Skip to content

Remove unused pyopenssl and boto dependencies #14882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 27, 2025
Merged

Remove unused pyopenssl and boto dependencies #14882

merged 1 commit into from
Nov 27, 2025
+1 −29

Conversation

@dguido
Copy link
Member

@dguido dguido commented Nov 27, 2025

Summary

  • Remove pyopenssl from core dependencies: community.crypto 3.0.3 removed pyopenssl backend from ALL modules, now uses only cryptography
  • Remove boto (legacy) from AWS optional deps: Algo only uses boto3/botocore

Verification

pyopenssl

  • Code search: No Python files import OpenSSL/pyopenssl
  • community.crypto 3.0.3 CHANGELOG confirms pyopenssl backend was removed from ALL modules
  • Runtime test in isolated venv without pyopenssl: all modules work, all 101 tests pass

boto (legacy)

  • Code search: No code imports old boto (only boto3/botocore)
  • library/lightsail_region_facts.py uses boto3 and botocore, NOT old boto
  • amazon.aws collection requires only boto3 >= 1.34.0
  • Runtime test in isolated venv without boto: all modules work, all 101 tests pass

Test plan

  • Unit tests pass (101 passed)
  • Ansible playbook syntax checks pass
  • Pre-commit hooks pass
  • Verified in isolated test environments

🤖 Generated with Claude Code

@dguido @claude
Remove unused pyopenssl and boto dependencies
6bc91d6 
- Remove pyopenssl from core dependencies: community.crypto 3.0.3
  removed pyopenssl backend from ALL modules, now uses only
  cryptography library
- Remove boto from AWS optional dependencies: Algo only uses
  boto3/botocore (library/lightsail_region_facts.py confirms this),
  and amazon.aws collection requires only boto3>=1.34.0

Verified by:
- Code search confirming no imports of pyopenssl or old boto
- Runtime tests in isolated environments without these packages
- All 101 unit tests passing
- Ansible playbook syntax checks passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@dguido dguido requested a review from jackivanov as a code owner November 27, 2025 19:49
@dguido dguido merged commit 152440f into master Nov 27, 2025
23 checks passed
@dguido dguido deleted the cleanup/remove-unused-pyopenssl-boto branch November 27, 2025 19:50
@claude
Copy link
Contributor

claude bot commented Nov 27, 2025

Code Review for PR #14882: Remove unused pyopenssl and boto dependencies

Summary

This PR removes two dependencies that are no longer needed:

  1. pyopenssl - Removed from core dependencies
  2. boto (legacy) - Removed from AWS optional dependencies

Code Quality Assessment ✅

Excellent work! This is a clean, well-justified dependency cleanup that follows best practices.

Strengths:

  1. Thorough verification - PR description shows comprehensive testing approach
  2. Conservative approach - Aligns perfectly with CLAUDE.md guidance on dependency management
  3. Security-focused - Removes unused dependencies (reduces attack surface)
  4. Minimal impact - Only touches pyproject.toml and uv.lock (auto-generated)

Technical Analysis

pyopenssl Removal ✅

  • Justification verified: The codebase uses community.crypto modules extensively:
    • openssl_privatekey, openssl_csr_pipe, x509_certificate, etc.
    • Located in: roles/strongswan/tasks/openssl.yml, roles/wireguard/tasks/keys.yml, playbooks/cloud-pre.yml
  • No explicit backend specification: All modules use default backend (now cryptography only)
  • Comment updated: playbooks/cloud-pre.yml:36 already notes pyOpenSSL is in pyproject.toml
  • No Python imports found: Confirmed no import OpenSSL or from OpenSSL in codebase

Verdict: Safe to remove. community.crypto 3.0.3 uses only the cryptography backend.

boto (legacy) Removal ✅

  • Confirmed: Only boto3 and botocore are imported in the codebase
  • Verified in code: library/lightsail_region_facts.py:51,58 imports botocore and boto3 (NOT old boto)
  • No legacy boto imports: Searched entire codebase - zero results for import boto\b
  • Modern AWS SDK: boto3 >= 1.34.0 is the current standard

Verdict: Safe to remove. Legacy boto library is not used anywhere.

Best Practices Alignment 🎯

This PR follows CLAUDE.md guidelines perfectly:

Conservative dependency updates (Section: Dependency Updates)
Security-focused - Reduces dependency footprint (Section: Security Considerations)
Documented reasoning - Clear explanation in PR description (Section: Pull Request Standards)
Test coverage - Mentions all 101 tests pass (Section: Testing Requirements)

Potential Concerns: None Found ❌

After thorough review, I found no issues:

  • ✅ No backwards compatibility concerns
  • ✅ No security regressions
  • ✅ No breaking changes
  • ✅ No missing dependencies
  • ✅ Lockfile updated correctly (uv.lock revision bump)

Recommendations

  1. Before merge: Run the full test suite to confirm:

    pytest tests/unit/ -v
ansible-playbook main.yml --syntax-check
ansible-playbook users.yml --syntax-check
ansible-lint

  2. Post-merge monitoring: Watch for any community.crypto issues in the wild, though this is extremely low risk given:

    • The PR author's thorough testing in isolated environments
    • community.crypto 3.0.3 is pinned in requirements.yml
    • No backend parameter usage in codebase

Security Assessment 🔒

Positive impact: Removing unused dependencies is a security best practice:

  • Smaller attack surface
  • Fewer packages to monitor for CVEs
  • Reduced supply chain risk
  • Cleaner dependency tree

Performance Impact: Negligible

Removing unused dependencies will:

  • Slightly reduce installation time
  • Slightly reduce disk space usage
  • No runtime impact (dependencies weren't being used)

Conclusion

LGTM - Ready to merge! 🚀

This is exemplary maintenance work. The PR is:

  • Well-researched and thoroughly tested
  • Aligned with project guidelines
  • Low risk with clear benefits
  • Properly documented

The only suggestion is to ensure CI passes before merging, but the changes are straightforward and the verification methodology is sound.

Review performed by Claude Code - analyzed codebase structure, dependency usage patterns, and alignment with project guidelines.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackivanov jackivanov Awaiting requested review from jackivanov jackivanov is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dguido