This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Certificate Type. Unit tests and integration tests have
been added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Certificate Type filtering. Simply use the
"--certificate-type" flag to specify a Certificate Type
enumeration values for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Usage Masks. Unit tests and integration tests have
been added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Usage Mask filtering. Simply use the
"--cryptographic-usage-mask" flag to specify one or more
Cryptographic Usage Mask enumeration values for the Locate script
to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects using the offset and maximum item
constraints. The offset constraint tells the server how many
matching items should be skipped before results are returned. The
maximum items constraint tells the server how many matching items
should be returned. Unit tests and integration tests have been
added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support offset and maximum item filtering. Simply use the
"--offset-items" and "--maximum-items" flags to specify offset and
maximum item values for the Locate script to filter on.
Fixes#562
This change updates the PyKMIP server's support for the Locate
operation, sorting the matched objects found by Locate by their
initial date, newest objects first. This matches the KMIP
specification's definition for how Locate results should be
ordered.
This change fixes a bug in the server engine unit tests that
check the debug logs for Locate filtering on the Initial Date
attribute. Specifically, time.asctime does not use the default
'%d' notation for stringifying numerical day values. This change
updates the string notation to match the format produced by
time.asctime.
Impacts #572
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Operation
Policy Name. Unit tests and integration tests have been added to
test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Operation Policy Name filtering. Simply use the
"--operation-policy-name" flag to specify an Operation Policy Name
string value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Unique
Identifier. Unit tests and integration tests have been added to
test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Unique Identifier filtering. Simply use the
"--unique-identifier" flag to specify a Unique Identifier string
value for the Locate script to filter on.
This change adds debug logging statements for the request and
response message encodings sent and received by the server
session. These provide direct visability into each message that
is handled by the server, facilitating debugging and correctness
checking. Given the content of these encodings may contain
sensitive information, debug logging should only be enabled when
testing or developing server features.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Length. If an object's type does not support the
Cryptographic Length attribute, the object is not a match. Unit
tests and integration tests have been added to test and verify
the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Length filtering. Simply use the
"--cryptographic-length" flag to specify a Cryptographic Length
integer value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Algorithm. If an object's type does not support the
Cryptographic Algorithm attribute, that object is not a match.
Unit tests and integration tests have been added to test and
verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Algorithm filtering. Simply use the
"--cryptographic-algorithm" flag to specify a Cryptographic
Algorithm enumeration for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Object Type.
Unit tests and integration tests have been added to test and verify
the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Object Type filtering. Simply use the "--object-type" flag
to specify an Object Type enumeration for the Locate script to
filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's State. Unit
tests and integration tests have been added to test and verify the
correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support State filtering. Simply use the "--state" flag to specify
a State enumeration for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the objects InitialDate
attribute value. Specifying a single InitialDate attribute in the
Locate request will perform an exact match on objects; specifying
two InitialDate attributes will perform a ranged match. Unit tests
and integration tests have been added to test and verify the
correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support InitialDate filtering. Simply use the "--initial-date"
flag to provide one or more InitialDate values to the Locate
script to filter on those dates.
This change loosens the constraints on including attributes in
Locate messages for KMIP 2.0 clients. An early version of the KMIP
2.0 specification made attributes a required field for the Locate
payloads, breaking backwards compatibility with earlier versions
of the specification. A newer version of KMIP 2.0 reverses this
change. The library has been updated to reflect this newer version
of the specification. All relevant Locate unit tests have been
modified or removed to reflect this change.
Fixes#556
This update includes a library wide upgrade to support KMIP 2.0
for all currently supported KMIP operations. Additional changes
include documentation improvements, testing upgrades, and various
quality of life enhancements:
* Add support for Python 3.7
* Add KMIP 2.0 enumerations
* Add a new OrderedEnum subclass to handle sortable enumerations
* Add KMIP 2.0-style attribute handling
* Add utilities to convert TemplateAttributes and Attributes
* Add utilities to handle bit mask style enumerations
* Add positional argument handling for pytest calls when using tox
* Update the library documentation to include KMIP 2.0 information
* Update client exception handling / logging to simplify debugging
* Update library logging defaults to log at INFO but support DEBUG
* Update the Travis CI configuration to support Ubuntu 16.04
* Update the Travis CI configuration to output logs on failures
* Update the server to support KMIP 1.3, 1.4, and 2.0
* Update the PyKMIP clients to support changing their KMIP version
* Update server session logging for authentication failures
* Update the PyKMIP object hierarchy to propagate the KMIP version
* Update the server TLS handshake handling to avoid thread hanging
* Update the Create and Register payloads to support KMIP 2.0
* Update the Locate and CreateKeyPair payloads to support KMIP 2.0
* Update the DeriveKey / GetAttributes payloads to support KMIP 2.0
* Update the GetAttributeList / Query payloads to support KMIP 2.0
* Update attribute policy to handle KMIP 2.0 deprecated attributes
* Remove escape sequences to comply with Python 3.6 deprecations
* Fix various deprecation warnings caused by dependency upgrades
* Fix a bug decoding revocation messages for the Revoke operation
* Fix a bug specifying the function list in the Query demo script
This change fixes a bug in the server attribute handling logic
that manifests when attributes are deprecated and removed in KMIP
2.0. Now these attributes are effectively ignored for KMIP 2.0
messages, complying with the KMIP 2.0 specification.
