Merge pull request #147 from nautobot/release/3.1.1

Release/3.1.1

.cookiecutter.json

@@ -21,15 +21,15 @@
         "_drift_manager": {
             "template": "https://github.com/nautobot/cookiecutter-nautobot-app.git",
             "template_dir": "nautobot-app",
-            "template_ref": "refs/tags/nautobot-app-v2.2.1",
+            "template_ref": "refs/tags/nautobot-app-v2.3.0",
             "cookie_dir": "",
             "branch_prefix": "drift-manager",
             "pull_request_strategy": "create",
             "post_actions": [
                 "black"
             ],
             "draft": true,
-            "baked_commit_ref": "07ab5a6da72c934c43f1f957ce073bedbfdbfc9a"
+            "baked_commit_ref": "f75687d1998767d0385ff1eb722abf2044208871"
         }
     }
 }

.dockerignore

@@ -19,7 +19,6 @@ FAQ.md
 .git/
 .gitignore
 .github
-tasks.py
 LICENSE
 **/*.log
 **/.vscode/

.github/PULL_REQUEST_TEMPLATE/pull_request_template.md

@@ -1,5 +1,5 @@
 <!--
-    Thank you for your interest in contributing to Nautobot's Secrets Providers App! Please note
+    Thank you for your interest in contributing to Secrets Providers! Please note
     that our contribution policy recommends that a feature request or bug
     report be opened for approval prior to filing a pull request. This
     helps avoid wasting time and effort on something that we might not

.github/workflows/ci.yml

@@ -17,7 +17,7 @@ env:
   APP_NAME: "nautobot-app-secrets-providers"
 
 jobs:
-  black:
+  ruff-format:
     runs-on: "ubuntu-22.04"
     env:
       INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
@@ -26,20 +26,9 @@ jobs:
         uses: "actions/checkout@v4"
       - name: "Setup environment"
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: black"
-        run: "poetry run invoke black"
-  bandit:
-    runs-on: "ubuntu-22.04"
-    env:
-      INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
-    steps:
-      - name: "Check out repository code"
-        uses: "actions/checkout@v4"
-      - name: "Setup environment"
-        uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: bandit"
-        run: "poetry run invoke bandit"
-  ruff:
+      - name: "Linting: ruff format"
+        run: "poetry run invoke ruff --action format"
+  ruff-lint:
     runs-on: "ubuntu-22.04"
     env:
       INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
@@ -61,17 +50,6 @@ jobs:
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
       - name: "Check Docs Build"
         run: "poetry run invoke build-and-check-docs"
-  flake8:
-    runs-on: "ubuntu-22.04"
-    env:
-      INVOKE_NAUTOBOT_SECRETS_PROVIDERS_LOCAL: "True"
-    steps:
-      - name: "Check out repository code"
-        uses: "actions/checkout@v4"
-      - name: "Setup environment"
-        uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: flake8"
-        run: "poetry run invoke flake8"
   poetry:
     runs-on: "ubuntu-22.04"
     env:
@@ -96,13 +74,10 @@ jobs:
         run: "poetry run invoke yamllint"
   check-in-docker:
     needs:
-      - "black"
-      - "bandit"
-      - "ruff"
-      - "flake8"
+      - "ruff-format"
+      - "ruff-lint"
       - "poetry"
       - "yamllint"
-      - "black"
     runs-on: "ubuntu-22.04"
     strategy:
       fail-fast: true

README.md

@@ -1,4 +1,4 @@
-# Nautobot Secrets Providers App
+# Secrets Providers
 
 <p align="center">
   <img src="https://raw.githubusercontent.com/nautobot/nautobot-app-secrets-providers/develop/docs/images/icon-nautobot-secrets-providers.png" class="logo" height="200px">
@@ -8,7 +8,7 @@
   <a href="https://pypi.org/project/nautobot-secrets-providers/"><img src="https://img.shields.io/pypi/v/nautobot-secrets-providers"></a>
   <a href="https://pypi.org/project/nautobot-secrets-providers/"><img src="https://img.shields.io/pypi/dm/nautobot-secrets-providers"></a>
   <br>
-  An <a href="https://www.networktocode.com/nautobot/apps/">App</a> for <a href="https://nautobot.com/">Nautobot</a>.
+  An <a href="https://networktocode.com/nautobot-apps/">App</a> for <a href="https://nautobot.com/">Nautobot</a>.
 </p>
 
