ops-cli 2.2.0__py3-none-any.whl → 2.3.0__py3-none-any.whl

ops/cli/config.py

@@ -8,21 +8,22 @@
 # OF ANY KIND, either express or implied. See the License for the specific language
 # governing permissions and limitations under the License.
 
-import collections
 import os
-
 import yaml
 
 from ansible.module_utils.common.collections import ImmutableDict
 from ansible.parsing.dataloader import DataLoader
-from ansible.plugins.loader import PluginLoader
 from ansible.template import Templar
-from ansible.utils.vars import load_extra_vars
+from ansible.utils.vars import combine_vars
 from ansible.vars.manager import VariableManager
 from ops.cli import display
 from ansible import constants as C
 from ansible import context
 import logging
+from ansible.errors import AnsibleOptionsError
+from ansible.module_utils._text import to_text
+from ansible.parsing.splitter import parse_kv
+from collections.abc import MutableMapping
 
 logger = logging.getLogger(__name__)
 
@@ -34,6 +35,38 @@ def get_cluster_name(cluster_config_path):
         '/')[-1].replace('.yaml', '').replace('.yml', '')
 
 
+def load_extra_vars(loader):
+    """
+    Overriding Ansible function using version before slight var loading optimization
+    in order to avoid caching issues https://github.com/ansible/ansible/pull/78835/files
+    """
+
+    extra_vars = {}
+    for extra_vars_opt in context.CLIARGS.get('extra_vars', tuple()):
+        data = None
+        extra_vars_opt = to_text(extra_vars_opt, errors='surrogate_or_strict')
+        if extra_vars_opt is None or not extra_vars_opt:
+            continue
+
+        if extra_vars_opt.startswith(u"@"):
+            # Argument is a YAML file (JSON is a subset of YAML)
+            data = loader.load_from_file(extra_vars_opt[1:])
+        elif extra_vars_opt[0] in [u'/', u'.']:
+            raise AnsibleOptionsError("Please prepend extra_vars filename '%s' with '@'" % extra_vars_opt)
+        elif extra_vars_opt[0] in [u'[', u'{']:
+            # Arguments as YAML
+            data = loader.load(extra_vars_opt)
+        else:
+            # Arguments as Key-value
+            data = parse_kv(extra_vars_opt)
+
+        if isinstance(data, MutableMapping):
+            extra_vars = combine_vars(extra_vars, data)
+        else:
+            raise AnsibleOptionsError("Invalid extra vars data supplied. '%s' could not be made into a dictionary" % extra_vars_opt)
+    return extra_vars
+
+
 class ClusterConfig(object):
     def __init__(self, cluster_config_generator,
                  ops_config, cluster_config_path):
@@ -119,7 +152,6 @@ class JinjaConfigGenerator(object):
         context_cliargs['extra_vars'] = tuple(extra_vars)
 
         context.CLIARGS = ImmutableDict(context_cliargs)
-        setattr(load_extra_vars, 'extra_vars', {})
         variable_manager._extra_vars = load_extra_vars(
             loader=data_loader)
 
@@ -159,7 +191,6 @@ class ClusterConfigGenerator(object):
         context_cliargs['extra_vars'] = tuple(extra_vars)
 
         context.CLIARGS = ImmutableDict(context_cliargs)
-        setattr(load_extra_vars, 'extra_vars', {})
         variable_manager._extra_vars = load_extra_vars(
             loader=data_loader)
 

ops/cli/inventory.py

@@ -53,7 +53,7 @@ class InventoryRunner(object):
             group_names = [group.name for group in host.get_groups()]
             group_names = sorted(group_names)
             group_string = ", ".join(group_names)
-            host_id = host.vars.get('ec2_id', '')
+            host_id = host.vars.get('ec2_InstanceId', '')
             if host_id != '':
                 name_and_id = "%s -- %s" % (stringc(host.name,
                                                     'blue'), stringc(host_id, 'blue'))

ops/cli/ssh.py

@@ -92,6 +92,12 @@ class SshParserConfig(SubParserConfig):
             help='When using Shell Control Box (SCB) and creating a proxy,'
                  'a random port is generated, which will be used in the ssh config '
                  'for all playbook, run and sync operations')
+        parser.add_argument(
+            '--ssh-dest-user',
+            type=str,
+            dest='ssh_dest_user',
+            help='SSH User for the destination host, different from the bastion or SCB user. '
+                 'Useful when LDAP is not working on the destination host.')
 
     def get_help(self):
         return 'SSH or create an SSH tunnel to a server in the cluster'
@@ -260,6 +266,12 @@ class SshRunner(object):
         ssh_config = args.ssh_config or self.ops_config.get(
             'ssh.config') or self.ansible_inventory.get_ssh_config()
 
+        ssh_host_bastion, ssh_host_dest = None, None
+        if args.ssh_dest_user:
+            ssh_host_parts = ssh_host.split('--')
+            ssh_host_bastion = ssh_host_parts[0]
+            ssh_host_dest = ssh_host_parts[1] if len(ssh_host_parts) > 1 else None
+
         scb_ssh_host = None
         if scb_enabled:
             # scb->bastion->host vs scb->bastion
@@ -280,13 +292,19 @@ class SshRunner(object):
         else:
             if scb_enabled:
                 command = f"ssh -F {ssh_config} {ssh_user}@{scb_ssh_host}"
+                if args.ssh_dest_user and ssh_host_dest:
+                    command = (f"ssh -F {ssh_config} -t {ssh_user}@{ssh_host_bastion}@{scb_host} "
+                               f"ssh {args.ssh_dest_user}@{ssh_host_dest}")
             else:
                 command = f"ssh -F {ssh_config} {ssh_host}"
+                if args.ssh_dest_user and ssh_host_dest:
+                    command = (f"ssh -F {ssh_config} -t {ssh_user}@{ssh_host_bastion} "
+                               f"ssh {args.ssh_dest_user}@{ssh_host_dest}")
 
         if args.proxy:
             if scb_enabled:
                 proxy_port = args.local or SshConfigGenerator.generate_ssh_scb_proxy_port(
-                    self.ansible_inventory.generated_path.rstrip("/inventory"),
+                    self.ansible_inventory.generated_path.removesuffix("/inventory"),
                     args.auto_scb_port,
                     scb_proxy_port
                 )

ops/inventory/ec2inventory.py

@@ -11,26 +11,24 @@
 import json
 import re
 import sys
-import os
 
-import boto
-from boto import ec2
-from boto.pyami.config import Config
-
-from six import iteritems, string_types, integer_types
+import boto3
+from botocore.exceptions import NoRegionError, NoCredentialsError, PartialCredentialsError
 
 
 class Ec2Inventory(object):
-    def _empty_inventory(self):
+    @staticmethod
+    def _empty_inventory():
         return {"_meta": {"hostvars": {}}}
 
-    def __init__(self, boto_profile, regions, filters={}, bastion_filters={}):
+    def __init__(self, boto_profile, regions, filters=None, bastion_filters=None):
 
-        self.filters = filters
+        self.filters = filters or []
         self.regions = regions.split(',')
         self.boto_profile = boto_profile
-        self.bastion_filters = bastion_filters
+        self.bastion_filters = bastion_filters or []
         self.group_callbacks = []
+        self.boto3_session = self.create_boto3_session(boto_profile)
 
         # Inventory grouped by instance IDs, tags, security groups, regions,
         # and availability zones
@@ -39,6 +37,25 @@ class Ec2Inventory(object):
         # Index of hostname (address) to instance ID
         self.index = {}
 
