Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v0.8.0 (and v0.8.1) #414

Merged
merged 57 commits into from Mar 31, 2019

Conversation

Projects
None yet
@jeffwecan
Copy link
Collaborator

commented Mar 29, 2019

No description provided.

jeffwecan and others added some commits Dec 25, 2018

Tweak Travis CI Configuration (#360)
* drop sudo: false

* remove explicit dist

* simplify build matrix

* change flake8 toxenv name to avoid matching tox-travis default prefixes

* Remove unnecessary `export PATH` "script" step

* Simplify env from list to k/v string

* Clarifying comment re: flake8

* Simplify "allowed failures" row matching

* Speed up overall build time with fast_finish: true

* Rearrange comment to same line being commented on

* Include python 3.7 build jobs

* Bump 0.11 and 1.0 Vault vers to latest patch ver

* Also run flake8 for python 3.7

* Also include "py37" on the tox side of things

* Keep "dist: xenial" for python 3.7 availability

* Tweak flake8 job names for readability

* Shorten comment
Backporting Master (#362)
* fix double slash (#352)

When called, double slash results in 301 HTTP code and the redirect which is necessary

* Release v0.7.1 (#357)

* Develop is the new integration branch

* Handle "Misses" for Identity Secrets Lookups (#331)

* Regression tests for group lookup misses

* Return None for group lookup misses

* Regression tests for entity lookup misses

* Return None for entity lookup misses

* Also update docstrings

* Move Test Cases out of Package Directory (#334)

* use utils function to get test data path

* rename test => tests and move contents into config_files subdir

* Move scripts subdir under tests dir in root

* Move generate.sh into scripts subdir

* Update paths in generate_test_cert.sh

* clean up config_files readme a smidge

* move test dir into repo root dir

* update import paths

* start breaking out test utils into module

* Break out mock_github_request_handler

* Break out hvac_integration_test_case

* Break out server_manager

* Remove .coveragerc until / unless it is needed once again

* Add Okta Auth Method Class (#341)

* Rename auth subdir under unit_tests

* bonus GCP docs heading fix

* Add Okta auth method docs

* Add Okta auth method test cases

* Add Okta auth method class implementation

* Add pretty_print arg to create_or_update_policy (#342)

* Add pretty_print arg

* Skip new test on Vault v0.11.0

* Bump Vault Versions - Vault v1.0.0 (#344)

* fix TOXENV for 3.6 jobs

* Drop v0.8.3, add v1.0.0

* Update readme

* Handle different response keys in Vault v1.0.0

* Also work around new list response return type

* Add get_generate_root_otp utils method for v1.0.0 and/or previous vers

* Update missed TOXENV arg under allow_failures dict

* Call out why v0.11.0 is hanging about

* Clarify name/purpose of vault ver comparison methods

* Fix identity group conditionals (#346)

* Add regression tests

* Fix member entity/group ids logic in group methods

* DRY up conditional logic

* Add missing docstring content

* Gcp login doc update for issue 345 (#350)

* Clarify source links

* add google-api-python-client example

* Clean up unintentional modification

* Fix For read_health_status() Exception Handling (#347)

* Add url param for create_client

* Install consul for test cases involving Vault HA

* Update test harness with optional Vault HA / consul set up

* Add regerssion test cases for issue #339

* Add raise_exception param to requests

* Use raise_exception param in read_health_status method

* Add ipaddress module per github.com/urllib3/urllib3/issues/1117?

Somehow ended up with this urllib3 error for python 2.7 otherwise:
"urllib3.connection: ERROR: Certificate did not match expected hostname:
127.0.0.1. Certificate: {'serialNumber': u'8D267F50728FF454',
'subject': ((('commonName', u'localhost'),),),
'notAfter': 'May 14 22:44:13 2025 GMT',
'notBefore': u'May 17 22:44:13 2015 GMT',
'subjectAltName': (('DNS', 'localhost'), ('IP Address', '127.0.0.1')),
'issuer': ((('commonName', u'localhost'),),), 'version': 3L}

