This change adds ApplicationSpecificInformation attribute support
to the server, allowing for the storage and retrieval of the new
attribute in addition to object filtering based on its value. New
unit tests have been added to cover the new changes.
This change adds a new SQLAlchemy object to the database model
representing the ApplicationSpecificInformation attribute. The
new object is linked to the base ManagedObject object, allowing
ApplicationSpecificInformation attributes to be associated with
any managed object. This also represents how KMIP attributes
should be supported going forward. A new unit test suite has
been added to verify the new object functionality and to confirm
that the object can be stored and retrieved from an in-memory
database.
This change updates the ApplicationSpecificInformation attribute
implementation to reflect modern library style. Property methods
have been added alongside tighter read/write error checking. The
unit tests for the attribute have been updated to reflect all of
the new changes.
This change adds a demo script showing how to register SplitKey
objects. The existing Get and Destroy demo scripts also work with
the new SplitKey objects. Demo utilities for logging object info
have been updated and improved as well.
Closes#545
This change adds integration tests that test registering,
retrieving, and destroying SplitKey objects with the server.
Minor updates are included for the client and server to ensure
that SplitKey operations function as expected.
Partially implements #545
This change adds conversion utilities for SplitKey objects,
allowing for conversions between the Pie and Core object spaces.
The server is also updated to recognize the new Pie SplitKey
object. Unit tests have been added and tweaked to accommodate
these changes.
Partially implements #545
This change adds a SQLAlchemy-based implementation of the SplitKey
object that will be used by the ProxyKmipClient and PyKMIP server
to store SplitKeys. A new unit test suite is included that checks
object fields and verifies it can be persisted to and retrieved
from an in-memory SQLAlchemy-managed database.
Partially implements #545
This change removes the basepython setting for non-default tox
environments, allowing those environments to use the default
system Python instead of forcing the use of Python 2.7. This
will now allow various TravisCI test runs to use the right
version of Python.
This change updates encoding support for SplitKey objects, bringing
it up-to-date with the modern conventions used in the rest of the
library. A new unit test suite has been added to cover the new
functionality.
Partially implements #545
The enum34 package is not compatible with python 3.4+. By
requiring enum-compat instead, this requirement will be a
noop when installing the dependencies from a python 3.4+ environment.
Closes: #450
This change fixes a bug with how key pair names are handled by the
ProxyKmipClient. The original implementation stored key pair names
in the 'names' field of the various template attributes used to
define the key pair attributes. However, the 'names' field is
meant for the names of existing template objects that should be
used as another source for attribute values. Before KMIP 2.0
support was added, this worked because attributes and names were
encoded the same way and were interpreted by the server correctly.
The addition of KMIP 2.0 drops the 'names' field when handling
template attributes, dropping the names from being sent to the
server when creating new key pairs. This change fixes this and
updates relevant client unit tests to detect this error in the
future.
Fixes#560
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Certificate Type. Unit tests and integration tests have
been added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Certificate Type filtering. Simply use the
"--certificate-type" flag to specify a Certificate Type
enumeration values for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Usage Masks. Unit tests and integration tests have
been added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Usage Mask filtering. Simply use the
"--cryptographic-usage-mask" flag to specify one or more
Cryptographic Usage Mask enumeration values for the Locate script
to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects using the offset and maximum item
constraints. The offset constraint tells the server how many
matching items should be skipped before results are returned. The
maximum items constraint tells the server how many matching items
should be returned. Unit tests and integration tests have been
added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support offset and maximum item filtering. Simply use the
"--offset-items" and "--maximum-items" flags to specify offset and
maximum item values for the Locate script to filter on.
Fixes#562
This change updates the PyKMIP server's support for the Locate
operation, sorting the matched objects found by Locate by their
initial date, newest objects first. This matches the KMIP
specification's definition for how Locate results should be
ordered.
This change fixes a bug in the server engine unit tests that
check the debug logs for Locate filtering on the Initial Date
attribute. Specifically, time.asctime does not use the default
'%d' notation for stringifying numerical day values. This change
updates the string notation to match the format produced by
time.asctime.
Impacts #572
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Operation
Policy Name. Unit tests and integration tests have been added to
test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Operation Policy Name filtering. Simply use the
"--operation-policy-name" flag to specify an Operation Policy Name
string value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Unique
Identifier. Unit tests and integration tests have been added to
test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Unique Identifier filtering. Simply use the
"--unique-identifier" flag to specify a Unique Identifier string
value for the Locate script to filter on.
This change adds debug logging statements for the request and
response message encodings sent and received by the server
session. These provide direct visability into each message that
is handled by the server, facilitating debugging and correctness
checking. Given the content of these encodings may contain
sensitive information, debug logging should only be enabled when
testing or developing server features.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Length. If an object's type does not support the
Cryptographic Length attribute, the object is not a match. Unit
tests and integration tests have been added to test and verify
the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Length filtering. Simply use the
"--cryptographic-length" flag to specify a Cryptographic Length
integer value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Algorithm. If an object's type does not support the
Cryptographic Algorithm attribute, that object is not a match.
