Open
Conversation
Switch create_record() from create_secret() to create_secret_with_options(). create_secret() uses get_secrets(full_response=True) to look up folder encryption keys, which only returns folders bundled with records. Empty shared folders are invisible to it, so the key is never found and creation fails. create_secret_with_options() calls the dedicated get_folders endpoint which returns all accessible folders regardless of record count. Adds regression test (keeper_create_empty_folder_test.py) that confirms create_secret() raises when the folder has no records, and updates the existing keeper_create_test.py mock patch target to match the new code path.
Add 1.4.0 section to README and galaxy README covering KSM-816. Sync galaxy README which had stalled at 1.2.6 (missing 1.3.0 entries). Clarify shared_folder_uid in keeper_create action and module docs to note it must be a top-level shared folder UID, not a subfolder UID.
Update python_requires from >=3.7 to >=3.9 to align with keeper-secrets-manager-core >= 17.2.0. Bump core to >=17.2.0 and helper to >=1.1.0 in setup.py and requirements.txt. Drop Python 3.7 and 3.8 classifiers, add 3.12 and 3.13.
The redhat/ubi9 base image (introduced Oct 2025) does not include packages that the previous ansible-runner base provided. This caused AAP to fail with [dumb-init] ssh agent: No such file or directory on container startup. Added to additional_build_packages in execution-environment.yml: - openssh-clients: provides ssh-agent required by AAP at container startup - sshpass: required for password-based SSH (ansible_ssh_pass) - rsync: required by ansible.builtin.synchronize module - git: required by ansible.builtin.git module Added regression test (keeper_tower_ee_test.py) to verify all required packages are declared in the EE spec on every CI run.
The redhat/ubi9 base image (introduced Oct 2025) does not include packages that the previous ansible-runner base provided. This caused AAP to fail with [dumb-init] ssh agent: No such file or directory on container startup. Added to additional_build_packages in execution-environment.yml: - openssh-clients: provides ssh-agent required by AAP at container startup - sshpass: required for password-based SSH (ansible_ssh_pass) - rsync: required by ansible.builtin.synchronize module - git: required by ansible.builtin.git module Added regression test (keeper_tower_ee_test.py) to verify all required packages are declared in the EE spec on every CI run.
stas-schaller
changed the title
Python 3.9+ includes importlib.metadata in the standard library, making the importlib_metadata backport unnecessary. Also fixes stale dependency versions in tower EE requirements.txt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Release branch for v1.4.0 — bug fixes for
keeper_createon empty shared folders, missing system packages in the Tower Execution Environment Docker image, and Python 3.9 minimum with updated SDK dependencies.Changes
Bug Fixes
keeper_createfailed when the target shared folder contained no records. The plugin now uses theget_foldersendpoint to resolve the folder encryption key, which returns all folders regardless of record count. Previouslyget_secretswas used, which only returns folder keys bundled alongside records.keeper-secrets-manager-tower-eeDocker image was missingopenssh-clients,sshpass,rsync, andgit— packages present in the previousansible-runnerbase that are absent fromredhat/ubi9. This caused AAP to fail with[dumb-init] ssh agent: No such file or directoryat container startup. Added all four packages toadditional_build_packagesinexecution-environment.yml. Added regression test to prevent recurrence.Maintenance
keeper-secrets-manager-core >= 17.2.0keeper-secrets-manager-coreto>=17.2.0andkeeper-secrets-manager-helperto>=1.1.0shared_folder_uiddocs inkeeper_createto note it must be a top-level shared folder UID, not a subfolder UIDBreaking Changes
None.
Related Issues