Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-azure-keyvault-certificates
for openSUSE:Factory checked in at 2026-05-07 15:45:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-azure-keyvault-certificates (Old)
and
/work/SRC/openSUSE:Factory/.python-azure-keyvault-certificates.new.1966 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-azure-keyvault-certificates"
Thu May 7 15:45:51 2026 rev:17 rq:1351394 version:4.11.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-azure-keyvault-certificates/python-azure-keyvault-certificates.changes
2026-04-20 16:13:59.063838607 +0200
+++
/work/SRC/openSUSE:Factory/.python-azure-keyvault-certificates.new.1966/python-azure-keyvault-certificates.changes
2026-05-07 15:47:27.821252644 +0200
@@ -1,0 +2,9 @@
+Wed May 6 07:41:40 UTC 2026 - John Paul Adrian Glaubitz
<[email protected]>
+
+- New upstream release
+ + Version 4.11.1
+ + For detailed information about changes see the
+ CHANGELOG.md file provided with this package
+- Update Requires from pyproject.toml
+
+-------------------------------------------------------------------
Old:
----
azure_keyvault_certificates-4.11.0.tar.gz
New:
----
azure_keyvault_certificates-4.11.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-azure-keyvault-certificates.spec ++++++
--- /var/tmp/diff_new_pack.jxW88h/_old 2026-05-07 15:47:28.389275908 +0200
+++ /var/tmp/diff_new_pack.jxW88h/_new 2026-05-07 15:47:28.393276071 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-azure-keyvault-certificates
-Version: 4.11.0
+Version: 4.11.1
Release: 0
Summary: Microsoft Azure Key Vault Certificates Client Library for
Python
License: MIT
@@ -34,6 +34,7 @@
BuildRequires: python-rpm-macros
Requires: python-azure-keyvault-nspkg >= 1.0.0
Requires: python-azure-nspkg >= 3.0.0
+Requires: python-cryptography >= 44.0.2
Requires: python-isodate >= 0.6.1
Requires: python-typing_extensions >= 4.6.0
Requires: (python-azure-common >= 1.1 with python-azure-common < 2.0.0)
++++++ azure_keyvault_certificates-4.11.0.tar.gz ->
azure_keyvault_certificates-4.11.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_keyvault_certificates-4.11.0/CHANGELOG.md
new/azure_keyvault_certificates-4.11.1/CHANGELOG.md
--- old/azure_keyvault_certificates-4.11.0/CHANGELOG.md 2026-04-17
02:50:37.000000000 +0200
+++ new/azure_keyvault_certificates-4.11.1/CHANGELOG.md 2026-05-05
17:45:39.000000000 +0200
@@ -1,5 +1,14 @@
# Release History
+## 4.11.1 (2026-04-29)
+
+### Bugs Fixed
+
+- Fixed `CertificateClient.begin_create_certificate` (and its async
counterpart) incorrectly raising
+ `ValueError` when a `CertificatePolicy` was created with only
`san_ip_addresses` or `san_uris` and no
+ `subject`, `san_dns_names`, `san_emails`, or `san_user_principal_names`. IP
addresses and URIs are
+ valid subject alternative name types and are now recognized by the client's
policy validator.
+
## 4.11.0 (2026-03-27)
### Features Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_keyvault_certificates-4.11.0/PKG-INFO
new/azure_keyvault_certificates-4.11.1/PKG-INFO
--- old/azure_keyvault_certificates-4.11.0/PKG-INFO 2026-04-17
02:51:35.070873300 +0200
+++ new/azure_keyvault_certificates-4.11.1/PKG-INFO 2026-05-05
17:49:24.102657800 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: azure-keyvault-certificates
-Version: 4.11.0
+Version: 4.11.1
Summary: Microsoft Corporation Key Vault Certificates Client Library for Python
Author-email: Microsoft Corporation <[email protected]>
License: MIT License
@@ -420,6 +420,15 @@
# Release History
+## 4.11.1 (2026-04-29)
+
+### Bugs Fixed
+
+- Fixed `CertificateClient.begin_create_certificate` (and its async
counterpart) incorrectly raising
+ `ValueError` when a `CertificatePolicy` was created with only
`san_ip_addresses` or `san_uris` and no
+ `subject`, `san_dns_names`, `san_emails`, or `san_user_principal_names`. IP
addresses and URIs are
+ valid subject alternative name types and are now recognized by the client's
policy validator.