Unit tests and integration tests have been added to test and
verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Algorithm filtering. Simply use the
"--cryptographic-algorithm" flag to specify a Cryptographic
Algorithm enumeration for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Object Type.
Unit tests and integration tests have been added to test and verify
the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Object Type filtering. Simply use the "--object-type" flag
to specify an Object Type enumeration for the Locate script to
filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's State. Unit
tests and integration tests have been added to test and verify the
correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support State filtering. Simply use the "--state" flag to specify
a State enumeration for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the objects InitialDate
attribute value. Specifying a single InitialDate attribute in the
Locate request will perform an exact match on objects; specifying
two InitialDate attributes will perform a ranged match. Unit tests
and integration tests have been added to test and verify the
correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support InitialDate filtering. Simply use the "--initial-date"
flag to provide one or more InitialDate values to the Locate
script to filter on those dates.
This change loosens the constraints on including attributes in
Locate messages for KMIP 2.0 clients. An early version of the KMIP
2.0 specification made attributes a required field for the Locate
payloads, breaking backwards compatibility with earlier versions
of the specification. A newer version of KMIP 2.0 reverses this
change. The library has been updated to reflect this newer version
of the specification. All relevant Locate unit tests have been
modified or removed to reflect this change.
Fixes#556
This update includes a library wide upgrade to support KMIP 2.0
for all currently supported KMIP operations. Additional changes
include documentation improvements, testing upgrades, and various
quality of life enhancements:
* Add support for Python 3.7
* Add KMIP 2.0 enumerations
* Add a new OrderedEnum subclass to handle sortable enumerations
* Add KMIP 2.0-style attribute handling
* Add utilities to convert TemplateAttributes and Attributes
* Add utilities to handle bit mask style enumerations
* Add positional argument handling for pytest calls when using tox
* Update the library documentation to include KMIP 2.0 information
* Update client exception handling / logging to simplify debugging
* Update library logging defaults to log at INFO but support DEBUG
* Update the Travis CI configuration to support Ubuntu 16.04
* Update the Travis CI configuration to output logs on failures
* Update the server to support KMIP 1.3, 1.4, and 2.0
* Update the PyKMIP clients to support changing their KMIP version
* Update server session logging for authentication failures
* Update the PyKMIP object hierarchy to propagate the KMIP version
* Update the server TLS handshake handling to avoid thread hanging
* Update the Create and Register payloads to support KMIP 2.0
* Update the Locate and CreateKeyPair payloads to support KMIP 2.0
* Update the DeriveKey / GetAttributes payloads to support KMIP 2.0
* Update the GetAttributeList / Query payloads to support KMIP 2.0
* Update attribute policy to handle KMIP 2.0 deprecated attributes
* Remove escape sequences to comply with Python 3.6 deprecations
* Fix various deprecation warnings caused by dependency upgrades
* Fix a bug decoding revocation messages for the Revoke operation
* Fix a bug specifying the function list in the Query demo script
This change fixes a bug in the server attribute handling logic
that manifests when attributes are deprecated and removed in KMIP
2.0. Now these attributes are effectively ignored for KMIP 2.0
messages, complying with the KMIP 2.0 specification.
This changes adds all of the final core updates necessary to allow
KMIP 2.0 message encoding/decoding support for the PyKMIP server.
Request and responses now dynamically adjust the KMIP version they
encode/decode under based on the KMIP version included in their
header segments. Extra server logging has also been added to show
the KMIP version specified by the client request.
Message tests have been updated to reflect these changes.
This change fixes a bug with revocation message decoding that
would cause client and server failures if the revocation message
was included in a Revoke operation call. With this fix, the client
can now send a revocation message with a Revoke request and the
revocation will occur as expected.
A ProxyKmipClient demo script for the Revoke operation has been
included to help test Revoke functionality.
Finally, an argument ordering bug with the original KMIPProxy demo
Revoke script has also been fixed.
Fixes#546
This change updates the Register payloads to properly use the new
ProtectionStorageMasks structure. Unit tests have been updated to
reflect this change.
This change updates the CreateKeyPair payloads to support the new
protection storage masks fields introduced in KMIP 2.0. The payload
unit tests have been updated to reflect these changes.
This change updates the ResponseHeader to support the new server
hashed password field added in KMIP 2.0. Unit tests have been
added to cover the change.
A recent regression in bandit 1.6.0 permits the scanning of test
files for vulnerabilities even when those files should be excluded
using the '-x' flag. This change temporarily pins bandit to 1.5.1
in test-requirements.txt to get around this issue in the short
term.
This patch should be undone once bandit 1.6.1 is released, fixing
this issue.
This change adds support for the ProtectionStorageMasks structure
which is a new addition in KMIP 2.0. A unit test suite has been
added for the new structure.
This change makes a simple renaming update to the Query response
payload, correcting how Protection Storage Masks are used and
referenced. All related unit tests have been updated to reflect
this change.
Peter Hamilton
Tom J
ctil
oleksiys