draft setup k8s auth int/unit tests

.github/actions/docker-image-versions/versions.py

@@ -8,6 +8,7 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
+import os
 import sys
 import getopt
 
@@ -16,13 +17,20 @@
 import requests
 from urllib3.util.retry import Retry
 from requests.adapters import HTTPAdapter
-
+from warnings import warn
 from packaging import version
 
 
 TAG_URI = 'https://registry.hub.docker.com/v2/repositories/library/%s/tags?page_size=1024'
 
 
+class WarningRetry(Retry):
+    def new(self, **kwargs):
+        if self.total > 0:
+            warn('Error on request. Retries remaining: %i' % (self.total,))
+        return super().new(**kwargs)
+
+
 def main(argv):
     image = None
     include_prerelease = include_postrelease = False
@@ -59,7 +67,7 @@ def main(argv):
     tag_url = TAG_URI % image
 
     sess = requests.Session()
-    retry = Retry(total=5, backoff_factor=0.2)
+    retry = WarningRetry(total=5, backoff_factor=0.2, respect_retry_after_header=False)
     adapter = HTTPAdapter(max_retries=retry)
     sess.mount('https://', adapter)
 
@@ -71,10 +79,10 @@ def main(argv):
         try:
             vobj = version.parse(tag['name'])
         except Exception:
-            pass
-
-        if vobj is None or isinstance(vobj, version.LegacyVersion):
             continue
+        else:
+            if not isinstance(vobj, version.Version):
+                continue
 
         if vobj.is_prerelease is include_prerelease and vobj.is_postrelease is include_postrelease:
             versions.append(vobj)
@@ -104,7 +112,9 @@ def main(argv):
 
         keep.append(str(ver))
 
-    print('::set-output name=versions::%s' % json.dumps(keep))
+    with open(os.environ['GITHUB_OUTPUT'], 'a') as f:
+        f.write('versions=')
+        json.dump(keep, f)
 
 
 if __name__ == '__main__':

.github/workflows/ansible-builder.yml

@@ -3,10 +3,12 @@ name: ansible-builder
 on:
   push:
     paths:
+      - '.github/workflows/ansible-builder.yml'
       - 'meta/execution-environment.yml'
       - 'meta/ee-requirements.txt'
   pull_request:
     paths:
+      - '.github/workflows/ansible-builder.yml'
       - 'meta/execution-environment.yml'
       - 'meta/ee-requirements.txt'
   schedule:
@@ -27,7 +29,7 @@ jobs:
           path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: 3.9
 

.github/workflows/ansible-test.yml

@@ -40,6 +40,7 @@ jobs:
           - stable-2.11
           - stable-2.12
           - stable-2.13
+          - stable-2.14
           - devel
     steps:
 
@@ -61,13 +62,13 @@ jobs:
         run: ln -s "${COLLECTION_PATH}/.github" .github
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           # it is just required to run that once as "ansible-test sanity" in the docker image
           # will run on all python versions it supports.
           python-version: 3.9
 
-      # Install the head of the given branch (devel, stable-2.13)
+      # Install the head of the given branch (devel, stable-2.14)
       - name: Install ansible-base (${{ matrix.ansible }})
         run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
@@ -116,6 +117,7 @@ jobs:
           - stable-2.11
           - stable-2.12
           - stable-2.13
+          - stable-2.14
           - devel
 
     steps:
@@ -135,7 +137,7 @@ jobs:
         run: ln -s "${COLLECTION_PATH}/.github" .github
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           # it is just required to run that once as "ansible-test units" in the docker image
           # will run on all python versions it supports.
@@ -190,6 +192,7 @@ jobs:
           - stable-2.11
           - stable-2.12
           - stable-2.13
+          - stable-2.14
           - devel
         python:
           - '3.6'
@@ -226,7 +229,7 @@ jobs:
         run: ln -s "${COLLECTION_PATH}/.github" .github
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: 3.9
 
