Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-hvac for openSUSE:Factory
checked in at 2021-05-19 17:49:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-hvac (Old)
and /work/SRC/openSUSE:Factory/.python-hvac.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-hvac"
Wed May 19 17:49:18 2021 rev:7 rq:894170 version:0.10.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-hvac/python-hvac.changes 2021-04-23
17:50:55.798825569 +0200
+++ /work/SRC/openSUSE:Factory/.python-hvac.new.2988/python-hvac.changes
2021-05-19 17:49:30.197503648 +0200
@@ -1,0 +2,12 @@
+Tue May 18 22:15:54 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 0.10.10:
+ - AWS Secrets Engine: Add support for iam_tags when creating roles. GH-684
+ - Add Active Directory generate credential capability. GH-657
+ - Add `policies` Parameter to Userpass `create_or_update_user()` Method.
GH-562
+ - Add handling of unsupported HTTP methods inside adapter. GH-689
+ - Add Convenience `read_secret()` Method for KVv2 Class. GH-686
+ - Set daemon attribute instead of using setDaemon method that was deprecated
in Python 3.10. GH-688
+ - Send AppRole generate_secret_id Method Metadata Parameter as String GH-68
+
+-------------------------------------------------------------------
Old:
----
v0.10.8.tar.gz
New:
----
v0.10.10.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-hvac.spec ++++++
--- /var/tmp/diff_new_pack.a0TkJr/_old 2021-05-19 17:49:30.713501483 +0200
+++ /var/tmp/diff_new_pack.a0TkJr/_new 2021-05-19 17:49:30.717501467 +0200
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-hvac
-Version: 0.10.8
+Version: 0.10.10
Release: 0
Summary: HashiCorp Vault API client
License: BSD-3-Clause
++++++ v0.10.8.tar.gz -> v0.10.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/.bumpversion.cfg
new/hvac-0.10.10/.bumpversion.cfg
--- old/hvac-0.10.8/.bumpversion.cfg 2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/.bumpversion.cfg 2021-04-29 17:24:59.000000000 +0200
@@ -1,5 +1,5 @@
[bumpversion]
-current_version = 0.10.8
+current_version = 0.10.10
commit = True
tag = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/CHANGELOG.md
new/hvac-0.10.10/CHANGELOG.md
--- old/hvac-0.10.8/CHANGELOG.md 2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/CHANGELOG.md 2021-04-29 17:24:59.000000000 +0200
@@ -1,5 +1,34 @@
# Changelog
+## 0.10.10 (April 29th, 2021)
+
+### ???? Features
+
+- AWS Secrets Engine: Add support for iam_tags when creating roles. GH-684
+- Add Active Directory generate credential capability. GH-657
+- Add `policies` Parameter to Userpass `create_or_update_user()` Method. GH-562
+- Add handling of unsupported HTTP methods inside adapter. GH-689
+- Add Convenience `read_secret()` Method for KVv2 Class. GH-686
+
+### ???? Miscellaneous
+
+- Set daemon attribute instead of using setDaemon method that was deprecated
in Python 3.10. GH-688
+
+Thanks to @jeffwecan, @mblau-leaffilter, @nicholaswold, @sshishov, @tirkarthi,
@tomwerneruk and @vamshideveloper for their lovely contributions.
+
+## 0.10.9 (April 2nd, 2021)
+
+### ???? Bug Fixes
+
+- Send AppRole generate_secret_id Method Metadata Parameter as String GH-689
+
+### ???? Documentation
+
+- Fix lambda authentication example in aws auth documentation. GH-675
+- Docs(secret_engines/pki): Remove 'self' from examples. GH-676
+
+Thanks to @JPoser, @fhemberger, @jeffwecan, @lperdereau and jposer for their
lovely contributions.