+    def create_boto3_session(self, profile_name):
+        try:
+            # Use the profile to create a session
+            session = boto3.Session(profile_name=profile_name)
+
+            # Verify region
+            if not self.regions:
+                if not session.region_name:
+                    raise NoRegionError
+                self.regions = [session.region_name]
+
+        except NoRegionError:
+            sys.exit(f"Region not specified and could not be determined for profile: {profile_name}")
+        except (NoCredentialsError, PartialCredentialsError):
+            sys.exit(f"Credentials not found or incomplete for profile: {profile_name}")
+        except Exception as e:
+            sys.exit(f"An error occurred: {str(e)}")
+        return session
+
     def get_as_json(self):
         self.do_api_calls_update_cache()
         return self.json_format_dict(self.inventory, True)
@@ -55,20 +72,20 @@ class Ec2Inventory(object):
     def group(self, *args):
         self.group_callbacks.extend(args)
 
-    def find_bastion_box(self, conn):
+    def find_bastion_box(self, ec2_client):
         """
         Find ips for the bastion box
         """
 
-        if not self.bastion_filters.values():
+        if not self.bastion_filters:
             return
 
-        self.bastion_filters['instance-state-name'] = 'running'
+        self.bastion_filters.append({'Name': 'instance-state-name', 'Values': ['running']})
 
-        for reservation in conn.get_all_instances(
-                filters=self.bastion_filters):
-            for instance in reservation.instances:
-                return instance.ip_address
+        reservations = ec2_client.describe_instances(Filters=self.bastion_filters)['Reservations']
+        for reservation in reservations:
+            for instance in reservation['Instances']:
+                return instance['PublicIpAddress']
 
     def do_api_calls_update_cache(self):
         """ Do API calls to each region, and save data in cache files """
@@ -80,92 +97,67 @@ class Ec2Inventory(object):
         """Makes an AWS EC2 API call to the list of instances in a particular
         region
         """
+        ec2_client = self.boto3_session.client('ec2', region_name=region)
 
-        try:
-            cfg = Config()
-            cfg.load_credential_file(os.path.expanduser("~/.aws/credentials"))
-            cfg.load_credential_file(os.path.expanduser("~/.aws/config"))
-            session_token = cfg.get(self.boto_profile, "aws_session_token")
-
-            conn = ec2.connect_to_region(
-                region,
-                security_token=session_token,
-                profile_name=self.boto_profile)
-
-            # connect_to_region will fail "silently" by returning None if the
-            # region name is wrong or not supported
-            if conn is None:
-                sys.exit(
-                    "region name: {} likely not supported, or AWS is down. "
-                    "connection to region failed.".format(region))
+        reservations = ec2_client.describe_instances(Filters=self.filters)['Reservations']
 
-            reservations = conn.get_all_instances(filters=self.filters)
-
-            bastion_ip = self.find_bastion_box(conn)
-
-            instances = []
-            for reservation in reservations:
-                instances.extend(reservation.instances)
-
-            # sort the instance based on name and index, in this order
-            def sort_key(instance):
-                name = instance.tags.get('Name', '')
-                return "{}-{}".format(name, instance.id)
-
-            for instance in sorted(instances, key=sort_key):
-                self.add_instance(bastion_ip, instance, region)
+        bastion_ip = self.find_bastion_box(ec2_client)
+        instances = []
+        for reservation in reservations:
+            instances.extend(reservation['Instances'])
 
-        except boto.provider.ProfileNotFoundError as e:
-            raise Exception(
-                "{}, configure it with 'aws configure --profile {}'".format(e.message, self.boto_profile))
+        # sort the instance based on name and index, in this order
+        def sort_key(instance):
+            name = next((tag['Value'] for tag in instance.get('Tags', [])
+                         if tag['Key'] == 'Name'), '')
+            return "{}-{}".format(name, instance['InstanceId'])
 
-        except boto.exception.BotoServerError as e:
-            sys.exit(e)
+        for instance in sorted(instances, key=sort_key):
+            self.add_instance(bastion_ip, instance, region)
 
     def get_instance(self, region, instance_id):
         """ Gets details about a specific instance """
-        conn = ec2.connect_to_region(region)
-
+        ec2_client = self.boto3_session.client('ec2', region_name=region)
         # connect_to_region will fail "silently" by returning None if the
         # region name is wrong or not supported
-        if conn is None:
+        if ec2_client is None:
             sys.exit(
                 "region name: %s likely not supported, or AWS is down. "
                 "connection to region failed." % region
             )
 
-        reservations = conn.get_all_instances([instance_id])
+        reservations = ec2_client.describe_instances(InstanceIds=[instance_id])['Reservations']
         for reservation in reservations:
-            for instance in reservation.instances:
+            for instance in reservation['Instances']:
                 return instance
 
     def add_instance(self, bastion_ip, instance, region):
         """
-        :type instance: boto.ec2.instance.Instance
+        :type instance: dict
         """
 
         # Only want running instances unless all_instances is True
-        if instance.state != 'running':
+        if instance['State']['Name'] != 'running':
             return
 
         # Use the instance name instead of the public ip
-        dest = instance.tags.get('Name', instance.ip_address)
+        dest = next((tag['Value'] for tag in instance.get('Tags', []) if tag['Key'] == 'Name'), instance.get('PublicIpAddress'))
         if not dest:
             return
 
-        if bastion_ip and bastion_ip != instance.ip_address:
-            ansible_ssh_host = bastion_ip + "--" + instance.private_ip_address
-        elif instance.ip_address:
-            ansible_ssh_host = instance.ip_address
+        if bastion_ip and bastion_ip != instance.get('PublicIpAddress'):
+            ansible_ssh_host = bastion_ip + "--" + instance.get('PrivateIpAddress')
+        elif instance.get('PublicIpAddress'):
+            ansible_ssh_host = instance.get('PublicIpAddress')
         else:
-            ansible_ssh_host = instance.private_ip_address
+            ansible_ssh_host = instance.get('PrivateIpAddress')
 
         # Add to index and append the instance id afterwards if it's already
         # there
         if dest in self.index:
-            dest = dest + "-" + instance.id.replace("i-", "")
+            dest = dest + "-" + instance['InstanceId'].replace("i-", "")
 
-        self.index[dest] = [region, instance.id]
+        self.index[dest] = [region, instance['InstanceId']]
 
         # group with dynamic groups
         for grouping in set(self.group_callbacks):
@@ -175,9 +167,9 @@ class Ec2Inventory(object):
                     self.push(self.inventory, group, dest)
 
         # Group by all tags
-        for tag in instance.tags.values():
-            if tag:
-                self.push(self.inventory, tag, dest)
+        for tag in instance.get('Tags', []):
+            if tag['Value']:
+                self.push(self.inventory, tag['Value'], dest)
 
         # Inventory: Group by region
         self.push(self.inventory, region, dest)
@@ -186,56 +178,39 @@ class Ec2Inventory(object):
         self.push(self.inventory, ansible_ssh_host, dest)
 
         # Inventory: Group by availability zone
-        self.push(self.inventory, instance.placement, dest)
+        self.push(self.inventory, instance['Placement']['AvailabilityZone'], dest)
 