@@ -293,31 +296,18 @@ jobs:
   local_test_invocation:
     runs-on: ${{ matrix.runner }}
     name: LI - ${{ matrix.runner }} (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
-    env:
-      # needed to prevent Ansible crashing on MacOS
-      OBJC_DISABLE_INITIALIZE_FORK_SAFETY: 'YES'
     strategy:
       fail-fast: false
       matrix:
         ansible:
-          - stable-2.12
-          - stable-2.13
+          - stable-2.14
+          - devel
         python:
           - 3.9
         runner:
           - ubuntu-latest
-          - macos-12
         test_container:
           - default
-        exclude:
-          # To add to the fragility of testing docker stuff on MacOS,
-          # stable-2.13 test containers crash; unsure of exact cause
-          # but likely due to old versions of the runtimes.
-          # We'll just stick to 2.12 for now, better than nothing.
-          - runner: macos-12
-            ansible: stable-2.13
-          - runner: ubuntu-latest
-            ansible: stable-2.12
 
     steps:
       - name: Initialize env vars
@@ -327,7 +317,7 @@ jobs:
             COLLECTION_PATH=ansible_collections/${NAMESPACE}/${COLLECTION_NAME}
             COLLECTION_INTEGRATION_PATH=${COLLECTION_PATH}/tests/integration
             COLLECTION_INTEGRATION_TARGETS=${COLLECTION_INTEGRATION_PATH}/targets
-            DOCKER_TEST_INVOCATION="integration -v --color --retry-on-error --continue-on-error --python ${{ matrix.python }} --docker ${{ matrix.test_container }} ${{ github.event_name != 'schedule' && '--coverage' || '' }}"
+            DOCKER_TEST_INVOCATION="integration -v --color --retry-on-error --continue-on-error --controller docker:${{ matrix.test_container }},python=${{ matrix.python }} ${{ github.event_name != 'schedule' && '--coverage' || '' }}"
 
       - name: Check out code
         uses: actions/checkout@v3
@@ -338,7 +328,7 @@ jobs:
         run: ln -s "${COLLECTION_PATH}/.github" .github
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python }}
 
@@ -355,12 +345,6 @@ jobs:
         with:
           collection: community.docker
 
-      - name: Install Docker on MacOS
-        if: ${{ startsWith(matrix.runner, 'macos') }}
-        timeout-minutes: 6
-        # sometimes this hangs forever waiting for an IP
-        uses: ./.github/actions/macos-docker
-
       - name: Pull Ansible test images
         timeout-minutes: 5
         continue-on-error: true
@@ -388,7 +372,6 @@ jobs:
 
       #TODO add capability in the Ansible side once vault_list and vault_delete exist
       - name: Run a third time, but delete Vault's cubbyhole contents first
-        if: startsWith(matrix.runner, 'ubuntu')
         working-directory: ${{ env.COLLECTION_PATH }}
         env:
           VAULT_TOKEN: 47542cbc-6bf8-4fba-8eda-02e0a0d29a0a

.github/workflows/docs-push.yml

@@ -38,7 +38,7 @@ jobs:
     if: github.repository == 'ansible-collections/community.hashi_vault'
     permissions:
       contents: read
-    needs: [build-docs]
+    needs: [validate-docs, build-docs]
     name: Publish Ansible Docs
     uses: ansible-community/github-docs-build/.github/workflows/_shared-docs-build-publish-surge.yml@main
     with:
@@ -52,7 +52,7 @@ jobs:
     if: github.repository == 'ansible-collections/community.hashi_vault'
     permissions:
       contents: write
-    needs: [build-docs]
+    needs: [validate-docs, build-docs]
     name: Publish Ansible Docs
     uses: ansible-community/github-docs-build/.github/workflows/_shared-docs-build-publish-gh-pages.yml@main
     with:

.github/workflows/github-release.yml

@@ -18,9 +18,9 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
-          python-version: 3.8
+          python-version: 3.9
 