 ## Overview
@@ -59,4 +59,4 @@ Any PRs with fixes or improvements are very welcome!
 
 ## Questions
 
-For any questions or comments, please check the [FAQ](https://docs.nautobot.com/projects/secrets-providers/en/latest/user/faq/) first. Feel free to also swing by the [Network to Code Slack](https://networktocode.slack.com/) (channel `#nautobot`), sign up [here](http://slack.networktocode.com/) if you don't have an account.
+For any questions or comments, please check the [FAQ](https://docs.nautobot.com/projects/secrets-providers/en/latest/user/faq/) first. Feel free to also swing by the [Network to Code Slack](https://networktocode.slack.com/) (channel `#nautobot`), sign up [here](http://slack.networktocode.com/) if you don't have an account.

development/nautobot_config.py

@@ -10,7 +10,7 @@
 # Debug
 #
 
-DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", False))
+DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", "false"))
 _TESTING = len(sys.argv) > 1 and sys.argv[1] == "test"
 
 if DEBUG and not _TESTING:
@@ -48,9 +48,10 @@
         "PASSWORD": os.getenv("NAUTOBOT_DB_PASSWORD", ""),  # Database password
         "HOST": os.getenv("NAUTOBOT_DB_HOST", "localhost"),  # Database server
         "PORT": os.getenv(
-            "NAUTOBOT_DB_PORT", default_db_settings[nautobot_db_engine]["NAUTOBOT_DB_PORT"]
+            "NAUTOBOT_DB_PORT",
+            default_db_settings[nautobot_db_engine]["NAUTOBOT_DB_PORT"],
         ),  # Database port, default to postgres
-        "CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", 300)),  # Database timeout
+        "CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", "300")),  # Database timeout
         "ENGINE": nautobot_db_engine,
     }
 }

docs/admin/install.md

@@ -67,7 +67,7 @@ The app is available as a Python package via PyPI and can be installed with `pip
 pip install nautobot-secrets-providers
 ```
 
-To ensure Nautobot's Secrets Providers App is automatically re-installed during future upgrades, create a file named `local_requirements.txt` (if not already existing) in the Nautobot root directory (alongside `requirements.txt`) and list the `nautobot-secrets-providers` package:
+To ensure Secrets Providers is automatically re-installed during future upgrades, create a file named `local_requirements.txt` (if not already existing) in the Nautobot root directory (alongside `requirements.txt`) and list the `nautobot-secrets-providers` package:
 
