apache-airflow-providers-hashicorp 3.7.0rc1__tar.gz → 3.7.1__tar.gz

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: apache-airflow-providers-hashicorp
-Version: 3.7.0rc1
+Version: 3.7.1
 Summary: Provider package apache-airflow-providers-hashicorp for Apache Airflow
 Keywords: airflow-provider,hashicorp,airflow,integration
 Author-email: Apache Software Foundation <dev@airflow.apache.org>
@@ -19,17 +19,20 @@ Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
 Classifier: Topic :: System :: Monitoring
-Requires-Dist: apache-airflow>=2.6.0.dev0
+Requires-Dist: apache-airflow>=2.7.0
 Requires-Dist: hvac>=1.1.0
+Requires-Dist: boto3>=1.33.0 ; extra == "boto3"
 Requires-Dist: apache-airflow-providers-google ; extra == "google"
 Project-URL: Bug Tracker, https://github.com/apache/airflow/issues
-Project-URL: Changelog, https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0/changelog.html
-Project-URL: Documentation, https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0
+Project-URL: Changelog, https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1/changelog.html
+Project-URL: Documentation, https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1
 Project-URL: Slack Chat, https://s.apache.org/airflow-slack
 Project-URL: Source Code, https://github.com/apache/airflow
 Project-URL: Twitter, https://twitter.com/ApacheAirflow
 Project-URL: YouTube, https://www.youtube.com/channel/UCSXwxpWZQ7XZ1WL3wqevChA/
+Provides-Extra: boto3
 Provides-Extra: google
 
 
@@ -76,7 +79,7 @@ Provides-Extra: google
 
 Package ``apache-airflow-providers-hashicorp``
 
-Release: ``3.7.0.rc1``
+Release: ``3.7.1``
 
 
 Hashicorp including `Hashicorp Vault <https://www.vaultproject.io/>`__
@@ -89,7 +92,7 @@ This is a provider package for ``hashicorp`` provider. All classes for this prov
 are in ``airflow.providers.hashicorp`` python package.
 
 You can find package information and changelog for the provider
-in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0/>`_.
+in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1/>`_.
 
 Installation
 ------------
@@ -98,7 +101,7 @@ You can install this package on top of an existing Airflow 2 installation (see `
 for the minimum Airflow version supported) via
 ``pip install apache-airflow-providers-hashicorp``
 
-The package supports the following python versions: 3.8,3.9,3.10,3.11
+The package supports the following python versions: 3.8,3.9,3.10,3.11,3.12
 
 Requirements
 ------------
@@ -106,7 +109,7 @@ Requirements
 ==================  ==================
 PIP package         Version required
 ==================  ==================
-``apache-airflow``  ``>=2.6.0``
+``apache-airflow``  ``>=2.7.0``
 ``hvac``            ``>=1.1.0``
 ==================  ==================
 
@@ -130,4 +133,4 @@ Dependent package
 ====================================================================================================  ==========
 
 The changelog for the provider package can be found in the
-`changelog <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0/changelog.html>`_.
+`changelog <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1/changelog.html>`_.

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/README.rst

@@ -42,7 +42,7 @@
 
 Package ``apache-airflow-providers-hashicorp``
 
-Release: ``3.7.0.rc1``
+Release: ``3.7.1``
 
 
 Hashicorp including `Hashicorp Vault <https://www.vaultproject.io/>`__
@@ -55,7 +55,7 @@ This is a provider package for ``hashicorp`` provider. All classes for this prov
 are in ``airflow.providers.hashicorp`` python package.
 
 You can find package information and changelog for the provider
-in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0/>`_.
+in the `documentation <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1/>`_.
 