This changes adds all of the final core updates necessary to allow
KMIP 2.0 message encoding/decoding support for the PyKMIP server.
Request and responses now dynamically adjust the KMIP version they
encode/decode under based on the KMIP version included in their
header segments. Extra server logging has also been added to show
the KMIP version specified by the client request.
Message tests have been updated to reflect these changes.
This change fixes a bug with revocation message decoding that
would cause client and server failures if the revocation message
was included in a Revoke operation call. With this fix, the client
can now send a revocation message with a Revoke request and the
revocation will occur as expected.
A ProxyKmipClient demo script for the Revoke operation has been
included to help test Revoke functionality.
Finally, an argument ordering bug with the original KMIPProxy demo
Revoke script has also been fixed.
Fixes#546
This change updates the Register payloads to properly use the new
ProtectionStorageMasks structure. Unit tests have been updated to
reflect this change.
This change updates the CreateKeyPair payloads to support the new
protection storage masks fields introduced in KMIP 2.0. The payload
unit tests have been updated to reflect these changes.
This change updates the ResponseHeader to support the new server
hashed password field added in KMIP 2.0. Unit tests have been
added to cover the change.
A recent regression in bandit 1.6.0 permits the scanning of test
files for vulnerabilities even when those files should be excluded
using the '-x' flag. This change temporarily pins bandit to 1.5.1
in test-requirements.txt to get around this issue in the short
term.
This patch should be undone once bandit 1.6.1 is released, fixing
this issue.
This change adds support for the ProtectionStorageMasks structure
which is a new addition in KMIP 2.0. A unit test suite has been
added for the new structure.
This change makes a simple renaming update to the Query response
payload, correcting how Protection Storage Masks are used and
referenced. All related unit tests have been updated to reflect
this change.
This change updates the Register payloads, adding support for
Protection Storage Masks which were added in KMIP 2.0. The
payload unit tests have been updated to reflect this change.
This change updates the Create payloads, adding support for
Protection Storage Masks which were added in KMIP 2.0. The
payload unit tests have been updated to reflect this change.
This change updates the Query payloads to support KMIP 2.0, adding
in new response components including server default information
and storage protection masks. Unit tests have been added and
updated to cover these changes.
This change upgrades the Query payloads, fixing error messages,
comments, local variables, and internal payload structure to
bring Query support up to KMIP 1.4 standards, in addition to
compliance with the current payload format. The corresponding
unit test suite has been completely rewritten to reflect these
changes.
This change prepares the Query payloads for future updates to
support KMIP 2.0.
This change adds the CapabilityInformation structure, a KMIP 1.3
addition that is used to specify details on capabilities supported
by a KMIP server. A unit test suite is included to cover the new
structure.
This change adds the ValidationInformation structure, a KMIP 1.3
addition that is used to specify details on formal validation
methods supported by a KMIP server. A unit test suite is included
to cover the new structure.
This change updates requirements, pinning cryptography>=1.4. This
is due to the use of kbkdf in the server's cryptography engine,
which was not introduced until cryptography 1.4.
Fixes#525
This change adds the ProfileInformation structure, a KMIP 1.3
addition that is used to specify details for supported KMIP
profiles. A unit test suite is included to cover the new
structure.
This change adds the RNGParameters structure, a KMIP 1.3 addition
that is used to specify parameters and settings associated with a
specific random number generator. A unit test suite is included
to cover the new structure.
This change adds the DefaultsInformation structure, a KMIP 2.0
addition that is used to specify default attribute values for
KMIP managed objects. A unit test suite is included to cover the
new structure.
This change adds the ObjectDefaults structure, a KMIP 2.0 addition
that is used to specify default attribute values for KMIP managed
objects. A unit test suite is included to cover the new structure.
This change updates the GetAttributeList payloads to support KMIP
2.0 features, including swapping out Attribute Names for the
Attribute Reference structure in the response payload. Unit tests
have been added to cover these changes.
This change makes minor updates to the GetAttributeList payloads,
fixing error messages, comments, and local variable names to
comply with the current payload format. The corresponding unit
test suite has been updated to reflect these changes.
This change prepares the GetAttributeList payloads for future
updates to support KMIP 2.0.
This change adds a posargs argument to the call to pytest that is
used when invoking unit tests for individual Python versions. This
allows developers to specify which tests or test suites they want
to invoke. For example, use the following to run the unit test
suites related to the GetAttributeList payloads for Python 2.7:
tox -r -e py27 -- -k TestGetAttributeList
Developers can still use tox to run the entire test suite, like
before:
tox -r -e py27
oleksiys
Peter Hamilton