tomtom-international · eugene-davis · Dec 9, 2022 · Dec 10, 2022 · Jan 12, 2023 · Jan 27, 2023
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.1.15
+current_version = 1.1.21
 commit = True
 tag = False
 message = Bump version: {current_version} → {new_version}

@@ -1,3 +1,3 @@
 general:
   vulnerabilities:
-  - CVE-2022-43680 # libexpat isn't available in Alpine 3.16's repositories so I believe this is a false positive
+    - CVE-2022-40897 # Seems to be a false positive, see update at https://hub.docker.com/layers/library/python/3.11.1-alpine3.17/images/sha256-4fc84c93c255afc1f83766d8b736ce2c8ca82f6489193cab709fcde759f720a2?context=explore
@@ -9,3 +9,8 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+    groups:
+       python-updates:
+          patterns:
+            - "*"       # A wildcard that matches all dependencies in the package
+
@@ -13,7 +13,7 @@ jobs:
     name: python checks
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: actions/setup-python@v2
       with:
         python-version: '3.10'
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2 
+    - uses: actions/checkout@v3 
     - uses: hadolint/[email protected]
       with:
         dockerfile: Dockerfile
@@ -66,10 +66,10 @@ jobs:
       if: ${{ fromJSON(steps.containers.outputs.BUILD_PR) }}
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v1
+      uses: docker/setup-qemu-action@v2
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v2
 
     - name: Login to ghcr.io
       uses: docker/login-action@v2
@@ -101,13 +101,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         fetch-depth: '0'
 
     - uses: actions/setup-python@v2
       with:
-        python-version: '3.10'
+        python-version: '3.11'
 
     - name: Install Poetry
       run: pip install poetry
@@ -132,7 +132,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2 
+    - uses: actions/checkout@v3 
 
     - name: Install Poetry
       run: pip install poetry
@@ -145,7 +145,7 @@ jobs:
       run: echo "::set-output name=version::$(poetry version | cut -d" " -f2)"
 
     - name: Checkout ${{ github.base_ref }}
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         ref: ${{ github.base_ref }}
 
@@ -154,7 +154,7 @@ jobs:
       run: |
         echo "::set-output name=version::$(poetry version | cut -d" " -f2)"
     - name: Checkout current branch
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Check version has been bumped
       run: "python .github/workflows/version_check.py --current-branch ${{ steps.current_version.outputs.version }} --target-branch ${{ steps.old_version.outputs.version }}"
@@ -6,21 +6,21 @@ on:
   workflow_dispatch:
 
 env:
-  VERSION: 1.1.15
+  VERSION: 1.1.21
 
 jobs:
   release:
     name: docker build
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2 
+    - uses: actions/checkout@v3 
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v1
+      uses: docker/setup-qemu-action@v2
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v2
 
     - name: Login to ghcr.io
       uses: docker/login-action@v2

@@ -1,12 +1,12 @@
-FROM python:3.10.8-alpine3.16 as builder
+FROM python:3.11.3-alpine3.17 as builder
 
 COPY . /build
 
 WORKDIR /build
 
 RUN python -m venv /venv && /venv/bin/pip --no-cache-dir install .
 
-FROM python:3.10.7-alpine3.16
+FROM python:3.11.3-alpine3.17
 
 RUN addgroup --gid 1000 exporter && adduser --uid 1000 --system --no-create-home --shell /bin/false --ingroup exporter exporter
 USER exporter

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "vault-assessment-prometheus-exporter"
-version = "1.1.15"
+version = "1.1.21"
 description = "Prometheus exporter to monitor custom metadata for KV2 secrets for (self-imposed) expiration."
 authors = ["Eugene Davis <[email protected]>"]
 readme = "README.md"
@@ -22,7 +22,7 @@ PyYAML = "^6.0"
 Cerberus = "^1.3.4"
 
 [tool.poetry.dev-dependencies]
-black = "^22.3.0"
+black = "^23.1.0"
 pylint = "^2.13.7"
 pytest = "^7.1.1"
 pytest-cov = "^4.0.0"
@@ -32,7 +32,7 @@ bandit = "^1.7.4"
 bump2version = "^1.0.1"
 pytest-mock = "^3.7.0"
 mock = "^4.0.3"
-mypy = "^0.971"
+mypy = "^1.01"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

@@ -5,14 +5,14 @@
 import logging
 import warnings
 
-from typing import Dict
+from typing import Optional, Dict
 
 import hvac
 
 LOGGER = logging.getLogger("vault_authenticate")
 
 
-def get_vault_client_for_user(url: str = None, namespace: str = None, vault_token: str = None) -> hvac.Client:
+def get_vault_client_for_user(url: Optional[str] = None, namespace: Optional[str] = None, vault_token: Optional[str] = None) -> hvac.Client:
     """
     Gets a HVAC Vault client instance configured against Vault, targeted towards end-user systems (checks for environmental variables and existing token in .vault-token)
     """
@@ -60,7 +60,7 @@ def get_authenticated_client(auth_config: Dict[str, Dict[str, str]], address: st
     return get_client_with_token_auth(token_auth_config, address, namespace)
 
 
-def get_namespace(namespace: str = None) -> str:
+def get_namespace(namespace: Optional[str] = None) -> str:
     """
     In the event that namespace is None, return the value for VAULT_NAMESPACE if that is set
     """
@@ -70,7 +70,7 @@ def get_namespace(namespace: str = None) -> str:
     return namespace
 
 
-def get_address(address: str = None) -> str:
+def get_address(address: Optional[str] = None) -> str:
     """
     If the Vault address isn't set, check the contents of the VAULT_ADDR environmental variable and return it.
     """

@@ -2,7 +2,7 @@
 Class for monitoring entity secret expiration information in HashiCorp Vault.
 """
 
-from typing import Dict
+from typing import Optional, Dict
 
 import requests
 import hvac
@@ -24,7 +24,14 @@ class EntityExpirationMonitor(ExpirationMonitor):
     expiration_gauge_description = "Timestamp for when an entity's secrets should be expired and rotated."
 
     def __init__(
-        self, mount_point: str, monitored_path: str, name: str, vault_client: hvac.Client, service: str, prometheus_labels: Dict[str, str] = None, metadata_fieldnames: Dict[str, str] = None
+        self,
+        mount_point: str,
+        monitored_path: str,
+        name: str,
+        vault_client: hvac.Client,
+        service: str,
+        prometheus_labels: Optional[Dict[str, str]] = None,
+        metadata_fieldnames: Optional[Dict[str, str]] = None,
     ) -> None:
         if prometheus_labels:
             prometheus_labels.update({"entity_name": name})

@@ -2,7 +2,7 @@
 Class for monitoring expiration information in HashiCorp Vault.
 """
 from abc import ABC, abstractmethod
-from typing import Dict, List, Type, TypeVar
+from typing import Optional, Dict, List, Type, TypeVar
 
 import hvac
 from prometheus_client import Gauge
@@ -25,7 +25,9 @@ class ExpirationMonitor(ABC):
     expiration_gauge_name: str
     expiration_gauge_description: str
 
-    def __init__(self, mount_point: str, monitored_path: str, vault_client: hvac.Client, service: str, prometheus_labels: Dict[str, str] = None, metadata_fieldnames: Dict[str, str] = None) -> None:
+    def __init__(
+        self, mount_point: str, monitored_path: str, vault_client: hvac.Client, service: str, prometheus_labels: Optional[Dict[str, str]] = None, metadata_fieldnames: Optional[Dict[str, str]] = None
+    ) -> None:
         """
         Creates an instance of the ExpirationMonitor class.
         """