Skip to content
This repository was archived by the owner on Mar 6, 2026. It is now read-only.

chore: add warning for rsa library #1925

Merged
daniel-sanche merged 11 commits into from
Jan 10, 2026
Merged

chore: add warning for rsa library #1925

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f357187
added warning
daniel-sanche Jan 9, 2026
575113c
added posargs to unit test nox command
daniel-sanche Jan 9, 2026
bef613a
added test
daniel-sanche Jan 9, 2026
15e6e7b
add rsa extra
daniel-sanche Jan 9, 2026
7715f92
updated warning
daniel-sanche Jan 9, 2026
ddacaf2
added TODO
daniel-sanche Jan 9, 2026
5573db6
added docstring warnings
daniel-sanche Jan 9, 2026
07a4f22
remove extra dependency
daniel-sanche Jan 9, 2026
6890572
Merge branch 'main' into warn_rsa
daniel-sanche Jan 9, 2026
ad651ed
changed warning type
daniel-sanche Jan 9, 2026
0bf724e
fixed warning type
daniel-sanche Jan 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions google/auth/crypt/_python_rsa.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from __future__ import absolute_import

import io
import warnings

from pyasn1.codec.der import decoder # type: ignore
from pyasn1_modules import pem # type: ignore
Expand All @@ -39,6 +40,16 @@
_PKCS8_MARKER = ("-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----")
_PKCS8_SPEC = PrivateKeyInfo()

warnings.warn(
(
"The 'rsa' library is deprecated and will be removed in a future release. "
"Please migrate to 'cryptography'. To keep using the legacy library, "
"install 'google-auth[rsa]'."
),
category=FutureWarning,
Copy link
Copy Markdown
Contributor

@vchudnov-g vchudnov-g Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a DeprecationWarning? I think that might be more appropriate if it doesn't introduce complications with existing tests, etc.

(not a blocker)

Copy link
Copy Markdown
Contributor Author

@daniel-sanche daniel-sanche Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was debating that too. I don't think the user vs developer divide described in the docs is super clear for me in this context.

Thinking again, maybe DeprecationWarning is a bit more accurate here. I made the change

stacklevel=2,
)


def _bit_list_to_bytes(bit_list):
"""Converts an iterable of 1s and 0s to bytes.
Expand Down
1 change: 1 addition & 0 deletions noxfile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ def unit(session):
"--cov-report=term-missing",
"tests",
"tests_async",
*session.posargs,
)


Expand Down
3 changes: 3 additions & 0 deletions setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1739): Add bounds for urllib3 and packaging dependencies.
urllib3_extra_require = ["urllib3", "packaging"]

rsa_extra_require = ["rsa>=3.1.4,<5"]

# Unit test requirements.
testing_extra_require = [
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1735): Remove `grpcio` from testing requirements once an extra is added for `grpcio` dependency.
Expand Down Expand Up @@ -85,6 +87,7 @@
"requests": requests_extra_require,
"testing": testing_extra_require,
"urllib3": urllib3_extra_require,
"rsa": rsa_extra_require,
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1735): Add an extra for `grpcio` dependency.
# TODO(https://github.com/googleapis/google-auth-library-python/issues/1736): Add an extra for `oauth2client` dependency.
}
Expand Down
9 changes: 9 additions & 0 deletions tests/crypt/test__python_rsa.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,3 +191,12 @@ def test_from_service_account_file(self):

assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
assert isinstance(signer._key, rsa.key.PrivateKey)


class TestModule(object):
def test_import_warning(self):
import importlib
from google.auth.crypt import _python_rsa

with pytest.warns(FutureWarning, match="The 'rsa' library is deprecated"):
importlib.reload(_python_rsa)
Loading