AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'

[D1StrX]

Summary

When updating pip package cryptography >= 42.0.0, and pyOpenSSL < 23.2.0, Ansible will throw an error with (in my test) amazon.aws.s3_object module:

AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'

As explained here; conda/conda#13619 (comment)
For folks curious about the breakage:

• cryptography 42.0.0 removed this X509_V_FLAG_NOTIFY_POLICY flag: pyca/cryptography@654dccb
• pyOpenSSL 23.2.0 stopped referencing this X509_V_FLAG_NOTIFY_POLICY flag: pyca/pyopenssl@d788a4f

Installing the packages within these versions is a workaround. But the X509_V_FLAG_NOTIFY_POLICY flag should be removed.

Issue Type

Bug Report

Component Name

amazon.aws.s3_object module

Ansible Version

ansible_core-2.15.12

Collection Versions

'amazon.aws:8.1.0'

AWS SDK versions

• 'botocore>=1.29.0 # from collection amazon.aws'
• 'boto3>=1.26.0 # from collection amazon.aws'

Configuration

No response

OS / Environment

Ansible Execution Environment

Steps to Reproduce

Run a playbook that uses the amazon.aws.s3_object module on an Ansible Execution Environment. The error is self explanatory.

Expected Results

Remove flag X509_V_FLAG_NOTIFY_POLICY flag.

Actual Results

module_stderr: |
Traceback (most recent call last):
File "/runner/.ansible/tmp/ansible-tmp-1724865178.8621795-113-147217989125914/AnsiballZ_s3_object.py", line 107, in
_ansiballz_main()
File "/runner/.ansible/tmp/ansible-tmp-1724865178.8621795-113-147217989125914/AnsiballZ_s3_object.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/runner/.ansible/tmp/ansible-tmp-1724865178.8621795-113-147217989125914/AnsiballZ_s3_object.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.s3_object', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.s3_object', _modlib_path=modlib_path),
File "/usr/lib64/python3.9/runpy.py", line 225, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.9/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_amazon.aws.s3_object_payload_ye7c8w84/ansible_amazon.aws.s3_object_payload.zip/ansible_collections/amazon/aws/plugins/modules/s3_object.py", line 418, in
File "/usr/local/lib/python3.9/site-packages/boto3/init.py", line 17, in
from boto3.session import Session
File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 17, in
import botocore.session
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 26, in
import botocore.client
File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 15, in
from botocore import waiter, xform_name
File "/usr/local/lib/python3.9/site-packages/botocore/waiter.py", line 18, in
from botocore.docs.docstring import WaiterDocstring
File "/usr/local/lib/python3.9/site-packages/botocore/docs/init.py", line 15, in
from botocore.docs.service import ServiceDocumenter
File "/usr/local/lib/python3.9/site-packages/botocore/docs/service.py", line 14, in
from botocore.docs.client import (
File "/usr/local/lib/python3.9/site-packages/botocore/docs/client.py", line 18, in
from botocore.docs.example import ResponseExampleDocumenter
File "/usr/local/lib/python3.9/site-packages/botocore/docs/example.py", line 13, in
from botocore.docs.shape import ShapeDocumenter
File "/usr/local/lib/python3.9/site-packages/botocore/docs/shape.py", line 19, in
from botocore.utils import is_json_value_header
File "/usr/local/lib/python3.9/site-packages/botocore/utils.py", line 39, in
import botocore.httpsession
File "/usr/local/lib/python3.9/site-packages/botocore/httpsession.py", line 45, in
from urllib3.contrib.pyopenssl import (
File "/usr/local/lib/python3.9/site-packages/urllib3/contrib/pyopenssl.py", line 50, in
import OpenSSL.crypto
File "/usr/lib/python3.9/site-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 1579, in
class X509StoreFlags(object):
File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 1598, in X509StoreFlags
NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'
exception: |
Traceback (most recent call last):
File "/runner/.ansible/tmp/ansible-tmp-1724865178.8621795-113-147217989125914/AnsiballZ_s3_object.py", line 107, in
_ansiballz_main()
File "/runner/.ansible/tmp/ansible-tmp-1724865178.8621795-113-147217989125914/AnsiballZ_s3_object.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/runner/.ansible/tmp/ansible-tmp-1724865178.8621795-113-147217989125914/AnsiballZ_s3_object.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.s3_object', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.s3_object', _modlib_path=modlib_path),
File "/usr/lib64/python3.9/runpy.py", line 225, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.9/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_amazon.aws.s3_object_payload_ye7c8w84/ansible_amazon.aws.s3_object_payload.zip/ansible_collections/amazon/aws/plugins/modules/s3_object.py", line 418, in
File "/usr/local/lib/python3.9/site-packages/boto3/init.py", line 17, in
from boto3.session import Session
File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 17, in
import botocore.session
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 26, in
import botocore.client
File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 15, in
from botocore import waiter, xform_name
File "/usr/local/lib/python3.9/site-packages/botocore/waiter.py", line 18, in
from botocore.docs.docstring import WaiterDocstring
File "/usr/local/lib/python3.9/site-packages/botocore/docs/init.py", line 15, in
from botocore.docs.service import ServiceDocumenter
File "/usr/local/lib/python3.9/site-packages/botocore/docs/service.py", line 14, in
from botocore.docs.client import (
File "/usr/local/lib/python3.9/site-packages/botocore/docs/client.py", line 18, in
from botocore.docs.example import ResponseExampleDocumenter
File "/usr/local/lib/python3.9/site-packages/botocore/docs/example.py", line 13, in
from botocore.docs.shape import ShapeDocumenter
File "/usr/local/lib/python3.9/site-packages/botocore/docs/shape.py", line 19, in
from botocore.utils import is_json_value_header
File "/usr/local/lib/python3.9/site-packages/botocore/utils.py", line 39, in
import botocore.httpsession
File "/usr/local/lib/python3.9/site-packages/botocore/httpsession.py", line 45, in
from urllib3.contrib.pyopenssl import (
File "/usr/local/lib/python3.9/site-packages/urllib3/contrib/pyopenssl.py", line 50, in
import OpenSSL.crypto
File "/usr/lib/python3.9/site-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 1579, in
class X509StoreFlags(object):
File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 1598, in X509StoreFlags
NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[tremble]

@D1StrX,

Thanks for taking the time to open this issue.

There's not much we can do about this, it looks like it's just a problem with that specific combination of those libraries, neither of which we directly require or apply constraints to. This was arguably a bug in pyOpenSSL which has already been fixed.

As such I'm going to close this issue.