Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-hvac for openSUSE:Factory
checked in at 2021-10-16 22:47:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-hvac (Old)
and /work/SRC/openSUSE:Factory/.python-hvac.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-hvac"
Sat Oct 16 22:47:36 2021 rev:10 rq:925733 version:0.11.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-hvac/python-hvac.changes 2021-07-30
23:22:53.239589568 +0200
+++ /work/SRC/openSUSE:Factory/.python-hvac.new.1890/python-hvac.changes
2021-10-16 22:48:21.712728404 +0200
@@ -1,0 +2,7 @@
+Sat Oct 16 19:12:22 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 0.11.2:
+ * Breakfix release to revert some unintended post-1.0 requirements changes.
+ * Revert `six` & `requests` Requirements Changes. GH-768
+
+-------------------------------------------------------------------
Old:
----
v0.11.0.tar.gz
New:
----
v0.11.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-hvac.spec ++++++
--- /var/tmp/diff_new_pack.YwhUra/_old 2021-10-16 22:48:22.108728739 +0200
+++ /var/tmp/diff_new_pack.YwhUra/_new 2021-10-16 22:48:22.112728742 +0200
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-hvac
-Version: 0.11.0
+Version: 0.11.2
Release: 0
Summary: HashiCorp Vault API client
License: BSD-3-Clause
++++++ v0.11.0.tar.gz -> v0.11.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/.bumpversion.cfg
new/hvac-0.11.2/.bumpversion.cfg
--- old/hvac-0.11.0/.bumpversion.cfg 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/.bumpversion.cfg 2021-09-23 19:46:20.000000000 +0200
@@ -1,9 +1,8 @@
[bumpversion]
-current_version = 0.11.0
+current_version = 0.11.2
commit = True
tag = True
[bumpversion:file:setup.py]
[bumpversion:file:docs/conf.py]
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/.flake8 new/hvac-0.11.2/.flake8
--- old/hvac-0.11.0/.flake8 1970-01-01 01:00:00.000000000 +0100
+++ new/hvac-0.11.2/.flake8 2021-09-23 19:46:20.000000000 +0200
@@ -0,0 +1,9 @@
+[flake8]
+max-line-length = 160
+exclude =
+ .git,
+ .venv,
+ .tox,
+ .idea,
+ venv,
+ docs/ext
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/.github/FUNDING.yml
new/hvac-0.11.2/.github/FUNDING.yml
--- old/hvac-0.11.0/.github/FUNDING.yml 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/.github/FUNDING.yml 2021-09-23 19:46:20.000000000 +0200
@@ -1 +1,3 @@
+github:
+ - jeffwecan
ko_fi: jeffwecan
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/.github/release-drafter.yml
new/hvac-0.11.2/.github/release-drafter.yml
--- old/hvac-0.11.0/.github/release-drafter.yml 2021-07-12 17:40:43.000000000
+0200
+++ new/hvac-0.11.2/.github/release-drafter.yml 2021-09-23 19:46:20.000000000
+0200
@@ -25,5 +25,3 @@
template: |
$CHANGES
-
- Thanks to $CONTRIBUTORS for their lovely contributions.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/.github/workflows/lint-and-test.yml
new/hvac-0.11.2/.github/workflows/lint-and-test.yml
--- old/hvac-0.11.0/.github/workflows/lint-and-test.yml 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/.github/workflows/lint-and-test.yml 2021-09-23
19:46:20.000000000 +0200
@@ -43,6 +43,44 @@
- name: Lint with `flake8`
run: flake8 . --count --statistics
+ docs-tests:
+ name: Documentation Tests
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Set up Python 3.x
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.x
+
+ - name: Install Vault (for doctests)
+ run: |
+ curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+ echo "deb [arch=amd64] https://apt.releases.hashicorp.com
$(lsb_release -cs) main" \
+ | sudo tee /etc/apt/sources.list.d/hashicorp.list
+
+ sudo apt update \
+ -o Dir::Etc::sourceparts="-" \
+ -o APT::Get::List-Cleanup="0" \
+ -o Dir::Etc::sourcelist="sources.list.d/hashicorp.list"
+
+ sudo apt install \
+ vault-enterprise=1.7.2+ent \
+ ;
+
+ # We disble cap_ipc_lock here as its generally incompatabile with
GitHub
+ # Actions' runtime environments.
+ sudo setcap cap_ipc_lock= /usr/bin/vault
+
+ - name: Install doctest dependencies
+ run: pip install -r docs/requirements.txt
+
+ - name: Sphinx - doctest Build
+ working-directory: ./docs
+ run: make doctest
+
unit-tests:
name: Unit Tests
runs-on: ubuntu-latest
@@ -116,7 +154,7 @@
sudo apt install \
consul \
- vault-enterprise \
+ vault-enterprise=${{ matrix.vault-version }}+ent \
;
# We disble cap_ipc_lock here as its generally incompatabile with
GitHub
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/CHANGELOG.md new/hvac-0.11.2/CHANGELOG.md
--- old/hvac-0.11.0/CHANGELOG.md 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/CHANGELOG.md 2021-09-23 19:46:20.000000000 +0200
@@ -1,5 +1,37 @@
# Changelog
+## 0.11.2 (September 23rd, 2021)
+
+Breakfix release to revert some unintended post-1.0 requirements changes.
