Skip to content

Replace deprecated oauth2client with google-auth and unpin pyopenssl#510

Merged
ogajduse merged 4 commits into
masterfrom
copilot/fix-509
Jul 15, 2025
Merged

Replace deprecated oauth2client with google-auth and unpin pyopenssl#510
ogajduse merged 4 commits into
masterfrom
copilot/fix-509

Conversation

Copilot AI commented Jul 11, 2025

Copy link
Copy Markdown
Contributor

This PR modernizes Google Cloud Platform authentication by replacing the deprecated oauth2client library with the officially recommended google-auth library, and removes the pyopenssl version pin that was causing compatibility issues.

🔧 Changes Made

Dependencies (pyproject.toml)

  • Removed: oauth2client (deprecated and causing pyopenssl conflicts)
  • Added: google-auth (modern Google authentication library)
  • Unpinned: pyopenssl (was pinned to ==24.2.1, now allows latest compatible version)

Authentication Implementation (wrapanapi/systems/google.py)

  • Updated imports: oauth2client.service_account.ServiceAccountCredentialsgoogle.oauth2.service_account.Credentials
  • Replaced ServiceAccountCredentials.from_json_keyfile_dict() with Credentials.from_service_account_info()
  • Replaced ServiceAccountCredentials.from_json_keyfile_name() with Credentials.from_service_account_file()
  • Updated Google API client initialization to use modern credentials parameter
  • Deprecated P12 format with helpful migration guidance

✅ Backward Compatibility

All existing authentication methods continue to work:

# Service account dictionary (recommended) - unchanged
gcp = GoogleCloudSystem(
    project="my-project",
    zone="us-central1-a", 
    service_account=service_account_dict
)

# JSON file authentication - unchanged
gcp = GoogleCloudSystem(
    project="my-project",
    zone="us-central1-a",
    file_type="json",
    file_path="/path/to/service-account.json"
)

🚫 Breaking Change

P12 keyfile format is no longer supported and will raise NotImplementedError with clear migration instructions. Users should generate new JSON service account keys from the Google Cloud Console or using gcloud CLI.

🎯 Benefits

  • Security: Uses actively maintained authentication library
  • Compatibility: Removes pyopenssl version conflicts that were blocking updates
  • Future-proof: Adopts Google's recommended authentication approach
  • Performance: Better token handling and caching

🧪 Testing

  • Comprehensive validation of syntax, imports, and authentication logic
  • API compatibility verification
  • Error handling validation
  • All existing public methods and parameters preserved

Fixes #509.


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Co-authored-by: ogajduse <20440883+ogajduse@users.noreply.github.com>
Copilot AI changed the title [WIP] Replace the OAuth library and unpin the pyopenssl version Replace deprecated oauth2client with google-auth and unpin pyopenssl Jul 11, 2025
Copilot AI requested a review from ogajduse July 11, 2025 13:20
@ogajduse ogajduse marked this pull request as ready for review July 11, 2025 14:46
@ogajduse

Copy link
Copy Markdown
Member

Switching to ready state as I successfully tested the patch using the below script:

from wrapanapi.systems.google import GoogleCloudSystem

gceclient = GoogleCloudSystem(
       project="macgyver-project",
       zone='us-east1-b',
       file_path='secrets/gce_cert',
       file_type='json',
)

gceclient.list_network()

# Out: ['default', 'test-network']

Comment thread pyproject.toml Outdated
requires-python = ">=3.9"
dependencies = [
"pyopenssl==24.2.1",
"pyopenssl",

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we can remove this completely , right ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you're correct. The pyopenssl dependency has been completely removed as it's no longer needed with the google-auth library. Fixed in commit 2653dac.

@lpramuk lpramuk left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't be explicit about pyopenssl dependency and remove it

@ogajduse

Copy link
Copy Markdown
Member

Don't be explicit about pyopenssl dependency and remove it

@copilot can you please take a look at this?

Co-authored-by: ogajduse <20440883+ogajduse@users.noreply.github.com>

Copilot AI commented Jul 15, 2025

Copy link
Copy Markdown
Contributor Author

Don't be explicit about pyopenssl dependency and remove it

@copilot can you please take a look at this?

Done! Removed the explicit pyopenssl dependency completely from pyproject.toml. The google-auth library handles its own cryptographic dependencies, so pyopenssl is no longer needed. Fixed in commit 2653dac.

@lpramuk lpramuk left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I like it

@ogajduse ogajduse merged commit 735d93a into master Jul 15, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Replace the OAuth library and unpin the pyopenssl version

5 participants