aws-sam-cli: Bug: Error on sam build command

Description:

I can not build projects after upgrading sam cli from 1.65.0 to 1.67.0 After facing the issue for a couple of times I thought it might fix if I remove python3.8 manually and reinstall aws-sam-cli. But it did not solve it. I confirmed that python3.8 was reinstall with aws-sam-cli

Steps to reproduce:

  1. run brew upgrade aws-sam-cli
  2. try to build any sam project

I encountered the following error after doing that.

Observed result:

sam build --debug

  File "/opt/homebrew/bin/sam", line 8, in <module>
    sys.exit(cli())
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/click/core.py", line 1651, in invoke
    cmd_name, cmd, args = self.resolve_command(ctx, args)
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/click/core.py", line 1698, in resolve_command
    cmd = self.get_command(ctx, cmd_name)
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/samcli/cli/command.py", line 133, in get_command
    mod = importlib.import_module(pkg_name)
  File "/opt/homebrew/Cellar/python@3.8/3.8.16/Frameworks/Python.framework/Versions/3.8/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/samcli/commands/build/__init__.py", line 6, in <module>
    from .command import cli  # noqa
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/samcli/commands/build/command.py", line 12, in <module>
    from samcli.commands._utils.options import (
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/samcli/commands/_utils/options.py", line 21, in <module>
    from samcli.commands._utils.template import get_template_data, TemplateNotFoundException
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/samcli/commands/_utils/template.py", line 10, in <module>
    from botocore.utils import set_value_from_jmespath
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/botocore/utils.py", line 37, in <module>
    import botocore.httpsession
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/botocore/httpsession.py", line 46, in <module>
    from urllib3.contrib.pyopenssl import (
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/urllib3/contrib/pyopenssl.py", line 50, in <module>
    import OpenSSL.crypto
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/lib/python3.8/site-packages/OpenSSL/crypto.py", line 3268, in <module>
    _lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'

Expected result:

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: MacOS 12.4 (Monterey)
  2. sam --version: SAM CLI, version 1.67.0
  3. AWS region: us-east-2

Add --debug flag to command you are running

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Reactions: 42
  • Comments: 30 (7 by maintainers)

Commits related to this issue

Most upvoted comments

@nszeitli for aws-actions/setup-sam, you can add the following step to github workflow (worked for us):

      - name: sam fix https://github.com/aws/aws-sam-cli/issues/4527
        run: $(dirname $(readlink $(which sam)))/pip install --force-reinstall "cryptography==38.0.4"
+46
altaurog on Jan 2, 2023

cryptography 39.0.0 no longer supports openssl 1.1.0 or older and thus is causing this issue. Reference:

https://github.com/pyca/cryptography/issues/7959 https://cryptography.io/en/latest/changelog/#v39-0-0 aws-sam-cli uses the latest cryptography while using pyopenssl 22.0.0. These two are incompatible. As a workaround until the dependencies are fixed, you can force install cryptography 38.0.4 and sam should work (I just verified with my CI/CD builds which all got broken today due to the cryptography update).

If you’re on MacOS/Homebrew here’s how to implement the workaround:

/opt/homebrew/Cellar/aws-sam-cli/1.67.0/libexec/bin/pip install --force-reinstall "cryptography==38.0.4"
+28
karimdaghari on Jan 2, 2023

Getting this in all our github actions using aws-actions/setup-sam. New years day dependency bomb!

+18
nszeitli on Jan 2, 2023

You can go up to version 1.59.0

+13
ugocottin on Jan 3, 2023

Having this issue in codebuild as well (aws/codebuild/standard:5.0)

+13
korostelevm on Jan 2, 2023

cryptography 39.0.0 no longer supports openssl 1.1.0 or older and thus is causing this issue. Reference:

aws-sam-cli uses the latest cryptography while using pyopenssl 22.0.0. These two are incompatible. As a workaround until the dependencies are fixed, you can force install cryptography 38.0.4 and sam should work (I just verified with my CI/CD builds which all got broken today due to the cryptography update).