+
+### ???? Bug Fixes
+
+- Revert `six` & `requests` Requirements Changes. GH-768
+
+## 0.11.1 (September 22nd, 2021)
+
+### ???? Breaking Changes
+
+- **Note**: This is _actually and truly_ (????) intended to by the last hvac
release supporting Python 2.7.
+
+ **_Starting with hvac version `1.0.0`, Python versions `>=3.6` will be the
only explictly supported versions._**
+- Requirements - Cleanup & Upgrades (`install_requires` => `requests>=2.25.1`
). GH-741
+
+### ???? Features
+
+- Add X-Vault-Request header to all requests by default. GH-762
+- Add token_type to kubernetes auth create_role. GH-760
+- jwt: use login adapter and add `use_token` param. GH-746
+
+### ???? Bug Fixes
+
+- Fix Passing of `cert` Parameter From Client into Adapter Class. GH-743
+- Removed vestigial accessor parameter from auth token revoke_self. GH-744
+- Fix Client TLS `verify` Behavior . GH-745
+- Fix incorrect recovery key backup path. GH-749
+
+Thanks to @Tylerlhess, @anhdat, @ayav09, @bobmshannon, @bpatterson971,
@briantist, @cmanfre4, @jeffwecan, Chris Manfre and tyhess for their lovely
contributions.
+
## 0.11.0 (July 12th, 2021)
### ???? Breaking Changes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/CONTRIBUTING.md
new/hvac-0.11.2/CONTRIBUTING.md
--- old/hvac-0.11.0/CONTRIBUTING.md 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/CONTRIBUTING.md 2021-09-23 19:46:20.000000000 +0200
@@ -23,7 +23,7 @@
```
cd hvac
-pip install -r requirements.txt
+pip install -r requirements-dev.txt
```
3. Run tests: `make test`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/README.md new/hvac-0.11.2/README.md
--- old/hvac-0.11.0/README.md 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/README.md 2021-09-23 19:46:20.000000000 +0200
@@ -26,8 +26,6 @@
pip install "hvac[parser]"
```
-
-
## Documentation
Additional documentation for this module available at:
[hvac.readthedocs.io](https://hvac.readthedocs.io/en/stable/usage/index.html):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/docs/conf.py new/hvac-0.11.2/docs/conf.py
--- old/hvac-0.11.0/docs/conf.py 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/docs/conf.py 2021-09-23 19:46:20.000000000 +0200
@@ -17,9 +17,9 @@
author = u"Ian Unruh, Jeffrey Hogan"
# The short X.Y version
-version = "0.11.0"
+version = "0.11.2"
# The full version, including alpha/beta/rc tags
-release = "0.11.0"
+release = "0.11.2"
# -- General configuration ---------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/docs/ext/hvac_doctest.py
new/hvac-0.11.2/docs/ext/hvac_doctest.py
--- old/hvac-0.11.0/docs/ext/hvac_doctest.py 2021-07-12 17:40:43.000000000
+0200
+++ new/hvac-0.11.2/docs/ext/hvac_doctest.py 2021-09-23 19:46:20.000000000
+0200
@@ -57,7 +57,7 @@
if PY2:
def doctest_encode(text, encoding):
- # type: (str, unicode) -> unicode
+ # type: (str, str) -> str
if isinstance(text, text_type):
text = text.encode(encoding)
if text.startswith(codecs.BOM_UTF8):
@@ -68,12 +68,12 @@
else:
def doctest_encode(text, encoding):
- # type: (unicode, unicode) -> unicode
+ # type: (str, str) -> str
return text
def is_allowed_version(spec, version):
- # type: (unicode, unicode) -> bool
+ # type: (str, str) -> bool
"""Check `spec` satisfies `version` or not.
