gcloud-python can't import OpenSSL in App Engine (since it can't be vendored in)

[ghost]

I noticed the depending crypto module was changed since commit 948cccf. The project was deployed with GAE release 1.9.32 and gcloud-python 0.9.0.

Here are some context info according to your recent comments:

1. How do you vendor in gcloud-python for App Engine?
   As described in GAE documentation: https://cloud.google.com/appengine/docs/python/tools/libraries27#vendoring

2. Which services / gcloud-python subpackages do you use? (I'm curious which imports / import paths your code has been using.)
   I am generating signed url for an object in Google Cloud Storage. Here's the partial stacktrace:

   Traceback (most recent call last):
   ---- omitted for simple trace) ----
   from ext import cloudstorage as storage
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/ext/cloudstorage.py", line 8, in
   from gcloud import (
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/gcloud/storage/init.py", line 43, in
   from gcloud.storage.blob import Blob
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/gcloud/storage/blob.py", line 28, in
   from gcloud.credentials import generate_signed_url
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/gcloud/credentials.py", line 22, in
   from OpenSSL import crypto
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/OpenSSL/init.py", line 8, in
   from OpenSSL import rand, crypto, SSL
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/OpenSSL/rand.py", line 11, in
   from OpenSSL._util import (
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/OpenSSL/_util.py", line 6, in
   from cryptography.hazmat.bindings.openssl.binding import Binding
   File "/base/data/home/apps/sjackend-0/1.390622100755930629/lib/cryptography/hazmat/bindings/openssl/binding.py", line 14, in
   from cryptography.hazmat.bindings._openssl import ffi, lib
   ImportError: dynamic module does not define init function (init_openssl)

I guess this is caused by the inherent inflexibility with runtime environment in GAE, and affects #1009 which seems to conflict with this issue.

[dhermes]

Moving this back in to #1436

[dhermes]

Re-opening, this is a different import error than the one in #1436, will rename accordingly

[ghost]

Thank you for your clarification.

2016년 2월 12일 (금) 오전 1:03, Danny Hermes notifications@github.com님이 작성:

Re-opening, this is a different import error than the one in #1436
#1436, will
rename accordingly

—
Reply to this email directly or view it on GitHub
#1445 (comment)
.

[dhermes]

@savvykang-bnnjack Thanks for filing. For now, you can get around this by editing gcloud/credentials.py

diff --git a/gcloud/credentials.py b/gcloud/credentials.py
index 9874042..ab5151c 100644
--- a/gcloud/credentials.py
+++ b/gcloud/credentials.py
@@ -19,7 +19,10 @@ import datetime
 import six
 from six.moves.urllib.parse import urlencode  # pylint: disable=F0401

-from OpenSSL import crypto
+try:
+    from OpenSSL import crypto
+except ImportError:
+    crypto = None

 from oauth2client import client
 from oauth2client.client import _get_application_default_credential_from_file

and then your code should work just fine using google.appengine.api.app_identity.sign_blob.

[ghost]

Good!