From 6caedfd97675940eb3cf07e2f019926dae45d02c Mon Sep 17 00:00:00 2001
From: melanie witt <melwittt@gmail.com>
Date: Wed, 26 Jun 2019 23:25:48 +0000
Subject: [PATCH] Require at least cryptography>=2.7

Version 2.6 of the cryptography library [1] added support for ed25519
ssh keys. This works with OpenSSL >= 1.1.1b.

In nova, we can enable people to use ed25519 ssh keys by using the
necessary cryptography library version. Users must make sure they have
a new enough OpenSSL version, else they won't be able to generate
ed25519 ssh keys using ssh-keygen in the first place. I did a local
test using Ubuntu 18.04 and things "just worked" when I generated a
ed25519 ssh key and imported it into nova. I left a comment on the
launchpad bug accordingly.

This updates our minimum version to the latest available version 2.7.

Closes-Bug: #1555521

[1] https://cryptography.io/en/latest/changelog/#v2-6

Change-Id: Id4a4e1ae4c0acd40c1fc32c3b82a8d8a62d4624d
---
 lower-constraints.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lower-constraints.txt b/lower-constraints.txt
index aa1d8ac52d..4b24158ffe 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -14,7 +14,7 @@ cmd2==0.8.1
 colorama==0.3.9
 contextlib2==0.5.5;python_version=='2.7'
 coverage==4.0
-cryptography==2.1.4
+cryptography==2.7
 cursive==0.2.1
 ddt==1.0.1
 debtcollector==1.19.0
diff --git a/requirements.txt b/requirements.txt
index 891bf8d62a..d516768218 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ Jinja2>=2.10 # BSD License (3 clause)
 keystonemiddleware>=4.20.0 # Apache-2.0
 lxml!=3.7.0,>=3.4.1 # BSD
 Routes>=2.3.1 # MIT
-cryptography>=2.1.4 # BSD/Apache-2.0
+cryptography>=2.7 # BSD/Apache-2.0
 WebOb>=1.8.2 # MIT
 # NOTE(mriedem): greenlet 0.4.14 does not work with older versions of gcc on
 # ppc64le systems, see https://github.com/python-greenlet/greenlet/issues/136.