Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release/3.1.1 #147

Merged
merged 7 commits into from
Aug 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions .bandit.yml

This file was deleted.

4 changes: 2 additions & 2 deletions .cookiecutter.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@
"_drift_manager": {
"template": "https://github.com/nautobot/cookiecutter-nautobot-app.git",
"template_dir": "nautobot-app",
"template_ref": "refs/tags/nautobot-app-v2.2.1",
"template_ref": "refs/tags/nautobot-app-v2.3.0",
"cookie_dir": "",
"branch_prefix": "drift-manager",
"pull_request_strategy": "create",
"post_actions": [
"black"
],
"draft": true,
"baked_commit_ref": "07ab5a6da72c934c43f1f957ce073bedbfdbfc9a"
"baked_commit_ref": "f75687d1998767d0385ff1eb722abf2044208871"
}
}
}
Expand Down
1 change: 0 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ FAQ.md
.git/
.gitignore
.github
tasks.py
LICENSE
**/*.log
**/.vscode/
Expand Down
10 changes: 0 additions & 10 deletions .flake8

This file was deleted.

2 changes: 1 addition & 1 deletion .github/PULL_REQUEST_TEMPLATE/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<!--
Thank you for your interest in contributing to Nautobot's Secrets Providers App! Please note
Thank you for your interest in contributing to Secrets Providers! Please note
that our contribution policy recommends that a feature request or bug
report be opened for approval prior to filing a pull request. This
helps avoid wasting time and effort on something that we might not
Expand Down
37 changes: 6 additions & 31 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ env:
APP_NAME: "nautobot-app-secrets-providers"

jobs:
black:
ruff-format:
runs-on: "ubuntu-22.04"
env:
INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
Expand All @@ -26,20 +26,9 @@ jobs:
uses: "actions/checkout@v4"
- name: "Setup environment"
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Linting: black"
run: "poetry run invoke black"
bandit:
runs-on: "ubuntu-22.04"
env:
INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
steps:
- name: "Check out repository code"
uses: "actions/checkout@v4"
- name: "Setup environment"
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Linting: bandit"
run: "poetry run invoke bandit"
ruff:
- name: "Linting: ruff format"
run: "poetry run invoke ruff --action format"
ruff-lint:
runs-on: "ubuntu-22.04"
env:
INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
Expand All @@ -61,17 +50,6 @@ jobs:
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Check Docs Build"
run: "poetry run invoke build-and-check-docs"
flake8:
runs-on: "ubuntu-22.04"
env:
INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
steps:
- name: "Check out repository code"
uses: "actions/checkout@v4"
- name: "Setup environment"
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Linting: flake8"
run: "poetry run invoke flake8"
poetry:
runs-on: "ubuntu-22.04"
env:
Expand All @@ -96,13 +74,10 @@ jobs:
run: "poetry run invoke yamllint"
check-in-docker:
needs:
- "black"
- "bandit"
- "ruff"
- "flake8"
- "ruff-format"
- "ruff-lint"
- "poetry"
- "yamllint"
- "black"
runs-on: "ubuntu-22.04"
strategy:
fail-fast: true
Expand Down
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Nautobot Secrets Providers App
# Secrets Providers

<p align="center">
<img src="https://raw.githubusercontent.com/nautobot/nautobot-app-secrets-providers/develop/docs/images/icon-nautobot-secrets-providers.png" class="logo" height="200px">
Expand All @@ -8,7 +8,7 @@
<a href="https://pypi.org/project/nautobot-secrets-providers/"><img src="https://img.shields.io/pypi/v/nautobot-secrets-providers"></a>
<a href="https://pypi.org/project/nautobot-secrets-providers/"><img src="https://img.shields.io/pypi/dm/nautobot-secrets-providers"></a>
<br>
An <a href="https://www.networktocode.com/nautobot/apps/">App</a> for <a href="https://nautobot.com/">Nautobot</a>.
An <a href="https://networktocode.com/nautobot-apps/">App</a> for <a href="https://nautobot.com/">Nautobot</a>.
</p>

