kddejong
commented
1 year ago Are you working on a python based extension?
https://github.com/aws-cloudformation/cloudformation-cli-python-plugin/issues/253
Closed kurdekar closed 1 year ago
kddejong
commented
1 year ago Are you working on a python based extension?
https://github.com/aws-cloudformation/cloudformation-cli-python-plugin/issues/253
kddejong
commented
1 year ago You can force a version of cryptography<40.0.0 in your requirements.txt file
kurdekar
commented
1 year ago yes, I am using python based extension. Forcing a lower version in requirements.txt helped. The contract tests are working fine now. Thank you.
kddejong
commented
1 year ago I'm glad you are unblocked. @kurdekar when we release the newer version of the python plugin you won't have to pin anymore so this is a workaround.
colonmelvin
commented
1 year ago This also appears to impact CloudFormation Hooks. While I'm able to package them successfully with cfn submit --dry-run I find the same error from above when the hook is invoked. Adding cryptography<40.0.0 to requirements.txt resolved the issue.
cannot import name 'verify_interface' from 'cryptography.utils'
mrinaudo-aws
commented
1 year ago @kurdekar @colonmelvin on the current workaround (that @kddejong mentioned above): I saw this newly-merged PR that took a new course (unpinning the version for cryptography, and using a new version of the aws-encryption-sdk). I have mimicked the approach of that PR, and temporarily added aws-encryption-sdk==3.1.1 to one of my requirements.txt files in the interim to be able to run my tests without that error.
mrinaudo-aws
commented
1 year ago Hi @kurdekar @colonmelvin @kddejong - both the Python plugin and lib are now updated - you should be able to update them on your machines using pip, and have the following:
aws-encryption-sdk-3.1.1cloudformation-cli-python-lib-2.1.16cloudformation-cli-python-plugin-2.1.8You should be able to remove the additional line in the requirements.txt file, and try again without it - it worked for me. Let us know!
colonmelvin
commented
1 year ago Hi @kurdekar @colonmelvin @kddejong - both the Python plugin and lib are now updated - you should be able to update them on your machines using
pip, and have the following:
aws-encryption-sdk-3.1.1cloudformation-cli-python-lib-2.1.16cloudformation-cli-python-plugin-2.1.8You should be able to remove the additional line in the
requirements.txtfile, and try again without it - it worked for me. Let us know!
Awesome, thanks @mrinaudo-aws! Will give this a go once I'm back in the office next week.
mmaeng
commented
1 year ago The release should have resolved the dependency issue @colonmelvin ! Will close this issue out but please reopen if you are still blocked!
colonmelvin
commented
1 year ago The release should have resolved the dependency issue @colonmelvin ! Will close this issue out but please reopen if you are still blocked!
Just confirming all is working well now, I've removed the pinned version cryptography and was able to build/deploy hooks as expected. Thanks!
Contract tests are failing with below error:
[ERROR] Runtime.ImportModuleError: Unable to import module 'cfnregistryresource.handlers': cannot import name 'verify_interface' from 'cryptography.utils' (/var/task/cryptography/utils.py)^MTraceback (most recent call last):This was working fine until Thursday 23rd March. There are other CloudFormation custom resources that were created prior to this date are also working fine.
I do not see a 'verify_interface' function in the file ./build/cryptography/utils.py for this resource. However, other resources created before yesterday have this function available in utils.py
All new builds since Friday are failing. I have setup a new build environment and also tried the workaround here: https://github.com/SecurityInnovation/PGPy/issues/402.