 ```shell
 echo nautobot-secrets-providers >> local_requirements.txt

docs/admin/providers/hashicorp_setup.md

@@ -16,15 +16,15 @@ PLUGINS_CONFIG = {
 ```
 
 - `url` - (required) The URL to the HashiCorp Vault instance (e.g. `http://localhost:8200`).
-- `auth_method` - (optional / defaults to "token") The method used to authenticate against the HashiCorp Vault instance. Either `"approle"`, `"aws"`, `"kubernetes"` or `"token"`.  For information on using AWS authentication with vault see the [authentication](#authentication) section above.
+- `auth_method` - (optional / defaults to "token") The method used to authenticate against the HashiCorp Vault instance. Either `"approle"`, `"aws"`, `"kubernetes"` or `"token"`.
 - `ca_cert` - (optional) Path to a PEM formatted CA certificate to use when verifying the Vault connection.  Can alternatively be set to `False` to ignore SSL verification (not recommended) or `True` to use the system certificates.
 - `default_mount_point` - (optional / defaults to "secret") The default mount point of the K/V Version 2 secrets engine within Hashicorp Vault.
 - `kv_version` - (optional / defaults to "v2") The version of the KV engine to use, can be `v1` or `v2`
 - `k8s_token_path` - (optional) Path to the kubernetes service account token file.  Defaults to "/var/run/secrets/kubernetes.io/serviceaccount/token".
-- `token` - (optional) Required when `"auth_method": "token"` or `auth_method` is not supplied. The token for authenticating the client with the HashiCorp Vault instance. As with other sensitive service credentials, we recommend that you provide the token value as an environment variable and retrieve it with `{"token": os.getenv("NAUTOBOT_HASHICORP_VAULT_TOKEN")}` rather than hard-coding it in your `nautobot_config.py`.
+- `token` - (optional) Required when `"auth_method": "token"` or `auth_method` is not supplied. The token for authenticating the client with the HashiCorp Vault instance. As with other sensitive service credentials, we recommend that you provide the `token` value as an environment variable and retrieve it with `{"token": os.getenv("NAUTOBOT_HASHICORP_VAULT_TOKEN")}` rather than hard-coding it in your `nautobot_config.py`.
 - `role_name` - (optional) Required when `"auth_method": "kubernetes"`, optional when `"auth_method": "aws"`.  The Vault Kubernetes role or Vault AWS role to assume which the pod's service account has access to.
-- `role_id` - (optional) Required when `"auth_method": "approle"`. As with other sensitive service credentials, we recommend that you provide the role_id value as an environment variable and retrieve it with `{"role_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_ROLE_ID")}` rather than hard-coding it in your `nautobot_config.py`.
-- `secret_id` - (optional) Required when `"auth_method": "approle"`.As with other sensitive service credentials, we recommend that you provide the secret_id value as an environment variable and retrieve it with `{"secret_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_SECRET_ID")}` rather than hard-coding it in your `nautobot_config.py`.
+- `role_id` - (optional) Required when `"auth_method": "approle"`. As with other sensitive service credentials, we recommend that you provide the `role_id` value as an environment variable and retrieve it with `{"role_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_ROLE_ID")}` rather than hard-coding it in your `nautobot_config.py`.
+- `secret_id` - (optional) Required when `"auth_method": "approle"`.As with other sensitive service credentials, we recommend that you provide the `secret_id value` as an environment variable and retrieve it with `{"secret_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_SECRET_ID")}` rather than hard-coding it in your `nautobot_config.py`.
 - `login_kwargs` - (optional) Additional optional parameters to pass to the login method for [`approle`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.AppRole.login), [`aws`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.Aws.iam_login) and [`kubernetes`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.Kubernetes.login) authentication methods.
 - `namespace` - (optional) Namespace to use for the [`X-Vault-Namespace` header](https://github.com/hvac/hvac/blob/main/hvac/adapters.py#L287) on all hvac client requests. Required when the [`Namespaces`](https://developer.hashicorp.com/vault/docs/enterprise/namespaces#usage) feature is enabled in Vault Enterprise.
 

docs/admin/release_notes/version_3.1.md

@@ -6,6 +6,17 @@ This document describes all new features and changes in the release `3.1`. The f
 
 This release adds support for multiple HashiCorp Vault secrets providers.
 