       - name: Install PyYaml
         run: pip install pyyaml

CHANGELOG.rst

@@ -5,6 +5,119 @@ community.hashi_vault Release Notes
 .. contents:: Topics
 
 
+v4.1.0
+======
+
+Release Summary
+---------------
+
+This release brings new generic ``vault_list`` plugins from a new contributor!
+There are also some deprecation notices for the next major version, and some updates to documentation attributes.
+
+Deprecated Features
+-------------------
+
+- ansible-core - support for ``ansible-core`` versions ``2.11`` and ``2.12`` will be dropped in collection version ``5.0.0``, making ``2.13`` the minimum supported version of ``ansible-core`` (https://github.com/ansible-collections/community.hashi_vault/issues/340).
+- hvac - the minimum version of ``hvac`` to be supported in collection version ``5.0.0`` will be at least ``1.0.2``; this minimum may be raised before ``5.0.0`` is released, so please subscribe to the linked issue and look out for new notices in the changelog (https://github.com/ansible-collections/community.hashi_vault/issues/324).
+
+New Plugins
+-----------
+
+Lookup
+~~~~~~
+
+- vault_list - Perform a list operation against HashiCorp Vault
+
+New Modules
+-----------
+
+- vault_list - Perform a list operation against HashiCorp Vault
+
+v4.0.0
+======
+
+Release Summary
+---------------
+
+The next major version of the collection includes previously announced breaking changes to some default values, and improvements to module documentation with attributes that describe the use of action groups and check mode support.
+
+Minor Changes
+-------------
+
+- modules - all modules now document their action group and support for check mode in their attributes documentation (https://github.com/ansible-collections/community.hashi_vault/issues/197).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- auth - the default value for ``token_validate`` has changed from ``true`` to ``false``, as previously announced (https://github.com/ansible-collections/community.hashi_vault/issues/248).
+- vault_kv2_get lookup - as previously announced, the default value for ``engine_mount_point`` in the ``vault_kv2_get`` lookup has changed from ``kv`` to ``secret`` (https://github.com/ansible-collections/community.hashi_vault/issues/279).
+
+v3.4.0
+======
+
+Release Summary
+---------------
+
+This release includes a new module, fixes (another) ``requests`` header issue, and updates some inaccurate documentation.
+This is the last planned release before v4.0.0.
+
+Minor Changes
+-------------
+
+- vault_pki_generate_certificate - the documentation has been updated to match the argspec for the default values of options ``alt_names``, ``ip_sans``, ``other_sans``, and ``uri_sans`` (https://github.com/ansible-collections/community.hashi_vault/pull/318).
+
+Bugfixes
+--------
+
+- connection options - the ``namespace`` connection option will be forced into a string to ensure cmpatibility with recent ``requests`` versions (https://github.com/ansible-collections/community.hashi_vault/issues/309).
+
+New Modules
+-----------
+
+- vault_kv2_delete - Delete one or more versions of a secret from HashiCorp Vault's KV version 2 secret store
+
+v3.3.1
+======
+
+Release Summary
+---------------
+
+No functional changes in this release, this provides updated filter documentation for the public docsite.
+
+v3.3.0
+======
+
+Release Summary
+---------------
+
+With the release of ``hvac`` version ``1.0.0``, we needed to update ``vault_token_create``'s support for orphan tokens.
+The collection's changelog is now viewable in the Ansible documentation site.
+
+Minor Changes
+-------------
+
+- vault_token_create - creation or orphan tokens uses ``hvac``'s new v1 method for creating orphans, or falls back to the v0 method if needed (https://github.com/ansible-collections/community.hashi_vault/issues/301).
+
+v3.2.0
+======
+
+Release Summary
+---------------
+
+This release brings support for the ``azure`` auth method, adds ``412`` to the default list of HTTP status codes to be retried, and fixes a bug that causes failures in token auth with ``requests>=2.28.0``.
+
+Minor Changes
+-------------
+
+- community.hashi_vault collection - add support for ``azure`` auth method, for Azure service principal, managed identity, or plain JWT access token (https://github.com/ansible-collections/community.hashi_vault/issues/293).
+- community.hashi_vault retries - `HTTP status code 412 <https://www.vaultproject.io/api-docs#412>`__ has been added to the default list of codes to be retried, for the new `Server Side Consistent Token feature <https://www.vaultproject.io/docs/faq/ssct#q-is-there-anything-else-i-need-to-consider-to-achieve-consistency-besides-upgrading-to-vault-1-10>`__ in Vault Enterprise (https://github.com/ansible-collections/community.hashi_vault/issues/290).
+
+Bugfixes
+--------
+
+- community.hashi_vault plugins - tokens will be cast to a string type before being sent to ``hvac`` to prevent errors in ``requests`` when values are ``AnsibleUnsafe`` (https://github.com/ansible-collections/community.hashi_vault/issues/289).
+- modules - fix a "variable used before assignment" that cannot be reached but causes sanity test failures (https://github.com/ansible-collections/community.hashi_vault/issues/296).
+
 v3.1.0
 ======