+
## 0.10.8 (February 8th, 2021)
### ???? Features
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/docs/conf.py
new/hvac-0.10.10/docs/conf.py
--- old/hvac-0.10.8/docs/conf.py 2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/docs/conf.py 2021-04-29 17:24:59.000000000 +0200
@@ -16,9 +16,9 @@
author = u'Ian Unruh, Jeffrey Hogan'
# The short X.Y version
-version = '0.10.8'
+version = '0.10.10'
# The full version, including alpha/beta/rc tags
-release = '0.10.8'
+release = '0.10.10'
# -- General configuration ---------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/docs/usage/auth_methods/aws.rst
new/hvac-0.10.10/docs/usage/auth_methods/aws.rst
--- old/hvac-0.10.8/docs/usage/auth_methods/aws.rst 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/docs/usage/auth_methods/aws.rst 2021-04-29
17:24:59.000000000 +0200
@@ -90,13 +90,13 @@
def infer_credentials_from_iam_role(iam_role):
on_lambda = 'AWS_LAMBDA_FUNCTION_NAME' in os.environ
if on_lambda:
- return os.environ['AWS_ACCESS_KEY_ID'],
os.environ['AWS_SECRET_ACCESS_KEY']
+ return os.environ['AWS_ACCESS_KEY_ID'],
os.environ['AWS_SECRET_ACCESS_KEY'], os.environ['AWS_SESSION_TOKEN']
else:
security_credentials = load_aws_ec2_role_iam_credentials(iam_role)
return security_credentials['AccessKeyId'],
security_credentials['SecretAccessKey']
- access_key_id, secret_access_key =
infer_credentials_from_iam_role('some-role')
+ access_key_id, secret_access_key, session_token =
infer_credentials_from_iam_role('some-role')
client = hvac.Client()
client.auth.aws.iam_login(access_key_id, secret_access_key, session_token)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hvac-0.10.8/docs/usage/secrets_engines/activedirectory.rst
new/hvac-0.10.10/docs/usage/secrets_engines/activedirectory.rst
--- old/hvac-0.10.8/docs/usage/secrets_engines/activedirectory.rst
1970-01-01 01:00:00.000000000 +0100
+++ new/hvac-0.10.10/docs/usage/secrets_engines/activedirectory.rst
2021-04-29 17:24:59.000000000 +0200
@@ -0,0 +1,146 @@
+Active Directory
+================
+
+.. contents::
+
+Configure AD Secrets Secrets Engine
+-----------------------------------
+
+Configure the AD secrets engine to either manage service accounts or service
account libraries.
+
+Source reference: :py:meth:`hvac.api.secrets_engines.activedirectory.configure`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ # Not all these settings may apply to your setup, refer to Vault
+ # documentation for context of what to use here
+
+ config_response = client.secrets.activedirectory.configure(
+ binddn='usern...@domain.fqdn', # A upn or DN can be used for this
value, Vault resolves the user to a dn silently
+ bindpass='***********',
+ url='ldaps://domain.fqdn',
+ userdn='CN=Users,DN=domain,DN=fqdn',
+ upndomain='domain.fqdn',
+ ttl=60,
+ max_ttl=120
+ )
+ print(config_response)
+
+
+Read Config
+-----------
+
+Return the AD Secret Engine configuration.
+
+Source reference:
:py:meth:`hvac.api.secrets_engines.activedirectory.read_config`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ config_response = client.secrets.activedirectory.read_config()
+
+
+Create or Update Role
+---------------------
+
+Create or Update a role which allows the retrieval and rotation of an AD
account. Retrieve and rotate the actual credential via generate_credentials().
+
+Source reference:
:py:meth:`hvac.api.secrets_engines.activedirectory.create_or_update_role`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ role_response = client.secrets.activedirectory.create_or_update_role(
+ name='sql-service-account',
+ service_account_name='svc-sqldb-pets...@domain.fqdn',
+ ttl=60)
+
+
+Read Role
+---------
+
+Retrieve the role configuration which allows the retrieval and rotation of an
AD account. Retrieve and rotate the actual credential via
generate_credentials().
+
+Source reference: :py:meth:`hvac.api.secrets_engines.activedirectory.read_role`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ role_response =
client.secrets.activedirectory.read_role(name='sql-service-account')
+
+
+List Roles
+----------
+
+List all configured roles which allows the retrieval and rotation of an AD
account. Retrieve and rotate the actual credential via generate_credentials().
+
+Source reference:
:py:meth:`hvac.api.secrets_engines.activedirectory.list_roles`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ all_roles = client.secrets.activedirectory.list_roles()
+
+
+Delete Role
+-----------
+
+Remove the role configuration which allows the retrieval and rotation of an AD
account.
+
+The account is retained in Active Directory, but the password will be whatever
Vault had rotated it to last.
+To regain control, the password will need to be reset via Active Directory.