+## [v3.1.1 (2024-08-22)](https://github.com/nautobot/nautobot-app-secrets-providers/releases/tag/v3.1.1)
+
+### Dependencies
+
+- [#145](https://github.com/nautobot/nautobot-app-secrets-providers/issues/145) - Updated `boto3` dependency to permit newer releases.
+
+### Housekeeping
+
+- [#144](https://github.com/nautobot/nautobot-app-secrets-providers/issues/144) - Rebaked from the cookie `nautobot-app-v2.3.0`.
+- [#147](https://github.com/nautobot/nautobot-app-secrets-providers/pull/147) - Updated documentation dependencies and added a pin for the `griffe` documentation dependency.
+
 ## [v3.1.0 (2024-08-01)](https://github.com/nautobot/nautobot-app-secrets-providers/releases/tag/v3.1.0)
 
 ### Added

docs/assets/extra.css

@@ -96,7 +96,7 @@ a.autorefs-external:hover::after {
 }
 
 
-/* Customization for mkdocs-version-annotations */
+/* Customization for markdown-version-annotations */
 :root {
     /* Icon for "version-added" admonition: Material Design Icons "plus-box-outline" */
     --md-admonition-icon--version-added: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 19V5H5v14h14m0-16a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h14m-8 4h2v4h4v2h-4v4h-2v-4H7v-2h4V7Z"/></svg>');

docs/dev/contributing.md

@@ -4,7 +4,7 @@ The project is packaged with a light [development environment](dev_environment.m
 
 The project is following Network to Code software development guidelines and is leveraging the following:
 
-- Python linting and formatting: `black`, `pylint`, `bandit`, `flake8`, and `ruff`.
+- Python linting and formatting: `pylint` and `ruff`.
 - YAML linting is done with `yamllint`.
 - Django unit test to ensure the app is working properly.
 
@@ -47,26 +47,26 @@ The branching policy includes the following tenets:
 - PRs intended to add new features should be sourced from the `develop` branch.
 - PRs intended to fix issues in the Nautobot LTM compatible release should be sourced from the latest `ltm-<major.minor>` branch instead of `develop`.
 
-Nautobot's Secrets Providers App will observe semantic versioning, as of 1.0. This may result in a quick turnaround in minor versions to keep pace with an ever growing feature set.
+Secrets Providers will observe semantic versioning, as of 1.0. This may result in a quick turnaround in minor versions to keep pace with an ever-growing feature set.
 
 ## Release Policy
 
-Nautobot's Secrets Providers App has currently no intended scheduled release schedule, and will release new features in minor versions.
+Secrets Providers has currently no intended scheduled release schedule, and will release new features in minor versions.
 
 When a new release, from `develop` to `main`, is created the following should happen.
 
 - A release PR is created from `develop` with:
-  - Update the release notes in `docs/admin/release_notes/version_<major>.<minor>.md` file to reflect the changes.
-  - Change the version from `<major>.<minor>.<patch>-beta` to `<major>.<minor>.<patch>` in `pyproject.toml`.
-  - Set the PR to the `main` branch.
+    - Update the release notes in `docs/admin/release_notes/version_<major>.<minor>.md` file to reflect the changes.
+    - Change the version from `<major>.<minor>.<patch>-beta` to `<major>.<minor>.<patch>` in `pyproject.toml`.
+    - Set the PR to the `main` branch.
 - Ensure the tests for the PR pass.
 - Merge the PR.
 - Create a new tag:
-  - The tag should be in the form of `v<major>.<minor>.<patch>`.
-  - The title should be in the form of `v<major>.<minor>.<patch>`.
-  - The description should be the changes that were added to the `version_<major>.<minor>.md` document.
+    - The tag should be in the form of `v<major>.<minor>.<patch>`.
+    - The title should be in the form of `v<major>.<minor>.<patch>`.
+    - The description should be the changes that were added to the `version_<major>.<minor>.md` document.
 - If merged into `main`, then push from `main` to `develop`, in order to retain the merge commit created when the PR was merged
 - A post release PR is created with:
-  - Change the version from `<major>.<minor>.<patch>` to `<major>.<minor>.<patch + 1>-beta` in both `pyproject.toml` and `nautobot.__init__.__version__`.
-  - Set the PR to the proper branch, `develop`.
-  - Once tests pass, merge.
+    - Change the version from `<major>.<minor>.<patch>` to `<major>.<minor>.<patch + 1>-beta` in both `pyproject.toml` and `nautobot.__init__.__version__`.
+    - Set the PR to the proper branch, `develop`.
+    - Once tests pass, merge.

docs/dev/dev_environment.md

@@ -121,10 +121,7 @@ Each command can be executed with `invoke <command>`. All commands support the a
 #### Testing
 