 Installation
 ------------
@@ -64,7 +64,7 @@ You can install this package on top of an existing Airflow 2 installation (see `
 for the minimum Airflow version supported) via
 ``pip install apache-airflow-providers-hashicorp``
 
-The package supports the following python versions: 3.8,3.9,3.10,3.11
+The package supports the following python versions: 3.8,3.9,3.10,3.11,3.12
 
 Requirements
 ------------
@@ -72,7 +72,7 @@ Requirements
 ==================  ==================
 PIP package         Version required
 ==================  ==================
-``apache-airflow``  ``>=2.6.0``
+``apache-airflow``  ``>=2.7.0``
 ``hvac``            ``>=1.1.0``
 ==================  ==================
 
@@ -96,4 +96,4 @@ Dependent package
 ====================================================================================================  ==========
 
 The changelog for the provider package can be found in the
-`changelog <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0/changelog.html>`_.
+`changelog <https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1/changelog.html>`_.

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/airflow/providers/hashicorp/__init__.py

@@ -25,18 +25,15 @@ from __future__ import annotations
 
 import packaging.version
 
-__all__ = ["__version__"]
+from airflow import __version__ as airflow_version
 
-__version__ = "3.7.0"
+__all__ = ["__version__"]
 
-try:
-    from airflow import __version__ as airflow_version
-except ImportError:
-    from airflow.version import version as airflow_version
+__version__ = "3.7.1"
 
 if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
-    "2.6.0"
+    "2.7.0"
 ):
     raise RuntimeError(
-        f"The package `apache-airflow-providers-hashicorp:{__version__}` needs Apache Airflow 2.6.0+"
+        f"The package `apache-airflow-providers-hashicorp:{__version__}` needs Apache Airflow 2.7.0+"
     )

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/airflow/providers/hashicorp/_internal_client/vault_client.py

@@ -16,6 +16,7 @@
 # under the License.
 from __future__ import annotations
 
+import os
 from functools import cached_property
 
 import hvac
@@ -73,6 +74,9 @@ class _VaultClient(LoggingMixin):
     :param key_id: Key ID for Authentication (for ``aws_iam`` and ''azure`` auth_type).
     :param secret_id: Secret ID for Authentication (for ``approle``, ``aws_iam`` and ``azure`` auth_types).
     :param role_id: Role ID for Authentication (for ``approle``, ``aws_iam`` auth_types).
+    :param assume_role_kwargs: AWS assume role param.
+        See AWS STS Docs:
+        https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts/client/assume_role.html
     :param kubernetes_role: Role for Authentication (for ``kubernetes`` auth_type).
     :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, default:
         ``/var/run/secrets/kubernetes.io/serviceaccount/token``).
@@ -102,6 +106,7 @@ class _VaultClient(LoggingMixin):
         password: str | None = None,
         key_id: str | None = None,
         secret_id: str | None = None,
+        assume_role_kwargs: dict | None = None,
         role_id: str | None = None,
         kubernetes_role: str | None = None,
         kubernetes_jwt_path: str | None = "/var/run/secrets/kubernetes.io/serviceaccount/token",
@@ -125,7 +130,7 @@ class _VaultClient(LoggingMixin):
             raise VaultError(
                 f"The auth_type is not supported: {auth_type}. It should be one of {VALID_AUTH_TYPES}"
             )
-        if auth_type == "token" and not token and not token_path:
+        if auth_type == "token" and not token and not token_path and "VAULT_TOKEN" not in os.environ:
             raise VaultError("The 'token' authentication type requires 'token' or 'token_path'")
         if auth_type == "github" and not token and not token_path:
             raise VaultError("The 'github' authentication type requires 'token' or 'token_path'")
@@ -151,7 +156,7 @@ class _VaultClient(LoggingMixin):
         self.url = url
         self.auth_type = auth_type
         self.kwargs = kwargs
-        self.token = token
+        self.token = token or os.getenv("VAULT_TOKEN", None)
         self.token_path = token_path
         self.auth_mount_point = auth_mount_point
         self.mount_point = mount_point
@@ -160,6 +165,7 @@ class _VaultClient(LoggingMixin):
         self.key_id = key_id
         self.secret_id = secret_id
         self.role_id = role_id
+        self.assume_role_kwargs = assume_role_kwargs
         self.kubernetes_role = kubernetes_role
         self.kubernetes_jwt_path = kubernetes_jwt_path
         self.gcp_key_path = gcp_key_path
@@ -206,6 +212,8 @@ class _VaultClient(LoggingMixin):
             session = Session()
             session.mount("http://", adapter)
             session.mount("https://", adapter)
+            if self.kwargs and "verify" in self.kwargs:
+                session.verify = self.kwargs["verify"]
             self.kwargs["session"] = session
 
