This change updates the PyKMIP clients, adding support for getting
and setting the KMIP version they use when making KMIP requests.
You can now do:
>>> client.kmip_version
to get the KMIP version enumeration the client is using. Use:
>>> client.kmip_version = enums.KMIPVersion.KMIP_1_1
to set the KMIP version the client uses.
The client unit tests have been updated to check and cover these
changes.
Fixes#470
At that point, it's up to the caller to decide whether a stack trace is
appropriate; if the caller decides the connection error is recoverable,
us logging a traceback will only confuse things.
Also, prevent a TypeError during log interpolation by actually using the
argument we were providing.
Otherwise, you can hit errors with tracebacks like
Traceback (most recent call last):
...
File ".../kmip/pie/client.py", line 1573, in __enter__
self.open()
File ".../kmip/pie/client.py", line 135, in open
raise e
IOError: [Errno 2] No such file or directory
... which isn't terribly useful; it doesn't give you any information
about *what* file wasn't found. By using a bare `raise`, you preserve
the rest of the stack and get
Traceback (most recent call last):
...
File ".../kmip/pie/client.py", line 1573, in __enter__
self.open()
File ".../kmip/pie/client.py", line 131, in open
self.proxy.open()
File ".../kmip/services/kmip_client.py", line 221, in open
self._create_socket(sock)
File ".../kmip/services/kmip_client.py", line 246, in _create_socket
suppress_ragged_eofs=self.suppress_ragged_eofs)
File ".../eventlet/green/ssl.py", line 379, in wrap_socket
return GreenSSLSocket(sock, *a, **kw)
File ".../eventlet/green/ssl.py", line 68, in __init__
ca_certs, do_handshake_on_connect and six.PY2, *args, **kw)
File ".../ssl.py", line 558, in __init__
self._context.load_verify_locations(ca_certs)
IOError: [Errno 2] No such file or directory
... which makes it clear that it was a problem with the CA certificate
bundle.
This change adds client support for setting custom configuration
file paths, allowing users and developers to place their settings
file wherever they want. All client demo scripts have been updated
to support a '-s' flag that can be used to set the configuration
file for the demo. Client unit tests have also been updated to
include this change.
This change fixes how the ProxyKmipClient handles cryptographic
usage mask values for the CreateKeyPair operation. Originally,
both Encrypt and Decrypt were set by default for both public and
private keys. This is incorrect behavior for certain algorithms.
Now, only the masks specified by the caller are set on the key
pair.
Fixes#412
This change updates the ProxyKmipClient support for the DeriveKey
operation, now allowing the caller to specify a list of
CryptographicUsageMask enumerations to set on the newly derived
key.
Fixes#417
This change adds Check operation support to the ProxyKmipClient.
The client unit test suite has been updated to cover the new code.
Partially addresses #405
This change fixes a bug with the ProxyKmipClient handling of
cryptographic parameters, specifically handling the case where
no cryptographic parameters are provided for an operation method
call. When no parameters are specified, None is now correctly
propagated through to request handling. A client unit test has
been added to cover this fix.
Fixes#406
This change updates the ProxyKmipClient support for the Register
operation, adding the ability to register Name attributes with
the managed object being registered. This matches the functionality
available when using the Create operation.
Fixes#400
This change removes the redundant KmipClient API class from the
pie package. The ProxyKmipClient is the main client going forward
and there is no need for a generic API against which to develop
new clients. If this is needed in the future, it is trivial to
restore.
This change updates the root-level kmip package, allowing users
to now import the client directly from the kmip package:
from kmip import KmipClient
The KmipClient is an alias for the ProxyKmipClient located in
kmip.pie.client. This will simplify usage and help obfuscate
internal package details that may change in the future.
This change renames the CertificateTypeEnum enumeration to
CertificateType, matching the naming schemes of all other
enumerations. This is a backwards incompatible change and
will break any scripts or programs that use the current
CertificateTypeEnum name.
This change updates the KMIP object model to support explicitly
storing key wrapping data attributes. Key wrapping data is treated
externally as a dictionary and is stored as individual fields in
the back end. Various unit tests have been updated and added to
support these additions.
This change updates the ProxyKmipClient, allowing Get operation
calls to retrieve wrapped keys by providing key wrapping
specification information with the request. Unit tests have been
added and updated to reflect this change.
This change updates ProxyKmipClient support for the CreateKeyPair
operation, adding in optional arguments allowing the user to
specify the cryptographic usage masks for the public and private
keys that will be created. Unit tests have been added to cover
this change.
This change updates the ProxyKmipClient close method, allowing
it to be called without error even when the client connection is
not open. The client unit tests have been updated to reflect this.
This change simplifies how the ProxyKmipClient enforces the open
connection check on operation method calls. Each operation method
is now wrapped with an is_connected decorator which handles the
connection check. All old in-method connection checks have been
removed.
This change adds Encrypt operation support to the KMIPProxy and
ProxyKmipClient clients, including unit tests to cover the new
functionality.
Extensive documentation has been added to the header comments for
the new client methods detailing the expected input parameters and
return values. This approach should be followed for all new client
additions going forward.
This change updates the CryptographicParameters struct, removing the
primitive class wrappers that it used to use for attribute values
and replacing them with struct properties that internally manage the
primitive objects directly. This gutting and regutting necessitates
cascading changes to every part of the library that used these
internal primitive class wrappers, including unit tests, client and
client tests, and attribute factory handlers. All of these have been
updated to reflect the correct usage of the CryptographicParameters
struct.
This change also adds in additional attribute members for the
CryptographicParameters struct to bring it up to spec with KMIP 1.2.
This change loosens the input requirements for ProxyKmipClient
operations that accept a secret UID. Operations like Get and
Destroy used to require a string value but are allowed in the
KMIP specification to take no value at all. This change updates
the ProxyKmipClient to properly reflect the specification. The
underlying KMIPProxy client is mostly unchanged.
Closes#261
This change updates the server and managed object set to support
the InitialDate attribute. The InitialDate is set when the Create,
CreateKeyPair, and Register operations are invoked and can be
listed and retrieved with the GetAttributeList and GetAttributes
operations respectively. The server unit tests have been updated
to reflect these changes.
This change updates the polymorphic identity used by
X509Certificate objects. The original identity was already used by
the base Certificate object, causing sqlalchemy to raise a warning
when used. This change resolves the identity reassignment and
prevents the warning from being displayed.
This change fixes a bug in the ProxyKmipClient, specifically in
the register method. The client would create attributes for the
object to register, regardless if those attributes were set on
the object. This could cause attribute value overwrites, deleting
valid default values with empty values. This change adds checks
to ensure these attributes are not created with the request if
they are not set on the object. The client unit tests have been
updated to reflect this change.
This change adds support for the GetAttributes operation to the
PyKMIP clients. Demo scripts showing how to use the new operation
will be included in a future update. Client test cases have been
added and updated to reflect the new operation.
The ProxyKmipClient now allows you to optionally provide a name
when performing a `Create` or a `Create Key Pair`. If not specified,
the name is excluded from the request.
* For `create`, users specify `name`
* For `create_key_pair`, users specify `private_name` and `public_name`
Resolves#208
This change adds support for the Activate operation to the server,
including additional server unit tests, a new IllegalOperation
exception, and updated state attribute support in Pie objects.
Fixes#186
Peter Hamilton
Tim Burke
Peter Hamilton
Dane
Hao Shen
Peter Hamilton
Jonathan Seawright