-        self.inventory["_meta"]["hostvars"][dest] = self.get_host_info_dict_from_instance(
-            instance)
+        self.inventory["_meta"]["hostvars"][dest] = self.get_host_info_dict_from_instance(instance)
         self.inventory["_meta"]["hostvars"][dest]['ansible_ssh_host'] = ansible_ssh_host
 
     def get_host_info_dict_from_instance(self, instance):
         instance_vars = {}
-        for key in vars(instance):
-            value = getattr(instance, key)
-            key = self.to_safe('ec2_' + key)
-
-            # Handle complex types
-            # state/previous_state changed to properties in boto in
-            # https://github.com/boto/boto/commit/a23c379837f698212252720d2af8dec0325c9518
-            if key == 'ec2__state':
-                instance_vars['ec2_state'] = instance.state or ''
-                instance_vars['ec2_state_code'] = instance.state_code
-            elif key == 'ec2__previous_state':
-                instance_vars['ec2_previous_state'] = instance.previous_state or ''
-                instance_vars['ec2_previous_state_code'] = instance.previous_state_code
-            elif type(value) in integer_types or isinstance(value, bool):
-                instance_vars[key] = value
-            elif type(value) in string_types:
-                instance_vars[key] = value.strip()
+        for key, value in instance.items():
+            safe_key = self.to_safe('ec2_' + key)
+
+            if key == 'State':
+                instance_vars['ec2_state'] = value['Name']
+                instance_vars['ec2_state_code'] = value['Code']
+            elif isinstance(value, (int, bool)):
+                instance_vars[safe_key] = value
+            elif isinstance(value, str):
+                instance_vars[safe_key] = value.strip()
             elif value is None:
-                instance_vars[key] = ''
-            elif key == 'ec2_region':
-                instance_vars[key] = value.name
-            elif key == 'ec2__placement':
-                instance_vars['ec2_placement'] = value.zone
-            elif key == 'ec2_tags':
-                for k, v in iteritems(value):
-                    key = self.to_safe('ec2_tag_' + k)
-                    instance_vars[key] = v
-            elif key == 'ec2_groups':
-                group_ids = []
-                group_names = []
-                for group in value:
-                    group_ids.append(group.id)
-                    group_names.append(group.name)
+                instance_vars[safe_key] = ''
+            elif key == 'Placement':
+                instance_vars['ec2_placement'] = value['AvailabilityZone']
+            elif key == 'Tags':
+                for tag in value:
+                    tag_key = self.to_safe('ec2_tag_' + tag['Key'])
+                    instance_vars[tag_key] = tag['Value']
+            elif key == 'SecurityGroups':
+                group_ids = [group['GroupId'] for group in value]
+                group_names = [group['GroupName'] for group in value]
                 instance_vars["ec2_security_group_ids"] = ','.join(group_ids)
-                instance_vars["ec2_security_group_names"] = ','.join(
-                    group_names)
-        # add non ec2 prefix private ip address that are being used in cross provider command
-        # e.g ssh, sync
-        instance_vars['private_ip'] = instance_vars.get(
-            'ec2_private_ip_address', '')
-        instance_vars['private_ip_address'] = instance_vars.get(
-            'ec2_private_ip_address', '')
+                instance_vars["ec2_security_group_names"] = ','.join(group_names)
+
+        instance_vars['private_ip'] = instance.get('PrivateIpAddress', '')
+        instance_vars['private_ip_address'] = instance.get('PrivateIpAddress', '')
         return instance_vars
 
     def get_host_info(self):

ops/inventory/plugin/cns.py

@@ -27,13 +27,13 @@ def cns(args):
                 region=region,
                 boto_profile=profile,
                 cache=args.get('cache', 3600 * 24),
-                filters={
-                    'tag:cluster': cns_cluster
-                },
-                bastion={
-                    'tag:cluster': cns_cluster,
-                    'tag:role': 'bastion'
-                }
+                filters=[
+                    {'Name': 'tag:cluster', 'Values': [cns_cluster]}
+                ],
+                bastion=[
+                    {'Name': 'tag:cluster', 'Values': [cns_cluster]},
+                    {'Name': 'tag:role', 'Values': ['bastion']}
+                ]
             ))
 
             merge_inventories(result, json.loads(jsn))

ops/inventory/plugin/ec2.py

@@ -12,15 +12,17 @@ from ops.inventory.ec2inventory import Ec2Inventory
 
 
 def ec2(args):
-    filters = args.get('filters', {})
-    bastion_filters = args.get('bastion', {})
+    filters = args.get('filters', [])
+    bastion_filters = args.get('bastion', [])
 
     if args.get('cluster') and not args.get('filters'):
-        filters['tag:cluster'] = args.get('cluster')
+        filters = [{'Name': 'tag:cluster', 'Values': [args.get('cluster')]}]
 
     if args.get('cluster') and not args.get('bastion'):
-        bastion_filters['tag:cluster'] = args.get('cluster')
-        bastion_filters['tag:role'] = 'bastion'
+        bastion_filters = [
+            {'Name': 'tag:cluster', 'Values': [args.get('cluster')]},
+            {'Name': 'tag:role', 'Values': ['bastion']}
+        ]
 
     return Ec2Inventory(boto_profile=args['boto_profile'],
                         regions=args['region'],

ops/inventory/sshconfig.py

@@ -90,7 +90,7 @@ class SshConfigGenerator(object):
         ssh_config_content = ssh_config_template.format(
             scb_proxy_port=scb_proxy_port
         )
-        ssh_config_path = ssh_config_tpl_path.rstrip("_tpl")
+        ssh_config_path = ssh_config_tpl_path.removesuffix("_tpl")
         with open(ssh_config_path, 'w') as f:
             f.write(ssh_config_content)
             os.fchmod(f.fileno(), 0o644)

ops/simplevault.py

@@ -19,11 +19,12 @@ Very simple secrets management that can be used to
   (ex: generate it only if it's not already there)
 - it will also attempt login, if it will be required
 '''
+
 import os
 import hvac
 import getpass
 from .cli import display
-from six import iteritems
+from six import iteritems, string_types
 
 MAX_LDAP_ATTEMPTS = 3
 
@@ -35,30 +36,6 @@ class SimpleVault(object):
     def __init__(
             self, vault_user=None, vault_addr=None, vault_token=None, namespace=None,
             mount_point=None, persistent_session=True, auto_prompt=True):
-        def try_reading_token_file():
-            ret = None
-            try:
-                ret = open(
-                    os.path.expanduser('~/.vault-token'),
-                    "r").read().strip()
-            except Exception:
-                ret = None
-                pass
-            return ret
-
-        def write_token(token=None):
-            try:
-                if token:
-                    open(
-                        os.path.expanduser('~/.vault-token'),
-                        "w").write(
-                        token.strip())
-            except Exception:
-                display(
-                    "Warning: could not persist token to ~/.vault-token",
-                    stderr=False,
-                    color='yellow')
-                pass
 
         self.vault_addr = vault_addr or os.getenv(
             'VAULT_ADDR', None) or "http://localhost:8200"
@@ -66,7 +43,7 @@ class SimpleVault(object):
         # How often we will create infrastructures
         # with vault running on the provisioner's machine ?
         self.vault_token = vault_token or os.getenv(
-            'VAULT_TOKEN', None) or try_reading_token_file()
+            'VAULT_TOKEN', None) or self.try_reading_token_file()
         self.vault_user = vault_user or os.getenv(
             'VAULT_USER', None) or getpass.getuser()
         self.mount_point = mount_point
@@ -82,34 +59,127 @@ class SimpleVault(object):
                     namespace=self.namespace,
                     token=self.vault_token)
 