+
+Source reference:
:py:meth:`hvac.api.secrets_engines.activedirectory.delete_role`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ deletion_response =
client.secrets.activedirectory.delete_role(name='sql-service-account')
+
+Generate Credentials
+--------------------
+
+Retrieve a service account password from AD. Return the previous password (if
known). Vault shall rotate
+the password before returning it, if it has breached its configured ttl.
+
+Source reference:
:py:meth:`hvac.api.secrets_engines.activedirectory.generate_credentials`
+
+.. code:: python
+
+ import hvac
+ client = hvac.Client()
+
+ # Authenticate to Vault using client.auth.x
+
+ gen_creds_response = client.secrets.activedirectory.generate_credentials(
+ name='hvac-role',
+ )
+ print('Retrieved Service Account Password: {access} (Current) / {secret}
(Old)'.format(
+ access=gen_creds_response['data']['current_password'],
+ secret=gen_creds_response['data']['old_password'],
+ ))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/docs/usage/secrets_engines/index.rst
new/hvac-0.10.10/docs/usage/secrets_engines/index.rst
--- old/hvac-0.10.8/docs/usage/secrets_engines/index.rst 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/docs/usage/secrets_engines/index.rst 2021-04-29
17:24:59.000000000 +0200
@@ -4,6 +4,7 @@
.. toctree::
:maxdepth: 2
+ activedirectory
aws
azure
gcp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/docs/usage/secrets_engines/pki.rst
new/hvac-0.10.10/docs/usage/secrets_engines/pki.rst
--- old/hvac-0.10.8/docs/usage/secrets_engines/pki.rst 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/docs/usage/secrets_engines/pki.rst 2021-04-29
17:24:59.000000000 +0200
@@ -25,7 +25,7 @@
import hvac
client = hvac.Client()
- read_ca_certificate_chain_response =
self.client.secrets.pki.read_ca_certificate_chain()
+ read_ca_certificate_chain_response =
client.secrets.pki.read_ca_certificate_chain()
print('Current PKI CA Certificate Chain:
{}'.format(read_ca_certificate_chain_response))
@@ -39,7 +39,7 @@
import hvac
client = hvac.Client()
- read_certificate_response =
self.client.secrets.pki.read_certificate(serial='crl')
+ read_certificate_response =
client.secrets.pki.read_certificate(serial='crl')
print('Current PKI CRL: {}'.format(read_certificate_response))
@@ -53,7 +53,7 @@
import hvac
client = hvac.Client()
- list_certificate_response = self.client.secrets.pki.list_certificates()
+ list_certificate_response = client.secrets.pki.list_certificates()
print('Current certificates (serial numbers):
{}'.format(list_certificate_response))
@@ -67,7 +67,7 @@
import hvac
client = hvac.Client()
- submit_ca_information_response =
self.client.secrets.pki.submit_ca_information(
+ submit_ca_information_response =
client.secrets.pki.submit_ca_information(
'-----BEGIN RSA PRIVATE KEY-----\n...\n-----END CERTIFICATE-----'
)
@@ -82,7 +82,7 @@
import hvac
client = hvac.Client()
- read_crl_configuration_response =
self.client.secrets.pki.read_crl_configuration()
+ read_crl_configuration_response =
client.secrets.pki.read_crl_configuration()
print('CRL configuration: {}'.format(read_crl_configuration_response))
@@ -96,7 +96,7 @@
import hvac
client = hvac.Client()
- set_crl_configuration_response =
self.client.secrets.pki.set_crl_configuration(
+ set_crl_configuration_response =
client.secrets.pki.set_crl_configuration(
expiry='72h',
disable=False
)
@@ -112,7 +112,7 @@
import hvac
client = hvac.Client()
- read_urls_response = self.client.secrets.pki.read_urls()
+ read_urls_response = client.secrets.pki.read_urls()
print('Get PKI urls: {}'.format(read_urls_response))
@@ -126,7 +126,7 @@
import hvac
client = hvac.Client()
- set_urls_response = self.client.secrets.pki.set_urls(
+ set_urls_response = client.secrets.pki.set_urls(
{
'issuing_certificates': ['http://127.0.0.1:8200/v1/pki/ca'],
'crl_distribution_points': ['http://127.0.0.1:8200/v1/pki/crl']
@@ -144,7 +144,7 @@
import hvac
client = hvac.Client()
- read_crl_response = self.client.secrets.pki.read_crl()
+ read_crl_response = client.secrets.pki.read_crl()
print('Current CRL: {}'.format(read_crl_response))
@@ -158,7 +158,7 @@
import hvac
client = hvac.Client()
- rotate_crl_response = self.client.secrets.pki.rotate_crl()
+ rotate_crl_response = client.secrets.pki.rotate_crl()
print('Rotate CRL: {}'.format(rotate_crl_response))
@@ -172,7 +172,7 @@
import hvac
client = hvac.Client()
- generate_intermediate_response =
self.client.secrets.pki.generate_intermediate(
+ generate_intermediate_response =
client.secrets.pki.generate_intermediate(
type='exported',
common_name='Vault integration tests'
)
@@ -189,7 +189,7 @@
import hvac
client = hvac.Client()
- set_signed_intermediate_response =
self.client.secrets.pki.set_signed_intermediate(
+ set_signed_intermediate_response =
client.secrets.pki.set_signed_intermediate(
'-----BEGIN CERTIFICATE...'
