Getting cryptography' package is required while rotating secrets manager rds password

Question

Getting cryptography' package is required while rotating secrets manager rds password

jani4865 opened this issue 6 months ago · comments

have installed module also inside the my zip file ,still getting this error

Tried with Python runtime 3.9, 3.11

[ERROR] RuntimeError: 'cryptography' package is required for sha256_password or caching_sha2_password auth methods
Traceback (most recent call last):
File "/var/task/rdspassword_rotate_lambda.py", line 72, in lambda_handler
set_secret(service_client, arn, token)
File "/var/task/rdspassword_rotate_lambda.py", line 138, in set_secret
conn = get_connection(pending_dict)
File "/var/task/rdspassword_rotate_lambda.py", line 302, in get_connection
return connect_and_authenticate(secret_dict, port, dbname, False)
File "/var/task/rdspassword_rotate_lambda.py", line 362, in connect_and_authenticate
conn = pymysql.connect(host=secret_dict['host'], user=secret_dict['username'], password=secret_dict['password'], port=port, database=dbname, connect_timeout=5, ssl=ssl)
File "/var/task/pymysql/connections.py", line 358, in init
self.connect()
File "/var/task/pymysql/connections.py", line 664, in connect
self._request_authentication()
File "/var/task/pymysql/connections.py", line 968, in _request_authentication
auth_packet = self._process_auth(plugin_name, auth_packet)
File "/var/task/pymysql/connections.py", line 1003, in _process_auth
return _auth.sha256_password_auth(self, auth_packet)
File "/var/task/pymysql/_auth.py", line 183, in sha256_password_auth
data = sha2_rsa_encrypt(conn.password, conn.salt, conn.server_public_key)
File "/var/task/pymysql/_auth.py", line 143, in sha2_rsa_encrypt
raise RuntimeError(

James Burke · Answer 1 · Thu Apr 04 2024 22:26:02 GMT+0800 (China Standard Time)

Hi jani4865@ - what version of MySQL are you on? I believe this might be related to something in 8.0.34+ where they've deprecated the mysql_native_password authentication plugin: https://dev.mysql.com/doc/refman/8.0/en/native-pluggable-authentication.html

One solution is to include PyMySQL[rsa], but I will mark this as a high priority issue for us to address.

jani4865 · Answer 2 · Fri Apr 05 2024 12:38:10 GMT+0800 (China Standard Time)

Hi @jbct
We are using 8.0.mysql_aurora.3.05.2

jani4865 · Answer 3 · Fri Apr 05 2024 12:51:55 GMT+0800 (China Standard Time)

My lambda deployment alredy has cryptograpy module installed

jani4865 · Answer 4 · Mon Apr 08 2024 20:10:18 GMT+0800 (China Standard Time)

Issue got resolved after installing the cryptography module as below
pip install \
--platform manylinux2014_x86_64
--target=my-lambda-function
--implementation cp
--python-version 3.9
--only-binary=:all: --upgrade
cryptography

Ben · Answer 5 · Mon Apr 22 2024 12:41:31 GMT+0800 (China Standard Time)

@jani4865 Thank you for your information! cryptography package contains complied code, so you need be very careful when using pip to install it. By default, pip will only download and compile the packages for the architecture of the local machine. If the architecture of your local machine is different from AWS Lambda, you might run into dependency errors. To ensure your dependencies work with AWS Lambda, check out our instructions here.

For your specific issue, to use "sha256_password" or "caching_sha2_password" for authentication, you will need to either install cryptography separately, or you can install PyMySQL and cryptography in one command as follow

pip install \    
    --platform manylinux2014_x86_64 \
    --target=my-lambda-function \
    --implementation cp \
    --python-version 3.9 \
    --only-binary=:all: --upgrade \
    'PyMySQL[rsa]'