+        auth_methods = {
+            'ldap': self.auth_with_ldap,
+            'okta': self.auth_with_okta
+        }
+        auth_method = os.getenv('OPS_VAULT_AUTH_METHOD', 'okta')
+
         while not self.vault_conn.is_authenticated() and auto_prompt:
             display("VAULT-LIB: Not authenticated to vault '%s'" %
                     self.vault_addr, stderr=True, color='red')
-            display("Note: the default LDAP username (%s) can be overwritten with VAULT_USER"
+            display("Note: the default Vault username (%s) can be overwritten with VAULT_USER"
                      % self.vault_user, stderr=True,
                     color='yellow')
             display(
                 "      or to pass a token directly use VAULT_TOKEN",
                 stderr=True,
                 color='yellow')
-            try:
-                self.ldap_attempts += 1
-                ldap_password = getpass.getpass(
-                    prompt='LDAP password for %s for server %s: ' %
-                    (self.vault_user, self.vault_addr))
-                auth_response = self.vault_conn.auth.ldap.login(
-                    username=self.vault_user, password=ldap_password)
-                self.vault_conn.is_authenticated()
-                self.vault_token = auth_response['auth']['client_token']
-                write_token(self.vault_token)
-            except Exception as e:
-                if self.ldap_attempts >= MAX_LDAP_ATTEMPTS:
-                    display(
-                        "FAILED authentication {} times".format(
-                            self.ldap_attempts), color='red')
-                    raise e
-                else:
-                    pass
+
+            auth_method_func = auth_methods.get(auth_method)
+            if not auth_method_func:
+                raise ValueError(f"Unsupported authentication method: {auth_method}")
+            auth_method_func()
+
+    @staticmethod
+    def try_reading_token_file():
+        ret = None
+        try:
+            ret = open(
+                os.path.expanduser('~/.vault-token'),
+                "r").read().strip()
+        except Exception:
+            ret = None
+            pass
+        return ret
+
+    @staticmethod
+    def write_token(token=None):
+        try:
+            if token:
+                open(
+                    os.path.expanduser('~/.vault-token'),
+                    "w").write(
+                    token.strip())
+        except Exception:
+            display(
+                "Warning: could not persist token to ~/.vault-token",
+                stderr=False,
+                color='yellow')
+            pass
+
+    def auth_with_ldap(self):
+        # LDAP authentication logic
+        try:
+            self.ldap_attempts += 1
+            ldap_password = getpass.getpass(
+                prompt='LDAP password for %s for server %s: ' %
+                       (self.vault_user, self.vault_addr))
+            auth_response = self.vault_conn.auth.ldap.login(
+                username=self.vault_user, password=ldap_password)
+            self.vault_conn.is_authenticated()
+            self.vault_token = auth_response['auth']['client_token']
+            self.write_token(self.vault_token)
+        except Exception as e:
+            if self.ldap_attempts >= MAX_LDAP_ATTEMPTS:
+                display(
+                    "FAILED authentication {} times".format(
+                        self.ldap_attempts), color='red')
+                raise e
+            else:
+                pass
+
+    def auth_with_okta(self):
+        try:
+            okta_password = getpass.getpass(
+                prompt=f"Okta password for {self.vault_user}: ")
+
+            display("Authenticating with Okta...", color='yellow')
+            auth_response = self.vault_conn.auth.okta.login(
+                username=self.vault_user, password=okta_password)
+
+            # Check the MFA requirement
+            auth_data = auth_response.get("auth", {})
+            mfa_requirement = auth_data.get("mfa_requirement")
+
+            mfa_request_id = mfa_requirement.get("mfa_request_id")
+            mfa_constraints = mfa_requirement.get("mfa_constraints", {})
+
+            okta_factors = mfa_constraints.get("okta", {}).get("any", [])
+            mfa_factor_id = okta_factors[0].get("id")
+
+            # Create the MFA validation payload
+            mfa_payload = {
+                "mfa_request_id": mfa_request_id,
+                "mfa_payload": {
+                    mfa_factor_id: []  # No MFA factor specific data required
+                }
+            }
+
+            # Make the MFA validation request
+            display("Performing Okta MFA validation. Check notification...", color='yellow')
+            mfa_response = self.vault_conn.adapter.post(
+                "/v1/sys/mfa/validate",
+                json=mfa_payload,
+            )
+
+            # Update token if provided after MFA
+            self.vault_token = self.vault_conn.adapter.get_login_token(mfa_response)
+            self.vault_conn.token = self.vault_token
+            self.write_token(self.vault_token)
+            if self.vault_conn.is_authenticated():
+                display("Okta MFA validation successful, token obtained.", color='green')
+            else:
+                display("Okta MFA validation failed."
+                        "Please obtain a token manually (vault cli) and run ops again.",
+                        stderr=True, color='red')
+                exit(1)
+
+        except Exception as e:
+            display(f"An error occurred during Okta authentication: {e}\n"
+                    "Please obtain a token manually (vault cli) and run ops again.",
+                    stderr=True, color='red')
+            exit(1)
 
     def get(self, path, key='value', wrap_ttl=None,
             default=None, fetch_all=False, raw=False):
@@ -149,7 +219,7 @@ class SimpleVault(object):
 
     def put(self, path, value, lease=None, wrap_ttl=None):
         payload = {}
-        if isinstance(value, (basestring, int, float, bool)):
+        if isinstance(value, (string_types, int, float, bool)):
             payload['value'] = str(value)
         elif isinstance(value, dict):
             for k, v in iteritems(value):

ops/terraform/terraform_cmd_generator.py

@@ -34,8 +34,10 @@ class TerraformCommandGenerator(object):
         current_terraform_version = self.check_terraform_version()
         config = self.cluster_config
 
-        current_terraform_version_major = int(
-            current_terraform_version.split('.')[1])
+        current_terraform_version_major = int(current_terraform_version.removeprefix('v')
+                                              .split('.')[0])
+        current_terraform_version_minor = int(current_terraform_version
+                                              .split('.')[1])
         if 'enable_consul_remote_state' in config['terraform']:
             terraform_remote_state = config['terraform']['enable_consul_remote_state']
         elif config['terraform'].get('state', {'type': None}).get('type') == 's3':
@@ -69,7 +71,9 @@ class TerraformCommandGenerator(object):
             cluster=config['cluster'])
         landscape = ''
 
-        if current_terraform_version_major >= 9:
+        if (current_terraform_version_major == 0 and
+                current_terraform_version_minor >= 9 or
+                current_terraform_version_major > 0):
             if args.force_copy:
                 terraform_init_command = 'terraform init -force-copy && '
             else:

{ops_cli-2.2.0.dist-info → ops_cli-2.3.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.2
 Name: ops-cli
-Version: 2.2.0
+Version: 2.3.0
 Summary: Ops - wrapper for Terraform, Ansible, and SSH for cloud automation
 Home-page: https://github.com/adobe/ops-cli
 Author: Adobe
@@ -23,146 +23,155 @@ Classifier: Topic :: Text Processing :: Markup :: HTML
 Requires-Python: >=3.5
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: adal (==1.2.7)
-Requires-Dist: ansible (==8.2.0)
-Requires-Dist: awscli (==1.29.12)
-Requires-Dist: azure (==4.0.0)
-Requires-Dist: azure-applicationinsights (==0.1.1)
-Requires-Dist: azure-batch (==4.1.3)
-Requires-Dist: azure-common (==1.1.28)
-Requires-Dist: azure-cosmosdb-nspkg (==2.0.2)
-Requires-Dist: azure-cosmosdb-table (==1.0.6)
-Requires-Dist: azure-datalake-store (==0.0.53)
-Requires-Dist: azure-eventgrid (==1.3.0)
-Requires-Dist: azure-graphrbac (==0.40.0)
-Requires-Dist: azure-keyvault (==1.1.0)
-Requires-Dist: azure-loganalytics (==0.1.1)
-Requires-Dist: azure-mgmt (==4.0.0)
-Requires-Dist: azure-mgmt-advisor (==1.0.1)
-Requires-Dist: azure-mgmt-applicationinsights (==0.1.1)
-Requires-Dist: azure-mgmt-authorization (==0.50.0)
-Requires-Dist: azure-mgmt-batch (==5.0.1)
-Requires-Dist: azure-mgmt-batchai (==2.0.0)
-Requires-Dist: azure-mgmt-billing (==0.2.0)
-Requires-Dist: azure-mgmt-cdn (==3.1.0)
-Requires-Dist: azure-mgmt-cognitiveservices (==3.0.0)
-Requires-Dist: azure-mgmt-commerce (==1.0.1)
-Requires-Dist: azure-mgmt-compute (==4.6.2)
-Requires-Dist: azure-mgmt-consumption (==2.0.0)
-Requires-Dist: azure-mgmt-containerinstance (==1.5.0)
-Requires-Dist: azure-mgmt-containerregistry (==2.8.0)
-Requires-Dist: azure-mgmt-containerservice (==4.4.0)
-Requires-Dist: azure-mgmt-cosmosdb (==0.4.1)
-Requires-Dist: azure-mgmt-datafactory (==0.6.0)
-Requires-Dist: azure-mgmt-datalake-analytics (==0.6.0)
-Requires-Dist: azure-mgmt-datalake-nspkg (==3.0.1)
-Requires-Dist: azure-mgmt-datalake-store (==0.5.0)
-Requires-Dist: azure-mgmt-datamigration (==1.0.0)
-Requires-Dist: azure-mgmt-devspaces (==0.1.0)
-Requires-Dist: azure-mgmt-devtestlabs (==2.2.0)
-Requires-Dist: azure-mgmt-dns (==2.1.0)
-Requires-Dist: azure-mgmt-eventgrid (==1.0.0)
-Requires-Dist: azure-mgmt-eventhub (==2.6.0)
-Requires-Dist: azure-mgmt-hanaonazure (==0.1.1)
-Requires-Dist: azure-mgmt-iotcentral (==0.1.0)
-Requires-Dist: azure-mgmt-iothub (==0.5.0)
-Requires-Dist: azure-mgmt-iothubprovisioningservices (==0.2.0)
-Requires-Dist: azure-mgmt-keyvault (==1.1.0)
-Requires-Dist: azure-mgmt-loganalytics (==0.2.0)
-Requires-Dist: azure-mgmt-logic (==3.0.0)
-Requires-Dist: azure-mgmt-machinelearningcompute (==0.4.1)
-Requires-Dist: azure-mgmt-managementgroups (==0.1.0)
-Requires-Dist: azure-mgmt-managementpartner (==0.1.1)
-Requires-Dist: azure-mgmt-maps (==0.1.0)
-Requires-Dist: azure-mgmt-marketplaceordering (==0.1.0)
-Requires-Dist: azure-mgmt-media (==1.0.1)
-Requires-Dist: azure-mgmt-monitor (==0.5.2)
-Requires-Dist: azure-mgmt-msi (==0.2.0)
-Requires-Dist: azure-mgmt-network (==2.7.0)
-Requires-Dist: azure-mgmt-notificationhubs (==2.1.0)
-Requires-Dist: azure-mgmt-nspkg (==3.0.2)
-Requires-Dist: azure-mgmt-policyinsights (==0.1.0)
-Requires-Dist: azure-mgmt-powerbiembedded (==2.0.0)
-Requires-Dist: azure-mgmt-rdbms (==1.9.0)
-Requires-Dist: azure-mgmt-recoveryservices (==0.3.0)
-Requires-Dist: azure-mgmt-recoveryservicesbackup (==0.3.0)
-Requires-Dist: azure-mgmt-redis (==5.0.0)
-Requires-Dist: azure-mgmt-relay (==0.1.0)
-Requires-Dist: azure-mgmt-reservations (==0.2.1)
-Requires-Dist: azure-mgmt-resource (==2.2.0)
-Requires-Dist: azure-mgmt-scheduler (==2.0.0)
-Requires-Dist: azure-mgmt-search (==2.1.0)
-Requires-Dist: azure-mgmt-servicebus (==0.5.3)
-Requires-Dist: azure-mgmt-servicefabric (==0.2.0)
-Requires-Dist: azure-mgmt-signalr (==0.1.1)
-Requires-Dist: azure-mgmt-sql (==0.9.1)
-Requires-Dist: azure-mgmt-storage (==2.0.0)
-Requires-Dist: azure-mgmt-subscription (==0.2.0)
-Requires-Dist: azure-mgmt-trafficmanager (==0.50.0)
-Requires-Dist: azure-mgmt-web (==0.35.0)
-Requires-Dist: azure-nspkg (==3.0.2)
-Requires-Dist: azure-servicebus (==0.21.1)
-Requires-Dist: azure-servicefabric (==6.3.0.0)
-Requires-Dist: azure-servicemanagement-legacy (==0.20.7)
-Requires-Dist: azure-storage-blob (==1.5.0)
-Requires-Dist: azure-storage-common (==1.4.2)
-Requires-Dist: azure-storage-file (==1.4.0)
-Requires-Dist: azure-storage-queue (==1.4.0)
-Requires-Dist: boto (==2.49.0)
-Requires-Dist: boto3 (==1.28.12)
-Requires-Dist: cffi (==1.15.1)
-Requires-Dist: deepmerge (==1.1.0)
-Requires-Dist: gitpython (==3.1.32)
-Requires-Dist: hashmerge (==0.2)
-Requires-Dist: himl (==0.15.0)
-Requires-Dist: hvac (==1.1.1)
-Requires-Dist: inflection (==0.5.1)
-Requires-Dist: isodate (==0.6.1)
-Requires-Dist: jinja2 (==3.1.2)
-Requires-Dist: kubernetes (==26.1.0)
-Requires-Dist: lru-cache (==0.2.3)
