ansible-test - Remove special cryptography install (#82008)

Python 3.10 is the minimum version on the controller, and it requires openssl 1.1.1 or later. As a result, there's no need to check the openssl version any longer.
1 year ago · 37cee8bdfc
parent 74f6e6a134
commit 37cee8bdfc
4 changed files with 2 additions and 95 deletions
--- a/changelogs/fragments/ansible-test-cryptography.yml
+++ b/changelogs/fragments/ansible-test-cryptography.yml
@ -0,0 +1,2 @@
 minor_changes:
  - ansible-test - Special handling for installation of ``cryptography`` has been removed, as it is no longer necessary.
--- a/test/lib/ansible_test/_internal/commands/sanity/init.py
+++ b/test/lib/ansible_test/_internal/commands/sanity/init.py
@ -1119,7 +1119,6 @@ def create_sanity_virtualenv(
        controller=True,
        command=None,
        ansible=False,
        cryptography=False,
        coverage=coverage,
        minimize=minimize,
        sanity=name,
--- a/test/lib/ansible_test/_internal/python_requirements.py
+++ b/test/lib/ansible_test/_internal/python_requirements.py
@ -19,12 +19,9 @@ from .io import (
 from .util import (
    ANSIBLE_TEST_DATA_ROOT,
    ANSIBLE_TEST_TARGET_ROOT,
    ANSIBLE_TEST_TOOLS_ROOT,
    ApplicationError,
    SubprocessError,
    display,
    raw_command,
    version_to_str,
 )
 from .util_common import (
@ -138,8 +135,6 @@ def install_requirements(
    if command and isinstance(args, (UnitsConfig, IntegrationConfig)) and args.coverage:
        coverage = True
    cryptography = False
    if ansible:
        try:
            ansible_cache = install_requirements.ansible_cache  # type: ignore[attr-defined]
@ -153,16 +148,10 @@ def install_requirements(
        else:
            ansible_cache[python.path] = True
            # Install the latest cryptography version that the current requirements can support if it is not already available.
            # This avoids downgrading cryptography when OS packages provide a newer version than we are able to install using pip.
            # If not installed here, later install commands may try to install a version of cryptography which cannot be installed.
            cryptography = not is_cryptography_available(python.path)
    commands = collect_requirements(
        python=python,
        controller=controller,
        ansible=ansible,
        cryptography=cryptography,
        command=args.command if command else None,
        coverage=coverage,
        minimize=False,
@ -197,7 +186,6 @@ def collect_requirements(
    python: PythonConfig,
    controller: bool,
    ansible: bool,
    cryptography: bool,
    coverage: bool,
    minimize: bool,
    command: t.Optional[str],
@ -209,9 +197,6 @@ def collect_requirements(
    if coverage:
        commands.extend(collect_package_install(packages=[f'coverage=={get_coverage_version(python.version).coverage_version}'], constraints=False))
    if cryptography:
        commands.extend(collect_package_install(packages=get_cryptography_requirements(python)))
    if ansible or command:
        commands.extend(collect_general_install(command, ansible))
@ -486,60 +471,3 @@ def prepare_pip_script(commands: list[PipCommand]) -> str:
 def usable_pip_file(path: t.Optional[str]) -> bool:
    """Return True if the specified pip file is usable, otherwise False."""
    return bool(path) and os.path.exists(path) and bool(os.path.getsize(path))
 # Cryptography
 def is_cryptography_available(python: str) -> bool:
    """Return True if cryptography is available for the given python."""
    try:
        raw_command([python, '-c', 'import cryptography'], capture=True)
    except SubprocessError:
        return False
    return True
 def get_cryptography_requirements(python: PythonConfig) -> list[str]:
    """
    Return the correct cryptography and pyopenssl requirements for the given python version.
    The version of cryptography installed depends on the python version and openssl version.
    """
    openssl_version = get_openssl_version(python)
    if openssl_version and openssl_version < (1, 1, 0):
        # cryptography 3.2 requires openssl 1.1.x or later
        # see https://cryptography.io/en/latest/changelog.html#v3-2
        cryptography = 'cryptography < 3.2'
        # pyopenssl 20.0.0 requires cryptography 3.2 or later
        pyopenssl = 'pyopenssl < 20.0.0'
    else:
        # cryptography 3.4+ builds require a working rust toolchain
        # systems bootstrapped using ansible-core-ci can access additional wheels through the spare-tire package index
        cryptography = 'cryptography'
        # any future installation of pyopenssl is free to use any compatible version of cryptography
        pyopenssl = ''
    requirements = [
        cryptography,
        pyopenssl,
    ]
    requirements = [requirement for requirement in requirements if requirement]
    return requirements
 def get_openssl_version(python: PythonConfig) -> t.Optional[tuple[int, ...]]:
    """Return the openssl version."""
    version = json.loads(raw_command([python.path, os.path.join(ANSIBLE_TEST_TOOLS_ROOT, 'sslcheck.py')], capture=True)[0])['version']
    if version:
        display.info(f'Detected OpenSSL version {version_to_str(version)} under Python {python.version}.', verbosity=1)
        return tuple(version)
    display.info('Unable to detect OpenSSL version.', verbosity=1)
    return None
--- a/test/lib/ansible_test/_util/controller/tools/sslcheck.py
+++ b/test/lib/ansible_test/_util/controller/tools/sslcheck.py
@ -1,22 +0,0 @@
 """Show openssl version."""
 from __future__ import annotations
 import json
 # noinspection PyBroadException
 try:
    from ssl import OPENSSL_VERSION_INFO
    VERSION = list(OPENSSL_VERSION_INFO[:3])
 except Exception:  # pylint: disable=broad-except
    VERSION = None
 def main():
    """Main program entry point."""
    print(json.dumps(dict(
        version=VERSION,
    )))
 if __name__ == '__main__':
    main()
		`@ -0,0 +1,2 @@`
							`minor_changes:`
							- ansible-test - Special handling for installation of ``cryptography`` has been removed, as it is no longer necessary.