optimizely/python-sdk

Questions about dependencies

jbergknoff-rival opened this issue ยท 8 comments

jbergknoff-rival commented

Hi, we're considering pulling in this SDK in several Python projects. Because we build those projects in pretty bare containers, the compiled dependencies here (mmh3, and cryptography from requests[security]) mean that we need to install some additional OS packages at build time. That's not a showstopper, but some questions came up:

  • Is requests[security] needed? From https://github.com/psf/requests/pull/4825/files, it seems like it's probably not needed anymore, since fixes have been introduced in the standard library in Python 2.7.9 and 3.4.3.

  • There is already fallback code in case mmh3 isn't installed:

    python-sdk/optimizely/bucketer.py

    Lines 16 to 19 in d3ffe33

    try:
    import mmh3
    except ImportError:
    from .lib import pymmh3 as mmh3
    , but the mmh3 requirement doesn't seem to be optional. Could it be made optional?

  • Do you have any details on the performance penalty of using the pure-Python Murmur3 implementation, as compared to the compiled version? I suspect that, in our use case (AWS Lambda, process per request), it may not be an issue.

scottanderson42 commented

In a similar vein, the Optimizely jsonschema dependency (==2.6.0) is conflicting with that of the boto packages (~=3.0).

  • ๐Ÿ‘1
jonfreeland commented

In a similar vein, the Optimizely jsonschema dependency (==2.6.0) is conflicting with that of the boto packages (~=3.0).

We are also encountering issues with the jsonschema dependency conflicting with Poetry 0.12.17. Can we get an update on this issue?

aliabbasrizvi commented

We are bumping jsonschema and will release a new SDK which should hopefully address the issue.

  • ๐ŸŽ‰1
aliabbasrizvi commented

mmh3 requirement doesn't seem to be optional

mmh3 is the standard way to do bucketing across all Optimizely SDKs and so that ensures that experience delivery is consistent throughout the stack irrespective of which SDK you use.

Unfortunately, I do not have numbers comparing the performance of the 2 mmh3 implementations. There is a reference to performance from the original authors here: https://github.com/wc-duck/pymmh3#performance

I'll get back on the question about requests[security].

aliabbasrizvi commented

@jonfreeland @scottanderson42 release 3.4.1 is available with updated jsonschema package. Hopefully that addresses the issue you ran into.

daviddomingoslalom commented

Hey @aliabbasrizvi seems like the mmh3 lib is giving us some trouble in our docker image because we don't have the c++ compiler installed. I googled the issue and it looks like other people are running into the same thing: hajimes/mmh3#20

The author seems to have abandoned the project so I don't see any solution in the near future. What do you suggest we do? Should we just use the API directly via http?

  • ๐Ÿ‘1
GordonSo commented

Notice that mmh has released 3.0.0 - do you need contributors to help bump that up?

Also +1 to the idea of making "mmh" optional - since it's seemingly a nice-to-have performance feature (IF ANY) for those with the right environment setup, it'd be nice to reduce the dependency and enrich the documentation for those interested.

Maybe a slim version vs a full version: https://www.python.org/dev/peps/pep-0508/#extras

PS: currently, it appears we have to include an extra step to install C++ on for our devs with Windows machine setup which is an inconvenience caused by this.

The-inside-man commented

This issue is now closed and will be part of the next release of the python-sdk.
#362