This obeys PEP-440 specifiers:
@@ -94,7 +94,7 @@
class Py23DocChecker(doctest.OutputChecker):
def check_output(self, want, got, optionflags):
if sys.version_info[0] < 3:
- # Ignore unicode `u` prefix in repr to simplify Python 2.7 doctest
coverage
+ # Ignore str `u` prefix in repr to simplify Python 2.7 doctest
coverage
got = re.sub("u'(.*?)'", "'\\1'", got)
got = re.sub('u"(.*?)"', '"\\1"', got)
return doctest.OutputChecker.check_output(self, want, got, optionflags)
@@ -234,7 +234,7 @@
class TestGroup(object):
def __init__(self, name):
- # type: (unicode) -> None
+ # type: (str) -> None
self.name = name
self.setup = [] # type: List[TestCode]
self.tests = [] # type: List[List[TestCode]]
@@ -260,7 +260,7 @@
raise RuntimeError(__("invalid TestCode type"))
def __repr__(self): # type: ignore
- # type: () -> unicode
+ # type: () -> str
return "TestGroup(name=%r, setup=%r, cleanup=%r, tests=%r)" % (
self.name,
self.setup,
@@ -271,7 +271,7 @@
class TestCode(object):
def __init__(self, code, type, filename, lineno, options=None):
- # type: (unicode, unicode, Optional[str], int, Optional[Dict]) -> None
+ # type: (str, str, Optional[str], int, Optional[Dict]) -> None
self.code = code
self.type = type
self.filename = filename
@@ -279,7 +279,7 @@
self.options = options or {}
def __repr__(self): # type: ignore
- # type: () -> unicode
+ # type: () -> str
return "TestCode(%r, %r, filename=%r, lineno=%r, options=%r)" % (
self.code,
self.type,
@@ -291,7 +291,7 @@
class SphinxDocTestRunner(doctest.DocTestRunner):
def __init__(self, *args, **kwargs):
- # HACK: workaround unicode issues for testcode directives on Python
2.7 versus 3.x
+ # HACK: workaround str issues for testcode directives on Python 2.7
versus 3.x
doctest.DocTestRunner.__init__(self, *args, checker=Py23DocChecker(),
**kwargs)
def summarize(self, out, verbose=None): # type: ignore
@@ -307,7 +307,7 @@
return res
def _DocTestRunner__patched_linecache_getlines(self, filename,
module_globals=None):
- # type: (unicode, Any) -> Any
+ # type: (str, Any) -> Any
# this is overridden from DocTestRunner adding the try-except below
m = self._DocTestRunner__LINECACHE_FILENAME_RE.match(filename) #
type: ignore
if m and m.group("name") == self.test.name:
@@ -375,12 +375,12 @@
)
def _out(self, text):
- # type: (unicode) -> None
+ # type: (str) -> None
logger.info(text, nonl=True)
self.outfile.write(text)
def _warn_out(self, text):
- # type: (unicode) -> None
+ # type: (str) -> None
if self.app.quiet or self.app.warningiserror:
logger.warning(text)
else:
@@ -390,18 +390,18 @@
self.outfile.write(text)
def get_target_uri(self, docname, typ=None):
- # type: (unicode, unicode) -> unicode
+ # type: (str, str) -> str
return ""
def get_outdated_docs(self):
- # type: () -> Set[unicode]
+ # type: () -> Set[str]
return self.env.found_docs
def finish(self):
# type: () -> None
# write executive summary
def s(v):
- # type: (int) -> unicode
+ # type: (int) -> str
return v != 1 and "s" or ""
repl = (
@@ -431,7 +431,7 @@
self.app.statuscode = 1
def write(self, build_docnames, updated_docnames, method="update"):
- # type: (Iterable[unicode], Sequence[unicode], unicode) -> None
+ # type: (Iterable[str], Sequence[str], str) -> None
if build_docnames is None:
build_docnames = sorted(self.env.all_docs)
@@ -442,7 +442,7 @@
self.test_doc(docname, doctree)
def get_filename_for_node(self, node, docname):
- # type: (nodes.Node, unicode) -> str
+ # type: (nodes.Node, str) -> str
"""Try to get the file which actually contains the doctest, not the
filename of the document it's included in."""