         _client = hvac.Client(url=self.url, **self.kwargs)
@@ -317,15 +325,36 @@ class _VaultClient(LoggingMixin):
             )
 
     def _auth_aws_iam(self, _client: hvac.Client) -> None:
-        if self.auth_mount_point:
-            _client.auth.aws.iam_login(
-                access_key=self.key_id,
-                secret_key=self.secret_id,
-                role=self.role_id,
-                mount_point=self.auth_mount_point,
-            )
+        if self.key_id and self.secret_id:
+            auth_args = {
+                "access_key": self.key_id,
+                "secret_key": self.secret_id,
+                "role": self.role_id,
+            }
         else:
-            _client.auth.aws.iam_login(access_key=self.key_id, secret_key=self.secret_id, role=self.role_id)
+            import boto3
+
+            if self.assume_role_kwargs:
+                sts_client = boto3.client("sts")
+                credentials = sts_client.assume_role(**self.assume_role_kwargs)
+                auth_args = {
+                    "access_key": credentials["Credentials"]["AccessKeyId"],
+                    "secret_key": credentials["Credentials"]["SecretAccessKey"],
+                    "session_token": credentials["Credentials"]["SessionToken"],
+                }
+            else:
+                session = boto3.Session()
+                credentials = session.get_credentials()
+                auth_args = {
+                    "access_key": credentials.access_key,
+                    "secret_key": credentials.secret_key,
+                    "session_token": credentials.token,
+                }
+
+        if self.auth_mount_point:
+            auth_args["mount_point"] = self.auth_mount_point
+
+        _client.auth.aws.iam_login(**auth_args)
 
     def _auth_approle(self, _client: hvac.Client) -> None:
         if self.auth_mount_point:
@@ -387,7 +416,7 @@ class _VaultClient(LoggingMixin):
 
     def get_secret_metadata(self, secret_path: str) -> dict | None:
         """
-        Reads secret metadata (including versions) from the engine. It is only valid for KV version 2.
+        Read secret metadata (including versions) from the engine. It is only valid for KV version 2.
 
         :param secret_path: The path of the secret.
         :return: secret metadata. This is a Dict containing metadata for the secret.
@@ -409,7 +438,7 @@ class _VaultClient(LoggingMixin):
         self, secret_path: str, secret_version: int | None = None
     ) -> dict | None:
         """
-        Reads secret including metadata. It is only valid for KV version 2.
+        Read secret including metadata. It is only valid for KV version 2.
 
         See https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v2.html for details.
 
@@ -443,7 +472,7 @@ class _VaultClient(LoggingMixin):
         self, secret_path: str, secret: dict, method: str | None = None, cas: int | None = None
     ) -> Response:
         """
-        Creates or updates secret.
+        Create or updates secret.
 
         :param secret_path: The path of the secret.
         :param secret: Secret to create or update for the path specified
@@ -467,10 +496,10 @@ class _VaultClient(LoggingMixin):
         mount_point, secret_path = self._parse_secret_path(secret_path)
         if self.kv_engine_version == 1:
             response = self.client.secrets.kv.v1.create_or_update_secret(
-                secret_path=secret_path, secret=secret, mount_point=mount_point, method=method
+                path=secret_path, secret=secret, mount_point=mount_point, method=method
             )
         else:
             response = self.client.secrets.kv.v2.create_or_update_secret(
-                secret_path=secret_path, secret=secret, mount_point=mount_point, cas=cas
+                path=secret_path, secret=secret, mount_point=mount_point, cas=cas
             )
         return response

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/airflow/providers/hashicorp/get_provider_info.py

