diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 9994099..2e0d75e 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 1.1.5 +current_version = 1.1.10 commit = True tag = False message = Bump version: {current_version} → {new_version} diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index d223652..ade887a 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -6,6 +6,7 @@ on: env: REQUIRED_COVERAGE: 30 + PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring jobs: python: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ff47256..84f1f83 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: env: - VERSION: 1.1.5 + VERSION: 1.1.10 jobs: release: diff --git a/poetry.lock b/poetry.lock index 1e632de..8fdab7d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,23 +1,18 @@ [[package]] name = "astroid" -version = "2.11.7" +version = "2.12.7" description = "An abstract syntax tree for Python with inference support." category = "dev" optional = false -python-versions = ">=3.6.2" +python-versions = ">=3.7.2" [package.dependencies] lazy-object-proxy = ">=1.4.0" typing-extensions = {version = ">=3.10", markers = "python_version < \"3.10\""} -wrapt = ">=1.11,<2" - -[[package]] -name = "atomicwrites" -version = "1.4.1" -description = "Atomic file writes." -category = "dev" -optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +wrapt = [ + {version = ">=1.11,<2", markers = "python_version < \"3.11\""}, + {version = ">=1.14,<2", markers = "python_version >= \"3.11\""}, +] [[package]] name = "attrs" @@ -54,7 +49,7 @@ yaml = ["pyyaml"] [[package]] name = "black" -version = "22.6.0" +version = "22.8.0" description = "The uncompromising code formatter." category = "dev" optional = false @@ -288,11 +283,11 @@ pyparsing = ">=2.0.2,<3.0.5 || >3.0.5" [[package]] name = "pathspec" -version = "0.9.0" +version = "0.10.1" description = "Utility library for gitignore style pattern matching of file paths." category = "dev" optional = false -python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" +python-versions = ">=3.7" [[package]] name = "pbr" @@ -347,14 +342,14 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" [[package]] name = "pylint" -version = "2.14.5" +version = "2.15.0" description = "python code static checker" category = "dev" optional = false python-versions = ">=3.7.2" [package.dependencies] -astroid = ">=2.11.6,<=2.12.0-dev0" +astroid = ">=2.12.4,<=2.14.0-dev0" colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""} dill = ">=0.2" isort = ">=4.2.5,<6" @@ -381,14 +376,13 @@ diagrams = ["railroad-diagrams", "jinja2"] [[package]] name = "pytest" -version = "7.1.2" +version = "7.1.3" description = "pytest: simple powerful testing with Python" category = "dev" optional = false python-versions = ">=3.7" [package.dependencies] -atomicwrites = {version = ">=1.0", markers = "sys_platform == \"win32\""} attrs = ">=19.2.0" colorama = {version = "*", markers = "sys_platform == \"win32\""} iniconfig = "*" @@ -561,7 +555,6 @@ content-hash = "7ab9814e8728e9fbccfca47a26a66d11bedac254275561ee2bf50fd6916064d3 [metadata.files] astroid = [] -atomicwrites = [] attrs = [] bandit = [ {file = "bandit-1.7.4-py3-none-any.whl", hash = "sha256:412d3f259dab4077d0e7f0c11f50f650cc7d10db905d98f6520a95a18049658a"}, @@ -667,10 +660,7 @@ packaging = [ {file = "packaging-21.3-py3-none-any.whl", hash = "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"}, {file = "packaging-21.3.tar.gz", hash = "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb"}, ] -pathspec = [ - {file = "pathspec-0.9.0-py2.py3-none-any.whl", hash = "sha256:7d15c4ddb0b5c802d161efc417ec1a2558ea2653c2e8ad9c19098201dc1c993a"}, - {file = "pathspec-0.9.0.tar.gz", hash = "sha256:e564499435a2673d586f6b2130bb5b95f04a3ba06f81b8f895b651a3c76aabb1"}, -] +pathspec = [] pbr = [] platformdirs = [ {file = "platformdirs-2.5.2-py3-none-any.whl", hash = "sha256:027d8e83a2d7de06bbac4e5ef7e023c02b863d7ea5d079477e722bb41ab25788"}, @@ -693,10 +683,7 @@ pyparsing = [ {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"}, {file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"}, ] -pytest = [ - {file = "pytest-7.1.2-py3-none-any.whl", hash = "sha256:13d0e3ccfc2b6e26be000cb6568c832ba67ba32e719443bfe725814d3c42433c"}, - {file = "pytest-7.1.2.tar.gz", hash = "sha256:a06a0425453864a270bc45e71f783330a7428defb4230fb5e6a731fde06ecd45"}, -] +pytest = [] pytest-cov = [ {file = "pytest-cov-3.0.0.tar.gz", hash = "sha256:e7f0f5b1617d2210a2cabc266dfe2f4c75a8d32fb89eafb7ad9d06f6d076d470"}, {file = "pytest_cov-3.0.0-py3-none-any.whl", hash = "sha256:578d5d15ac4a25e5f961c938b85a05b09fdaae9deef3bb6de9a6e766622ca7a6"}, diff --git a/pyproject.toml b/pyproject.toml index af152a0..6a6b2d9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "vault-assessment-prometheus-exporter" -version = "1.1.5" +version = "1.1.10" description = "Prometheus exporter to monitor custom metadata for KV2 secrets for (self-imposed) expiration." authors = ["Eugene Davis "] readme = "README.md" @@ -63,16 +63,6 @@ limit-inference-results = 100 [tool.pylint.'MESSAGES CONTROL'] disable = [ - "print-statement", - "parameter-unpacking", - "unpacking-in-except", - "old-raise-syntax", - "backtick", - "long-suffix", - "old-ne-operator", - "old-octal-literal", - "import-star-module-level", - "non-ascii-bytes-literal", "raw-checker-failed", "bad-inline-option", "locally-disabled", @@ -81,68 +71,6 @@ disable = [ "useless-suppression", "deprecated-pragma", "use-symbolic-message-instead", - "apply-builtin", - "basestring-builtin", - "buffer-builtin", - "cmp-builtin", - "coerce-builtin", - "execfile-builtin", - "file-builtin", - "long-builtin", - "raw_input-builtin", - "reduce-builtin", - "standarderror-builtin", - "unicode-builtin", - "xrange-builtin", - "coerce-method", - "delslice-method", - "getslice-method", - "setslice-method", - "no-absolute-import", - "old-division", - "dict-iter-method", - "dict-view-method", - "next-method-called", - "metaclass-assignment", - "indexing-exception", - "raising-string", - "reload-builtin", - "oct-method", - "hex-method", - "nonzero-method", - "cmp-method", - "input-builtin", - "round-builtin", - "intern-builtin", - "unichr-builtin", - "map-builtin-not-iterating", - "zip-builtin-not-iterating", - "range-builtin-not-iterating", - "filter-builtin-not-iterating", - "using-cmp-argument", - "eq-without-hash", - "div-method", - "idiv-method", - "rdiv-method", - "exception-message-attribute", - "invalid-str-codec", - "sys-max-int", - "bad-python3-import", - "deprecated-string-function", - "deprecated-str-translate-call", - "deprecated-itertools-function", - "deprecated-types-field", - "next-method-defined", - "dict-items-not-iterating", - "dict-keys-not-iterating", - "dict-values-not-iterating", - "deprecated-operator-function", - "deprecated-urllib-function", - "xreadlines-attribute", - "deprecated-sys-function", - "exception-escape", - "comprehension-escape", - "bad-continuation" ] [tool.pylint.REFACTORING] diff --git a/vault_monitor/expiration_monitor/entity_expiration_monitor.py b/vault_monitor/expiration_monitor/entity_expiration_monitor.py index d6585a3..827a0c5 100644 --- a/vault_monitor/expiration_monitor/entity_expiration_monitor.py +++ b/vault_monitor/expiration_monitor/entity_expiration_monitor.py @@ -10,6 +10,8 @@ from vault_monitor.expiration_monitor.expiration_monitor import ExpirationMonitor from vault_monitor.expiration_monitor.vault_time import ExpirationMetadata +TIMEOUT = 60 + class EntityExpirationMonitor(ExpirationMonitor): """ @@ -37,6 +39,7 @@ def get_expiration_info(self) -> ExpirationMetadata: response = requests.get( f"{self.vault_client.url}/v1/identity/entity/id/{self.monitored_path}", headers={"X-Vault-Namespace": self.vault_client.adapter.namespace, "X-Vault-Token": self.vault_client.token}, + timeout=TIMEOUT, ) response.raise_for_status() diff --git a/vault_monitor/expiration_monitor/secret_expiration_monitor.py b/vault_monitor/expiration_monitor/secret_expiration_monitor.py index 393b568..84d1240 100644 --- a/vault_monitor/expiration_monitor/secret_expiration_monitor.py +++ b/vault_monitor/expiration_monitor/secret_expiration_monitor.py @@ -7,6 +7,8 @@ from vault_monitor.expiration_monitor.expiration_monitor import ExpirationMonitor from vault_monitor.expiration_monitor.vault_time import ExpirationMetadata +TIMEOUT = 60 + class SecretExpirationMonitor(ExpirationMonitor): """ @@ -25,6 +27,7 @@ def get_expiration_info(self) -> ExpirationMetadata: response = requests.get( f"{self.vault_client.url}/v1/{self.mount_point}/metadata/{self.monitored_path}", headers={"X-Vault-Namespace": self.vault_client.adapter.namespace, "X-Vault-Token": self.vault_client.token}, + timeout=TIMEOUT, ) response.raise_for_status() diff --git a/vault_monitor/expiration_monitor/set_expiration.py b/vault_monitor/expiration_monitor/set_expiration.py index adc5f3b..8eb8fad 100644 --- a/vault_monitor/expiration_monitor/set_expiration.py +++ b/vault_monitor/expiration_monitor/set_expiration.py @@ -13,6 +13,7 @@ from vault_monitor.expiration_monitor.create_monitors import recurse_secrets LOGGER = logging.getLogger("set_expiration") +TIMEOUT = 60 # Disable certain things for scripts only, as over-doing the DRY-ness of them can cause them to be less useful as samples # pylint: disable=duplicate-code,too-many-arguments,too-many-locals @@ -85,6 +86,7 @@ def set_expiration( f"{vault_client_url}/v1/{mount_point}/metadata/{secret_path}", headers={"X-Vault-Namespace": vault_client_namespace, "X-Vault-Token": vault_client_token, "Content-Type": "application/merge-patch+json"}, json={"custom_metadata": expiration_info.get_serialized_expiration_metadata()}, + timeout=TIMEOUT, ) if response.status_code == 405: @@ -95,6 +97,7 @@ def set_expiration( response = requests.get( f"{vault_client_url}/v1/{mount_point}/metadata/{secret_path}", headers={"X-Vault-Namespace": vault_client_namespace, "X-Vault-Token": vault_client_token, "Content-Type": "application/merge-patch+json"}, + timeout=TIMEOUT, ) response.raise_for_status() @@ -117,6 +120,7 @@ def set_expiration( f"{vault_client_url}/v1/{mount_point}/metadata/{secret_path}", headers={"X-Vault-Namespace": vault_client_namespace, "X-Vault-Token": vault_client_token}, json=metadata, + timeout=TIMEOUT, ) response.raise_for_status()