+
## 4.11.0 (2026-03-27)
### Features Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/azure/keyvault/certificates/_client.py
new/azure_keyvault_certificates-4.11.1/azure/keyvault/certificates/_client.py
---
old/azure_keyvault_certificates-4.11.0/azure/keyvault/certificates/_client.py
2026-04-17 02:50:37.000000000 +0200
+++
new/azure_keyvault_certificates-4.11.1/azure/keyvault/certificates/_client.py
2026-05-05 17:45:39.000000000 +0200
@@ -100,7 +100,14 @@
:caption: Create a certificate
:dedent: 8
"""
- if not (policy.san_emails or policy.san_user_principal_names or
policy.san_dns_names or policy.subject):
+ if not (
+ policy.san_emails
+ or policy.san_user_principal_names
+ or policy.san_dns_names
+ or policy.san_ip_addresses
+ or policy.san_uris
+ or policy.subject
+ ):
raise ValueError(NO_SAN_OR_SUBJECT)
polling_interval = kwargs.pop("_polling_interval", None)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/azure/keyvault/certificates/_version.py
new/azure_keyvault_certificates-4.11.1/azure/keyvault/certificates/_version.py
---
old/azure_keyvault_certificates-4.11.0/azure/keyvault/certificates/_version.py
2026-04-17 02:50:37.000000000 +0200
+++
new/azure_keyvault_certificates-4.11.1/azure/keyvault/certificates/_version.py
2026-05-05 17:45:39.000000000 +0200
@@ -3,4 +3,4 @@
# Licensed under the MIT License.
# ------------------------------------
-VERSION = "4.11.0"
+VERSION = "4.11.1"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/azure/keyvault/certificates/aio/_client.py
new/azure_keyvault_certificates-4.11.1/azure/keyvault/certificates/aio/_client.py
---
old/azure_keyvault_certificates-4.11.0/azure/keyvault/certificates/aio/_client.py
2026-04-17 02:50:37.000000000 +0200
+++
new/azure_keyvault_certificates-4.11.1/azure/keyvault/certificates/aio/_client.py
2026-05-05 17:45:39.000000000 +0200
@@ -96,7 +96,14 @@
:caption: Create a certificate
:dedent: 8
"""
- if not (policy.san_emails or policy.san_user_principal_names or
policy.san_dns_names or policy.subject):
+ if not (
+ policy.san_emails
+ or policy.san_user_principal_names
+ or policy.san_dns_names
+ or policy.san_ip_addresses
+ or policy.san_uris
+ or policy.subject
+ ):
raise ValueError(NO_SAN_OR_SUBJECT)
polling_interval = kwargs.pop("_polling_interval", None)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/azure_keyvault_certificates.egg-info/PKG-INFO
new/azure_keyvault_certificates-4.11.1/azure_keyvault_certificates.egg-info/PKG-INFO
---
old/azure_keyvault_certificates-4.11.0/azure_keyvault_certificates.egg-info/PKG-INFO
2026-04-17 02:51:35.000000000 +0200
+++
new/azure_keyvault_certificates-4.11.1/azure_keyvault_certificates.egg-info/PKG-INFO
2026-05-05 17:49:24.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: azure-keyvault-certificates
-Version: 4.11.0
+Version: 4.11.1
Summary: Microsoft Corporation Key Vault Certificates Client Library for Python
Author-email: Microsoft Corporation <[email protected]>
License: MIT License
@@ -420,6 +420,15 @@
# Release History
+## 4.11.1 (2026-04-29)
+
+### Bugs Fixed
+
+- Fixed `CertificateClient.begin_create_certificate` (and its async
counterpart) incorrectly raising
+ `ValueError` when a `CertificatePolicy` was created with only
`san_ip_addresses` or `san_uris` and no
+ `subject`, `san_dns_names`, `san_emails`, or `san_user_principal_names`. IP
addresses and URIs are
+ valid subject alternative name types and are now recognized by the client's
policy validator.