try:
@@ -473,8 +473,8 @@
return None
def test_doc(self, docname, doctree):
- # type: (unicode, nodes.Node) -> None
- groups = {} # type: Dict[unicode, TestGroup]
+ # type: (str, nodes.Node) -> None
+ groups = {} # type: Dict[str, TestGroup]
add_to_all_groups = []
self.setup_runner = SphinxDocTestRunner(verbose=False,
optionflags=self.opt)
self.test_runner = SphinxDocTestRunner(verbose=False,
optionflags=self.opt)
@@ -565,7 +565,7 @@
self.cleanup_tries += res_t
def compile(self, code, name, type, flags, dont_inherit):
- # type: (unicode, unicode, unicode, Any, bool) -> Any
+ # type: (str, str, str, Any, bool) -> Any
return compile(code, name, self.type, flags, dont_inherit)
def test_group(self, group):
@@ -676,7 +676,7 @@
def setup(app):
- # type: (Sphinx) -> Dict[unicode, Any]
+ # type: (Sphinx) -> Dict[str, Any]
app.add_directive("testsetup", TestsetupDirective)
app.add_directive("testcleanup", TestcleanupDirective)
app.add_directive("doctest", DoctestDirective)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/docs/usage/auth_methods/token.rst
new/hvac-0.11.2/docs/usage/auth_methods/token.rst
--- old/hvac-0.11.0/docs/usage/auth_methods/token.rst 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/docs/usage/auth_methods/token.rst 2021-09-23
19:46:20.000000000 +0200
@@ -19,12 +19,17 @@
token = client.auth.token.create(policies=['root'], lease='1h')
- current_token = client.auth.token.lookup()
+ current_token = client.auth.token.lookup_self()
some_other_token = client.auth.token.lookup('xxx')
client.auth.token.revoke('xxx')
client.auth.token.revoke('yyy', orphan=True)
+ # revoke current token
+ client.auth.token.revoke_self()
+ # logout and revoke current token
+ client.logout(revoke_token=True)
+
client.auth.token.renew('aaa')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/docs/usage/system_backend/key.rst
new/hvac-0.11.2/docs/usage/system_backend/key.rst
--- old/hvac-0.11.0/docs/usage/system_backend/key.rst 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/docs/usage/system_backend/key.rst 2021-09-23
19:46:20.000000000 +0200
@@ -404,7 +404,6 @@
key = keys[0]
pgp_key_path = test_utils.get_config_file_path('pgp_key.asc.b64')
pgp_key = test_utils.load_config_file(pgp_key_path)
- #pgp_keys = [test_utils.base64ify(pgp_key)]
pgp_keys = [pgp_key]
.. testcode:: sys_key_backup_keys
@@ -431,4 +430,3 @@
.. testoutput:: sys_key_backup_keys
Backup keys are: {'...': [...]}
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/adapters.py
new/hvac-0.11.2/hvac/adapters.py
--- old/hvac-0.11.0/hvac/adapters.py 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/adapters.py 2021-09-23 19:46:20.000000000 +0200
@@ -30,6 +30,7 @@
namespace=None,
ignore_exceptions=False,
strict_http=False,
+ request_header=True,
):
"""Create a new request adapter instance.
@@ -59,9 +60,12 @@
:type ignore_exceptions: bool
:param strict_http: If True, use only standard HTTP verbs in request
with additional params, otherwise process as is
:type strict_http: bool
+ :param request_header: If true, add the X-Vault-Request header to all
requests to protect against SSRF vulnerabilities.
+ :type request_header: bool
"""
if not session:
session = requests.Session()
+ session.cert, session.verify, session.proxies = cert, verify,
proxies
self.base_uri = base_uri
self.token = token
@@ -70,6 +74,7 @@
self.allow_redirects = allow_redirects
self.ignore_exceptions = ignore_exceptions
self.strict_http = strict_http
+ self.request_header = request_header
self._kwargs = {
"cert": cert,
@@ -281,6 +286,9 @@
if not headers:
headers = {}
+ if self.request_header:
+ headers["X-Vault-Request"] = "true"
+
if self.token:
headers["X-Vault-Token"] = self.token
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/api/auth_methods/cert.py
new/hvac-0.11.2/hvac/api/auth_methods/cert.py
--- old/hvac-0.11.0/hvac/api/auth_methods/cert.py 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/api/auth_methods/cert.py 2021-09-23
19:46:20.000000000 +0200
@@ -276,24 +276,22 @@
else:
cacert = self._adapter._kwargs.get("verify")
else:
- validate_pem_format(cacert, "verify")
+ validate_pem_format("verify", cacert)
# if cert_pem is a string its ready to be used and either has the key
with it or the key is provided as an arg
try:
- if validate_pem_format(cert_pem, "cert_pem"):
+ if validate_pem_format("cert_pem", cert_pem):
+ tls_update = True
+ except exceptions.ParamValidationError:
+ tls_update = {}
+ if not (os.path.exists(cert_pem) or
self._adapter._kwargs.get("cert")):
+ raise FileNotFoundError("Can't find the certificate.")
+ try:
+ tls_parts = {"cert_pem": cert_pem, "key_pem": key_pem}
+ for tls_part in tls_parts:
+ if tls_parts[tls_part] != "":
+ tls_update[tls_part] = tls_parts[tls_part]
+ except ValueError:
tls_update = True
- except exceptions.VaultError as e:
- if isinstance(e, type(exceptions.ParamValidationError())):
- tls_update = {}
- if not (os.path.exists(cert_pem) or
self._adapter._kwargs.get("cert")):
- raise FileNotFoundError("Can't find the certificate.")
- try:
- for tls_part, value in {"cert_pem": cert_pem, "key_pem":
key_pem}:
- if value != "":
- tls_update[tls_part] = value
- except ValueError:
- tls_update = True
- else:
- raise e
additional_request_kwargs = {}
if tls_update:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/api/auth_methods/jwt.py
new/hvac-0.11.2/hvac/api/auth_methods/jwt.py
--- old/hvac-0.11.0/hvac/api/auth_methods/jwt.py 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/api/auth_methods/jwt.py 2021-09-23
19:46:20.000000000 +0200
@@ -412,7 +412,7 @@
json=params,
)
- def jwt_login(self, role, jwt, path=None):
+ def jwt_login(self, role, jwt, use_token=True, path=None):
"""Fetch a token.
