------------------


def autodoc_skip_member_handler(app, what, name, obj, skip, options):
"""
Skips members from internal modules (like _cryptography_rsa or base)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please could you file a bug for issue that requires this docs workaround, even if it will be closed with the changes in this PR. Add a link to the issue in this comment.

if they are publicly exposed via a higher-level package (like google.auth.crypt),
to avoid duplicate documentation entries and ambiguous cross-references.
"""
# Handle RSASigner and RSAVerifier from _cryptography_rsa
if name in ("RSASigner", "RSAVerifier") and hasattr(obj, "__module__"):
if obj.__module__ == "google.auth.crypt._cryptography_rsa":
# Check if it's also available via the public google.auth.crypt path
try:
import google.auth.crypt

public_obj = getattr(google.auth.crypt, name, None)
if public_obj is obj:
return True # Skip this internal one
except ImportError:
pass # Should not happen if the library is installed
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is not expected to happen, can we just let the error bubble up?


# Handle Signer and Verifier from base
elif name in ("Signer", "Verifier") and hasattr(obj, "__module__"):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code under this block is similar to the above if statement. Is it possible to refactor it?

if obj.__module__ == "google.auth.crypt.base":
# Check if it's also available via the public google.auth.crypt path
try:
import google.auth.crypt

public_obj = getattr(google.auth.crypt, name, None)
if public_obj is obj:
return True # Skip this internal one
except ImportError:
pass # Should not happen if the library is installed
return None # Default behavior (don't skip)


def setup(app):
app.connect("autodoc-skip-member", autodoc_skip_member_handler)


# Example configuration for intersphinx: refer to the Python standard library.
intersphinx_mapping = {
"python": ("https://docs.python.org/3.5", None),
Expand Down
175 changes: 0 additions & 175 deletions google/auth/crypt/_python_rsa.py
View file
Open in desktop

This file was deleted.

16 changes: 3 additions & 13 deletions google/auth/crypt/rsa.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,7 @@

"""RSA cryptography signer and verifier."""

from google.auth.crypt import _cryptography_rsa

try:
# Prefer cryptograph-based RSA implementation.
from google.auth.crypt import _cryptography_rsa

RSASigner = _cryptography_rsa.RSASigner
RSAVerifier = _cryptography_rsa.RSAVerifier
except ImportError: # pragma: NO COVER
# Fallback to pure-python RSA implementation if cryptography is
# unavailable.
from google.auth.crypt import _python_rsa

RSASigner = _python_rsa.RSASigner # type: ignore
RSAVerifier = _python_rsa.RSAVerifier # type: ignore
RSASigner = _cryptography_rsa.RSASigner
RSAVerifier = _cryptography_rsa.RSAVerifier
14 changes: 4 additions & 10 deletions setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,28 +24,22 @@
"pyasn1-modules>=0.2.1",
# rsa==4.5 is the last version to support 2.7
# https://github.com/sybrenstuvel/python-rsa/issues/152#issuecomment-643470233
Comment on lines 25 to 26
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# rsa==4.5 is the last version to support 2.7
# https://github.com/sybrenstuvel/python-rsa/issues/152#issuecomment-643470233

"rsa>=3.1.4,<5",
)

# TODO(https://github.com/googleapis/google-auth-library-python/issues/1737): Unit test fails with
# `No module named 'cryptography.hazmat.backends.openssl.x509' for Python 3.7``.
cryptography_base_require = [
"cryptography >= 38.0.3",
"cryptography < 39.0.0; python_version < '3.8'",
]
)

requests_extra_require = ["requests >= 2.20.0, < 3.0.0"]

aiohttp_extra_require = ["aiohttp >= 3.6.2, < 4.0.0", *requests_extra_require]

pyjwt_extra_require = ["pyjwt>=2.0", *cryptography_base_require]
pyjwt_extra_require = ["pyjwt>=2.0"]

reauth_extra_require = ["pyu2f>=0.1.5"]

# TODO(https://github.com/googleapis/google-auth-library-python/issues/1738): Add bounds for cryptography and pyopenssl dependencies.
enterprise_cert_extra_require = ["cryptography", "pyopenssl"]
enterprise_cert_extra_require = ["pyopenssl"]

pyopenssl_extra_require = ["pyopenssl>=20.0.0", cryptography_base_require]
pyopenssl_extra_require = ["pyopenssl>=20.0.0"]

# TODO(https://github.com/googleapis/google-auth-library-python/issues/1739): Add bounds for urllib3 and packaging dependencies.
urllib3_extra_require = ["urllib3", "packaging"]
Expand Down
Binary file modified system_tests/secrets.tar.enc
View file
Open in desktop
Binary file not shown.
Loading