## Overview
Expand Down Expand Up @@ -59,4 +59,4 @@ Any PRs with fixes or improvements are very welcome!

## Questions

For any questions or comments, please check the [FAQ](https://docs.nautobot.com/projects/secrets-providers/en/latest/user/faq/) first. Feel free to also swing by the [Network to Code Slack](https://networktocode.slack.com/) (channel `#nautobot`), sign up [here](http://slack.networktocode.com/) if you don't have an account.
For any questions or comments, please check the [FAQ](https://docs.nautobot.com/projects/secrets-providers/en/latest/user/faq/) first. Feel free to also swing by the [Network to Code Slack](https://networktocode.slack.com/) (channel `#nautobot`), sign up [here](http://slack.networktocode.com/) if you don't have an account.
7 changes: 4 additions & 3 deletions development/nautobot_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
# Debug
#

DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", False))
DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", "false"))
_TESTING = len(sys.argv) > 1 and sys.argv[1] == "test"

if DEBUG and not _TESTING:
Expand Down Expand Up @@ -48,9 +48,10 @@
"PASSWORD": os.getenv("NAUTOBOT_DB_PASSWORD", ""), # Database password
"HOST": os.getenv("NAUTOBOT_DB_HOST", "localhost"), # Database server
"PORT": os.getenv(
"NAUTOBOT_DB_PORT", default_db_settings[nautobot_db_engine]["NAUTOBOT_DB_PORT"]
"NAUTOBOT_DB_PORT",
default_db_settings[nautobot_db_engine]["NAUTOBOT_DB_PORT"],
), # Database port, default to postgres
"CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", 300)), # Database timeout
"CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", "300")), # Database timeout
"ENGINE": nautobot_db_engine,
}
}
Expand Down
2 changes: 1 addition & 1 deletion docs/admin/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ The app is available as a Python package via PyPI and can be installed with `pip
pip install nautobot-secrets-providers
```

To ensure Nautobot's Secrets Providers App is automatically re-installed during future upgrades, create a file named `local_requirements.txt` (if not already existing) in the Nautobot root directory (alongside `requirements.txt`) and list the `nautobot-secrets-providers` package:
To ensure Secrets Providers is automatically re-installed during future upgrades, create a file named `local_requirements.txt` (if not already existing) in the Nautobot root directory (alongside `requirements.txt`) and list the `nautobot-secrets-providers` package:

```shell
echo nautobot-secrets-providers >> local_requirements.txt
Expand Down
8 changes: 4 additions & 4 deletions docs/admin/providers/hashicorp_setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@ PLUGINS_CONFIG = {
```

- `url` - (required) The URL to the HashiCorp Vault instance (e.g. `http://localhost:8200`).
- `auth_method` - (optional / defaults to "token") The method used to authenticate against the HashiCorp Vault instance. Either `"approle"`, `"aws"`, `"kubernetes"` or `"token"`. For information on using AWS authentication with vault see the [authentication](#authentication) section above.
- `auth_method` - (optional / defaults to "token") The method used to authenticate against the HashiCorp Vault instance. Either `"approle"`, `"aws"`, `"kubernetes"` or `"token"`.
- `ca_cert` - (optional) Path to a PEM formatted CA certificate to use when verifying the Vault connection. Can alternatively be set to `False` to ignore SSL verification (not recommended) or `True` to use the system certificates.
- `default_mount_point` - (optional / defaults to "secret") The default mount point of the K/V Version 2 secrets engine within Hashicorp Vault.
- `kv_version` - (optional / defaults to "v2") The version of the KV engine to use, can be `v1` or `v2`
- `k8s_token_path` - (optional) Path to the kubernetes service account token file. Defaults to "/var/run/secrets/kubernetes.io/serviceaccount/token".
- `token` - (optional) Required when `"auth_method": "token"` or `auth_method` is not supplied. The token for authenticating the client with the HashiCorp Vault instance. As with other sensitive service credentials, we recommend that you provide the token value as an environment variable and retrieve it with `{"token": os.getenv("NAUTOBOT_HASHICORP_VAULT_TOKEN")}` rather than hard-coding it in your `nautobot_config.py`.
- `token` - (optional) Required when `"auth_method": "token"` or `auth_method` is not supplied. The token for authenticating the client with the HashiCorp Vault instance. As with other sensitive service credentials, we recommend that you provide the `token` value as an environment variable and retrieve it with `{"token": os.getenv("NAUTOBOT_HASHICORP_VAULT_TOKEN")}` rather than hard-coding it in your `nautobot_config.py`.
- `role_name` - (optional) Required when `"auth_method": "kubernetes"`, optional when `"auth_method": "aws"`. The Vault Kubernetes role or Vault AWS role to assume which the pod's service account has access to.
- `role_id` - (optional) Required when `"auth_method": "approle"`. As with other sensitive service credentials, we recommend that you provide the role_id value as an environment variable and retrieve it with `{"role_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_ROLE_ID")}` rather than hard-coding it in your `nautobot_config.py`.
- `secret_id` - (optional) Required when `"auth_method": "approle"`.As with other sensitive service credentials, we recommend that you provide the secret_id value as an environment variable and retrieve it with `{"secret_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_SECRET_ID")}` rather than hard-coding it in your `nautobot_config.py`.
- `role_id` - (optional) Required when `"auth_method": "approle"`. As with other sensitive service credentials, we recommend that you provide the `role_id` value as an environment variable and retrieve it with `{"role_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_ROLE_ID")}` rather than hard-coding it in your `nautobot_config.py`.
- `secret_id` - (optional) Required when `"auth_method": "approle"`.As with other sensitive service credentials, we recommend that you provide the `secret_id value` as an environment variable and retrieve it with `{"secret_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_SECRET_ID")}` rather than hard-coding it in your `nautobot_config.py`.
- `login_kwargs` - (optional) Additional optional parameters to pass to the login method for [`approle`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.AppRole.login), [`aws`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.Aws.iam_login) and [`kubernetes`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.Kubernetes.login) authentication methods.
- `namespace` - (optional) Namespace to use for the [`X-Vault-Namespace` header](https://github.com/hvac/hvac/blob/main/hvac/adapters.py#L287) on all hvac client requests. Required when the [`Namespaces`](https://developer.hashicorp.com/vault/docs/enterprise/namespaces#usage) feature is enabled in Vault Enterprise.

Expand Down
11 changes: 11 additions & 0 deletions docs/admin/release_notes/version_3.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,17 @@ This document describes all new features and changes in the release `3.1`. The f

This release adds support for multiple HashiCorp Vault secrets providers.