This endpoint takes a signed JSON Web Token (JWT) and a role name for
some entity.
@@ -439,7 +439,8 @@
"/v1/auth/{path}/login",
path=self.resolve_path(path),
)
- return self._adapter.post(
+ return self._adapter.login(
url=api_path,
+ use_token=use_token,
json=params,
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/api/auth_methods/kubernetes.py
new/hvac-0.11.2/hvac/api/auth_methods/kubernetes.py
--- old/hvac-0.11.0/hvac/api/auth_methods/kubernetes.py 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/api/auth_methods/kubernetes.py 2021-09-23
19:46:20.000000000 +0200
@@ -114,6 +114,7 @@
max_ttl=None,
period=None,
policies=None,
+ token_type="",
mount_point=DEFAULT_MOUNT_POINT,
):
"""Create a role in the method.
@@ -143,6 +144,11 @@
:type period: str | unicode
:param policies: Policies to be set on tokens issued using this role.
:type policies: list | str | unicode
+ :param token_type: The type of token that should be generated. Can be
service, batch, or default to use the
+ mount's tuned default (which unless changed will be service
tokens). For token store roles, there are two
+ additional possibilities: default-service and default-batch which
specify the type to return unless the
+ client requests a different type at generation time.
+ :type token_type: str
:param mount_point: The "path" the azure auth method was mounted on.
:type mount_point: str | unicode
:return: The response of the request.
@@ -179,6 +185,9 @@
if policies is not None:
params["policies"] = comma_delimited_to_list(policies)
+ if token_type:
+ params["token_type"] = token_type
+
api_path = utils.format_url(
"/v1/auth/{mount_point}/role/{name}", mount_point=mount_point,
name=name
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/api/auth_methods/token.py
new/hvac-0.11.2/hvac/api/auth_methods/token.py
--- old/hvac-0.11.0/hvac/api/auth_methods/token.py 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/api/auth_methods/token.py 2021-09-23
19:46:20.000000000 +0200
@@ -342,7 +342,7 @@
json=params,
)
- def revoke_self(self, accessor, mount_point=DEFAULT_MOUNT_POINT):
+ def revoke_self(self, mount_point=DEFAULT_MOUNT_POINT):
"""Revoke the token used to call it and all child tokens.
When the token is revoked, all dynamic secrets generated with it are
also revoked.
@@ -350,21 +350,13 @@
Supported methods:
POST: /auth/{mount_point}/revoke-self.
- :param accessor: Accessor of the token.
- :type accessor: str
:param mount_point: The "path" the method/backend was mounted on.
:type mount_point: str
:return: The response of the revoke_a_self request.
:rtype: requests.Response
"""
- params = {
- "accessor": accessor,
- }
api_path =
"/v1/auth/{mount_point}/revoke-self".format(mount_point=mount_point)
- return self._adapter.post(
- url=api_path,
- json=params,
- )
+ return self._adapter.post(url=api_path)
def revoke_accessor(self, accessor, mount_point=DEFAULT_MOUNT_POINT):
"""Revoke the token associated with the accessor and all the child
tokens.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/api/system_backend/key.py
new/hvac-0.11.2/hvac/api/system_backend/key.py
--- old/hvac-0.11.0/hvac/api/system_backend/key.py 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/api/system_backend/key.py 2021-09-23
19:46:20.000000000 +0200
@@ -315,7 +315,7 @@
"""
api_path = "/v1/sys/rekey/backup"
if recovery_key:
- api_path = "/v1/sys/rekey-recovery-key/backup"
+ api_path = "/v1/sys/rekey/recovery-key-backup"
return self._adapter.get(
url=api_path,
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/hvac/v1/__init__.py
new/hvac-0.11.2/hvac/v1/__init__.py
--- old/hvac-0.11.0/hvac/v1/__init__.py 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/hvac/v1/__init__.py 2021-09-23 19:46:20.000000000 +0200
@@ -31,7 +31,7 @@
url=None,
token=None,
cert=None,
- verify=True,
+ verify=None,
timeout=30,
proxies=None,
allow_redirects=True,
@@ -83,7 +83,7 @@
# Consider related CA env vars _only if_ no argument is passed in
under the
# `verify` parameter.
- if verify is not None:
+ if verify is None:
# Reference: https://www.vaultproject.io/docs/commands#vault_cacert
# Note: "[VAULT_CACERT] takes precedence over VAULT_CAPATH." and
thus we
# check for VAULT_CAPATH _first_.
@@ -91,6 +91,9 @@
verify = VAULT_CAPATH
if VAULT_CACERT:
verify = VAULT_CACERT
+ if not verify:
+ # default to verifying certificates if the above aren't defined
+ verify = True
self._adapter = adapter(
base_uri=url,
@@ -641,7 +644,7 @@
:rtype:
"""
if revoke_token:
- self.revoke_self_token()
+ self.auth.token.revoke_self()
self.token = None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/setup.py new/hvac-0.11.2/setup.py
--- old/hvac-0.11.0/setup.py 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/setup.py 2021-09-23 19:46:20.000000000 +0200
@@ -10,7 +10,7 @@
setup(
name="hvac",
- version="0.11.0",
+ version="0.11.2",
description="HashiCorp Vault API client",
long_description=load_long_description(),
long_description_content_type="text/markdown",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/tests/config_files/pgp_key.asc.b64
new/hvac-0.11.2/tests/config_files/pgp_key.asc.b64
--- old/hvac-0.11.0/tests/config_files/pgp_key.asc.b64 2021-07-12
17:40:43.000000000 +0200
+++ new/hvac-0.11.2/tests/config_files/pgp_key.asc.b64 2021-09-23
19:46:20.000000000 +0200
@@ -1 +1 @@
-mQENBFxvBfIBCADmA+k7JTxllqIUSv8pX9uPmK1r3mLGRD6ZbLpEtCt1OXLWpxtZ/ArNKCPnHL59Gojs4TsEc/oepy7Ia9iCf0LAX65qKCATynAGgo8QX6cXF1sC/ZIuGB/O9SZe9+7n/9vQCyYNHf6+rGW2rnjetmehdhPTHVnKtOj1NSqGNUdnELHwF6aeJ1d6zr/0mwjpkR0YUg7iLtSWU3hFL6o0Al6dQQgaQd/NeISbE6SzVYsLZhpg0yKoXkZ/C6pobjDE331w+9gEfGpeSI3ub2BxNi972ZCkV7NqALx9Oum6KNNGI8jusfieHaHKhbrZYzc3fFxdCaizQGHiyYb44TSWexMDABEBAAG0Ikh2YWMgVGVzdHMgPGFkbWluQHB5dGhvbi1odmFjLm9yZz6JAVQEEwEIAD4WIQSNAhePNvodNv6jNBZ0HHOv0rOz7AUCXG8F8gIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB0HHOv0rOz7FzQB/96GdqPAxhjX//WKVM9g2DNTkv9ZDUMWN+Ac+uiF4hPMJerS1IWd9kIozKGtKRTEpy1ma1E1wprgtBiFhwtiTw1mRNtrXcVuYXcKct+1FrrcgAXP3ySRvDKRnUDOhaeXslgKkCUsl5gPkSz8lFNYB8uL1P6mpPwczcq0wF/d5359phIr8d5vA/FpSExbWfjchtGOAE2q7b7L/kQe3kOOHt6EtdomnrD8Ix4vRDPHn2sq5V6FyiA8u7AZxreeZpZijU3l7qLVoVLE1O2+nI4JxYkZP9DWjXecSJSL4NRRj5rmG289fx32CoNs/KvrV1NCiYTmuThD+CgG72ZbKvU38+wuQENBFxvBfIBCADUri45t2nhav3qaM1QtdfYHSqAqWZydwTuPnmfru/Nzk78mpPNFPqO9qcGooneknMbLTwBJJQV0jI+wn8yp3jHjRqy4gtA1RMWFRNLu/YOioxDnKriF
FYB8IkaCghkCZSazO5zxVfjK3dhXt6nBtzIoyOwTTyTDlSUT3U7y+VhS06e/XmuE6az95dYDshZQQ0+DiVzGsz0x7Sr0zEvFeMbQVA5jN9R9smeifpdFBk30qOBNbOuEKAnRMeHsfreZ4qzvP7leuYmJ88P31+STMDW/w2qSRhxdQKJBbvkd4O4ybcbI0cc+dQPd5BWaHS6MxUfj9LkKRIeZwFP99g9ikxJABEBAAGJATwEGAEIACYWIQSNAhePNvodNv6jNBZ0HHOv0rOz7AUCXG8F8gIbDAUJA8JnAAAKCRB0HHOv0rOz7AMgB/9Md2z1U9apzlhxBO46pgbpCgQFey5SosM6TwihzbeQmc18Rpvao0iWM74RShPtjh7iMEcVeVPYFfmV8vtGai+TCVT5C2C7+AhiZm0ieS8OHWnwsd7DjjRCNyQo1kcII0GF5Ol+QgJTKPRafUa++kVSUtHXUrJyNkSa08V8SJQkmyExBPKb7PaBgsl9H3y9IIGMwqwjGcF9iF7qZ0gh93CJnT7aHXrcXiKnx+qZYRXXsVvdo01O59LdeDjw3dReilym2wNkpEgh9g4k0p9spBHtgUnCvauUaUPFLL0q0ztnsZif7oDt3WW8vtetO/h7aDK5rVgzZTAPn9jX1jBLNA4h
