pyOpenSSL version of 24.3.0 breaks PyDrive

[metjush]

Edited by @shcheklein : Action item: unpin pyOpenSSL after migration is done. See the comment below #361 (comment)

---

Hey, after pip installed a new version of pyOpenSSL overnight (24.3.0), all my pipelines that contain pydrive started to fail with the following error:

  File "/usr/local/lib/python3.9/dist-packages/pydrive2/apiattr.py", line 166, in GetList
    for x in self:
  File "/usr/local/lib/python3.9/dist-packages/pydrive2/apiattr.py", line 150, in __next__
    result = self._GetList()
  File "/usr/local/lib/python3.9/dist-packages/pydrive2/auth.py", line 85, in _decorated
    return decoratee(self, *args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/pydrive2/files.py", line 84, in _GetList
    self.auth.service.files()
  File "/usr/local/lib/python3.9/dist-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/googleapiclient/http.py", line 923, in execute
    resp, content = _retry_request(
  File "/usr/local/lib/python3.9/dist-packages/googleapiclient/http.py", line 191, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/transport.py", line 159, in new_request
    credentials._refresh(orig_request_method)
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/client.py", line 749, in _refresh
    self._do_refresh_request(http)
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/client.py", line 774, in _do_refresh_request
    body = self._generate_refresh_request_body()
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/client.py", line 1484, in _generate_refresh_request_body
    assertion = self._generate_assertion()
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/service_account.py", line 384, in _generate_assertion
    return crypt.make_signed_jwt(self._signer, payload,
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/crypt.py", line 97, in make_signed_jwt
    signature = signer.sign(signing_input)
  File "/usr/local/lib/python3.9/dist-packages/oauth2client/_openssl_crypt.py", line 97, in sign
    return crypto.sign(self._key, message, 'sha256')
  File "/usr/local/lib/python3.9/dist-packages/cryptography/utils.py", line 68, in __getattr__
    obj = getattr(self._module, attr)
AttributeError: module 'OpenSSL.crypto' has no attribute 'sign'

the day before I still had pyOpenSSL version of 24.2.1, which worked. Forcing pyopenssl==24.2.1 in my requirements.txt file fixes the issue for now, but pydrive2 should be updated to reflect changes in pyOpenSSL

[shcheklein]

Thanks for the report @metjush . I've pinned the dependency here #362 for now. As I mentioned in the PR:

We need to migrate out of https://github.com/googleapis/oauth2client that is long time deprecated and is causing all these issues. Most likely there were already draft PRs for this. If someone from the community can help with that - it would be amazing.

Here is the ticket for that #89

[skshetry]

#362 started breaking CI for dvc.

This is because uv is trying to install the latest version of cryptography, but it cannot find a compatible version of pyopenssl for the latest cryptography release, and backtracks to the older version.

I am not sure what the right fix should be, because it is coming from the combination of how uv's resolver works, and how pyopenssl sets requirement for cryptography.