* Clarify docstring a bit

* Also add cases to cover both HEAD and GET methods

* Remove standby node magic strings; use method instead

* Fix seal_status Call (#354)

* Add regression tests

* Fix seal_status call

* More meaningful assertion

* Fix Request Redirection Handling (#348)

* simplify chained comparison

* Ensure regression unit test case coverage for paths/redirects

* Revert redirection handling back to the requests module

* Handle double slashes in paths

* Fix syntax for python 2.7

* Log when we transform a requested url

* Explictly assert that we have the expect requests in mocker history

* Clarify lease docs (#355)

* Updates for upcoming release 0.7.1

* Bump patch version to 0.7.1

* prune tests from packages (#356)
Set "skip_missing_interpreters" to true in global tox config (#363)
* Set "skip_missing_interpreters" to true in global tox config

* go full env string expansion 😝 cause why not
Fix For Intermittent Health Test Case Failure (#364)
* Ensure we get an active node when needed

* Remove unneeded debug call
Simplify flake8 env for travis-ci + tox (#365)
* Simplify flake8 env for travis-ci + tox

* Add missing comma
Test Documentation Compilation (#366)
* Update docs requirements to be more explicit

* Test that docs can build cleanly

* Fix m2r requirement

* Clearer job name

* Default to first python ver in the matrix...

* Further clarify job name

* Reorder tox directives a smidge...
Cleanup setup.py a bit (#367)
* Update author / author_email

* Move some auxiliary logic into methods

* gmai.com -> gmail.com

* reorder author names
Use pip-compile For All Requirements (#368)
* Add section covering requirement updates

* Add .in req files, breakout parser (pyhcl) extra_require

* pip-compile all the things

* Pull in latest reqs for docs for good measure

* Add update-all-reqs Makefile targets

* Define "parser" requirements in just one place

* Add clarifying comment

* Simplify new Makefile targets a smidge

* comment bout comments

* Makefile clarifying comment

* Use abs paths starting from setup.py location

* Also dynamically populate install_requires

* Revert requirements loading in setup.py; tis a silly thing to do

* Bump install_requires / extras_require min versions

* Drop extra "parser" requirements as its not strictly needed
Drop use of "version" file (#369)
* Drop use of "version" file

* Clarify updated bumpversion release step

* Fix grammerz

* Remove inadvertently committed hvac/version file

* Organize imports
Add AWS Secrets Engine Class (#370)
* auto generated script

* Include Docs

* "Implement" Aws class

* Tweak docstrings and whatnot

* Param tweaks

* update convert ttl for aws secrets return values

* First pass on aws secrets engine tests

* Fix headings

* Cleanup unused mock server logic, additional role params

* Accept policy_document dict param type

* Start filling in aws secrets docs

* E501 line too long (162 > 160 characters)

* First pass at handling legacy params

* Different status code from Vault v0.11.0 :\

* Fill in legacy_params-related comments / docstrings

* Also update docs

* Add contents section and upper case heading
Adding a Twitter Badge (#372)
* Split up icons with linebreaks

* Add Twitter badge for @hvac_python
Adding Header image (#373)
* Add header image

* Update twitter handle

* Update content email and test URLs

* Commit header image

* Update header image URL to final resting place
Correct a parameter name in AWS secrets docs. (#390)
The parameter name in the "Generate Credentials" example is incorrect. This change fixes that error.
Fix copy/paste error in docs (#395)
The correct method for group listing should be `list_groups_by_name`
AWS: ensure request parameters are sent with generate_credentials (#403)
* AWS: ensure request parameters are sent with generate_credentials

The JSON body is not read on GET requests, we either need to POST or
pass the arguments as query parameters.

