ansible-test - Remove special cryptography install (#82008)

Python 3.10 is the minimum version on the controller, and it requires openssl 1.1.1 or later. As a result, there's no need to check the openssl version any longer.
1 year ago · 37cee8bdfc
parent 74f6e6a134
commit 37cee8bdfc
4 changed files with 2 additions and 95 deletions
--- a/changelogs/fragments/ansible-test-cryptography.yml
+++ b/changelogs/fragments/ansible-test-cryptography.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - ansible-test - Special handling for installation of ``cryptography`` has been removed, as it is no longer necessary.
--- a/test/lib/ansible_test/_internal/commands/sanity/init.py
+++ b/test/lib/ansible_test/_internal/commands/sanity/init.py
@ -1119,7 +1119,6 @@ def create_sanity_virtualenv(
        controller=True,
        command=None,
        ansible=False,
-        cryptography=False,
        coverage=coverage,
        minimize=minimize,
        sanity=name,
--- a/test/lib/ansible_test/_internal/python_requirements.py
+++ b/test/lib/ansible_test/_internal/python_requirements.py
@ -19,12 +19,9 @@ from .io import (
 from .util import (
    ANSIBLE_TEST_DATA_ROOT,
    ANSIBLE_TEST_TARGET_ROOT,
-    ANSIBLE_TEST_TOOLS_ROOT,
    ApplicationError,
    SubprocessError,
    display,
-    raw_command,
-    version_to_str,
 )

 from .util_common import (
@ -138,8 +135,6 @@ def install_requirements(
    if command and isinstance(args, (UnitsConfig, IntegrationConfig)) and args.coverage:
        coverage = True

-    cryptography = False
-
    if ansible:
        try:
            ansible_cache = install_requirements.ansible_cache  # type: ignore[attr-defined]
@ -153,16 +148,10 @@ def install_requirements(
        else:
            ansible_cache[python.path] = True

-            # Install the latest cryptography version that the current requirements can support if it is not already available.
-            # This avoids downgrading cryptography when OS packages provide a newer version than we are able to install using pip.
-            # If not installed here, later install commands may try to install a version of cryptography which cannot be installed.
-            cryptography = not is_cryptography_available(python.path)
-
    commands = collect_requirements(
        python=python,
        controller=controller,
        ansible=ansible,
-        cryptography=cryptography,
        command=args.command if command else None,
        coverage=coverage,
        minimize=False,
@ -197,7 +186,6 @@ def collect_requirements(
    python: PythonConfig,
    controller: bool,
    ansible: bool,
-    cryptography: bool,
    coverage: bool,
    minimize: bool,
    command: t.Optional[str],
@ -209,9 +197,6 @@ def collect_requirements(
    if coverage:
        commands.extend(collect_package_install(packages=[f'coverage=={get_coverage_version(python.version).coverage_version}'], constraints=False))

-    if cryptography:
-        commands.extend(collect_package_install(packages=get_cryptography_requirements(python)))
-
    if ansible or command:
        commands.extend(collect_general_install(command, ansible))

@ -486,60 +471,3 @@ def prepare_pip_script(commands: list[PipCommand]) -> str:
 def usable_pip_file(path: t.Optional[str]) -> bool:
    """Return True if the specified pip file is usable, otherwise False."""
    return bool(path) and os.path.exists(path) and bool(os.path.getsize(path))
-
-
-# Cryptography
-
-
-def is_cryptography_available(python: str) -> bool:
-    """Return True if cryptography is available for the given python."""
-    try:
-        raw_command([python, '-c', 'import cryptography'], capture=True)
-    except SubprocessError:
-        return False
-
-    return True
-
-
-def get_cryptography_requirements(python: PythonConfig) -> list[str]:
-    """
-    Return the correct cryptography and pyopenssl requirements for the given python version.
-    The version of cryptography installed depends on the python version and openssl version.
-    """
-    openssl_version = get_openssl_version(python)
-
-    if openssl_version and openssl_version < (1, 1, 0):
-        # cryptography 3.2 requires openssl 1.1.x or later
-        # see https://cryptography.io/en/latest/changelog.html#v3-2
-        cryptography = 'cryptography < 3.2'
-        # pyopenssl 20.0.0 requires cryptography 3.2 or later
-        pyopenssl = 'pyopenssl < 20.0.0'
-    else:
-        # cryptography 3.4+ builds require a working rust toolchain
-        # systems bootstrapped using ansible-core-ci can access additional wheels through the spare-tire package index
-        cryptography = 'cryptography'
-        # any future installation of pyopenssl is free to use any compatible version of cryptography
-        pyopenssl = ''
-
-    requirements = [
-        cryptography,
-        pyopenssl,
-    ]
-
-    requirements = [requirement for requirement in requirements if requirement]
-
-    return requirements
-
-
-def get_openssl_version(python: PythonConfig) -> t.Optional[tuple[int, ...]]:
-    """Return the openssl version."""
-    version = json.loads(raw_command([python.path, os.path.join(ANSIBLE_TEST_TOOLS_ROOT, 'sslcheck.py')], capture=True)[0])['version']
-
-    if version:
-        display.info(f'Detected OpenSSL version {version_to_str(version)} under Python {python.version}.', verbosity=1)
-
-        return tuple(version)
-
-    display.info('Unable to detect OpenSSL version.', verbosity=1)
-
-    return None
--- a/test/lib/ansible_test/_util/controller/tools/sslcheck.py
+++ b/test/lib/ansible_test/_util/controller/tools/sslcheck.py
@ -1,22 +0,0 @@
-"""Show openssl version."""
-from __future__ import annotations
-
-import json
-
-# noinspection PyBroadException
-try:
-    from ssl import OPENSSL_VERSION_INFO
-    VERSION = list(OPENSSL_VERSION_INFO[:3])
-except Exception:  # pylint: disable=broad-except
-    VERSION = None
-
-
-def main():
-    """Main program entry point."""
-    print(json.dumps(dict(
-        version=VERSION,
-    )))
-
-
-if __name__ == '__main__':
-    main()