Client library Hashicorp Nomad
Update requests to 2.20.0
Vulnerable versions: <= 2.19.1
Patched version: 2.20.0
The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Restructure base Requester class, inherit from class instead of passing object to each instantiation. Removes all helpers _get, _post, _no_post, _put, _delete in each endpoint. Additional exceptions for status_codes. Should address:
#42 #59 #62 #64
Additional endpoints for client:
read_at stream_file stream_logs gc_allocate gc_all
Fixes: Diff parameter for jobs plan endpoint, thanks @jeteon!
This change is a breaking change along with some methods in the init being removed:
Exceptions that occur from communication with the Nomad API should now be following based on the status codes from, and inherit from BaseNomadException:
https://www.nomadproject.io/api/index.html#http-response-codes
set_namespace set_token
Add support for:
Metrics and Stats Endpoints thanks to @gokhansengun Environment Variable lookups and matching to other tools thanks to @vladshub
Exception handling fix to obtain nomad_resp object for all custom exceptions raised. Thanks to @etrabelsi
Huge thanks to @i4s-pserrano who added functionality for:
Tokens Policies Namespaces (Enterprise only) Sentinel policies (Enterprise only) As well as documenting examples for all the properties available currently!
Add optional cert file parameter for cert tuple (cert,key)
Added calls for features new to nomad 0.6.0:
CA certfile option to request session thanks to @marcjay