+
## 4.11.0 (2026-03-27)
### Features Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_keyvault_certificates-4.11.0/pyproject.toml
new/azure_keyvault_certificates-4.11.1/pyproject.toml
--- old/azure_keyvault_certificates-4.11.0/pyproject.toml 2026-04-17
02:50:37.000000000 +0200
+++ new/azure_keyvault_certificates-4.11.1/pyproject.toml 2026-05-05
17:45:39.000000000 +0200
@@ -93,6 +93,7 @@
"azure-identity",
"azure-keyvault-nspkg",
"azure-sdk-tools",
+ "cryptography>=44.0.2,<47.0.0",
"parameterized>=0.7.3",
"pyopenssl",
"python-dateutil>=2.8.0",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/tests/_async_test_case.py
new/azure_keyvault_certificates-4.11.1/tests/_async_test_case.py
--- old/azure_keyvault_certificates-4.11.0/tests/_async_test_case.py
2026-04-17 02:50:37.000000000 +0200
+++ new/azure_keyvault_certificates-4.11.1/tests/_async_test_case.py
2026-05-05 17:45:39.000000000 +0200
@@ -20,9 +20,20 @@
self.is_logging_enabled = kwargs.pop("logging_enable", True)
if is_live():
- os.environ["AZURE_TENANT_ID"] = os.getenv("KEYVAULT_TENANT_ID",
"") # empty in pipelines
- os.environ["AZURE_CLIENT_ID"] = os.getenv("KEYVAULT_CLIENT_ID",
"") # empty in pipelines
- os.environ["AZURE_CLIENT_SECRET"] =
os.getenv("KEYVAULT_CLIENT_SECRET", "") # empty for user-based auth
+ # Only set AZURE_* vars if the KEYVAULT_* counterpart is non-empty.
+ # Setting them to empty strings causes EnvironmentCredential to
attempt (and fail)
+ # ClientSecretCredential construction. Removing them lets
DefaultAzureCredential
+ # fall through to AzureCliCredential for developer/interactive
auth.
+ for keyvault_var, azure_var in (
+ ("KEYVAULT_TENANT_ID", "AZURE_TENANT_ID"),
+ ("KEYVAULT_CLIENT_ID", "AZURE_CLIENT_ID"),
+ ("KEYVAULT_CLIENT_SECRET", "AZURE_CLIENT_SECRET"),
+ ):
+ value = os.getenv(keyvault_var, "")
+ if value:
+ os.environ[azure_var] = value
+ else:
+ os.environ.pop(azure_var, None)
def __call__(self, fn):
async def _preparer(test_class, api_version, **kwargs):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/tests/_test_case.py
new/azure_keyvault_certificates-4.11.1/tests/_test_case.py
--- old/azure_keyvault_certificates-4.11.0/tests/_test_case.py 2026-04-17
02:50:37.000000000 +0200
+++ new/azure_keyvault_certificates-4.11.1/tests/_test_case.py 2026-05-05
17:45:39.000000000 +0200
@@ -25,9 +25,20 @@
if is_live():
self.azure_keyvault_url = os.environ["AZURE_KEYVAULT_URL"]
- os.environ["AZURE_TENANT_ID"] = os.getenv("KEYVAULT_TENANT_ID",
"") # empty in pipelines
- os.environ["AZURE_CLIENT_ID"] = os.getenv("KEYVAULT_CLIENT_ID",
"") # empty in pipelines
- os.environ["AZURE_CLIENT_SECRET"] =
os.getenv("KEYVAULT_CLIENT_SECRET", "") # empty for user-based auth
+ # Only set AZURE_* vars if the KEYVAULT_* counterpart is non-empty.
+ # Setting them to empty strings causes EnvironmentCredential to
attempt (and fail)
+ # ClientSecretCredential construction. Removing them lets
DefaultAzureCredential
+ # fall through to AzureCliCredential for developer/interactive
auth.