)
@@ -204,7 +204,7 @@
import hvac
client = hvac.Client()
- generate_certificate_response =
self.client.secrets.pki.generate_certificate(
+ generate_certificate_response =
client.secrets.pki.generate_certificate(
name='myrole',
common_name='test.example.com'
)
@@ -221,7 +221,7 @@
import hvac
client = hvac.Client()
- revoke_certificate_response =
self.client.secrets.pki.revoke_certificate(
+ revoke_certificate_response = client.secrets.pki.revoke_certificate(
serial_number='39:dd:2e...'
)
print('Certificate: {}'.format(revoke_certificate_response))
@@ -237,7 +237,7 @@
import hvac
client = hvac.Client()
- create_or_update_role_response =
self.client.secrets.pki.create_or_update_role(
+ create_or_update_role_response =
client.secrets.pki.create_or_update_role(
'mynewrole',
{
'ttl': '72h',
@@ -257,7 +257,7 @@
import hvac
client = hvac.Client()
- read_role_response = self.client.secrets.pki.read_role('myrole')
+ read_role_response = client.secrets.pki.read_role('myrole')
print('Role definition: {}'.format(read_role_response))
@@ -271,7 +271,7 @@
import hvac
client = hvac.Client()
- list_roles_response = self.client.secrets.pki.list_roles()
+ list_roles_response = client.secrets.pki.list_roles()
print('List of available roles: {}'.format(list_roles_response))
@@ -285,7 +285,7 @@
import hvac
client = hvac.Client()
- delete_role_response =
self.client.secrets.pki.delete_role('role2delete')
+ delete_role_response = client.secrets.pki.delete_role('role2delete')
Generate Root
@@ -298,7 +298,7 @@
import hvac
client = hvac.Client()
- generate_root_response = self.client.secrets.pki.generate_root(
+ generate_root_response = client.secrets.pki.generate_root(
type='exported',
common_name='New root CA'
)
@@ -315,7 +315,7 @@
import hvac
client = hvac.Client()
- delete_root_response = self.client.secrets.pki.delete_root()
+ delete_root_response = client.secrets.pki.delete_root()
Sign Intermediate
@@ -328,7 +328,7 @@
import hvac
client = hvac.Client()
- sign_intermediate_response = self.client.secrets.pki.sign_intermediate(
+ sign_intermediate_response = client.secrets.pki.sign_intermediate(
csr='....',
common_name='example.com',
)
@@ -345,7 +345,7 @@
import hvac
client = hvac.Client()
- sign_self_issued_response = self.client.secrets.pki.sign_self_issued(
+ sign_self_issued_response = client.secrets.pki.sign_self_issued(
certificate='...'
)
print('Signed certificate: {}'.format(sign_self_issued_response))
@@ -361,7 +361,7 @@
import hvac
client = hvac.Client()
- sign_certificate_response = self.client.secrets.pki.sign_certificate(
+ sign_certificate_response = client.secrets.pki.sign_certificate(
name='myrole',
csr='...',
common_name='example.com'
@@ -379,7 +379,7 @@
import hvac
client = hvac.Client()
- sign_verbatim_response = self.client.secrets.pki.sign_verbatim(
+ sign_verbatim_response = client.secrets.pki.sign_verbatim(
name='myrole',
csr='...'
