Closed andrewsg closed 11 months ago
I'm not sure how this should be implemented.. Any object that is pickled would need to reconstruct the signer object to work, which requires the key's PEM file. Put another way, it seems to me that the the object needs to be recreated each time.
@arithmetic1728 @sai-sunder-s what do you think?
The base OAuth2.0 credential object does support pickling https://github.com/googleapis/google-auth-library-python/blob/main/google/oauth2/credentials.py#L156.
Maybe we could store a buffer of the key's bytes, and then recreate the signer that way?
@clundin25 yes I think we could store the key bytes and recreate the signer
Environment details
google-auth
version: 2.22.0Steps to reproduce
Install
cryptography
Run:
The object in question seems to be
credentials._signer
which is either a pickleable pure Python object ifcryptography
is not installed, or else an unpickleablegoogle.auth.crypt._cryptography_rsa.RSASigner
if it is. Specifically, the signer._key object is of typecryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
.This conversation on SO seems related: https://stackoverflow.com/questions/39321606/cant-pickle-an-rsa-key-to-send-over-a-socket
This is impacting the Storage SDK's multiprocessing capability: https://github.com/googleapis/python-storage/issues/1116 despite efforts to work around it.