+ for keyvault_var, azure_var in (
+ ("KEYVAULT_TENANT_ID", "AZURE_TENANT_ID"),
+ ("KEYVAULT_CLIENT_ID", "AZURE_CLIENT_ID"),
+ ("KEYVAULT_CLIENT_SECRET", "AZURE_CLIENT_SECRET"),
+ ):
+ value = os.getenv(keyvault_var, "")
+ if value:
+ os.environ[azure_var] = value
+ else:
+ os.environ.pop(azure_var, None)
def __call__(self, fn):
def _preparer(test_class, api_version, **kwargs):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/azure_keyvault_certificates-4.11.0/tests/conftest.py
new/azure_keyvault_certificates-4.11.1/tests/conftest.py
--- old/azure_keyvault_certificates-4.11.0/tests/conftest.py 2026-04-17
02:50:37.000000000 +0200
+++ new/azure_keyvault_certificates-4.11.1/tests/conftest.py 2026-05-05
17:45:39.000000000 +0200
@@ -89,6 +89,10 @@
@pytest.fixture(scope="session")
def event_loop(request):
- loop = asyncio.get_event_loop()
+ try:
+ loop = asyncio.get_event_loop()
+ except RuntimeError:
+ loop = asyncio.new_event_loop()
+ asyncio.set_event_loop(loop)
yield loop
loop.close()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/tests/test_certificates_client.py
new/azure_keyvault_certificates-4.11.1/tests/test_certificates_client.py
--- old/azure_keyvault_certificates-4.11.0/tests/test_certificates_client.py
2026-04-17 02:50:37.000000000 +0200
+++ new/azure_keyvault_certificates-4.11.1/tests/test_certificates_client.py
2026-05-05 17:45:39.000000000 +0200
@@ -8,7 +8,7 @@
import time
from unittest.mock import Mock, patch
-from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError
+from azure.core.exceptions import HttpResponseError, ResourceExistsError,
ResourceNotFoundError, ServiceRequestError
from azure.core.pipeline.policies import SansIOHTTPPolicy
from devtools_testutils import recorded_by_proxy
from azure.keyvault.certificates import (
@@ -766,6 +766,41 @@
@pytest.mark.parametrize("api_version", only_latest)
@CertificatesClientPreparer()
@recorded_by_proxy
+ def test_create_certificate_with_san_ip_and_uris(self, client, **kwargs):
+ """Verify certificates with only san_ip_addresses or san_uris (no
subject/dns) can be created."""
+ # Certificate with only IP addresses in SANs
+ ip_cert_name = self.get_resource_name("sanIpCert")
+ ip_policy = CertificatePolicy(
+ issuer_name=WellKnownIssuerNames.self,
+ san_ip_addresses=["10.0.0.1", "192.168.1.1"],
+ content_type=CertificateContentType.pkcs12,
+ )
+ ip_cert =
client.begin_create_certificate(certificate_name=ip_cert_name,
policy=ip_policy).result()
+ assert ip_cert.name == ip_cert_name
+ returned_ip_policy = client.get_certificate_policy(ip_cert_name)
+ assert set(returned_ip_policy.san_ip_addresses) == {"10.0.0.1",
"192.168.1.1"}
+ assert not returned_ip_policy.san_dns_names
+ assert not returned_ip_policy.san_uris
+ client.begin_delete_certificate(ip_cert_name).wait()
+
+ # Certificate with only URIs in SANs
+ uri_cert_name = self.get_resource_name("sanUriCert")
+ uri_policy = CertificatePolicy(
+ issuer_name=WellKnownIssuerNames.self,
+ san_uris=["https://service.example.com/api";],
+ content_type=CertificateContentType.pkcs12,
+ )
+ uri_cert =
client.begin_create_certificate(certificate_name=uri_cert_name,
policy=uri_policy).result()
+ assert uri_cert.name == uri_cert_name
+ returned_uri_policy = client.get_certificate_policy(uri_cert_name)
+ assert returned_uri_policy.san_uris
+ assert not returned_uri_policy.san_dns_names
+ assert not returned_uri_policy.san_ip_addresses
+ client.begin_delete_certificate(uri_cert_name).wait()
+
+ @pytest.mark.parametrize("api_version", only_latest)
+ @CertificatesClientPreparer()
+ @recorded_by_proxy
def test_unknown_issuer_response(self, client, **kwargs):
"""When a certificate is created with an unknown issuer, the poller
result should be a CertificateOperation"""
cert_name = self.get_resource_name("unknownIssuer")
@@ -804,6 +839,24 @@
policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self)
client.begin_create_certificate("...", policy=policy)
+ # san_ip_addresses alone should be accepted (no ValueError)
+ policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self,
san_ip_addresses=["10.0.0.1"])
+ try:
+ client.begin_create_certificate("...", policy=policy)
+ except ValueError:
+ pytest.fail("begin_create_certificate should not raise ValueError for
san_ip_addresses-only policy")
+ except (HttpResponseError, ServiceRequestError):
+ pass # Expected: network/auth error since we are using a fake client
+
+ # san_uris alone should be accepted (no ValueError)
+ policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self,
san_uris=["https://example.com";])
+ try:
+ client.begin_create_certificate("...", policy=policy)
+ except ValueError:
+ pytest.fail("begin_create_certificate should not raise ValueError for
san_uris-only policy")
+ except (HttpResponseError, ServiceRequestError):
+ pass # Expected: network/auth error since we are using a fake client
+
def test_service_headers_allowed_in_logs():
service_headers = {"x-ms-keyvault-network-info", "x-ms-keyvault-region",
"x-ms-keyvault-service-version"}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/azure_keyvault_certificates-4.11.0/tests/test_certificates_client_async.py
new/azure_keyvault_certificates-4.11.1/tests/test_certificates_client_async.py
---
old/azure_keyvault_certificates-4.11.0/tests/test_certificates_client_async.py
2026-04-17 02:50:37.000000000 +0200
+++
new/azure_keyvault_certificates-4.11.1/tests/test_certificates_client_async.py
2026-05-05 17:45:39.000000000 +0200
@@ -8,7 +8,7 @@
import json
from unittest.mock import Mock, patch
-from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError
+from azure.core.exceptions import HttpResponseError, ResourceExistsError,
ResourceNotFoundError, ServiceRequestError
from azure.core.pipeline.policies import SansIOHTTPPolicy
from devtools_testutils import set_bodiless_matcher, set_custom_default_matcher
from devtools_testutils.aio import recorded_by_proxy_async
@@ -791,6 +791,43 @@
@pytest.mark.parametrize("api_version", only_latest)
@AsyncCertificatesClientPreparer()
@recorded_by_proxy_async
+ async def test_create_certificate_with_san_ip_and_uris(self, client,
**kwargs):
+ """Verify certificates with only san_ip_addresses or san_uris (no
subject/dns) can be created."""
