Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 3.2.0 #159

Merged
merged 8 commits into from
Nov 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions .cookiecutter.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,16 @@
"_drift_manager": {
"template": "https://github.com/nautobot/cookiecutter-nautobot-app.git",
"template_dir": "nautobot-app",
"template_ref": "refs/tags/nautobot-app-v2.3.0",
"template_ref": "refs/tags/nautobot-app-v2.4.0",
"cookie_dir": "",
"branch_prefix": "drift-manager",
"pull_request_strategy": "create",
"post_actions": [
"black"
"ruff",
"poetry"
],
"draft": true,
"baked_commit_ref": "f75687d1998767d0385ff1eb722abf2044208871"
"draft": false,
"baked_commit_ref": "80e244d924aa91275b03caec727d96451357bf45"
}
}
}
Expand Down
26 changes: 18 additions & 8 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ on: # yamllint disable-line rule:truthy rule:comments
pull_request: ~

env:
APP_NAME: "nautobot-app-secrets-providers"
APP_NAME: "nautobot-secrets-providers"

jobs:
ruff-format:
Expand All @@ -38,7 +38,7 @@ jobs:
- name: "Setup environment"
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Linting: ruff"
run: "poetry run invoke ruff"
run: "poetry run invoke ruff --action lint"
check-docs-build:
runs-on: "ubuntu-22.04"
env:
Expand Down Expand Up @@ -92,6 +92,10 @@ jobs:
uses: "actions/checkout@v4"
- name: "Setup environment"
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Constrain Nautobot version and regenerate lock file"
env:
INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "true"
run: "poetry run invoke lock --constrain-nautobot-ver --constrain-python-ver"
- name: "Set up Docker Buildx"
id: "buildx"
uses: "docker/setup-buildx-action@v3"
Expand All @@ -109,6 +113,7 @@ jobs:
build-args: |
NAUTOBOT_VER=${{ matrix.nautobot-version }}
PYTHON_VER=${{ matrix.python-version }}
CI=true
- name: "Copy credentials"
run: "cp development/creds.example.env development/creds.env"
- name: "Linting: pylint"
Expand All @@ -123,14 +128,14 @@ jobs:
strategy:
fail-fast: true
matrix:
python-version: ["3.8", "3.11"]
python-version: ["3.8", "3.12"]
db-backend: ["postgresql"]
nautobot-version: ["stable"]
include:
- python-version: "3.11"
db-backend: "postgresql"
nautobot-version: "2.0.0"
- python-version: "3.11"
- python-version: "3.12"
db-backend: "mysql"
nautobot-version: "stable"
runs-on: "ubuntu-22.04"
Expand All @@ -142,6 +147,10 @@ jobs:
uses: "actions/checkout@v4"
- name: "Setup environment"
uses: "networktocode/gh-action-setup-poetry-environment@v6"
- name: "Constrain Nautobot version and regenerate lock file"
env:
INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "true"
run: "poetry run invoke lock --constrain-nautobot-ver --constrain-python-ver"
- name: "Set up Docker Buildx"
id: "buildx"
uses: "docker/setup-buildx-action@v3"
Expand All @@ -159,6 +168,7 @@ jobs:
build-args: |
NAUTOBOT_VER=${{ matrix.nautobot-version }}
PYTHON_VER=${{ matrix.python-version }}
CI=true
- name: "Copy credentials"
run: "cp development/creds.example.env development/creds.env"
- name: "Use Mysql invoke settings when needed"
Expand All @@ -167,9 +177,9 @@ jobs:
- name: "Run Tests"
run: "poetry run invoke unittest"
changelog:
if: |
if: >
contains(fromJson('["develop","ltm-1.6"]'), github.base_ref) &&
(github.head_ref != 'main')
(github.head_ref != 'main') && (!startsWith(github.head_ref, 'release'))
runs-on: "ubuntu-22.04"
steps:
- name: "Check out repository code"
Expand All @@ -196,7 +206,7 @@ jobs:
- name: "Set up Python"
uses: "actions/setup-python@v5"
with:
python-version: "3.11"
python-version: "3.12"
- name: "Install Python Packages"
run: "pip install poetry"
- name: "Set env"
Expand Down Expand Up @@ -231,7 +241,7 @@ jobs:
- name: "Set up Python"
uses: "actions/setup-python@v5"
with:
python-version: "3.11"
python-version: "3.12"
- name: "Install Python Packages"
run: "pip install poetry"
- name: "Set env"
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/upstream_testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ name: "Nautobot Upstream Monitor"
on: # yamllint disable-line rule:truthy rule:comments
schedule:
- cron: "0 4 */2 * *" # every other day at midnight
workflow_dispatch:

jobs:
upstream-test:
uses: "nautobot/nautobot/.github/workflows/plugin_upstream_testing_base.yml@develop"
with: # Below could potentially be collapsed into a single argument if a concrete relationship between both is enforced
invoke_context_name: "NAUTOBOT_SECRETS_PROVIDERS"
plugin_name: "nautobot-app-secrets-providers"
plugin_name: "nautobot-secrets-providers"
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ This app supports the following popular secrets backends:

| Secrets Backend | Supported Secret Types | Supported Authentication Methods |
| ------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [1Password](https://1password.com) | [Hosted Password Management](https://1password.com/password-management) | [Service Account Token](https://developer.1password.com/docs/service-accounts/) |
| [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) | [Other: Key/value pairs](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) | [AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html) (see Usage section below) |
| [AWS Systems Manager Parameter Store](https://aws.amazon.com/secrets-manager/) | [Other: Key/value pairs](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) | [AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html) (see Usage section below) |
| [Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/) | [Key Vault Secrets](https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets) | [Entra ID Service Principal](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python) |
Expand Down
33 changes: 12 additions & 21 deletions development/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -53,29 +53,20 @@ RUN which poetry || curl -sSL https://install.python-poetry.org | python3 - && \
WORKDIR /source
COPY . /source

# Get container's installed Nautobot version as a forced constraint
# NAUTOBOT_VER may be a branch name and not a published release therefor we need to get the installed version
# so pip can use it to recognize local constraints.
RUN pip show nautobot | grep "^Version: " | sed -e 's/Version: /nautobot==/' > constraints.txt
# Build args must be declared in each stage
ARG NAUTOBOT_VER
ARG PYTHON_VER

# Use Poetry to grab dev dependencies from the lock file
# Can be improved in Poetry 1.2 which allows `poetry install --only dev`
#
# We can't use the entire freeze as it takes forever to resolve with rigidly fixed non-direct dependencies,
# especially those that are only direct to Nautobot but the container included versions slightly mismatch
RUN poetry export -f requirements.txt --without-hashes --extras all --output poetry_freeze_base.txt
RUN poetry export -f requirements.txt --without-hashes --extras all --with dev --output poetry_freeze_all.txt
RUN sort poetry_freeze_base.txt poetry_freeze_all.txt | uniq -u > poetry_freeze_dev.txt

# Install all local project as editable, constrained on Nautobot version, to get any additional
# direct dependencies of the app
RUN --mount=type=cache,target="/root/.cache/pip",sharing=locked \
pip install -c constraints.txt -e .[all]
# Constrain the Nautobot version to NAUTOBOT_VER, fall back to installing from git branch if not available on PyPi
# In CI, this should be done outside of the Dockerfile to prevent cross-compile build failures
ARG CI
RUN if [ -z "${CI+x}" ]; then \
INSTALLED_NAUTOBOT_VER=$(pip show nautobot | grep "^Version" | sed "s/Version: //"); \
poetry add --lock nautobot@${INSTALLED_NAUTOBOT_VER} --python ${PYTHON_VER} || \
poetry add --lock git+https://github.com/nautobot/nautobot.git#${NAUTOBOT_VER} --python ${PYTHON_VER}; fi