-Requires-Dist: msal (==1.23.0)
-Requires-Dist: msrestazure (==0.6.4)
-Requires-Dist: passgen (==1.1.1)
-Requires-Dist: pathlib2 (==2.3.7.post1)
-Requires-Dist: pycparser (==2.21)
-Requires-Dist: pyhcl (==0.4.4)
-Requires-Dist: python-consul (==1.1.0)
-Requires-Dist: resolvelib (==1.0.1)
-Requires-Dist: simpledi (==0.4.1)
-Requires-Dist: six (==1.16.0)
-Requires-Dist: charset-normalizer (==3.2.0) ; python_full_version >= "3.7.0"
-Requires-Dist: backports.functools-lru-cache (==1.6.6) ; python_version >= "2.6"
-Requires-Dist: python-dateutil (==2.8.2) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2"
-Requires-Dist: requests-oauthlib (==1.3.1) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3"
-Requires-Dist: colorama (==0.4.4) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4"
-Requires-Dist: docutils (==0.16) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4"
-Requires-Dist: pyasn1 (==0.5.0) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4, 3.5"
-Requires-Dist: pyasn1-modules (==0.3.0) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4, 3.5"
-Requires-Dist: urllib3 (==1.26.16) ; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4, 3.5"
-Requires-Dist: idna (==3.4) ; python_version >= "3.5"
-Requires-Dist: rsa (==4.7.2) ; python_version >= "3.5" and python_version < "4"
-Requires-Dist: certifi (==2023.7.22) ; python_version >= "3.6"
-Requires-Dist: google-auth (==2.22.0) ; python_version >= "3.6"
-Requires-Dist: msrest (==0.7.1) ; python_version >= "3.6"
-Requires-Dist: oauthlib (==3.2.2) ; python_version >= "3.6"
-Requires-Dist: pyyaml (==6.0.1) ; python_version >= "3.6"
-Requires-Dist: smmap (==5.0.0) ; python_version >= "3.6"
-Requires-Dist: azure-core (==1.28.0) ; python_version >= "3.7"
-Requires-Dist: botocore (==1.31.12) ; python_version >= "3.7"
-Requires-Dist: cachetools (==5.3.1) ; python_version >= "3.7"
-Requires-Dist: cryptography (==41.0.2) ; python_version >= "3.7"
-Requires-Dist: gitdb (==4.0.10) ; python_version >= "3.7"
-Requires-Dist: jmespath (==1.0.1) ; python_version >= "3.7"
-Requires-Dist: markupsafe (==2.1.3) ; python_version >= "3.7"
-Requires-Dist: packaging (==23.1) ; python_version >= "3.7"
-Requires-Dist: pyjwt (==2.8.0) ; python_version >= "3.7"
-Requires-Dist: requests (==2.31.0) ; python_version >= "3.7"
-Requires-Dist: s3transfer (==0.6.1) ; python_version >= "3.7"
-Requires-Dist: setuptools (==68.0.0) ; python_version >= "3.7"
-Requires-Dist: typing-extensions (==4.7.1) ; python_version >= "3.7"
-Requires-Dist: websocket-client (==1.6.1) ; python_version >= "3.7"
-Requires-Dist: ansible-core (==2.15.2) ; python_version >= "3.9"
+Requires-Dist: adal==1.2.7
+Requires-Dist: ansible==8.7.0; python_version >= "3.9"
+Requires-Dist: ansible-core==2.15.13; python_version >= "3.9"
+Requires-Dist: awscli==1.32.6; python_version >= "3.8"
+Requires-Dist: azure==4.0.0
+Requires-Dist: azure-applicationinsights==0.1.1
+Requires-Dist: azure-batch==4.1.3
+Requires-Dist: azure-common==1.1.28
+Requires-Dist: azure-core==1.32.0; python_version >= "3.8"
+Requires-Dist: azure-cosmosdb-nspkg==2.0.2
+Requires-Dist: azure-cosmosdb-table==1.0.6
+Requires-Dist: azure-datalake-store==0.0.53
+Requires-Dist: azure-eventgrid==1.3.0
+Requires-Dist: azure-graphrbac==0.40.0
+Requires-Dist: azure-keyvault==1.1.0
+Requires-Dist: azure-loganalytics==0.1.1
+Requires-Dist: azure-mgmt==4.0.0
+Requires-Dist: azure-mgmt-advisor==1.0.1
+Requires-Dist: azure-mgmt-applicationinsights==0.1.1
+Requires-Dist: azure-mgmt-authorization==0.50.0
+Requires-Dist: azure-mgmt-batch==5.0.1
+Requires-Dist: azure-mgmt-batchai==2.0.0
+Requires-Dist: azure-mgmt-billing==0.2.0
+Requires-Dist: azure-mgmt-cdn==3.1.0
+Requires-Dist: azure-mgmt-cognitiveservices==3.0.0
+Requires-Dist: azure-mgmt-commerce==1.0.1
+Requires-Dist: azure-mgmt-compute==4.6.2
+Requires-Dist: azure-mgmt-consumption==2.0.0
+Requires-Dist: azure-mgmt-containerinstance==1.5.0
+Requires-Dist: azure-mgmt-containerregistry==2.8.0
+Requires-Dist: azure-mgmt-containerservice==4.4.0
+Requires-Dist: azure-mgmt-cosmosdb==0.4.1
+Requires-Dist: azure-mgmt-datafactory==0.6.0
+Requires-Dist: azure-mgmt-datalake-analytics==0.6.0
+Requires-Dist: azure-mgmt-datalake-nspkg==3.0.1
+Requires-Dist: azure-mgmt-datalake-store==0.5.0
+Requires-Dist: azure-mgmt-datamigration==1.0.0
+Requires-Dist: azure-mgmt-devspaces==0.1.0
+Requires-Dist: azure-mgmt-devtestlabs==2.2.0
+Requires-Dist: azure-mgmt-dns==2.1.0
+Requires-Dist: azure-mgmt-eventgrid==1.0.0
+Requires-Dist: azure-mgmt-eventhub==2.6.0
+Requires-Dist: azure-mgmt-hanaonazure==0.1.1
+Requires-Dist: azure-mgmt-iotcentral==0.1.0
+Requires-Dist: azure-mgmt-iothub==0.5.0
+Requires-Dist: azure-mgmt-iothubprovisioningservices==0.2.0
+Requires-Dist: azure-mgmt-keyvault==1.1.0
+Requires-Dist: azure-mgmt-loganalytics==0.2.0
+Requires-Dist: azure-mgmt-logic==3.0.0
