fix: py cryptography is pinned to a version that works with magma

[nstng]

Signed-off-by: Nils Semmelrock nils.semmelrock@tngtech.com

Summary

cryptography for bazel was upgraded to 38.0.1 (from 37.0.4) with #13946. This was not visible in the PR CI because it causes a runtime issue with magmad that is only seen in the integration tests.

bazel run orc8r/gateway/python/magma/magmad
...
Traceback (most recent call last):
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/__main__/orc8r/gateway/python/magma/magmad/main.py", line 20, in <module>
    from magma.common.sentry import sentry_init
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/__main__/orc8r/gateway/python/magma/common/sentry.py", line 19, in <module>
    import sentry_sdk
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/python_deps_pypi__sentry_sdk/sentry_sdk/__init__.py", line 1, in <module>
    from sentry_sdk.hub import Hub, init
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/python_deps_pypi__sentry_sdk/sentry_sdk/hub.py", line 8, in <module>
    from sentry_sdk.scope import Scope
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/python_deps_pypi__sentry_sdk/sentry_sdk/scope.py", line 7, in <module>
    from sentry_sdk.utils import logger, capture_internal_exceptions
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/python_deps_pypi__sentry_sdk/sentry_sdk/utils.py", line 895, in <module>
    HAS_REAL_CONTEXTVARS, ContextVar = _get_contextvars()
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/python_deps_pypi__sentry_sdk/sentry_sdk/utils.py", line 865, in _get_contextvars
    if not _is_contextvars_broken():
  File "/tmp/bazel/execroot/__main__/bazel-out/k8-fastbuild/bin/orc8r/gateway/python/magma/magmad/magmad.runfiles/python_deps_pypi__sentry_sdk/sentry_sdk/utils.py", line 826, in _is_contextvars_broken
    from eventlet.patcher import is_monkey_patched  # type: ignore
  File "/usr/local/lib/python3.8/dist-packages/eventlet/__init__.py", line 17, in <module>
    from eventlet import convenience
  File "/usr/local/lib/python3.8/dist-packages/eventlet/convenience.py", line 7, in <module>
    from eventlet.green import socket
  File "/usr/local/lib/python3.8/dist-packages/eventlet/green/socket.py", line 4, in <module>
    __import__('eventlet.green._socket_nodns')
  File "/usr/local/lib/python3.8/dist-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
    from eventlet import greenio
  File "/usr/local/lib/python3.8/dist-packages/eventlet/greenio/__init__.py", line 3, in <module>
    from eventlet.greenio.base import *  # noqa
  File "/usr/local/lib/python3.8/dist-packages/eventlet/greenio/base.py", line 468, in <module>
    from OpenSSL import SSL
  File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1553, in <module>
    class X509StoreFlags(object):
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1573, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Test Plan

• execute bazel run orc8r/gateway/python/magma/magmad and see that error above does not happen

Additional Information

• This change is backwards-breaking

[github-actions]

Thanks for opening a PR! 💯

A couple initial guidelines

• All commits must be signed off. This is enforced by DCO check.
• All PR titles must follow the semantic commits format. This is enforced by Semantic PR.

Howto

• Reviews. The "Reviewers" listed for this PR are the Magma maintainers who will shepherd it.
• Checks. All required CI checks must pass before merge.
• Merge. Once approved and passing CI checks, use the ready2merge label to indicate the maintainers can merge your PR.

More info

Please take a moment to read through the Magma project's

• Contributing Conventions for norms around contributed code

If this is your first Magma PR, also consider reading

• Developer Onboarding for onboarding as a new Magma developer
• Development Workflow for guidance on your first pull request
• CI Checks for points of contact for failing or flaky CI checks
• GitHub-to-Slack mappings for Magma maintainers for guidance on how to contact maintainers on Slack

[github-actions]

dp-workflow

0 tests   0 ✔️  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit bab2926.

♻️ This comment has been updated with latest results.

[jheidbrink]

Hm, why did this one have a dash before?

[jheidbrink]

It seems some naming scheme on pypi has changed?

[nstng]

yes, I noticed too - lets see if ci is ok with this

[jheidbrink]

nitpick: I think it would be nice to add a short comment with the reason why we need this restriction. Also, some more context in the PR description would be good.

[nstng]

context in PR was in the writing during review :) comment in requirements.in, yes, good idea

[nstng]

done