)
@@ -396,6 +396,6 @@
import hvac
client = hvac.Client()
- tidy_response = self.client.secrets.pki.tidy()
+ tidy_response = client.secrets.pki.tidy()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/hvac/adapters.py
new/hvac-0.10.10/hvac/adapters.py
--- old/hvac-0.10.8/hvac/adapters.py 2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/hvac/adapters.py 2021-04-29 17:24:59.000000000 +0200
@@ -18,7 +18,7 @@
__metaclass__ = ABCMeta
def __init__(self, base_uri=DEFAULT_BASE_URI, token=None, cert=None,
verify=True, timeout=30, proxies=None,
- allow_redirects=True, session=None, namespace=None,
ignore_exceptions=False):
+ allow_redirects=True, session=None, namespace=None,
ignore_exceptions=False, strict_http=False):
"""Create a new request adapter instance.
:param base_uri: Base URL for the Vault instance being addressed.
@@ -45,6 +45,8 @@
:param ignore_exceptions: If True, _always_ return the response object
for a given request. I.e., don't raise an exception
based on response status code, etc.
:type ignore_exceptions: bool
+ :param strict_http: If True, use only standard HTTP verbs in request
with additional params, otherwise process as is
+ :type strict_http: bool
"""
if not session:
session = requests.Session()
@@ -55,6 +57,7 @@
self.session = session
self.allow_redirects = allow_redirects
self.ignore_exceptions = ignore_exceptions
+ self.strict_http = strict_http
self._kwargs = {
'cert': cert,
@@ -284,6 +287,14 @@
_kwargs = self._kwargs.copy()
_kwargs.update(kwargs)
+ if self.strict_http and method.lower() in ('list',):
+ # Entry point for standard HTTP substitution
+ params = _kwargs.get('params', {})
+ if method.lower() == 'list':
+ method = 'get'
+ params.update({'list': 'true'})
+ _kwargs['params'] = params
+
response = self.session.request(
method=method,
url=url,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/hvac/api/auth_methods/approle.py
new/hvac-0.10.10/hvac/api/auth_methods/approle.py
--- old/hvac-0.10.8/hvac/api/auth_methods/approle.py 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/hvac/api/auth_methods/approle.py 2021-04-29
17:24:59.000000000 +0200
@@ -1,6 +1,7 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""APPROLE methods module."""
+import json
from hvac import exceptions, utils
from hvac.api.vault_api_base import VaultApiBase
from hvac.constants.approle import DEFAULT_MOUNT_POINT, ALLOWED_TOKEN_TYPES
@@ -245,7 +246,7 @@
))
params = {
- 'metadata': metadata
+ 'metadata': json.dumps(metadata) if metadata else metadata
}
list_of_strings_params = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/hvac/api/auth_methods/userpass.py
new/hvac-0.10.10/hvac/api/auth_methods/userpass.py
--- old/hvac-0.10.8/hvac/api/auth_methods/userpass.py 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/hvac/api/auth_methods/userpass.py 2021-04-29
17:24:59.000000000 +0200
@@ -1,6 +1,7 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""USERPASS methods module."""
+from hvac import utils
from hvac.api.vault_api_base import VaultApiBase
DEFAULT_MOUNT_POINT = 'userpass'
@@ -11,7 +12,7 @@
Reference: https://www.vaultproject.io/api/auth/userpass/index.html
"""
- def create_or_update_user(self, username, password,
mount_point=DEFAULT_MOUNT_POINT):
+ def create_or_update_user(self, username, password, policies=None,
mount_point=DEFAULT_MOUNT_POINT):
"""
Create/update user in userpass.
@@ -22,12 +23,19 @@
:type username: str | unicode
:param password: The password for the user. Only required when
creating the user.
:type password: str | unicode
+ :param policies: The list of policies to be set on username created.
+ :type policies: str | unicode
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
"""
params = {
'password': password,
}
+ params.update(
+ utils.remove_nones({
+ 'policies': policies,
+ })
+ )
api_path =
'/v1/auth/{mount_point}/users/{username}'.format(mount_point=mount_point,
username=username)
return self._adapter.post(
url=api_path,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hvac-0.10.8/hvac/api/secrets_engines/active_directory.py
new/hvac-0.10.10/hvac/api/secrets_engines/active_directory.py
--- old/hvac-0.10.8/hvac/api/secrets_engines/active_directory.py
2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/hvac/api/secrets_engines/active_directory.py
2021-04-29 17:24:59.000000000 +0200
@@ -147,3 +147,19 @@
return self._adapter.delete(
url=api_path,
)
+
+ def generate_credentials(self, name, mount_point=DEFAULT_MOUNT_POINT):
+ """This endpoint retrieves the previous and current LDAP password for
+ the associated account (or rotate if required)
+
+ :param name: Specifies the name of the role to request credentials
from.