+mQGNBGDsepgBDADErxiHR6vht3QH4IRwEKIoy4FPFUDmVHH6WEj3Mx9bfwVm40y/7RbN2LGVZ0z73PC/l7b8Zu47M5GrTTX+wJXhZpbCvGFnyAikmuU/xXvpiFWx5MQlUXXE2oMtirwdK18AJZqsmoTEJV1V2cBABMCo5SjW0luWgjpXv4ARizPpm+F9MOTjgqAvcCm8jPQWrPatW+7sLs3pSHAdg/8IwRV0PSxh3j4+65EY3xuWP9qWtQKk9pBdSlnUpFnguYhnfgzhg6UkkoVgp/N6M6WwR7XJUBIa7GBEPMA9CQaR8p4A4HkSR5ipf7B1Yk//BMUgk7zbadlxtl/PeNIuq287r+N3D3v+21yS929rk5blMCF8sj4SDR8oiaiu9TFhjXnJuBJfEZui14ydu2BZIKsPKfZVZMZw8haDxYp92na5jI4MOagz9XC56xueXwnALM6aDFTR/MlehjtvMuXOOMR8QWuKFHWgaHrJh8FJ8cQ03jlawCuF/wftXQhLqMQEUQ3YL4EAEQEAAbQncHl0aG9uLWh2YWMub3JnIDxhZG1pbkBweXRob24taHZhYy5vcmc+iQHOBBMBCAA4FiEEyMfPv8VKs4IV2BDlLBpVTumwNmYFAmDsepgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQLBpVTumwNmYsyQv9EOiJPzr/DrFc3sP8jCZUhnLyUxbW6qpo/9U0hrTW50J/5S/cKqEki5PJWycVYrF9z7hPm0Id+AfQgtjzcRioacGxcQCUPxAbUZGF1ECjA/PE35ewwk0k3ZUGgKBZWrFRzSSNvdNt7fgRITxp5VQs6dKuOP7aZU/UbIJkkSn8r8592PB95NWK0Zvh/XBvEU3Eieo/IKq/0JTBUdYq4yffJS24eVs7TLgVQv0frHhjygQOc3fGOBz7X9odslzkU9QVJmf5OFDjGK2NufqR9Gs3S+9Ruw29XhjzrjJ+w15Aybq0A
ikh6m2CSwFJNwGfW5Y3Q8y3rdzQEYldzaeK5uwaj62ckMumvH5aBJ96/Vtia2BZm72gxm/KIHSrh9gyQBJfWKZgKcit9gsWxioye9gxFS7+KpkCjMJyErGgsyUTsg1M6BfUz8t6COHd7i5S6ppaxtDSGoDfEHqZRYDtJoTP0QbBcoE/dFiz6T5cKxCV27Ww1dRkYP1NHY9hZKk8OxS9uQGNBGDsepgBDACtT11AoMwYTH6LocHAczV8KYD/Nu6SjRP60RcWNJc7sNs7lEMgyB6Nftjrx6c1AxCNaMTtsuAoLw9R68Z464mhgcJiiS5R2ZmImPa7rnJVjy8GenvEV8NEgRg6CX0vvuDobsb8IXecmDltlSkHCKbBDyWyL5fB0KMVMw0T1VJ2pnXN4PTHMCOFNdNrkYKHECMvdrSc+zLjacPXulOtuSDiLpJ+ORDgtVy51Z4sAD7pX6L9b9boRCAOLHWw0LvojTfRM+UwktuhUj4CtdyeYLbeR4bP0PCjEs+2vGdjr47cPiyqfuI/Hn+n6dxcsboX06XTG88UHnC94bRQtrWKzBk0pv53WpA05+LjqvHuyiaqFD/CHMkNLdLvJXSgcym0kj3/etgxd9dFL7loEoE6kUh5I6tuyB1Bl5Qk3sqGCB1KdTjO17Usx8p6C83DnVYe3w3Xv3+hXQkqCvkP1Du6UIhjgDxC8KdEfrY/k5u9mR72DKmxxO3H5cI1eov0rHfrm/UAEQEAAYkBtgQYAQgAIBYhBMjHz7/FSrOCFdgQ5SwaVU7psDZmBQJg7HqYAhsMAAoJECwaVU7psDZmPHEMALTOfI7QiPvml07T8MHAr8HPwIvqqIh5MB6nh3E3RJ7S6/mhdF/ao1L93PV5EuCHtL1lpimva8M3eAAv+/sXvEKXuG4G9nJ1TcB24FYyV3EJKZv4WEdY3eAkrC+OR+uqdvZtDaNmA57rwRIw1JyswE93moBzvMy1VKjSlnEajRDJkWv8ms
3OyQ3MwVboT/VAUCCmfYksI8/yBaoyKwoT8rvZ8e+uMQouPDB07gyhUu4B1/zV7hp1CzwYKaBjClmg9lE9pyLUF//jq2PcBVhuT7w4RULVylOh5pbgrhiNvGacIkzuuJIajD8pQnMZR66ZTfpcgIAk8IMouWZyb1WafefoxV98g/kQPxJYXrXUuYgxxB8pYlNu2W2TnoMA/g15BS5X/1iUH039A+02dYnUIy4XczwoMg9PFNWw4yHgjcWiDjqcLPpitxPczk41zDKJ8mKxwFhmEdNzhjUr3f9a2xgfTnZzzRXuu5+v/lZlcTqncuRg1GPbckNdb8haAoYe1A==
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hvac-0.11.0/tests/integration_tests/api/auth_methods/test_kubernetes.py
new/hvac-0.11.2/tests/integration_tests/api/auth_methods/test_kubernetes.py
--- old/hvac-0.11.0/tests/integration_tests/api/auth_methods/test_kubernetes.py
2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/tests/integration_tests/api/auth_methods/test_kubernetes.py
2021-09-23 19:46:20.000000000 +0200
@@ -142,6 +142,12 @@
bound_service_account_names=["*"],
bound_service_account_namespaces=["*"],
),
+ param(
+ "token type",
+ bound_service_account_names=["vault-auth"],
+ bound_service_account_namespaces=["default"],
+ token_type="service",
+ ),
]
)
def test_create_role(
@@ -149,6 +155,7 @@
label,
bound_service_account_names=None,
