ImportError: cannot import name 'builder' from 'google.protobuf.internal'

[gavin-aguiar]

Background

Recently, we upgraded grpcio and grpcio-tools versions to 1.54.2 in the Python worker, which updated the internal protobuf to 4.22. This was done to multiple CVEs reported and was required to ensure the security fixes were taken in.

This has caused some of the apps to fail with errors:

Microsoft.Azure.WebJobs.Script.Workers.WorkerProcessExitException : 
python exited with code 1 (0x1) ---> System.Exception : 
ImportError: cannot import name 'builder' from 'google.protobuf.internal' (/home/site/wwwroot/.python_packages/lib/site-packages/google/protobuf/internal/__init__.py),
End of inner exception

Root Cause

Since we prioritize the customer's libraries before loading the Python worker dependency, an old version of protobuf is loaded, which conflicts with the newer version used by the worker.

How to Mitigate

• Add the app setting PYTHON_ISOLATE_WORKER_DEPENDENCIES to 1. This will force workers to isolate its dependencies and not use those brought with the app. Or
  • For Python 3.9, please also update PYTHON_ENABLE_WORKER_EXTENSIONS to 0 to prevent extensions not to cause conflicts during isolation of dependencies.
• Update your dependencies to bring in the updated version of grpcio, grpcio-tools and/or protobuf to at least 1.54.2 or 4.22.

[up2pixy]

Could you please also update this page to reflect the new supported version change? https://learn.microsoft.com/en-us/azure/azure-functions/recover-python-functions?tabs=vscode%2Cbash&pivots=python-mode-decorators#troubleshoot-errors-with-protocol-buffers