Hvac

🚀 Features

- Add Support For use_token_groups In LDAP Auth Method. GH-591
- Add Raft System Backend Methods. GH-594

Thanks to finarfin and jeffwecan for their lovely contributions.

🚀 Features

- Create_role_secret_id: add token_bound_cidrs parameter. GH-585
- Add vault rekey verification methods. GH-586
- Add request data to exception objects. GH-583
- Add marshaling_algorithm to sign/verify params. GH-584
- Add issuer to kubernetes configuration. GH-575

🐛 Bug Fixes

- Remove json() calls (unneeded following JSONAdapter addition) GH-589

📚 Documentation

- Fix format errors in contributing for HTML docs. GH-577

Thanks to TerryHowe, and-semakin, jeffwecan, jschlyter, jzck, mdelaney and scarabeusiv for their lovely contributions.

💥 Breaking Changes

- Make returned responses more consistent. GH-537

*Note*: [GH-537](https://github.com/hvac/hvac/pull/537) changes some methods' return types from None to a request.Response
instance. For instance the `client.secrets.identity.lookup_entity` now returns a Response[204] (truthy) value instead of
None (falsy) when the lookup returns no results.
This change was made to simplify maintenance of response parsing within the hvac code base.

🚀 Features
- Add support for Transform secrets engine. GH-569

🐛 Bug Fixes

- Fix "Exception: member entities can't be set manually for external groups". GH-558

Thanks to jeffwecan, llamasoft and msuszko for their lovely contributions.

🚀 Features
- Add a correct endpoint for CRL retrieving . GH-547

📚 Documentation

- Fixes close quotes in example usage of read_secret_version. GH-557
- Fixes typo in docs: much -> must. GH-555

🧰 Miscellaneous

- Don't send optional parameters unless explicitly specified. GH-533

*Note*: [GH-533](https://github.com/hvac/hvac/pull/533) includes fundamental behavior involving sending parameters
to API requests to Vault. Many hvac method parameters that would have been sent with default arguments no
longer are included in requests to Vault. Notably, the following behavioral changes should be expected (copied from the
related PR comments):

Azure:
- CHANGED: `create_role` parameter `policies` now accepts CSV string or list of strings

Database:
- CHANGED: `create_role` documentation updated to something meaningful 🙃

GCP:
- `configure` parameter `google_certs_endpoint` is deprecated
- `create_role` parameter `project_id` is deprecated by `bound_projects` (list)

GitHub:
- `configure` is missing a lot of parameters

LDAP:
- CHANGED: `configure` parameters `user_dn` and `group_dn` made optional
- Retained argument position to prevent being a breaking change
- CHANGED: `hvac/constants/ldap.py` file removed as it is no longer used

MFA:
- This entire endpoint is deprecated so I didn't bother updating it

Okta:
- CHANGED: `configure` parameter `base_url` default value now differs from API documentation
- This is likely just a [documentation issue](https://github.com/hashicorp/vault/issues/7653)
- `register_user`, `read_user`, and `delete_user` duplicate URL parameter `username` in JSON payload
- I left this one as-is as it doesn't appear to hurt anything
- Ditto for `delete_group`, but `register_group` and `list_group` correctly omit it

PKI:
- CHANGED: `sign_data` and `verify_signed_data` optional parameter `marshaling_algorithm` added

RADIUS:
- `configure` is missing a lot of parameters
- BUG: `register_user` attempted to convert `username` string into a CSV list (?!) for POST data
- Didn't hurt anything as `username` is extracted from URL path in Vault server
- BUG: `register_user` parameter `policies` never actually passed as parameter

System Backend:
- Auth
- `enable_auth_method` parameter `plugin_name` is deprecated
- CHANGED: `enable_audit_device` optional parameter `local` was added
- Init
- `initialize` provides default for required API parameters `secret_shares` and `secret_threshold`
- Key
- `start_root_token_generation` parameter `otp` is deprecated

**Misc:**
- There seems to be some discrepancy on how "extra arguments" are accepted:
- Some methods use only `**kwargs` (e.g. `hvac/api/system_backend/auth.py`)
- Some use `*args` and `**kwargs` (e.g. `hvac/api/secrets_engines/active_directory.py`)
- `hvac/api/secrets_engines/pki.py` uses `extra_params={}`
- Most argument names match API parameter names, but some don't
- Example: `hvac/api/auth_methods/ldap.py` `configure` uses `user_dn` instead of `userdn`
- Example: `hvac/api/system_backend/auth.py` `configure` uses `method_type` instead of `type`
- Many methods duplicate URL parameters into JSON payload as well
- This isn't necessary and fortunately Vault ignores the extra parameters
- `ttl`, `max_ttl`, `policies`, `period`, `num_uses` and a few other fields are deprecated as of Vault version 1.2.0
- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#120-july-30th-2019

Thanks to findmyname666, llamasoft, moisesguimaraes, philherbert and Adrian Eib for their lovely contributions.

🚀 Features

- Added userpass auth method. GH-519
- added rabbitmq secrets backend. GH-540
- Quote/Escape all URL placeholders. GH-532

📚 Documentation

- Getting Started Guide and LDAP Auth Updates. GH-524

🧰 Miscellaneous

- Handle bad gateway from Vault. GH-542
- Fix GET/LIST typos. GH-536
- Fix Travis HEAD build + Overhaul install scripts. GH-535
- Improve Integration Test Error Handling. GH-531

Thanks to DaveDeCaprio, Dowwie, drewmullen, jeffwecan, llamasoft and vamshideveloper for their lovely contributions.

🚀 Features

- Add Active Directory Secrets Engine Support. GH-508

📚 Documentation

- Include Recently Added Namespace Documentation In Toctree. GH-509

Thanks to jeffwecan and vamshideveloper for their lovely contributions.