bound_service_account_namespaces=None,
+ token_type=None,
raises=None,
exception_message="",
):
@@ -159,6 +166,7 @@
name=role_name,
bound_service_account_names=bound_service_account_names,
bound_service_account_namespaces=bound_service_account_namespaces,
+ token_type=token_type,
mount_point=self.TEST_MOUNT_POINT,
)
self.assertIn(
@@ -170,6 +178,7 @@
name=role_name,
bound_service_account_names=bound_service_account_names,
bound_service_account_namespaces=bound_service_account_namespaces,
+ token_type=token_type,
mount_point=self.TEST_MOUNT_POINT,
)
logging.debug("create_role_response: %s" % create_role_response)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hvac-0.11.0/tests/integration_tests/api/auth_methods/test_token.py
new/hvac-0.11.2/tests/integration_tests/api/auth_methods/test_token.py
--- old/hvac-0.11.0/tests/integration_tests/api/auth_methods/test_token.py
2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/tests/integration_tests/api/auth_methods/test_token.py
2021-09-23 19:46:20.000000000 +0200
@@ -32,13 +32,13 @@
assert result["auth"]["client_token"]
self.client.token = result["auth"]["client_token"]
- lookup = self.client.auth.token.lookup(result["auth"]["client_token"])
+ lookup = self.client.auth.token.lookup_self()
assert result["auth"]["client_token"] == lookup["data"]["id"]
renew = self.client.auth.token.renew_self()
assert result["auth"]["client_token"] == renew["auth"]["client_token"]
- self.client.auth.token.revoke(lookup["data"]["id"])
+ self.client.auth.token.revoke_self()
try:
lookup =
self.client.auth.token.lookup(result["auth"]["client_token"])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/hvac-0.11.0/tests/integration_tests/v1/test_integration.py
new/hvac-0.11.2/tests/integration_tests/v1/test_integration.py
--- old/hvac-0.11.0/tests/integration_tests/v1/test_integration.py
2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/tests/integration_tests/v1/test_integration.py
2021-09-23 19:46:20.000000000 +0200
@@ -335,6 +335,19 @@
self.client.logout()
assert not self.client.is_authenticated()
+ def test_client_logout_and_revoke(self):
+ # create a new token
+ result = self.client.auth.token.create(ttl="1h", renewable=True)
+ # set the token
+ self.client.token = result["auth"]["client_token"]
+
+ # logout and revoke the token
+ self.client.logout(revoke_token=True)
+ # set the original token back
+ self.client.token = result["auth"]["client_token"]
+ # confirm that it no longer is able to authenticate
+ assert not self.client.is_authenticated()
+
def test_revoke_self_token(self):
if "userpass/" in self.client.sys.list_auth_methods()["data"]:
self.client.sys.disable_auth_method("userpass")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/hvac-0.11.0/tox.ini new/hvac-0.11.2/tox.ini
--- old/hvac-0.11.0/tox.ini 2021-07-12 17:40:43.000000000 +0200
+++ new/hvac-0.11.2/tox.ini 1970-01-01 01:00:00.000000000 +0100
@@ -1,9 +0,0 @@
-[flake8]
-max-line-length = 160
-exclude =
- .git,
- .venv,
- .tox,
- .idea,
- venv,
- docs/ext
