The cryptography release 39.0.0 added a new parameter to the
backend.load_pem_private_key and backend.load_der_private_key
that's required. This patch uses the serialization method to load keys
because there the new parameter is optional.
https://cryptography.io/en/latest/changelog/#v39-0-0
This patch fixes the tests test_encrypt_decrypt_asymmetric
Pass the required argument to the `build_cli_parser` function where
it was missed. Pass the missed argument in the `objects.SecretData`
initialization.
I'm not *entirely* sure what's going on here, but it seems that when we
do something like
obj = OpaqueObject(...)
Session = sessionmaker(...)
session = Session()
...
session.add(obj)
session.commit()
the primary key (and maybe some foreign relations?) aren't automatically
populated on `obj` following the commit, and will attempt to lazy-load
on next reference. Since expire_on_commit defaults to True, the session
attached to `obj` (which is no longer the `session` in locals!) is closed
out when we later do
session = Session()
get_obj = session.query(OpaqueObject).filter(
ManagedObject.unique_identifier == obj.unique_identifier).one()
leading to a DetachedInstanceError.
There seem to be a few different ways we can fix this:
* Set expire_on_commit=False so the old session is still useful for the
lazy-loading.
* Re-use the same session instead of creating a new one.
* Explicitly refresh added objects post-commit.
Generally prefer the first one; there's some prior art to follow in
services/server/test_engine.py. Curiously, that same file runs into
trouble despite already setting expire_on_commit=False -- so do the
explicit refresh, on the assumption that there was a reason we went to
the trouble of creating a fresh session.
Closes#649
This update includes numerous improvements to the usage and support
of KMIP attributes across both the client and server, including new
attribute support and new attribute operation support. The library
also now officially supports SplitKey objects.
The changes in this release include:
* Add server debug logging for message encodings
* Add server Locate filtering for all supported attributes
* Add server Locate filtering using offset/max item constraints
* Add server cryptography engine support for AES GCM mode
* Add server support for the SplitKey object
* Add client/server support for ApplicationSpecificInformation
* Add client/server support for ObjectGroup and Sensitive attrs
* Add client/server support for the DeleteAttribute operation
* Add client/server support for the SetAttribute operation
* Add client/server support for the ModifyAttribute operation
* Add unit and integration tests to cover all new functionality
* Add ProxyKmipClient demo scripts to show use of new operations
* Add pending deprecation warnings for Python 2.7 and 3.4
* Update server Locate filtering to sort results by creation date
* Update encoding support for SplitKey objects
* Update the Travis CI config to support default Python versions
* Update dependencies to maintain Python 3.4 support
* Update library docs to reflect new features and security details
* Fix a bug with how key pair names are handled by the client
This change adds pending deprecation warnings for both Python 2.7
and 3.4. Both of these Python versions have reached end-of-life
and no longer receive security updates. Future versions of PyKMIP
will drop support for both of these Python versions.
This change updates the PyKMIP documentation in preparation for
the v0.10 release. Changes include added detail and improvements
to the client and server documentation, tweaks to the install,
index, and community pages, and a new security page with info on
PyKMIP security issues and known vulnerabilities.
This change pins PyYAML, an upstream dependency for bandit, to be
<=5.2. Version 5.3+ drops support for Python 3.4, which breaks any
tests run using Python 3.4. When PyKMIP drops support for Python
3.4, this change can be reverted.
This change adds integration tests for the client and server for
the Modify and DeleteAttribute operations, proving they work in
tandem. Minor bug fixes in the client are included to enable
correct test execution.
Partially implements #547
This change adds entries for the SetAttribute operation for each
object type in the default server operation policy. This enables
future SetAttribute operation integration tests.
Partially implements #547
This changes fixes a minor bug with proper attribute index range
checking in the server implementation of ModifyAttribute. A corner
case that previously slipped through index checking and testing
has been closed. An existing unit test has been modified to fix
this bug.
Partially implements #547
This change adds ProxyKmipClient demos for the new Set, Modify,
and Delete Attribute operations. The demos are not intended for
general use but instead to show how the client can be used to
execute these new operations against a KMIP server. See the
demo scripts themselves for more information.
Partially implements #547
This change updates the request and response payload factories to
add support for the Set, Modify, and DeleteAttribute payloads.
Unit tests have been added to cover the changes.
Partially implements #547
This change adds ModifyAttribute operation support to the PyKMIP
server, including additional attribute policy functionality to
check for certain attribute characteristics that preclude
ModifyAttribute operation functionality. New unit tests have been
added to cover these changes.