* fix AWS engine read_role test that was failing with vault 1.0

* switch back to GET + params

* switch to checking on vault version in AWS integration test
Add Kubernetes Auth Method (#408)
* Release v0.7.2 (#371)

* Tweak Travis CI Configuration (#360)

* drop sudo: false

* remove explicit dist

* simplify build matrix

* change flake8 toxenv name to avoid matching tox-travis default prefixes

* Remove unnecessary `export PATH` "script" step

* Simplify env from list to k/v string

* Clarifying comment re: flake8

* Simplify "allowed failures" row matching

* Speed up overall build time with fast_finish: true

* Rearrange comment to same line being commented on

* Include python 3.7 build jobs

* Bump 0.11 and 1.0 Vault vers to latest patch ver

* Also run flake8 for python 3.7

* Also include "py37" on the tox side of things

* Keep "dist: xenial" for python 3.7 availability

* Tweak flake8 job names for readability

* Shorten comment

* Backporting Master (#362)

* fix double slash (#352)

When called, double slash results in 301 HTTP code and the redirect which is necessary

* Release v0.7.1 (#357)

* Develop is the new integration branch

* Handle "Misses" for Identity Secrets Lookups (#331)

* Regression tests for group lookup misses

* Return None for group lookup misses

* Regression tests for entity lookup misses

* Return None for entity lookup misses

* Also update docstrings

* Move Test Cases out of Package Directory (#334)

* use utils function to get test data path

* rename test => tests and move contents into config_files subdir

* Move scripts subdir under tests dir in root

* Move generate.sh into scripts subdir

* Update paths in generate_test_cert.sh

* clean up config_files readme a smidge

* move test dir into repo root dir

* update import paths

* start breaking out test utils into module

* Break out mock_github_request_handler

* Break out hvac_integration_test_case

* Break out server_manager

* Remove .coveragerc until / unless it is needed once again

* Add Okta Auth Method Class (#341)

* Rename auth subdir under unit_tests

* bonus GCP docs heading fix

* Add Okta auth method docs

* Add Okta auth method test cases

* Add Okta auth method class implementation

* Add pretty_print arg to create_or_update_policy (#342)

* Add pretty_print arg

* Skip new test on Vault v0.11.0

* Bump Vault Versions - Vault v1.0.0 (#344)

* fix TOXENV for 3.6 jobs

* Drop v0.8.3, add v1.0.0

* Update readme

* Handle different response keys in Vault v1.0.0

* Also work around new list response return type

* Add get_generate_root_otp utils method for v1.0.0 and/or previous vers

* Update missed TOXENV arg under allow_failures dict

* Call out why v0.11.0 is hanging about

* Clarify name/purpose of vault ver comparison methods

* Fix identity group conditionals (#346)

* Add regression tests

* Fix member entity/group ids logic in group methods

* DRY up conditional logic

* Add missing docstring content

* Gcp login doc update for issue 345 (#350)

* Clarify source links

* add google-api-python-client example

* Clean up unintentional modification

* Fix For read_health_status() Exception Handling (#347)

* Add url param for create_client

* Install consul for test cases involving Vault HA

* Update test harness with optional Vault HA / consul set up

* Add regerssion test cases for issue #339

* Add raise_exception param to requests

* Use raise_exception param in read_health_status method

* Add ipaddress module per github.com/urllib3/urllib3/issues/1117?

Somehow ended up with this urllib3 error for python 2.7 otherwise:
"urllib3.connection: ERROR: Certificate did not match expected hostname:
127.0.0.1. Certificate: {'serialNumber': u'8D267F50728FF454',
'subject': ((('commonName', u'localhost'),),),
'notAfter': 'May 14 22:44:13 2025 GMT',
'notBefore': u'May 17 22:44:13 2015 GMT',
'subjectAltName': (('DNS', 'localhost'), ('IP Address', '127.0.0.1')),
'issuer': ((('commonName', u'localhost'),),), 'version': 3L}

* Clarify docstring a bit

* Also add cases to cover both HEAD and GET methods

* Remove standby node magic strings; use method instead

* Fix seal_status Call (#354)

* Add regression tests

* Fix seal_status call

* More meaningful assertion

* Fix Request Redirection Handling (#348)

* simplify chained comparison

* Ensure regression unit test case coverage for paths/redirects

* Revert redirection handling back to the requests module

* Handle double slashes in paths

* Fix syntax for python 2.7

* Log when we transform a requested url

* Explictly assert that we have the expect requests in mocker history

* Clarify lease docs (#355)