+Requires-Dist: azure-mgmt-machinelearningcompute==0.4.1
+Requires-Dist: azure-mgmt-managementgroups==0.1.0
+Requires-Dist: azure-mgmt-managementpartner==0.1.1
+Requires-Dist: azure-mgmt-maps==0.1.0
+Requires-Dist: azure-mgmt-marketplaceordering==0.1.0
+Requires-Dist: azure-mgmt-media==1.0.1
+Requires-Dist: azure-mgmt-monitor==0.5.2
+Requires-Dist: azure-mgmt-msi==0.2.0
+Requires-Dist: azure-mgmt-network==2.7.0
+Requires-Dist: azure-mgmt-notificationhubs==2.1.0
+Requires-Dist: azure-mgmt-nspkg==3.0.2
+Requires-Dist: azure-mgmt-policyinsights==0.1.0
+Requires-Dist: azure-mgmt-powerbiembedded==2.0.0
+Requires-Dist: azure-mgmt-rdbms==1.9.0
+Requires-Dist: azure-mgmt-recoveryservices==0.3.0
+Requires-Dist: azure-mgmt-recoveryservicesbackup==0.3.0
+Requires-Dist: azure-mgmt-redis==5.0.0
+Requires-Dist: azure-mgmt-relay==0.1.0
+Requires-Dist: azure-mgmt-reservations==0.2.1
+Requires-Dist: azure-mgmt-resource==2.2.0
+Requires-Dist: azure-mgmt-scheduler==2.0.0
+Requires-Dist: azure-mgmt-search==2.1.0
+Requires-Dist: azure-mgmt-servicebus==0.5.3
+Requires-Dist: azure-mgmt-servicefabric==0.2.0
+Requires-Dist: azure-mgmt-signalr==0.1.1
+Requires-Dist: azure-mgmt-sql==0.9.1
+Requires-Dist: azure-mgmt-storage==2.0.0
+Requires-Dist: azure-mgmt-subscription==0.2.0
+Requires-Dist: azure-mgmt-trafficmanager==0.50.0
+Requires-Dist: azure-mgmt-web==0.35.0
+Requires-Dist: azure-nspkg==3.0.2
+Requires-Dist: azure-servicebus==0.21.1
+Requires-Dist: azure-servicefabric==6.3.0.0
+Requires-Dist: azure-servicemanagement-legacy==0.20.8
+Requires-Dist: azure-storage-blob==1.5.0
+Requires-Dist: azure-storage-common==1.4.2
+Requires-Dist: azure-storage-file==1.4.0
+Requires-Dist: azure-storage-queue==1.4.0
+Requires-Dist: backports.functools-lru-cache==1.6.6; python_version >= "2.6"
+Requires-Dist: boto3==1.34.6; python_version >= "3.8"
+Requires-Dist: botocore==1.34.6; python_version >= "3.8"
+Requires-Dist: cachetools==5.5.0; python_version >= "3.7"
+Requires-Dist: certifi==2024.12.14; python_version >= "3.6"
+Requires-Dist: cffi==1.17.1; python_version >= "3.8"
+Requires-Dist: charset-normalizer==3.4.1; python_version >= "3.7"
+Requires-Dist: colorama==0.4.4; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4"
+Requires-Dist: cryptography==44.0.0; python_version >= "3.7" and python_full_version not in "3.9.0, 3.9.1"
+Requires-Dist: deepmerge==1.1.1
+Requires-Dist: docutils==0.16; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3, 3.4"
+Requires-Dist: gitdb==4.0.12; python_version >= "3.7"
+Requires-Dist: gitpython==3.1.44; python_version >= "3.7"
+Requires-Dist: google-auth==2.37.0; python_version >= "3.7"
+Requires-Dist: hashmerge==0.2
+Requires-Dist: himl==0.15.2; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2, 3.3"
+Requires-Dist: hvac==1.2.1; python_full_version >= "3.6.2" and python_full_version < "4.0.0"
+Requires-Dist: idna==3.10; python_version >= "3.6"
+Requires-Dist: inflection==0.5.1; python_version >= "3.5"
+Requires-Dist: isodate==0.7.2; python_version >= "3.7"
+Requires-Dist: jinja2==3.1.4; python_version >= "3.7"
+Requires-Dist: jmespath==1.0.1; python_version >= "3.7"
+Requires-Dist: kubernetes==26.1.0; python_version >= "3.6"
+Requires-Dist: lru-cache==0.2.3
+Requires-Dist: markupsafe==3.0.2; python_version >= "3.9"
+Requires-Dist: msal==1.31.1; python_version >= "3.7"
+Requires-Dist: msrest==0.7.1; python_version >= "3.6"
+Requires-Dist: msrestazure==0.6.4
+Requires-Dist: oauthlib==3.2.2; python_version >= "3.6"
+Requires-Dist: packaging==24.2; python_version >= "3.8"
+Requires-Dist: passgen==1.1.1
+Requires-Dist: pathlib2==2.3.7.post1
+Requires-Dist: pyasn1==0.6.1; python_version >= "3.8"
+Requires-Dist: pyasn1-modules==0.4.1; python_version >= "3.8"
+Requires-Dist: pycparser==2.22; python_version >= "3.8"
+Requires-Dist: pyhcl==0.4.5
+Requires-Dist: pyjwt[crypto]==2.10.1; python_version >= "3.9"
+Requires-Dist: python-consul==1.1.0
+Requires-Dist: python-dateutil==2.9.0.post0; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2"
+Requires-Dist: pyyaml==6.0.1; python_version >= "3.6"
+Requires-Dist: requests==2.32.3; python_version >= "3.8"
+Requires-Dist: requests-oauthlib==2.0.0; python_version >= "3.4"
+Requires-Dist: resolvelib==1.0.1
+Requires-Dist: rsa==4.7.2; python_version >= "3.5" and python_version < "4"
+Requires-Dist: s3transfer==0.10.4; python_version >= "3.8"
+Requires-Dist: setuptools==75.8.0; python_version >= "3.9"
+Requires-Dist: simpledi==0.4.1
+Requires-Dist: six==1.17.0; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2"
+Requires-Dist: smmap==5.0.2; python_version >= "3.7"
+Requires-Dist: typing-extensions==4.12.2; python_version >= "3.8"
+Requires-Dist: urllib3==2.0.7; python_version >= "3.7"
+Requires-Dist: websocket-client==1.8.0; python_version >= "3.8"
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
 
