google-auth-library-python
google-auth-library-python copied to clipboard
googleapis
feat: setup.py: remove rsa requirement
The rsa library is slower and not as well-maintained as the cryptography library. Now that we require the cryptography library, drop the hard requirement on the rsa library.
Fixes: #941
I think simply removing the rsa dependency will break the library since it is still in use: https://github.com/googleapis/google-auth-library-python/blob/main/google/auth/crypt/_python_rsa.py#L28
Please see https://github.com/googleapis/google-auth-library-python/issues/646 , the code does not use python-rsa if python-cryptography is installed.
This is still relevant because pip install google-auth still pulls in the old rsa library.
As I look at rebasing this today, I can remove the entry from setup.py, but it's now present in .kokoro/requirements.txt too. How do I make the change to that file?
🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!
-- conventional-commit-lint bot https://conventionalcommits.org/
![conventional-commit-lint-gcf[bot] avatar](https://avatars.githubusercontent.com/in/37172?v=4 "Published by a pub.dev verified publisher"){kind=small}
I researched kokoro to understand how to remove rsa from .kokoro/requirements.txt.
google-auth requires rsa, so we need to remove rsa from setup.py, then push a new release:
google-auth
└rsa
The complicating factor is that .kokoro/requirements.in lists two modules that are not in setup.py: (gcp-docuploader and gcp-releasetool). These entries cause pip-compile to fetch google-auth=2.28.0 from PyPI. Because 2.28.0 still requires rsa, pip-compile still puts rsa into requirements.txt.
I think the solution here is to release a new google-auth version with this PR, then re-run pip-compile, and we should see the entry disappear from .kokoro/requirements.txt.