+ :type name: str | unicode
+ :param mount_point: Specifies the place where the secrets engine will
be accessible (default: ad).
+ :type mount_point: str | unicode
+ :return: The response of the request.
+ :rtype: requests.Response
+ """
+ api_path = utils.format_url("/v1/{}/creds/{}", mount_point, name)
+ return self._adapter.get(
+ url=api_path,
+ )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/hvac/api/secrets_engines/aws.py
new/hvac-0.10.10/hvac/api/secrets_engines/aws.py
--- old/hvac-0.10.8/hvac/api/secrets_engines/aws.py 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/hvac/api/secrets_engines/aws.py 2021-04-29
17:24:59.000000000 +0200
@@ -139,7 +139,7 @@
)
def create_or_update_role(self, name, credential_type,
policy_document=None, default_sts_ttl=None, max_sts_ttl=None,
- role_arns=None, policy_arns=None,
legacy_params=False, mount_point=DEFAULT_MOUNT_POINT):
+ role_arns=None, policy_arns=None,
legacy_params=False, iam_tags=None, mount_point=DEFAULT_MOUNT_POINT):
"""Create or update the role with the given name.
If a role with the name does not exist, it will be created. If the
role exists, it will be updated with the new
@@ -176,6 +176,9 @@
:param legacy_params: Flag to send legacy (Vault versions < 0.11.0)
parameters in the request. When this is set
to True, policy_document and policy_arns are the only parameters
used from this method.
:type legacy_params: bool
+ :param iam_tags: A list of strings representing a key/value pair to be
used for any IAM user that is created by
+ this role. Format is a key and value separated by an =.
+ :type iam_tags: list
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
@@ -207,6 +210,7 @@
'max_sts_ttl': max_sts_ttl,
'role_arns': role_arns,
'policy_arns': policy_arns,
+ 'iam_tags': iam_tags,
})
)
api_path = utils.format_url(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/hvac/api/secrets_engines/kv_v2.py
new/hvac-0.10.10/hvac/api/secrets_engines/kv_v2.py
--- old/hvac-0.10.8/hvac/api/secrets_engines/kv_v2.py 2021-02-08
16:37:19.000000000 +0100
+++ new/hvac-0.10.10/hvac/api/secrets_engines/kv_v2.py 2021-04-29
17:24:59.000000000 +0200
@@ -59,6 +59,9 @@
mount_point=mount_point,
)
return self._adapter.get(url=api_path)
+
+ def read_secret(self, path, mount_point=DEFAULT_MOUNT_POINT):
+ return self.read_secret_version(path, mount_point=mount_point)
def read_secret_version(self, path, version=None,
mount_point=DEFAULT_MOUNT_POINT):
"""Retrieve the secret at the specified location.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.10.8/setup.py new/hvac-0.10.10/setup.py
--- old/hvac-0.10.8/setup.py 2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/setup.py 2021-04-29 17:24:59.000000000 +0200
@@ -10,7 +10,7 @@
setup(
name='hvac',
- version='0.10.8',
+ version='0.10.10',
description='HashiCorp Vault API client',
long_description=load_long_description(),
long_description_content_type="text/markdown",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hvac-0.10.8/tests/integration_tests/api/auth_methods/test_github.py
new/hvac-0.10.10/tests/integration_tests/api/auth_methods/test_github.py
--- old/hvac-0.10.8/tests/integration_tests/api/auth_methods/test_github.py
2021-02-08 16:37:19.000000000 +0100
+++ new/hvac-0.10.10/tests/integration_tests/api/auth_methods/test_github.py
2021-04-29 17:24:59.000000000 +0200
@@ -32,7 +32,7 @@
# Start running mock server in a separate thread.
# Daemon threads automatically shut down when the main process
exits.
cls.mock_server_thread =
Thread(target=cls.mock_server.serve_forever)
- cls.mock_server_thread.setDaemon(True)
+ cls.mock_server_thread.daemon = True
cls.mock_server_thread.start()
except Exception:
# Ensure that Vault server is taken down if setUpClass fails