 ```
-  bandit           Run bandit to validate basic static code security analysis.
-  black            Run black to check that Python files adhere to its style standards.
-  flake8           Run flake8 to check that Python files adhere to its style standards.
-  ruff             Run ruff to validate docstring formatting adheres to NTC defined standards.
+  ruff             Run ruff to perform code formatting and/or linting.
   pylint           Run pylint code analysis.
   tests            Run all tests for this app.
   unittest         Run Django unit tests for the app.
@@ -683,7 +680,7 @@ This is the same as running:
 
 ### Tests
 
-To run tests against your code, you can run all of the tests that TravisCI runs against any new PR with:
+To run tests against your code, you can run all of the tests that the CI runs against any new PR with:
 
 ```bash
 ➜ invoke tests
@@ -693,9 +690,6 @@ To run an individual test, you can run any or all of the following:
 
 ```bash
 ➜ invoke unittest
-➜ invoke bandit
-➜ invoke black
-➜ invoke flake8
 ➜ invoke ruff
 ➜ invoke pylint
 ```

docs/requirements.txt

@@ -1,5 +1,6 @@
-mkdocs==1.5.2
-mkdocs-material==9.1.15
-mkdocs-version-annotations==1.0.0
-mkdocstrings-python==1.5.2
-mkdocstrings==0.22.0
+mkdocs==1.6.0
+mkdocs-material==9.5.32
+markdown-version-annotations==1.0.1
+griffe==1.1.1
+mkdocstrings-python==1.10.8
+mkdocstrings==0.25.2

mkdocs.yml

@@ -1,6 +1,6 @@
 ---
 dev_addr: "127.0.0.1:8001"
-edit_uri: "edit/main/nautobot-app-secrets-providers/docs"
+edit_uri: "edit/main/docs"
 site_dir: "nautobot_secrets_providers/static/nautobot_secrets_providers/docs"
 site_name: "Secrets Providers Documentation"
 site_url: "https://docs.nautobot.com/projects/secrets-providers/en/latest/"
@@ -72,6 +72,8 @@ extra:
       link: "https://twitter.com/networktocode"
       name: "Network to Code Twitter"
 markdown_extensions:
+  - "markdown_version_annotations":
+      admonition_tag: "???"
   - "admonition"
   - "toc":
       permalink: true
@@ -89,7 +91,6 @@ markdown_extensions:
   - "footnotes"
 plugins:
   - "search"
-  - "mkdocs-version-annotations"
   - "mkdocstrings":
       default_handler: "python"
       handlers:
@@ -120,6 +121,7 @@ nav:
       - Compatibility Matrix: "admin/compatibility_matrix.md"
       - Release Notes:
           - "admin/release_notes/index.md"
+          - v3.1: "admin/release_notes/version_3.1.md"
           - v3.0: "admin/release_notes/version_3.0.md"
           - v2.0: "admin/release_notes/version_2.0.md"
           - v1.4: "admin/release_notes/version_1.4.md"

nautobot_secrets_providers/migrations/0001_update_thycotic_delinea_slug.py

@@ -16,7 +16,6 @@ def reverse_secrets_provider_slugs(apps, schema_editor):
 
 
 class Migration(migrations.Migration):
-
     dependencies = []
 
     operations = [

nautobot_secrets_providers/providers/__init__.py

@@ -2,8 +2,8 @@
 
 from .aws import AWSSecretsManagerSecretsProvider, AWSSystemsManagerParameterStore
 from .azure import AzureKeyVaultSecretsProvider
-from .hashicorp import HashiCorpVaultSecretsProvider
 from .delinea import DelineaSecretServerSecretsProviderId, DelineaSecretServerSecretsProviderPath
+from .hashicorp import HashiCorpVaultSecretsProvider
 
 __all__ = (
     "AWSSecretsManagerSecretsProvider",

nautobot_secrets_providers/providers/aws.py

@@ -10,10 +10,8 @@
     boto3 = None
 
 from django import forms
-
 from nautobot.core.forms import BootstrapMixin
-from nautobot.extras.secrets import exceptions, SecretsProvider
-
+from nautobot.extras.secrets import SecretsProvider, exceptions
 
 __all__ = ("AWSSecretsManagerSecretsProvider", "AWSSystemsManagerParameterStore")
 

nautobot_secrets_providers/providers/azure.py

@@ -10,7 +10,7 @@
 
 from django import forms
 from nautobot.core.forms import BootstrapMixin
-from nautobot.extras.secrets import exceptions, SecretsProvider
+from nautobot.extras.secrets import SecretsProvider, exceptions
 
 __all__ = ("AzureKeyVaultSecretsProvider",)
 

nautobot_secrets_providers/providers/choices.py

@@ -6,11 +6,11 @@
 class DelineaSecretChoices(ChoiceSet):
     """Choices for Delinea Secret Server Result."""
 
-    SECRET_TOKEN = "token"  # nosec
-    SECRET_PASSWORD = "password"  # nosec
-    SECRET_USERNAME = "username"  # nosec
-    SECRET_URL = "url"  # nosec
-    SECRET_NOTES = "notes"  # nosec
+    SECRET_TOKEN = "token"  # noqa: S105
+    SECRET_PASSWORD = "password"  # noqa: S105
+    SECRET_USERNAME = "username"  # noqa: S105
+    SECRET_URL = "url"  # noqa: S105
+    SECRET_NOTES = "notes"  # noqa: S105
 
     CHOICES = (
         (SECRET_TOKEN, "Token"),