Closed arkrud closed 11 months ago
mvanholsteijn
commented
1 year ago Hi @arkrud, thank you for opening an issue. Which version are you using? Versions >= 2.0.0 of the provider are built for the Python3.9 runtime.
Please reopen if the problem persists.
arkrud
commented
1 year ago I tried it with version 2.0.1 and Python3.9 and get same error: Received response status [FAILED] from custom resource. Message returned: ModuleNotFoundError: No module named '_cffi_backend' (RequestId: 3bda91a4-ffdd-418b-a2a4-8769a04c6fe3)
arkrud
commented
1 year ago Hi Mark,
I tried with 2.0.1 and 39 but it failed again with same error.
I commented on the issue in Git, but I cannot reopen it.
Sincerely,
Arkadiy Rudin
From: Mark van Holsteijn @.> Sent: Thursday, June 22, 2023 2:15 PM To: binxio/cfn-secret-provider @.> Cc: arkrud @.>; Mention @.> Subject: Re: [binxio/cfn-secret-provider] When trying to use Python 3.9 runtime as being new corporate requirement due to 3.8 vulnerabilities getting cff errors. (Issue #60)
Hi @arkrud https://github.com/arkrud , thank you for opening an issue. Which version are you using? Versions >= 2.0.0 of the provider are built for the Python3.9 runtime.
Please reopen if the problem persists.
— Reply to this email directly, view it on GitHub https://github.com/binxio/cfn-secret-provider/issues/60#issuecomment-1603112149 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ABIXUA3NUT72VQKCLMVPIMDXMSDRVANCNFSM6AAAAAAZPQZTIQ . You are receiving this because you were mentioned. https://github.com/notifications/beacon/ABIXUAYWGTN7ZN2DQILMA7LXMSDRVA5CNFSM6AAAAAAZPQZTISWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTS7RWGNK.gif Message ID: @. @.> >
mvanholsteijn
commented
1 year ago Hi @arkud,
Which region are you deploying from? I can reproduce this exact error only when I explicitly remove the file _cffi_backend.cpython-39-x86_64-linux-gnu.so from the zip file.
$ aws s3 cp s3://binxio-public-eu-west-1/lambdas/cfn-secret-provider-2.0.1.zip /tmp
$ mkdir /tmp/content && cd /tmp/content
$ unzip ../cfn-secret-provider-2.0.1.zip
$ cat > cfn_rsakey_provider.py <<!
if __name__ == "__main__":
key = rsa.generate_private_key(
backend=crypto_default_backend(),
public_exponent=65537,
key_size=2048
)
!
$ docker run -v $HOME/.aws:/root/.aws \
-v $PWD:/task -w /task --platform linux/amd64 \
--entrypoint python3 \
python:3.9 cfn_rsakey_provider.py
$ mv _cffi_backend.cpython-39-x86_64-linux-gnu.so{,-}
$ docker run -v $HOME/.aws:/root/.aws \
-v $PWD:/task -w /task --platform linux/amd64 \
--entrypoint python3 \
python:3.9 cfn_rsakey_provider.py
Traceback (most recent call last):
File "/task/cfn_rsakey_provider.py", line 208, in <module>
backend=crypto_default_backend(),
File "/task/cryptography/hazmat/backends/__init__.py", line 8, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File "/task/cryptography/hazmat/backends/openssl/__init__.py", line 6, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File "/task/cryptography/hazmat/backends/openssl/backend.py", line 63, in <module>
from cryptography.hazmat.bindings.openssl import binding
File "/task/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ModuleNotFoundError: No module named '_cffi_backend'
Hi,
I see error in us-east-1
Ark
arkrud
commented
1 year ago I noticed that I changed the reference to zip release v2.0.1 only in one place in CF temple. When I updated it in both locations it is working now. So you can close the issue.
Thank You,
Arkadiy
While creating Private Key in CloudFormation Received response status [FAILED] from custom resource. Message returned: ModuleNotFoundError: No module named '_cffi_backend' (RequestId: 3860dfd8-3261-4bbc-a634-73a89c468287)