+12
JoL0712 on Jan 2, 2023

For github-actions, another solution is set a version:

- uses: aws-actions/setup-sam@v2
  with:
     version: 1.37.0

EDIT: Check version 1.59.0, see @ugocottin comment: https://github.com/aws/aws-sam-cli/issues/4527#issuecomment-1369814857

+10
DiegoVictor on Jan 3, 2023

Closing as the fix has been released with AWS SAM CLI v1.68.0 - https://github.com/aws/aws-sam-cli/releases/tag/v1.68.0

+9
hawflau on Jan 5, 2023

Same issue in CodeBuild using pipenv. Workaround here is: pip install awscli aws-sam-cli --force-reinstall "cryptography==38.0.4"

+4
lvthillo on Jan 3, 2023

as of now, github actions that depends on sam cli still failed

Edit: In the meantime, while waiting for the release of the fixes, you can try add this temporary workaround step right after this step: - uses: aws-actions/setup-sam@v2

+4
fizwan on Jan 3, 2023

pyOpenSSL declares a lower and upper bound on its own dependencies to avoid this sort of issue, however it didn’t start to do so until version 22.1.0. This repository currently pins 22.0.0 https://github.com/aws/aws-sam-cli/blob/07fa5f478dfa04c45521af188b39fbaff622cc72/requirements/base.txt#L21

Once the pin is updated you won’t see this type of issue again in the future.

Note that the drop of OpenSSL 1.1.0 is not really related to this issue, as over 98% of cryptography’s downloads come from wheels (which we do against openssl3-latest) rather than being locally built.

+4
reaperhulk on Jan 2, 2023

cryptography 39.0.0 no longer supports openssl 1.1.0 or older and thus is causing this issue. Reference:

aws-sam-cli uses the latest cryptography while using pyopenssl 22.0.0. These two are incompatible. As a workaround until the dependencies are fixed, you can force install cryptography 38.0.4 and sam should work (I just verified with my CI/CD builds which all got broken today due to the cryptography update).

Thank you so much. I got it work!

+4
getanwar on Jan 2, 2023

I am very new to github/it in general. construction worker, just working on completing cloud-resume-challenge and a few days ago I had my tests working fine and github actions and workflows working fine. made a commit today and it fails! I wasnt sure what was going on. The fix listed here worked for me!

  • uses: aws-actions/setup-sam@v2 with: version: 1.59.0
+3
mackinnonlyle on Jan 3, 2023

ons that depends on sam cli still failed

Kudos to @altaurog, his line of the fixed version of cryptography worked like a charm: This is our current setup, using Github for building:

      - name: Setup AWS SAM
        uses: aws-actions/setup-sam@v1
        with:
          version: 1.65.0
      - name: sam fix https://github.com/aws/aws-sam-cli/issues/4527
        run: $(dirname $(readlink $(which sam)))/pip install --force-reinstall "cryptography==38.0.4"
+3
Raul-CC on Jan 3, 2023

How did you get it to work?

+3
Obrecsys on Jan 2, 2023

This issue is only affecting the people who use pip to install AWS SAM CLI, or use the homebrew installation way on ARM architecture (linux or mac).

For macOS users, We recommend using the PKG installation approach, and For Linux users, we recommend the Command line installer way. You can find all the installation details here.

For pip installations, you can try the @karimdaghari workaround (Thanks @karimdaghari for your help 😃 )

We are working on the fix for this issue, we will update this issue once it got released.

+2
moelasmar on Jan 2, 2023

Check which pip you are using @Gordonbaes . If it isn’t /home/htrinh/.local/bin/pip it won’t help you.

+1
altaurog on Jan 17, 2023

Thanks @Raul-CC ! As an aside, note that the latest version of aws-actions/setup-sam is v2. (Sorry, I realize this isn’t exactly on-topic)

+1
altaurog on Jan 3, 2023
Read more comments on GitHub
← aws-sam-cli: Bug: Error: Docker is not reachable (even though it is!)
aws-sam-cli: Bug: Invoking a lambda function is giving me an error 'cannot find module' even though module exists →