## [v3.1.1 (2024-08-22)](https://github.com/nautobot/nautobot-app-secrets-providers/releases/tag/v3.1.1)

### Dependencies

- [#145](https://github.com/nautobot/nautobot-app-secrets-providers/issues/145) - Updated `boto3` dependency to permit newer releases.

### Housekeeping

- [#144](https://github.com/nautobot/nautobot-app-secrets-providers/issues/144) - Rebaked from the cookie `nautobot-app-v2.3.0`.
- [#147](https://github.com/nautobot/nautobot-app-secrets-providers/pull/147) - Updated documentation dependencies and added a pin for the `griffe` documentation dependency.

## [v3.1.0 (2024-08-01)](https://github.com/nautobot/nautobot-app-secrets-providers/releases/tag/v3.1.0)

### Added
Expand Down
2 changes: 1 addition & 1 deletion docs/assets/extra.css
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ a.autorefs-external:hover::after {
}


/* Customization for mkdocs-version-annotations */
/* Customization for markdown-version-annotations */
:root {
/* Icon for "version-added" admonition: Material Design Icons "plus-box-outline" */
--md-admonition-icon--version-added: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 19V5H5v14h14m0-16a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h14m-8 4h2v4h4v2h-4v4h-2v-4H7v-2h4V7Z"/></svg>');
Expand Down
24 changes: 12 additions & 12 deletions docs/dev/contributing.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ The project is packaged with a light [development environment](dev_environment.m

The project is following Network to Code software development guidelines and is leveraging the following:

- Python linting and formatting: `black`, `pylint`, `bandit`, `flake8`, and `ruff`.
- Python linting and formatting: `pylint` and `ruff`.
- YAML linting is done with `yamllint`.
- Django unit test to ensure the app is working properly.

Expand Down Expand Up @@ -47,26 +47,26 @@ The branching policy includes the following tenets:
- PRs intended to add new features should be sourced from the `develop` branch.
- PRs intended to fix issues in the Nautobot LTM compatible release should be sourced from the latest `ltm-<major.minor>` branch instead of `develop`.

Nautobot's Secrets Providers App will observe semantic versioning, as of 1.0. This may result in a quick turnaround in minor versions to keep pace with an ever growing feature set.
Secrets Providers will observe semantic versioning, as of 1.0. This may result in a quick turnaround in minor versions to keep pace with an ever-growing feature set.

## Release Policy

Nautobot's Secrets Providers App has currently no intended scheduled release schedule, and will release new features in minor versions.
Secrets Providers has currently no intended scheduled release schedule, and will release new features in minor versions.

When a new release, from `develop` to `main`, is created the following should happen.

- A release PR is created from `develop` with:
- Update the release notes in `docs/admin/release_notes/version_<major>.<minor>.md` file to reflect the changes.
- Change the version from `<major>.<minor>.<patch>-beta` to `<major>.<minor>.<patch>` in `pyproject.toml`.
- Set the PR to the `main` branch.
- Update the release notes in `docs/admin/release_notes/version_<major>.<minor>.md` file to reflect the changes.
- Change the version from `<major>.<minor>.<patch>-beta` to `<major>.<minor>.<patch>` in `pyproject.toml`.
- Set the PR to the `main` branch.
- Ensure the tests for the PR pass.
- Merge the PR.
- Create a new tag:
- The tag should be in the form of `v<major>.<minor>.<patch>`.
- The title should be in the form of `v<major>.<minor>.<patch>`.
- The description should be the changes that were added to the `version_<major>.<minor>.md` document.
- The tag should be in the form of `v<major>.<minor>.<patch>`.
- The title should be in the form of `v<major>.<minor>.<patch>`.
- The description should be the changes that were added to the `version_<major>.<minor>.md` document.
- If merged into `main`, then push from `main` to `develop`, in order to retain the merge commit created when the PR was merged
- A post release PR is created with:
- Change the version from `<major>.<minor>.<patch>` to `<major>.<minor>.<patch + 1>-beta` in both `pyproject.toml` and `nautobot.__init__.__version__`.
- Set the PR to the proper branch, `develop`.
- Once tests pass, merge.
- Change the version from `<major>.<minor>.<patch>` to `<major>.<minor>.<patch + 1>-beta` in both `pyproject.toml` and `nautobot.__init__.__version__`.
- Set the PR to the proper branch, `develop`.
- Once tests pass, merge.
10 changes: 2 additions & 8 deletions docs/dev/dev_environment.md
Original file line number Diff line number Diff line change
Expand Up @@ -121,10 +121,7 @@ Each command can be executed with `invoke <command>`. All commands support the a
#### Testing

