This change updates the payload factories, adding placeholder
support for operations added in KMIP 1.3. It also updates old
placeholders with now supported payloads. The corresponding
unit test suites have been updated to match the additions.
This change updates the server, updating how it processes config
values and allowing it to handle optional or ommitted policy_path
values. This fixes a bug where users could not leave the
policy_path config file unset, in addition to a bug that forced
users to use '/etc/pykmip/policies' as their policy directory.
Fixes#210
This change adds str and repr utilities to the Attribute object. A
new test suite for Attribute object tests is included, however only
the tests for the string utilities are included with this patch.
The remaining Attribute tests will be implemented in a later patch.
This change adds some utility methods, including equality operators
and string methods, to the ApplicationSpecificInformation attribute.
Unit tests covering the changes are included.
This change adds support for the Activate operation to the server,
including additional server unit tests, a new IllegalOperation
exception, and updated state attribute support in Pie objects.
Fixes#186
This change reorganizes some of the error handling code in the
client open routine, preventing the generation of an undefined
variable error. The net effect of the client open routine is
unchanged.
Fixes#199
This change fixes a minor bug with the client shutdown routine,
where an error would get thrown when attempting to call shutdown
on an unconnected socket. This error is now caught and suppressed,
since the client is already shutting down. A new client unit test
is included to cover this change.
This change adds support for dynamic operation policy loading.
The server config file now supports a 'policy_path' option that
points to a filesystem directory. Each file in the directory
should contain a JSON policy object. The KMIP server will scan
this directory and attempt to load all valid policies it finds.
The results of this process will be logged.
This change adds enforcement of KMIP operation policies to the
server engine, specifically to the Get and Destroy operations.
Explicit object ownership is enforced as a result, with ownership
now a tracked internal server property of managed objects. Tests
for this new functionality are included.
This change updates the KMIP engine to process and persist the
value of the operation policy name attribute when creating or
registering new managed objects. Tests are included for these
changes.
This change adds operation policy name support to the pie client,
allowing you to optionally specify the policy name when creating
new symmetric keys and asymmetric key pairs. The operation policy
name can also be set on any pie object and will be sent with the
corresponding register request for new objects. Tests for these
additions are included.
This change fixes a bug in the KMIP server engine where a missing
request credential would cause the session to prematurely
terminate. Credential handling may require session termination
for missing credentials, but that decision should be made by
credential processing not request processing.
Fixes#193
This change updates the KmipSession, allowing it to extract client
identity from the client certificate of a TLS connection. The
certificate subject common name is used as the client identity if
the certificate has client authentication set in the extended key
usage extension.
This change breaks backwards compatibility. If a client certificate
does not define a client identity, the session will reject it and
shutdown the connection. Any client certificates used to connect
with the software server in the past will need to be replaced with
certificates that define a suitable client identity.
This change adds enumerations and policy objects to support the
specification and enforcement of KMIP operation policies. A new
module, kmip.core.policy, is added to define the default policy
objects required by the KMIP specification.
This change updates the set of supported enumerations to include
all enumerations included in KMIP 1.2. Existing enumerations are
updated where required.
This update includes a new implementation of the PyKMIP software server,
in addition to other minor features and bug fixes:
* Add KmipServer server implementation
* Add KmipSession to manage threaded client/server connections
* Add KmipEngine for processing core server application logic
* Add KmipEngine support for CRUD operations for managed objects
* Add SQLAlchemy/SQLite support for KmipEngine data storage
* Add CryptographyEngine component for all cryptographic operations
* Add pending deprecation warning for Python 2.6 support
* Add pending deprecation warning for the KMIPServer implementation
* Add support for building Sphinx documentation
* Add support for SQLAlchemy tables to all Pie objects
* Add Python magic methods to Attribute and Name objects
* Add Attribute class unit tests
* Add bin script to run the KmipServer
* Add setup entry points to run the KmipServer
* Update DiscoverVersions demo with optional versions argument
* Update all demo scripts to setup their own logging infrastructure
* Update README with information on the KmipServer implementation
* Remove expired certificate files from the integration test suite
* Remove default package log configuration and configuration file
* Fix bug with Locate payload parsing optional values
* Fix bug with DateTime string tests and move to UTC representation
Added console_scripts to setup.py, and added an entry for
pykmip-server. The pykmip-server application will run the PyKMIP
server. The two command line options below will run the server.
python -m kmip.services.server.server
pykmip-server
Peter Hamilton
Peter Hamilton
Peter
Nathan Reller