New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ldap auth method - add missing configure
params by vault api names
#975
Conversation
Hi @ceesios ! Thanks for opening the issue and putting up a change! As written, there are some duplicated dictionary keys. But the bigger issue is that this would change the order of parameters, which will break anyone passing in unnamed arguments. We could perhaps put them at the end, but I want to be cautious about what we're doing here. I'd also want to see tests added to ensure coverage for the new parameters. |
configure
params by vault api names
Codecov Report
@@ Coverage Diff @@
## main #975 +/- ##
==========================================
+ Coverage 84.78% 85.00% +0.21%
==========================================
Files 65 65
Lines 3083 3127 +44
==========================================
+ Hits 2614 2658 +44
Misses 469 469
|
@briantist thank you for the review. I've removed the duplicates and moved the parameters to the end. I will look into the test coverage tomorrow. I have no experience with it but look forward to learning about it. |
This comment was marked as outdated.
This comment was marked as outdated.
@briantist i've added some unit and integration tests. Is this as expected? |
This comment was marked as outdated.
This comment was marked as outdated.
085b858
to
9dbfa98
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
91de86a
to
d34abda
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
I still can't get the test to fail locally, however the error seems to be related to the userfilter trying to parse non-existent variables. Should be fixed by using a raw string. |
Ok, I still haven't had much of a chance to review the actual content on this PR, I've been so busy with getting the CI and release process fixed, and with external things. It might still be some time before I can properly review it, thanks for your patience. |
No problem, |
My guess is that the test failed for a specific (older) Vault version. You may not have been able to reproduce locally because your Vault version is new enough. Removing the test to make it pass means we would have a blind spot in that case. It should probably be restored and we should figure out why, that way we can figure out what we need to add to the code to account for that in older Vault versions. Using a container for your local Vault could help you reproduce it easily. |
This comment was marked as outdated.
This comment was marked as outdated.
This reverts commit 1a599ec.
Ok, so here's what I've come up with.
@ceesios Since this is something of a substantial change, I will look to get review from someone else on the project for my code, and I'd also appreciate if you can pull down and test the changes and ensure they still work for you as expected. |
I've been working on another project at work, sorry for the silence the past weeks. This looks like a significant improvement. I've tested all options against vault 1.11.2 manually and all work as expected. Today and tomorrow i will be in a lot of meetings. I hope to review in more detail this Thursday. |
certificates is defined twice in remove_nones. There are some more params missing;
added in v1.11.x
added in v1.14.x
I will add them tomorrow and will also look at the tests and deprecation warnings. |
…s and order remove_nones
…e_aliases and order remove_nones" This reverts commit 55d28f8.
…s and order remove_nones
looks good to me. I've also tested on 1.14.0 with the ansible module i am using and after adding all the new params there they all work. |
Thanks for these new commits @ceesios ! Could you also add the new parameters to the unit tests? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really like the use of decorators here for the aliased parameters and deprecation warning. Testing for both the aliased and un-aliased paremters is great to see also.
Well done.
commit 1f88016 Author: Daniel Kimsey <90741+dekimsey@users.noreply.github.com> Date: Mon Aug 14 15:22:10 2023 -0500 Fix premature read on stream requests in the `sys.take_raft_snapshot` method (hvac#771) * Fix premature read on stream requests When a caller (such as `sys.take_raft_snapshot`) performs a stream request, the act of attempting to parse the response as JSON causes the entire response body to be read and the underlying connection to be closed. This renders the streaming response moot. This change addresses that issue by examining if the caller requested a stream response, and if so returning the response as is. Without the change, it is impossible to read raft snapshots that are larger than memory as the entire response is read into memory to attempt to read as JSON. * add the Adapter.from_adapter class method * add test for adapter class method * Modify raft snapshot to always use RawAdapter Co-authored-by: Daniel Kimsey <dkimsey@trustwave.com> --------- Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com> commit c398774 Author: ceesios <cees@virtu-on.nl> Date: Mon Aug 14 22:17:12 2023 +0200 ldap auth method - add missing `configure` params by vault api names (hvac#975) * add missing params by vault api names * move new parameters to the end * remove duplicate keys * add ldap tests for new params * fix black formatting * fix integrtion test with raw string * remove userfilter from integration test * Revert "remove userfilter from integration test" This reverts commit 296e9f2. * fix userFilter failure on Vault < 1.9 * fix capitalization * fix conditional for other tests * fix typo in user_dn doc * add generate_parameter_deprecation_message utility function * fixup * stop suppressing deprecation errors * add aliased_parameter decorator and tests * fix asterisks in docstring * Revert "fix asterisks in docstring" This reverts commit 1a599ec. * fix docstring asterisks without side effects * add testcases to fill out coverage of alias decorator * fix lint * update LDAP configure to use alias wrapper for replaced parameter names * update test references to use canonical names * add client_tls, connection_timeout, max_page_size, dereference_aliases and order remove_nones * Revert "add client_tls, connection_timeout, max_page_size, dereference_aliases and order remove_nones" This reverts commit 55d28f8. * add client_tls, connection_timeout, max_page_size, dereference_aliases and order remove_nones * add new params to unit tests --------- Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Deprecation notice from the maintainers
Several parameters on this method have been normalized to match their API names, for example
user_dn
is nowuserdn
,group_filter
is nowgroupfilter
, etc.For backwards compatibility, the old names still work, however they will be removed in
v3.0.0
and if you use them fromv1.2.0
you will receive a deprecation warning. Please update your calls to use the new names. Setting these parameters positionally should be unaffected in this case, but we recommend updating to use named parameters.Would fix #974
Please let me know if this is the way to go or if i'm missing something.