MAINT Removes pyopenssl dependency

dev-requirements.txt

@@ -97,7 +97,6 @@ cryptography==41.0.5
     #   azure-storage-blob
     #   msal
     #   pyjwt
-    #   pyopenssl
 dataclasses-json==0.5.9
     # via flytekit
 decorator==5.1.1
@@ -391,8 +390,6 @@ pyjwt[crypto]==2.8.0
     # via
     #   msal
     #   pyjwt
-pyopenssl==23.3.0
-    # via flytekit
 pytest==7.4.3
     # via
     #   -r dev-requirements.in

doc-requirements.txt

@@ -185,7 +185,6 @@ cryptography==41.0.3
     #   great-expectations
     #   msal
     #   pyjwt
-    #   pyopenssl
     #   snowflake-connector-python
 css-html-js-minify==2.5.5
     # via sphinx-material
@@ -944,7 +943,6 @@ pyjwt[crypto]==2.8.0
     #   snowflake-connector-python
 pyopenssl==23.2.0
     # via
-    #   flytekit
     #   snowflake-connector-python
 pyparsing==3.1.1
     # via

flytekit/clients/auth_helper.py

@@ -6,7 +6,6 @@
 import requests
 from flyteidl.service.auth_pb2 import OAuth2MetadataRequest, PublicClientAuthConfigRequest
 from flyteidl.service.auth_pb2_grpc import AuthMetadataServiceStub
-from OpenSSL import crypto
 
 from flytekit.clients.auth.authenticator import (
     Authenticator,
@@ -155,14 +154,6 @@
     return upgrade_channel_to_authenticated(cfg, channel)
 
 
-def load_cert(cert_file: str) -> crypto.X509:
-    """
-    Given a cert-file loads the PEM certificate and returns
-    """
-    st_cert = open(cert_file, "rt").read()
-    return crypto.load_certificate(crypto.FILETYPE_PEM, st_cert)
-
-
 def bootstrap_creds_from_server(endpoint: str) -> grpc.ChannelCredentials:
     """
     Retrieves the SSL cert from the remote and uses that. should be used only if insecure-skip-verify
@@ -209,9 +200,9 @@
         if cfg.insecure_skip_verify:
             credentials = bootstrap_creds_from_server(cfg.endpoint)
         elif cfg.ca_cert_file_path:
-            credentials = grpc.ssl_channel_credentials(
-                crypto.dump_certificate(crypto.FILETYPE_PEM, load_cert(cfg.ca_cert_file_path))
-            )
+            with open(cfg.ca_cert_file_path, "rb") as f:
+                st_cert = f.read()
+            credentials = grpc.ssl_channel_credentials(st_cert)
         else:
             credentials = grpc.ssl_channel_credentials(
                 root_certificates=kwargs.get("root_certificates", None),

setup.py

@@ -62,7 +62,6 @@
         # TODO: Remove upper-bound after protobuf community fixes it. https://github.com/flyteorg/flyte/issues/4359
         "protobuf<4.25.0",
         "pyarrow>=4.0.0,<11.0.0",
-        "pyopenssl",
         "python-dateutil>=2.1",
         "python-json-logger>=2.0.0",
         "pytimeparse>=1.1.8,<2.0.0",

tests/flytekit/integration/remote/mock_flyte_repo/workflows/requirements.txt

@@ -74,7 +74,6 @@ cryptography==41.0.4
     #   azure-storage-blob
     #   msal
     #   pyjwt
-    #   pyopenssl
     #   secretstorage
 cycler==0.11.0
     # via matplotlib
@@ -259,8 +258,6 @@ pygments==2.15.1
     # via rich
 pyjwt[crypto]==2.8.0
     # via msal
-pyopenssl==23.2.0
-    # via flytekit
 pyparsing==3.0.9
     # via matplotlib
 python-dateutil==2.8.2

tests/flytekit/unit/clients/test_auth_helper.py

@@ -1,4 +1,3 @@
-import os.path
 from http import HTTPStatus
 from unittest.mock import MagicMock, patch
 
@@ -19,7 +18,6 @@
     RemoteClientConfigStore,
     get_authenticator,
     get_session,
-    load_cert,
     upgrade_channel_to_authenticated,
     upgrade_channel_to_proxy_authenticated,
     wrap_exceptions_channel,
@@ -177,13 +175,6 @@ def test_upgrade_channel_to_proxy_auth():
     assert isinstance(out_ch._interceptor._authenticator, CommandAuthenticator)
 
 
-def test_load_cert():
-    cert_file = os.path.join(os.path.dirname(__file__), "testdata", "rootCACert.pem")
-    f = load_cert(cert_file)
-    assert f
-    print(f)
-
-
 def test_get_proxy_authenticated_session():
     """Test that proxy auth headers are added to http requests if the proxy command is provided in the platform config."""
     expected_token = "foo-bar"