Partially implements #547
This change pins the upstream tox dependency to version 3.14.1
and the more_itertools dependency to version 7.2.0. The latest
versions of these tools released in late November and early
December 2019 have begun to drop support for Python 3.4, breaking
various test builds on Ubuntu 12.04 LTS (at this time the updates
have only made their way into the upstream packages for this OS).
This will likely soon spread to all other Python 3.4 builds, so for
now, short cut the issue by avoiding newer library releases. Once
PyKMIP drops support for Python 3.4, this change can be undone.
This change adds ModifyAttribute support to the ProxyKmipClient,
leveraging the new generic request capability in the underlying
KMIPProxy client. New unit tests have been added to cover the new
client additions.
Partially implements #547
This change adds SetAttribute support to the ProxyKmipClient,
leveraging the new generic request capability in the underlying
KMIPProxy client. New unit tests have been added to cover the new
client additions.
Partially implements #547
This change adds SetAttribute operation support to the PyKMIP
server, including additional attribute policy functionality to
check for certain attribute characteristics that preclude
SetAttribute operation functionality. Specifically, the operation
cannot set the value of any multivalued attribute nor the value
of any attribute not modifiable by the client. New unit tests
have been added to cover these changes.
Partially implements #547
This change adds support for the Sensitive attribute, adding it to
the attribute factory, the SQLAlchemy object hierarchy, and to the
server attribute handling methods. The intent is to use this new
attribute to test the new SetAttribute and ModifyAttribute
operations coming in future commits. Unit tests have been added
and modified to support the new additions.
This change adds support for the ModifyAttribute operation in the
form of request and response payload structures. These will be used
in future updates to the client and server to fully support the
ModifyAttribute operation. A new unit test suite has been added to
cover the new changes.
Partially Implements #547
This change adds support for the SetAttribute operation in the
form of request and response payload structures. These will be used
in future updates to the client and server to fully support the
SetAttribute operation. A new unit test suite has been added to
cover the new changes.
Partially Implements #547
This change adds support for the NewAttribute structure added
in KMIP 2.0. The NewAttribute structure is a basic container
structure that contains a single attribute instance for use by
attribute operations. A new unit test suite has been added to cover
the new additions.
Partially implements #547
This change adds DeleteAttribute support to the ProxyKmipClient,
leveraging the new generic request capability in the underlying
KMIPProxy client. Going forward all new attribute support will
leverage the new request capability and older supported operations
will be migrated to use it as well, with the ultimate vision
being a final merger of the two client classes into one easy to
use architecture. New unit tests have been added to cover the new
client additions.
Partially implements #547
This change adds payload request and response base classes to
prepare for future simplification updates to the current client
architecture. No new tests are required for this change.
This change adds DeleteAttribute operation support to the PyKMIP
server, supporting functionality unique to KMIP 1.0 - 1.4 and the
newer KMIP 2.0. Due to the current list of attributes supported
by the server, only multivalued attributes can currently be
deleted from a stored KMIP object. Over a dozen unit tests have
been added to verify the functionality of the new additions.
Partially implements #547
This change adds support for the DeleteAttribute operation in the
form of request and response payload structures. These will be used
in a future updates by the client and server to fully support the
DeleteAttribute operation. A new unit test suite has been added to
cover the new changes.
Partially implements #547
This change adds support for the CurrentAttribute structure added
in KMIP 2.0. The CurrentAttribute structure is a basic container
structure that contains a single attribute instance for use by
attribute operations. A new unit test suite has been added to cover
the new additions.
Partially implements #547
This change adds integration tests that verify that objects can
be found by Locate when filtering off of the new ObjectGroup and
ApplicationSpecificInformation attributes. Some minor tweaks to
the database attribute models are included to simplify usage.
This change ObjectGroup attribute support to the server, allowing
for the storage and retrieval of the new attribute in addition to
object filtering based on its value. New unit tests have been
added to cover the new changes.
This change adds a new SQLAlchemy object to the database model
representing the ObjectGroup attribute. The new object is linked
to the base ManagedObject object, allowing ObjectGroup attributes
to be associated with any managed object. A new unit test suite
has been added to verify the new object functionality and to
confirm that the object can be stored and retrieved from an
in-memory database.
This change updates the attribute factory, replacing the custom
ObjectGroup class with the proper usage of the TextString
primitive. ObjectGroup attribute usage and testing has been
updated across the library to reflect this change.
dsmith-qlik
Daniel Garcia Moreno
Grace Lombardi
Pranathi Locula
Satya Kommula
Tim Burke
Konstantin Trushin
arp102
Karthikeyan Singaravelan
locula
Peter Hamilton
Joel Capitao