* Updates for upcoming release 0.7.1

* Bump patch version to 0.7.1

* prune tests from packages (#356)

* Wait for test kvv2 secrets engine to show up in list (#361)

* Set "skip_missing_interpreters" to true in global tox config (#363)

* Set "skip_missing_interpreters" to true in global tox config

* go full env string expansion 😝 cause why not

* Fix For Intermittent Health Test Case Failure (#364)

* Ensure we get an active node when needed

* Remove unneeded debug call

* Simplify flake8 env for travis-ci + tox (#365)

* Simplify flake8 env for travis-ci + tox

* Add missing comma

* Test Documentation Compilation (#366)

* Update docs requirements to be more explicit

* Test that docs can build cleanly

* Fix m2r requirement

* Clearer job name

* Default to first python ver in the matrix...

* Further clarify job name

* Reorder tox directives a smidge...

* Cleanup setup.py a bit (#367)

* Update author / author_email

* Move some auxiliary logic into methods

* gmai.com -> gmail.com

* reorder author names

* Use pip-compile For All Requirements (#368)

* Add section covering requirement updates

* Add .in req files, breakout parser (pyhcl) extra_require

* pip-compile all the things

* Pull in latest reqs for docs for good measure

* Add update-all-reqs Makefile targets

* Define "parser" requirements in just one place

* Add clarifying comment

* Simplify new Makefile targets a smidge

* comment bout comments

* Makefile clarifying comment

* Use abs paths starting from setup.py location

* Also dynamically populate install_requires

* Revert requirements loading in setup.py; tis a silly thing to do

* Bump install_requires / extras_require min versions

* Drop extra "parser" requirements as its not strictly needed

* Drop use of "version" file (#369)

* Drop use of "version" file

* Clarify updated bumpversion release step

* Fix grammerz

* Remove inadvertently committed hvac/version file

* Organize imports

* Add AWS Secrets Engine Class (#370)

* auto generated script

* Include Docs

* "Implement" Aws class

* Tweak docstrings and whatnot

* Param tweaks

* update convert ttl for aws secrets return values

* First pass on aws secrets engine tests

* Fix headings

* Cleanup unused mock server logic, additional role params

* Accept policy_document dict param type

* Start filling in aws secrets docs

* E501 line too long (162 > 160 characters)

* First pass at handling legacy params

* Different status code from Vault v0.11.0 :\

* Fill in legacy_params-related comments / docstrings

* Also update docs

* Add contents section and upper case heading

* Adding a Twitter Badge (#372)

* Split up icons with linebreaks

* Add Twitter badge for @hvac_python

* Adding Header image (#373)

* Add header image

* Update twitter handle

* Update content email and test URLs

* Commit header image

* Update header image URL to final resting place

* Changelog updates for v0.7.2 release

* Update release steps

* Update copyright date

* Bump version: 0.7.1 → 0.7.2

* Clean up vestigial version target reference

* add auth method for Kubernetes

* add tests for Kubernetes auth method

* add function  for check certificate PEM format

* update project common files

* change dict multiline to oneline

* fix gcp integration tests with bound_service_accounts
Fix delete_role_secret_id_accessor method (#375)
* Fix delete_role_secret_id_accessor method

* Fix unit test as well
#376 : fix length in transit.generate_random_bytes() (#377)
The parameter in the HTTP request was incorrect according to the
latest vault API
https://www.vaultproject.io/api/secret/transit/index.html
Update Test Runs With Latest Vault Versions (1.0.3 & 1.1.0) (#396)
* test with the latest vault 1.0.X (1.0.3)

* Add in 1.1.0, drop 0.9.6

* Explictly enable kv v1 secrets engine

* Ensure kv v1 secrets engine under /secret for legacy test cases

* Explictly enable kv v1 secrets engine for sys test classes

* fix indentation
Add possibility to specify type in create_token (#393)
* Add possibility to specify type in create_token

All errors related to explicit_max_ttl / root batch token / ... will get thrown by server

* Fix E303/W293 flake8 complaints

jeffwecan added some commits Mar 27, 2019

Update Readme + Add Doctests (#413)
* Add initial retrieve_mount_option method

* Fix recovery_threshold / recovery_shares conditional

* fix docstring typo

* Fix allowed kv versions logic

* Tweak server manager logic a bit

* Add doctest for getting started bits

* Add missing colon in docstring

* Fix getting-started link

* Drop stray comments

* Ensure kv engine enabled for v1.1.0 doctests

* Fix formatting
@codecov-io

This comment has been minimized.