 # Ops CLI
 [![Build status](https://github.com/adobe/ops-cli/actions/workflows/release.yml/badge.svg)](https://github.com/adobe/ops-cli/actions/workflows/release.yml) [![Docker image](https://img.shields.io/badge/Docker-ghcr.io/adobe/opscli-brightgreen.svg?style=flat-square)](https://github.com/adobe/ops-cli/pkgs/container/ops-cli) [![License](https://img.shields.io/github/license/adobe/ops-cli)](https://github.com/adobe/ops-cli/blob/master/LICENSE)
@@ -208,6 +217,7 @@ It can be used to add a layer of templating (using jinja2) on top of Terraform f
             * [Terraform landscape](#terraform-landscape)
          * [SSH](#ssh)
             * [SSHPass](#sshpass)
+            * [Balabit SCB](#scb)
          * [Play](#play)
          * [Run command](#run-command)
          * [Sync files](#sync-files)
@@ -316,7 +326,7 @@ workon ops
 # uninstall previous `ops` version (if you have it)
 pip uninstall ops --yes
 
-# install ops-cli v2.2.0 stable release
+# install ops-cli v2.3.0 stable release
 pip install --upgrade ops-cli
 ```
 
@@ -332,7 +342,7 @@ You can try out `ops-cli`, by using docker. The docker image has all required pr
 
 To start out a container, running the latest `ops-cli` docker image run:
 ```sh
-docker run -it ghcr.io/adobe/ops-cli:2.2.0 bash
+docker run -it ghcr.io/adobe/ops-cli:2.3.0 bash
 ```
 
 After the container has started, you can start using `ops-cli`:
@@ -858,6 +868,12 @@ Which will translate behind the scenes in :
 This allows us to just refer in cluster files a secret that actually exists in vault and make sure we only generate it once - if it was already created by os or any other system, we will just use what is already there.
 The reference is by means of fixed form jinja call  added to the cluster file, which ends up interpreted later during the templating phase.
 
+#### Vault auth
+Ops checks if a valid vault token is present in `~/.vault-token` or in the environment variable `VAULT_TOKEN`. If not, it will try to authenticate using the method defined in `OPS_VAULT_AUTH_METHOD` environment variable.
+The following methods are supported:
+- `okta` - use the Vault Okta auth method (default)
+- `ldap` - use the Vault ldap auth method
+
 ### Amazon Secrets Manager (SSM)
 
 Amazon offers the possibility to use their [Secrets Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) in order to manage configuration data such as credentials, passwords and license keys.

{ops_cli-2.2.0.dist-info → ops_cli-2.3.0.dist-info}/RECORD

@@ -4,7 +4,7 @@ ops/main.py,sha256=FvrpZHVawYsxBgJub9PuZP148HzWrYlnXuELNx5mBwI,6988
 ops/opsconfig.py,sha256=kIiV2mU5yts644x2VTYUnUSJRVLofGIJMD4xwweaw0o,5847
 ops/simpleconsul.py,sha256=4JWgUmw7RKn_Ti6gguf_bIyJnF7fpVBWkCXwcngbQVI,4089
 ops/simplessm.py,sha256=BwD8P9EKagJmR4BR2aKAXaGLIren9Yljb1GxB8nzYbk,1703
-ops/simplevault.py,sha256=ojd_5rbAYNQS-sIva3zrFFabJPzw8RCHso1BTnihtik,10123
+ops/simplevault.py,sha256=qVEA0L5UcZEFAVpY3CNQsMiyxHNyx8Fu7kEPiKbs8yE,12697
 ops/ansible/__init__.py,sha256=n5YIjodX0NasK2cpc8kU88jZfLQF8j94F05V5k2vAhI,603
 ops/ansible/callback_plugins/__init__.py,sha256=v9uW7YO2C7EC4MQWr_TMH_K-1ALd0uLl9vZ_h3xCQkg,596
 ops/ansible/filter_plugins/__init__.py,sha256=v9uW7YO2C7EC4MQWr_TMH_K-1ALd0uLl9vZ_h3xCQkg,596
@@ -14,15 +14,15 @@ ops/ansible/vars_plugins/clusterconfig.py,sha256=qmIrTp1V0gLdbtBI5A0HMmICe8z0xUq
 ops/ansible/vars_plugins/opsconfig.py,sha256=lfKCD7XRoDTW80QXEGcm3tV6ASnzoCGdxy5zpaimT4k,1615
 ops/cli/__init__.py,sha256=LcPvjP6p7l8At8CIjyWvm0mhYzMGJqFv45AcTls1IhM,1376
 ops/cli/aws.py,sha256=OsmpOVv1924_lvNESeElLgcEi1caYTnI88C7wzXie78,911
-ops/cli/config.py,sha256=-wnmNgNJDsp1vIXJcaiarsfWUnMos_aNHvCjXizUBi8,6311
+ops/cli/config.py,sha256=T0ZfW1bWdSr1dF4oqsvTjUtUiCr7RVm4_rFdezgGCqM,7629
 ops/cli/config_generator.py,sha256=ARGp5kAgdMLqtrHyQb_dE9sEuM1bAnVddfWDxd_5OdA,1718
 ops/cli/helmfile.py,sha256=2ipKyFMY5M87U1mXDQle_UsOXICdQ-0VX2f97TAg0I8,6354
-ops/cli/inventory.py,sha256=VsGXuWg9_yVbuWVnZadNyvzCvaciKu68qND59ct8kqc,3101
+ops/cli/inventory.py,sha256=kSqNw978_P7OrFzLng5ipzuJBh6WqtvjvLDtiNwFQ8A,3109
 ops/cli/packer.py,sha256=GAgi6uPWO0wv3uIEwl0O2sb4fQtpCbL1561nP8Y_Lpc,2626
 ops/cli/parser.py,sha256=tzXvpu4GycyHSjERFrjQVEFZYVzOszLhDEjpkFYJ-oc,4377
 ops/cli/playbook.py,sha256=rPaIfUUMSTgITxzrvkVyTpPJ2UfqYnk3WfjY3jDrHO0,5287
 ops/cli/run.py,sha256=cwT2rQEBRip_OndkSQLFR7Q8D5BD6L5BbAq6nehKhco,3373
-ops/cli/ssh.py,sha256=OUUQT8iW9U7ZbYWBblXKJanTiwdjTAVePr7RNyKxCQ0,13182
+ops/cli/ssh.py,sha256=AGDtNqLnbOjIbVxAnxfEJDpi5m1D0tOO3ml3uQ3bhgQ,14196
 ops/cli/sync.py,sha256=8K3Dsh6cwv9gTat0KXvRemHmqpAWd46pHfS8wMS9Olk,5663
 ops/cli/terraform.py,sha256=XeLXr_nFpdnsHdEfAFj_oiurvIhDQv-xE3L-NpMTcB0,12446
 ops/data/ansible/ansible.cfg,sha256=LE0Ve37qwQnbM1AJfHX442yh6HMMzM1FPCTCUKZElV8,186
@@ -39,21 +39,21 @@ ops/inventory/SKMS.py,sha256=jv4nHTKbDmJBTNf3HgGyKSfAJ10akKdDxNoGOcPehfo,17616
 ops/inventory/__init__.py,sha256=yvYO8z4aCdcOEYIjy27YL7fcbPqZAwQk9y_3YcNVAGU,643
 ops/inventory/azurerm.py,sha256=pWZqbZP9-7ChHNK1DwfSlt9hU6lcJjvNXmvduR2G5tQ,33507
 ops/inventory/caching.py,sha256=G2sJJ7nPHCqNBz3Vh0vxrFWQZt6B_11yS50GeZ8_1Bs,2000
-ops/inventory/ec2inventory.py,sha256=Kt1LxenzjuaDQvN5Q4r-2sg6Mdj5jn7lIf32Cy6BGtE,11179
+ops/inventory/ec2inventory.py,sha256=Zz3pB6hGLkzZa_ZIwpF2DfBXM_IQDIUmlwUIyy5D2HU,10655
 ops/inventory/generator.py,sha256=BcjUxMoWTnmx-P_S-1fLjqG3PUhyMyAO2S-037KG5q0,10885
-ops/inventory/sshconfig.py,sha256=ROYqKH1cp3VtDqZPaR6L_pp3DgS9VCx9vGZqcSY0f8k,4432
+ops/inventory/sshconfig.py,sha256=lxqKyH0uCRCk4XXZISGrtX_d0c7OREg2Hh77ndtz05k,4438
 ops/inventory/plugin/__init__.py,sha256=kSOYPdE9T0Ixe6tQUYoOl_udNbFZdVatvRf6bkf92aE,725
 ops/inventory/plugin/azr.py,sha256=8-G3mEc0WQV7ZhJ4z6X-Wo90nQ7zAzHwgLpV4l_gbjo,5910
-ops/inventory/plugin/cns.py,sha256=KjqG2SUiglDYj-XvguVIvo1fzqjgg_XPOdLdTaRfm24,1697
-ops/inventory/plugin/ec2.py,sha256=rU2DdJ0dduh711dF67Rz5721sQZFnuz98-HvucfCP0M,1253
+ops/inventory/plugin/cns.py,sha256=X7CUMA8ltGxDfCkvaeEHsd60g8Y_C_gJk7287UM-qHw,1763
+ops/inventory/plugin/ec2.py,sha256=M9Z_MJukDUyA1XtvHeiRGuTUh8A3ibHfDINJDUwLo-U,1332
 ops/inventory/plugin/legacy_pcs.py,sha256=ii1kOkwD9PIaOlleJa3_yE95ojCoPlBPKSBu5naZhxw,1184
 ops/inventory/plugin/skms.py,sha256=pFMpvfbXCf0KPgEOj5oAD7UzpUZ5zL1lcN4wESOjPuI,8517
 ops/jinja/__init__.py,sha256=Nvmvb1edSAehNKYyroo26Jrxjzbu_TOCBS8Y9mMEOyA,1743
 ops/terraform/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ops/terraform/terraform_cmd_generator.py,sha256=PCeAbsj7KQ6XY-7Q1g0ngyFjIdbEcgk6ZU9XJU3ZRjc,21428
-ops_cli-2.2.0.dist-info/LICENSE,sha256=ff5lJoiLrFF1nJn5pRJiuicRqMEqBn8hgWCd2aQGa4Q,11335
-ops_cli-2.2.0.dist-info/METADATA,sha256=h21N9GFZ3-9Q0L9dUdk7q-ilnP6wBh_5G0mpI2-n3ck,39451
-ops_cli-2.2.0.dist-info/WHEEL,sha256=AtBG6SXL3KF_v0NxLf0ehyVOh0cold-JbJYXNGorC6Q,92
-ops_cli-2.2.0.dist-info/entry_points.txt,sha256=maaS2Tf8WvxMXckssedK13LXegD9jgHB2AT8xiEfVpQ,37
-ops_cli-2.2.0.dist-info/top_level.txt,sha256=enC05wWafSg8iDKIvj3gvtAtEP2kYCyN5Gmd689q-_I,4
-ops_cli-2.2.0.dist-info/RECORD,,
+ops/terraform/terraform_cmd_generator.py,sha256=5yfzS7aOOjVDUYHwBadFvPjWKEFJWk9SEOhTZHywlG0,21728
+ops_cli-2.3.0.dist-info/LICENSE,sha256=ff5lJoiLrFF1nJn5pRJiuicRqMEqBn8hgWCd2aQGa4Q,11335
+ops_cli-2.3.0.dist-info/METADATA,sha256=fiCNonTcwfXYBj8vytZW3M66vBrCovowBpgYhv8AAXE,39904
+ops_cli-2.3.0.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+ops_cli-2.3.0.dist-info/entry_points.txt,sha256=maaS2Tf8WvxMXckssedK13LXegD9jgHB2AT8xiEfVpQ,37
+ops_cli-2.3.0.dist-info/top_level.txt,sha256=enC05wWafSg8iDKIvj3gvtAtEP2kYCyN5Gmd689q-_I,4
+ops_cli-2.3.0.dist-info/RECORD,,

{ops_cli-2.2.0.dist-info → ops_cli-2.3.0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.41.0)
+Generator: setuptools (75.8.0)
 Root-Is-Purelib: true
 Tag: py3-none-any