```
bandit Run bandit to validate basic static code security analysis.
black Run black to check that Python files adhere to its style standards.
flake8 Run flake8 to check that Python files adhere to its style standards.
ruff Run ruff to validate docstring formatting adheres to NTC defined standards.
ruff Run ruff to perform code formatting and/or linting.
pylint Run pylint code analysis.
tests Run all tests for this app.
unittest Run Django unit tests for the app.
Expand Down Expand Up @@ -683,7 +680,7 @@ This is the same as running:

### Tests

To run tests against your code, you can run all of the tests that TravisCI runs against any new PR with:
To run tests against your code, you can run all of the tests that the CI runs against any new PR with:

```bash
➜ invoke tests
Expand All @@ -693,9 +690,6 @@ To run an individual test, you can run any or all of the following:

```bash
➜ invoke unittest
➜ invoke bandit
➜ invoke black
➜ invoke flake8
➜ invoke ruff
➜ invoke pylint
```
Expand Down
11 changes: 6 additions & 5 deletions docs/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
mkdocs==1.5.2
mkdocs-material==9.1.15
mkdocs-version-annotations==1.0.0
mkdocstrings-python==1.5.2
mkdocstrings==0.22.0
mkdocs==1.6.0
mkdocs-material==9.5.32
markdown-version-annotations==1.0.1
griffe==1.1.1
mkdocstrings-python==1.10.8
mkdocstrings==0.25.2
6 changes: 4 additions & 2 deletions mkdocs.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
dev_addr: "127.0.0.1:8001"
edit_uri: "edit/main/nautobot-app-secrets-providers/docs"
edit_uri: "edit/main/docs"
site_dir: "nautobot_secrets_providers/static/nautobot_secrets_providers/docs"
site_name: "Secrets Providers Documentation"
site_url: "https://docs.nautobot.com/projects/secrets-providers/en/latest/"
Expand Down Expand Up @@ -72,6 +72,8 @@ extra:
link: "https://twitter.com/networktocode"
name: "Network to Code Twitter"
markdown_extensions:
- "markdown_version_annotations":
admonition_tag: "???"
- "admonition"
- "toc":
permalink: true
Expand All @@ -89,7 +91,6 @@ markdown_extensions:
- "footnotes"
plugins:
- "search"
- "mkdocs-version-annotations"
- "mkdocstrings":
default_handler: "python"
handlers:
Expand Down Expand Up @@ -120,6 +121,7 @@ nav:
- Compatibility Matrix: "admin/compatibility_matrix.md"
- Release Notes:
- "admin/release_notes/index.md"
- v3.1: "admin/release_notes/version_3.1.md"
- v3.0: "admin/release_notes/version_3.0.md"
- v2.0: "admin/release_notes/version_2.0.md"
- v1.4: "admin/release_notes/version_1.4.md"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ def reverse_secrets_provider_slugs(apps, schema_editor):


class Migration(migrations.Migration):

dependencies = []

operations = [
Expand Down
2 changes: 1 addition & 1 deletion nautobot_secrets_providers/providers/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

from .aws import AWSSecretsManagerSecretsProvider, AWSSystemsManagerParameterStore
from .azure import AzureKeyVaultSecretsProvider
from .hashicorp import HashiCorpVaultSecretsProvider
from .delinea import DelineaSecretServerSecretsProviderId, DelineaSecretServerSecretsProviderPath
from .hashicorp import HashiCorpVaultSecretsProvider

__all__ = (
"AWSSecretsManagerSecretsProvider",
Expand Down
4 changes: 1 addition & 3 deletions nautobot_secrets_providers/providers/aws.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,8 @@
boto3 = None

from django import forms

from nautobot.core.forms import BootstrapMixin
from nautobot.extras.secrets import exceptions, SecretsProvider

from nautobot.extras.secrets import SecretsProvider, exceptions

__all__ = ("AWSSecretsManagerSecretsProvider", "AWSSystemsManagerParameterStore")

Expand Down
2 changes: 1 addition & 1 deletion nautobot_secrets_providers/providers/azure.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

from django import forms
from nautobot.core.forms import BootstrapMixin
from nautobot.extras.secrets import exceptions, SecretsProvider
from nautobot.extras.secrets import SecretsProvider, exceptions

__all__ = ("AzureKeyVaultSecretsProvider",)

Expand Down
10 changes: 5 additions & 5 deletions nautobot_secrets_providers/providers/choices.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@
class DelineaSecretChoices(ChoiceSet):
"""Choices for Delinea Secret Server Result."""

SECRET_TOKEN = "token" # nosec
SECRET_PASSWORD = "password" # nosec
SECRET_USERNAME = "username" # nosec
SECRET_URL = "url" # nosec
SECRET_NOTES = "notes" # nosec
SECRET_TOKEN = "token" # noqa: S105
SECRET_PASSWORD = "password" # noqa: S105
SECRET_USERNAME = "username" # noqa: S105
SECRET_URL = "url" # noqa: S105
SECRET_NOTES = "notes" # noqa: S105

CHOICES = (
(SECRET_TOKEN, "Token"),
Expand Down
Loading