Copy link

commented Mar 29, 2019

Codecov Report

Merging #414 into master will decrease coverage by 0.35%.
The diff coverage is 83.67%.

@@            Coverage Diff            @@
##           master    #414      +/-   ##
=========================================
- Coverage   91.55%   91.2%   -0.36%     
=========================================
  Files          44      45       +1     
  Lines        2273    2364      +91     
=========================================
+ Hits         2081    2156      +75     
- Misses        192     208      +16
Impacted Files Coverage Δ
hvac/api/secrets_engines/transit.py 93.23% <ø> (ø) ⬆️
hvac/api/system_backend/seal.py 100% <ø> (ø) ⬆️
hvac/api/system_backend/init.py 58.82% <0%> (ø) ⬆️
hvac/api/auth_methods/__init__.py 75% <100%> (+1.31%) ⬆️
hvac/api/secrets_engines/kv.py 100% <100%> (ø) ⬆️
hvac/api/system_backend/mount.py 83.78% <14.28%> (-16.22%) ⬇️
hvac/api/secrets_engines/aws.py 98.14% <66.66%> (-1.86%) ⬇️
hvac/utils.py 75.53% <80.64%> (+0.53%) ⬆️
hvac/v1/__init__.py 86.13% <87.5%> (-0.03%) ⬇️
hvac/api/auth_methods/kubernetes.py 97.77% <97.77%> (ø)
... and 1 more

jeffwecan added some commits Mar 29, 2019

Merge pull request #417 from jeffwecan/revert_regression
Revert "Fix recovery_threshold / recovery_shares conditional"

@jeffwecan jeffwecan merged commit 14b253f into master Mar 31, 2019

0 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
continuous-integration/travis-ci/push The Travis CI build is in progress
Details

@jeffwecan jeffwecan changed the title Release v0.8.0 Release v0.8.0 (and v0.8.1) Mar 31, 2019

@mira-minarik

This comment has been minimized.

Copy link

commented on hvac/v1/__init__.py in 591f6d1 Apr 2, 2019

This line overrides url parameter value passed in call. It is very wrong when i am working with more vault servers.

This comment has been minimized.

Copy link
Collaborator

replied Apr 2, 2019

I'll take a look at what we can do to tweak things. I assume unsetting the VAULT_ADDR env var before instantiating this class when needed doesn't fit in your workflow?

This comment has been minimized.

Copy link

replied Apr 2, 2019

I also just got bitten by this, quite confusing and in contrast with the docs that do not mention that url will be silently ignored if VAULT_ADDR is also set

This comment has been minimized.

Copy link
Collaborator

replied Apr 4, 2019

FYI this behavior has been tweaked to at least allow explicit arguments to the url parameter to take precedence over the VAULT_ADDR env var (if that env var isn't set, the previous default is used. if the env var is set and you want to use the previous default, update your Client() call to Client(url='http://localhost:8200'). Those changes were released on hvac v0.8.2 and tracked as part of #421 -> #423.

(As an aside, please feel free to file a new GitHub issue for new bugs / issues introduced in this module. Comments on commits, such as in this case, run the risk of not receiving the visibility they deserve.)

This comment has been minimized.

Copy link

replied Apr 9, 2019

Thank you for a quick response. The fixed version is right for us.

We use this in puppet agent scripts to replicate KV stores and policies. Manual startup (with predefined root's environment) and regular scheduled execution had surprisingly different results ;)

@jeffwecan jeffwecan added the release label May 23, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.