# Install any dev dependencies frozen from Poetry
# Can be improved in Poetry 1.2 which allows `poetry install --only dev`
RUN --mount=type=cache,target="/root/.cache/pip",sharing=locked \
pip install -c constraints.txt -r poetry_freeze_dev.txt
# Install the app
RUN poetry install --extras all --with dev

COPY development/nautobot_config.py ${NAUTOBOT_ROOT}/nautobot_config.py
# !!! USE CAUTION WHEN MODIFYING LINES ABOVE
1 change: 1 addition & 0 deletions development/development.env
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ NAUTOBOT_BANNER_TOP="Local"
NAUTOBOT_CHANGELOG_RETENTION=0

NAUTOBOT_DEBUG=True
NAUTOBOT_LOG_DEPRECATION_WARNINGS=True
NAUTOBOT_LOG_LEVEL=DEBUG
NAUTOBOT_METRICS_ENABLED=True
NAUTOBOT_NAPALM_TIMEOUT=5
Expand Down
6 changes: 6 additions & 0 deletions development/nautobot_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,5 +163,11 @@
},
}
},
"one_password": {
"vaults": {},
"token": os.getenv(
"OP_SERVICE_ACCOUNT_TOKEN",
),
},
},
}
15 changes: 15 additions & 0 deletions development/towncrier_template.j2
Original file line number Diff line number Diff line change
@@ -1,4 +1,15 @@

# v{{ versiondata.version.split(".")[:2] | join(".") }} Release Notes

This document describes all new features and changes in the release. The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic
Versioning](https://semver.org/spec/v2.0.0.html).

## Release Overview

- Major features or milestones
- Changes to compatibility with Nautobot and/or other apps, libraries etc.

{% if render_title %}
## [v{{ versiondata.version }} ({{ versiondata.date }})](https://github.com/nautobot/nautobot-app-secrets-providers/releases/tag/v{{ versiondata.version}})

Expand All @@ -12,7 +23,11 @@
{% if definitions[category]['showcontent'] %}
{% for text, values in sections[section][category].items() %}
{% for item in text.split('\n') %}
{% if values %}
- {{ values|join(', ') }} - {{ item.strip() }}
{% else %}
- {{ item.strip() }}
{% endif %}
{% endfor %}
{% endfor %}

Expand Down
1 change: 1 addition & 0 deletions docs/admin/compatibility_matrix.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
| 2.0.X | 2.0.0 | 2.99.99 |
| 3.0.X | 2.0.0 | 2.99.99 |
| 3.1.X | 2.0.0 | 2.99.99 |
| 3.2.X | 2.0.0 | 2.99.99 |
11 changes: 11 additions & 0 deletions docs/admin/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,17 @@ The HashiCorp Vault provider requires the `hvac` library. This can easily be ins
pip install nautobot-secrets-providers[hashicorp]
```

#### 1Password Vault

The 1Password Vault provider requires the `onepassword-sdk` library. This can easily be installed along with the app using the following command.

```no-highlight
pip install nautobot-secrets-providers[onepassword]
```

!!! note
The 1Password Vault requires a minimum version of Python 3.9.

### Access Requirements

There are no special access requirements to install the app.
Expand Down
1 change: 1 addition & 0 deletions docs/admin/providers/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ This Nautobot app supports the following secrets providers:
- [Azure](./azure_setup.md)
- [Delinea/Thycotic](./delinea_setup.md)
- [HashiCorp](./hashicorp_setup.md)
- [1Password](onepassword_setup.md)
34 changes: 34 additions & 0 deletions docs/admin/providers/onepassword_setup.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# 1Password Vault

Requires a minimum of Python3.9

## Prerequisites

You must create a Service Account for the 1Password vault/vaults you are trying to access. You can follow the [Getting Started with Service Accounts](https://developer.1password.com/docs/service-accounts/get-started/) to assist with creating the Service Account.

!!! note
The Service Account token needs to have access to the Vault that it is configured for. Per 1Password policy "You can't grant a service account access to your built-in Personal, Private, or Employee vault, or your default Shared vault."

## Configuration

You must provide a mapping in `PLUGINS_CONFIG` within your `nautobot_config.py`, for example:

```python
PLUGINS_CONFIG = {
"nautobot_secrets_providers": {
"one_password": {
"token": os.environ.get("OP_SERVICE_ACCOUNT_TOKEN"),
"vaults": {
"MyVault": {
"token": os.environ.get("OP_SERVICE_ACCOUNT_TOKEN"),
},
},
},
},
}
```

- `token` - (required) The 1Password Service Account Token to be used globally when it is not specified by a vault.
- `vaults` (required) Each 1Password Vault that is supported by this app will be listed inside this dictionary.
- `<vault_name>` (required) The name of the vault needs to be placed as a key inside the `vaults` dictionary.
- `token` (optional) The 1Password Service Account Token to be used by the above vault, if overriding the global `token`.
23 changes: 23 additions & 0 deletions docs/admin/release_notes/version_3.2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@

# v3.2 Release Notes

This document describes all new features and changes in the release. The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic
Versioning](https://semver.org/spec/v2.0.0.html).

## Release Overview

- Added Python 3.12 support
- Added 1Password secrets provider (Python 3.9 and later only)

## [v3.2.0 (2024-11-07)](https://github.com/nautobot/nautobot-app-secrets-providers/releases/tag/v3.2.0)

### Added

- [#88](https://github.com/nautobot/nautobot-app-secrets-providers/issues/88) - Added 1Password as a Secrets Provider.
- [#150](https://github.com/nautobot/nautobot-app-secrets-providers/issues/150) - Added support for Python 3.12.

### Housekeeping

- Rebaked from the cookie `nautobot-app-v2.4.0`.
- [#150](https://github.com/nautobot/nautobot-app-secrets-providers/issues/150) - Rebaked from the cookie `nautobot-app-v2.3.2`.
24 changes: 7 additions & 17 deletions docs/dev/contributing.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,24 +49,14 @@ The branching policy includes the following tenets:

Secrets Providers will observe semantic versioning, as of 1.0. This may result in a quick turnaround in minor versions to keep pace with an ever-growing feature set.

### Backporting to Older Releases

If you are backporting any fixes to a prior major or minor version of this app, please open an issue, comment on an existing issue, or post in the [Network to Code Slack](https://networktocode.slack.com/) (channel `#nautobot`).

We will create a `release-X.Y` branch for you to open your PR against and cut a new release once the PR is successfully merged.

## Release Policy

Secrets Providers has currently no intended scheduled release schedule, and will release new features in minor versions.

When a new release, from `develop` to `main`, is created the following should happen.

- A release PR is created from `develop` with:
- Update the release notes in `docs/admin/release_notes/version_<major>.<minor>.md` file to reflect the changes.
- Change the version from `<major>.<minor>.<patch>-beta` to `<major>.<minor>.<patch>` in `pyproject.toml`.
- Set the PR to the `main` branch.
- Ensure the tests for the PR pass.
- Merge the PR.
- Create a new tag:
- The tag should be in the form of `v<major>.<minor>.<patch>`.
- The title should be in the form of `v<major>.<minor>.<patch>`.
- The description should be the changes that were added to the `version_<major>.<minor>.md` document.
- If merged into `main`, then push from `main` to `develop`, in order to retain the merge commit created when the PR was merged
- A post release PR is created with:
- Change the version from `<major>.<minor>.<patch>` to `<major>.<minor>.<patch + 1>-beta` in both `pyproject.toml` and `nautobot.__init__.__version__`.
- Set the PR to the proper branch, `develop`.
- Once tests pass, merge.
The steps taken by maintainers when creating a new release are documented in the [release checklist](./release_checklist.md).
Loading