🚀 Features
- Add Support For use_token_groups In LDAP Auth Method. GH-591
- Add Raft System Backend Methods. GH-594
Thanks to @finarfin and @jeffwecan for their lovely contributions.
Python 2.7/3.X client for HashiCorp Vault
Thanks to @finarfin and @jeffwecan for their lovely contributions.
Thanks to @TerryHowe, @and-semakin, @jeffwecan, @jschlyter, @jzck, @mdelaney and @scarabeusiv for their lovely contributions.
Note: GH-537 changes some methods’ return types from None to a request.Response
instance. For instance the client.secrets.identity.lookup_entity
now returns a Response[204] (truthy) value instead of
None (falsy) when the lookup returns no results.
This change was made to simplify maintenance of response parsing within the hvac code base.
Thanks to @jeffwecan, @llamasoft and @msuszko for their lovely contributions.
Note: GH-533 includes fundamental behavior involving sending parameters
to API requests to Vault. Many hvac method parameters that would have been sent with default arguments no
longer are included in requests to Vault. Notably, the following behavioral changes should be expected (copied from the
related PR comments):
Azure:
create_role
parameter policies
now accepts CSV string or list of stringsDatabase:
create_role
documentation updated to something meaningful GCP:
configure
parameter google_certs_endpoint
is deprecatedcreate_role
parameter project_id
is deprecated by bound_projects
(list)GitHub:
configure
is missing a lot of parametersLDAP:
configure
parameters user_dn
and group_dn
made optional
hvac/constants/ldap.py
file removed as it is no longer usedMFA:
Okta:
configure
parameter base_url
default value now differs from API documentation
register_user
, read_user
, and delete_user
duplicate URL parameter username
in JSON payload
delete_group
, but register_group
and list_group
correctly omit itPKI:
sign_data
and verify_signed_data
optional parameter marshaling_algorithm
addedRADIUS:
configure
is missing a lot of parametersregister_user
attempted to convert username
string into a CSV list (?!) for POST data
username
is extracted from URL path in Vault serverregister_user
parameter policies
never actually passed as parameterSystem Backend:
enable_auth_method
parameter plugin_name
is deprecatedenable_audit_device
optional parameter local
was addedinitialize
provides default for required API parameters secret_shares
and secret_threshold
start_root_token_generation
parameter otp
is deprecatedMisc:
**kwargs
(e.g. hvac/api/system_backend/auth.py
)*args
and **kwargs
(e.g. hvac/api/secrets_engines/active_directory.py
)hvac/api/secrets_engines/pki.py
uses extra_params={}
hvac/api/auth_methods/ldap.py
configure
uses user_dn
instead of userdn
hvac/api/system_backend/auth.py
configure
uses method_type
instead of type
ttl
, max_ttl
, policies
, period
, num_uses
and a few other fields are deprecated as of Vault version 1.2.0
Thanks to @findmyname666, @llamasoft, @moisesguimaraes, @philherbert and Adrian Eib for their lovely contributions.
Thanks to @DaveDeCaprio, @Dowwie, @drewmullen, @jeffwecan, @llamasoft and @vamshideveloper for their lovely contributions.