@@ -28,9 +28,13 @@ def get_provider_info():
         "name": "Hashicorp",
         "description": "Hashicorp including `Hashicorp Vault <https://www.vaultproject.io/>`__\n",
         "state": "ready",
-        "source-date-epoch": 1705912121,
+        "source-date-epoch": 1716287935,
         "versions": [
+            "3.7.1",
             "3.7.0",
+            "3.6.4",
+            "3.6.3",
+            "3.6.2",
             "3.6.1",
             "3.6.0",
             "3.5.0",
@@ -55,7 +59,7 @@ def get_provider_info():
             "1.0.1",
             "1.0.0",
         ],
-        "dependencies": ["apache-airflow>=2.6.0", "hvac>=1.1.0"],
+        "dependencies": ["apache-airflow>=2.7.0", "hvac>=1.1.0"],
         "integrations": [
             {
                 "integration-name": "Hashicorp Vault",
@@ -77,4 +81,5 @@ def get_provider_info():
             }
         ],
         "secrets-backends": ["airflow.providers.hashicorp.secrets.vault.VaultBackend"],
+        "additional-extras": [{"name": "boto3", "dependencies": ["boto3>=1.33.0"]}],
     }

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/airflow/providers/hashicorp/hooks/vault.py

@@ -15,6 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Hook for HashiCorp Vault."""
+
 from __future__ import annotations
 
 import json
@@ -125,7 +126,7 @@ class VaultHook(BaseHook):
         radius_port: int | None = None,
         **kwargs,
     ):
-        super().__init__(logger_name=kwargs.pop("logger_name", None))
+        super().__init__()
         self.connection = self.get_connection(vault_conn_id)
 
         if not auth_type:
@@ -290,7 +291,7 @@ class VaultHook(BaseHook):
 
     def get_conn(self) -> hvac.Client:
         """
-        Retrieves connection to Vault.
+        Retrieve connection to Vault.
 
         :return: connection used.
         """
@@ -313,7 +314,7 @@ class VaultHook(BaseHook):
 
     def get_secret_metadata(self, secret_path: str) -> dict | None:
         """
-        Reads secret metadata (including versions) from the engine. It is only valid for KV version 2.
+        Read secret metadata (including versions) from the engine. It is only valid for KV version 2.
 
         :param secret_path: Path to read from
         :return: secret metadata. This is a Dict containing metadata for the secret.
@@ -327,7 +328,7 @@ class VaultHook(BaseHook):
         self, secret_path: str, secret_version: int | None = None
     ) -> dict | None:
         """
-        Reads secret including metadata. It is only valid for KV version 2.
+        Read secret including metadata. It is only valid for KV version 2.
 
         See https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v2.html for details.
 
@@ -345,7 +346,7 @@ class VaultHook(BaseHook):
         self, secret_path: str, secret: dict, method: str | None = None, cas: int | None = None
     ) -> Response:
         """
-        Creates or updates secret.
+        Create or updates secret.
 
         :param secret_path: Path to read from
         :param secret: Secret to create or update for the path specified
@@ -368,7 +369,7 @@ class VaultHook(BaseHook):
 
     @classmethod
     def get_connection_form_widgets(cls) -> dict[str, Any]:
-        """Returns connection widgets to add to connection form."""
+        """Return connection widgets to add to connection form."""
         from flask_appbuilder.fieldwidgets import BS3TextFieldWidget
         from flask_babel import lazy_gettext
         from wtforms import BooleanField, IntegerField, StringField
@@ -405,7 +406,7 @@ class VaultHook(BaseHook):
 
     @classmethod
     def get_ui_field_behaviour(cls) -> dict[str, Any]:
-        """Returns custom field behaviour."""
+        """Return custom field behaviour."""
         return {
             "hidden_fields": ["extra"],
             "relabeling": {},

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/airflow/providers/hashicorp/secrets/vault.py

@@ -16,11 +16,13 @@
 # specific language governing permissions and limitations
 # under the License.
 """Objects relating to sourcing connections & variables from Hashicorp Vault."""
+
 from __future__ import annotations
 