+ # Certificate with only IP addresses in SANs
+ ip_cert_name = self.get_resource_name("sanIpCert")
+ ip_policy = CertificatePolicy(
+ issuer_name=WellKnownIssuerNames.self,
+ san_ip_addresses=["10.0.0.1", "192.168.1.1"],
+ content_type=CertificateContentType.pkcs12,
+ )
+ ip_cert = await
client.create_certificate(certificate_name=ip_cert_name, policy=ip_policy)
+ assert ip_cert.name == ip_cert_name
+ returned_ip_policy = await client.get_certificate_policy(ip_cert_name)
+ assert set(returned_ip_policy.san_ip_addresses) == {"10.0.0.1",
"192.168.1.1"}
+ assert not returned_ip_policy.san_dns_names
+ assert not returned_ip_policy.san_uris
+ await client.delete_certificate(ip_cert_name)
+
+ # Certificate with only URIs in SANs
+ uri_cert_name = self.get_resource_name("sanUriCert")
+ uri_policy = CertificatePolicy(
+ issuer_name=WellKnownIssuerNames.self,
+ san_uris=["https://service.example.com/api";],
+ content_type=CertificateContentType.pkcs12,
+ )
+ uri_cert = await
client.create_certificate(certificate_name=uri_cert_name, policy=uri_policy)
+ assert uri_cert.name == uri_cert_name
+ returned_uri_policy = await
client.get_certificate_policy(uri_cert_name)
+ assert returned_uri_policy.san_uris
+ assert not returned_uri_policy.san_dns_names
+ assert not returned_uri_policy.san_ip_addresses
+ await client.delete_certificate(uri_cert_name)
+ await client.close()
+
+ @pytest.mark.asyncio
+ @pytest.mark.parametrize("api_version", only_latest)
+ @AsyncCertificatesClientPreparer()
+ @recorded_by_proxy_async
async def test_unknown_issuer_response(self, client, **kwargs):
"""When a certificate is created with an unknown issuer, the poller
result should be a CertificateOperation"""
cert_name = self.get_resource_name("unknownIssuer")
@@ -827,6 +864,24 @@
policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self)
await client.create_certificate("...", policy=policy)
+ # san_ip_addresses alone should be accepted (no ValueError)
+ policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self,
san_ip_addresses=["10.0.0.1"])
+ try:
+ await client.create_certificate("...", policy=policy)
+ except ValueError:
+ pytest.fail("create_certificate should not raise ValueError for
san_ip_addresses-only policy")
+ except (HttpResponseError, ServiceRequestError):
+ pass # Expected: network/auth error since we are using a fake client
+
+ # san_uris alone should be accepted (no ValueError)
+ policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self,
san_uris=["https://example.com";])
+ try:
+ await client.create_certificate("...", policy=policy)
+ except ValueError:
+ pytest.fail("create_certificate should not raise ValueError for
san_uris-only policy")
+ except (HttpResponseError, ServiceRequestError):
+ pass # Expected: network/auth error since we are using a fake client
+
def test_service_headers_allowed_in_logs():
service_headers = {"x-ms-keyvault-network-info", "x-ms-keyvault-region",
"x-ms-keyvault-service-version"}
