diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 240bd5e..073dcf9 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -9,30 +9,43 @@ jobs: strategy: max-parallel: 3 matrix: - python_versions: - - '3.6' - - '3.7' - - '3.8' + requirements: + - noble + - resolute + - latest vault_versions: - - '1.7.3' - - '1.1.5' + - '1.8' + - '1.18' + - '2.0' + include: + - requirements: noble + python_version: '3.12' + - requirements: resolute + python_version: '3.14' + - requirements: latest + python_version: '3.14' runs-on: ubuntu-latest services: vault: - image: vault:${{ matrix.vault_versions }} + image: hashicorp/vault:${{ matrix.vault_versions }} env: VAULT_DEV_ROOT_TOKEN_ID: "testing" ports: - 8200:8200 steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - uses: actions/checkout@v6 + - uses: actions/setup-python@v6 with: - python-version: ${{ matrix.python_versions }} + python-version: ${{ matrix.python_version }} - name: "install requirements" run: | - pip install -r requirements.txt -c https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt - pip install -r test-requirements.txt -c https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt + if [ "${{ matrix.requirements }}" = "latest" ]; then + pip install -r requirements.txt + else + pip install -r requirements-${{ matrix.requirements }}.txt + fi + pip install -r test-requirements.txt + pip install . - name: "flake8 run" run: | flake8 diff --git a/requirements-noble.txt b/requirements-noble.txt new file mode 100644 index 0000000..6974676 --- /dev/null +++ b/requirements-noble.txt @@ -0,0 +1,7 @@ +# Dependency versions available in noble. + +-r requirements.txt + +pbr==5.11.1 +hvac==0.11.2 +tenacity==8.2.3 diff --git a/requirements-resolute.txt b/requirements-resolute.txt new file mode 100644 index 0000000..e9d4959 --- /dev/null +++ b/requirements-resolute.txt @@ -0,0 +1,7 @@ +# Dependency versions available in resolute. + +-r requirements.txt + +pbr==7.0.3 +hvac==2.3.0 +tenacity==9.1.2 diff --git a/requirements.txt b/requirements.txt index 3b244d8..5636f2e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,5 @@ # process, which may cause wedges in the gate later. pbr>=2.0 # Apache-2.0 -hvac +hvac>=0.10.6 # client.auth.approle.login() requires this API tenacity diff --git a/setup.cfg b/setup.cfg index ebb101b..0211eda 100644 --- a/setup.cfg +++ b/setup.cfg @@ -6,6 +6,7 @@ description-file = author = OpenStack Charms Team author-email = openstack-dev@lists.openstack.org home-page = http://www.openstack.org/ +python_requires = >=3.12 classifier = Environment :: OpenStack Intended Audience :: Information Technology @@ -13,10 +14,10 @@ classifier = License :: OSI Approved :: Apache Software License Operating System :: POSIX :: Linux Programming Language :: Python - Programming Language :: Python :: 2 - Programming Language :: Python :: 2.7 Programming Language :: Python :: 3 - Programming Language :: Python :: 3.5 + Programming Language :: Python :: 3.12 + Programming Language :: Python :: 3.13 + Programming Language :: Python :: 3.14 [files] packages = diff --git a/tox.ini b/tox.ini index afb8e2a..f823071 100644 --- a/tox.ini +++ b/tox.ini @@ -1,12 +1,10 @@ [tox] -minversion = 2.0 -envlist = py35,py36,py27,pep8 -skipsdist = True +minversion = 4.0 +envlist = noble,resolute,latest,pep8 skip_missing_interpreters = True [testenv] usedevelop = True -install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} setenv = VIRTUAL_ENV={envdir} PYTHONWARNINGS=default::DeprecationWarning @@ -16,16 +14,30 @@ setenv = deps = -r{toxinidir}/test-requirements.txt commands = stestr run "^vaultlocker.tests.unit.*" {posargs} +[testenv:noble] +basepython = python3.12 +deps = + -r{toxinidir}/requirements-noble.txt + -r{toxinidir}/test-requirements.txt + +[testenv:resolute] +basepython = python3.14 +deps = + -r{toxinidir}/requirements-resolute.txt + -r{toxinidir}/test-requirements.txt + +[testenv:latest] +basepython = python3.14 +deps = + -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt + [testenv:pep8] commands = flake8 {posargs} [testenv:venv] commands = {posargs} -[testenv:func27] -basepython = python2.7 -commands = pifpaf run vault -- stestr run "^vaultlocker.tests.functional.*" - [testenv:func3] basepython = python3 commands = pifpaf run vault -- stestr run "^vaultlocker.tests.functional.*" diff --git a/vaultlocker/shell.py b/vaultlocker/shell.py index ffb0fa1..0388a43 100644 --- a/vaultlocker/shell.py +++ b/vaultlocker/shell.py @@ -20,7 +20,7 @@ import tenacity import uuid -from six.moves import configparser +import configparser import subprocess from vaultlocker import dmcrypt from vaultlocker import exceptions @@ -42,8 +42,10 @@ def _vault_client(config): url=config.get('vault', 'url'), verify=config.get('vault', 'ca_bundle', fallback=True) ) - client.auth_approle(config.get('vault', 'approle'), - secret_id=config.get('vault', 'secret_id')) + client.auth.approle.login( + role_id=config.get('vault', 'approle'), + secret_id=config.get('vault', 'secret_id') + ) return client diff --git a/vaultlocker/tests/unit/test_vaultlocker.py b/vaultlocker/tests/unit/test_vaultlocker.py index c0d3d77..e8a841c 100644 --- a/vaultlocker/tests/unit/test_vaultlocker.py +++ b/vaultlocker/tests/unit/test_vaultlocker.py @@ -45,6 +45,19 @@ def side_effect(_, k, **kwargs): return self._test_config.get(k) self.config.get.side_effect = side_effect + @mock.patch.object(shell.hvac, 'Client') + def test_vault_client_uses_approle_login(self, _client): + client = _client.return_value + + result = shell._vault_client(self.config) + + client.auth.approle.login.assert_called_once_with( + role_id=self._test_config['approle'], + secret_id=self._test_config['secret_id'], + ) + client.auth_approle.assert_not_called() + self.assertIs(result, client) + @mock.patch.object(shell, 'systemd') @mock.patch.object(shell, 'dmcrypt') @mock.patch.object(shell, '_get_vault_path')