-import warnings
 from typing import TYPE_CHECKING
 
+from deprecated import deprecated
+
 from airflow.exceptions import AirflowProviderDeprecationWarning
 from airflow.providers.hashicorp._internal_client.vault_client import _VaultClient
 from airflow.secrets import BaseSecretsBackend
@@ -72,6 +74,9 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
     :param key_id: Key ID for Authentication (for ``aws_iam`` and ''azure`` auth_type).
     :param secret_id: Secret ID for Authentication (for ``approle``, ``aws_iam`` and ``azure`` auth_types).
     :param role_id: Role ID for Authentication (for ``approle``, ``aws_iam`` auth_types).
+    :param assume_role_kwargs: AWS assume role param.
+        See AWS STS Docs:
+        https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts/client/assume_role.html
     :param kubernetes_role: Role for Authentication (for ``kubernetes`` auth_type).
     :param kubernetes_jwt_path: Path for kubernetes jwt token (for ``kubernetes`` auth_type, default:
         ``/var/run/secrets/kubernetes.io/serviceaccount/token``).
@@ -105,6 +110,7 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
         key_id: str | None = None,
         secret_id: str | None = None,
         role_id: str | None = None,
+        assume_role_kwargs: dict | None = None,
         kubernetes_role: str | None = None,
         kubernetes_jwt_path: str = "/var/run/secrets/kubernetes.io/serviceaccount/token",
         gcp_key_path: str | None = None,
@@ -145,6 +151,7 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
             key_id=key_id,
             secret_id=secret_id,
             role_id=role_id,
+            assume_role_kwargs=assume_role_kwargs,
             kubernetes_role=kubernetes_role,
             kubernetes_jwt_path=kubernetes_jwt_path,
             gcp_key_path=gcp_key_path,
@@ -184,6 +191,10 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
             secret_path=(mount_point + "/" if mount_point else "") + secret_path
         )
 
+    @deprecated(
+        reason="Method `VaultBackend.get_conn_uri` is deprecated and will be removed in a future release.",
+        category=AirflowProviderDeprecationWarning,
+    )
     def get_conn_uri(self, conn_id: str) -> str | None:
         """
         Get serialized representation of connection.
@@ -193,12 +204,6 @@ class VaultBackend(BaseSecretsBackend, LoggingMixin):
         """
         # Since VaultBackend implements `get_connection`, `get_conn_uri` is not used. So we
         # don't need to implement (or direct users to use) method `get_conn_value` instead
-        warnings.warn(
-            f"Method `{self.__class__.__name__}.get_conn_uri` is deprecated and will be removed "
-            "in a future release.",
-            AirflowProviderDeprecationWarning,
-            stacklevel=2,
-        )
         response = self.get_response(conn_id)
         return response.get("conn_uri") if response else None
 

{apache_airflow_providers_hashicorp-3.7.0rc1 → apache_airflow_providers_hashicorp-3.7.1}/pyproject.toml

@@ -28,7 +28,7 @@ build-backend = "flit_core.buildapi"
 
 [project]
 name = "apache-airflow-providers-hashicorp"
-version = "3.7.0.rc1"
+version = "3.7.1"
 description = "Provider package apache-airflow-providers-hashicorp for Apache Airflow"
 readme = "README.rst"
 authors = [
@@ -51,17 +51,18 @@ classifiers = [
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
     "Topic :: System :: Monitoring",
 ]
 requires-python = "~=3.8"
 dependencies = [
-    "apache-airflow>=2.6.0.dev0",
+    "apache-airflow>=2.7.0",
     "hvac>=1.1.0",
 ]
 
 [project.urls]
-"Documentation" = "https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0"
-"Changelog" = "https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.0/changelog.html"
+"Documentation" = "https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1"
+"Changelog" = "https://airflow.apache.org/docs/apache-airflow-providers-hashicorp/3.7.1/changelog.html"
 "Bug Tracker" = "https://github.com/apache/airflow/issues"
 "Source Code" = "https://github.com/apache/airflow"
 "Slack Chat" = "https://s.apache.org/airflow-slack"
@@ -74,6 +75,9 @@ provider_info = "airflow.providers.hashicorp.get_provider_info:get_provider_info
 "google" = [
     "apache-airflow-providers-google",
 ]
+"boto3" = [
+    "boto3>=1.33.0",
+]
 
 [tool.flit.module]
 name = "airflow.providers.hashicorp"