Bump python-freeipa to 1.0.9

This required changing how we install deps in docker, as python-freeipa 1.0.9 added gssapi, which requires heimdal-dev to be installed. We now install all project deps in the wheel-builder docker stage, and then install from cache in the actual runner stage
author: Chris Lovering <[email protected]> 2025-02-15 16:31:55 +0000
committer: Chris Lovering <[email protected]> 2025-02-15 16:33:13 +0000
commit: 9699e6eee373e48f901a3993e562674855f54700 (patch)
tree: 7ee501950cbc29df31a12d094590f644d9871073
parent: Sort dependencies (diff)
4 files changed, 124 insertions, 18 deletions
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 088ee66..aef0b11 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -11,7 +11,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install native dependencies
-        run: sudo apt-get update && sudo apt-get install -y libldap2-dev libsasl2-dev
+        run: sudo apt-get update && sudo apt-get install -y libldap2-dev libsasl2-dev heimdal-dev
 
       - name: Install Python dependencies
         uses: HassanAbouelela/actions/setup-python@setup-python_v1.6.0
diff --git a/Dockerfile b/Dockerfile
index 12c5b0a..238de59 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,23 +3,27 @@ ARG python_version=3.13-slim
 FROM --platform=linux/amd64 ghcr.io/owl-corp/python-poetry-base:$python_version AS wheel-builder
 
 # Install build dependencies
-RUN apt-get update && apt-get install --no-install-recommends -y libldap2-dev libsasl2-dev gcc && apt autoclean && rm -rf /var/lib/apt/lists/*
-
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y \
+    libldap2-dev \
+    libsasl2-dev \
+    gcc \
+    heimdal-dev \
+    && apt autoclean && rm -rf /var/lib/apt/lists/*
+
+# Install project dependencies with build tools available
 COPY pyproject.toml poetry.lock ./
+RUN poetry install --without dev --with ldap --no-root
 
-# Only the LDAP group has deps that requires gcc, so only build that for now
-RUN poetry install --only ldap --no-root
+# -------------------------------------------------------------------------------
 
 FROM --platform=linux/amd64 ghcr.io/owl-corp/python-poetry-base:$python_version
+COPY --from=wheel-builder /opt/poetry/cache /opt/poetry/cache
 
 RUN apt-get update && apt-get install --no-install-recommends -y libmagickwand-dev && rm -rf /var/lib/apt/lists/*
 
+# Install dependencies from build cache
 WORKDIR /app
-
-# Copy the pre-built LDAP group from the build stage that required gcc
-COPY --from=wheel-builder /opt/poetry/cache /opt/poetry/cache
-
-# Install the rest of the dependencies
 COPY pyproject.toml poetry.lock ./
 RUN poetry install --without dev --with ldap --no-root
 
diff --git a/poetry.lock b/poetry.lock
index 5c9d86b..b09fcf9 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -600,6 +600,17 @@ test = ["certifi (>=2024)", "cryptography-vectors (==44.0.1)", "pretend (>=0.7)"
 test-randomorder = ["pytest-randomly"]
 
 [[package]]
+name = "decorator"
+version = "5.1.1"
+description = "Decorators for Humans"
+optional = false
+python-versions = ">=3.5"
+files = [
+    {file = "decorator-5.1.1-py3-none-any.whl", hash = "sha256:b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186"},
+    {file = "decorator-5.1.1.tar.gz", hash = "sha256:637996211036b6385ef91435e4fae22989472f9d571faba8927ba8253acbc330"},
+]
+
+[[package]]
 name = "deprecation"
 version = "2.1.0"
 description = "A library to handle automated deprecations"
@@ -645,6 +656,26 @@ files = [
 ]
 
 [[package]]
+name = "dnspython"
+version = "2.7.0"
+description = "DNS toolkit"
+optional = false
+python-versions = ">=3.9"
+files = [
+    {file = "dnspython-2.7.0-py3-none-any.whl", hash = "sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86"},
+    {file = "dnspython-2.7.0.tar.gz", hash = "sha256:ce9c432eda0dc91cf618a5cedf1a4e142651196bbcd2c80e89ed5a907e5cfaf1"},
+]
+
+[package.extras]
+dev = ["black (>=23.1.0)", "coverage (>=7.0)", "flake8 (>=7)", "hypercorn (>=0.16.0)", "mypy (>=1.8)", "pylint (>=3)", "pytest (>=7.4)", "pytest-cov (>=4.1.0)", "quart-trio (>=0.11.0)", "sphinx (>=7.2.0)", "sphinx-rtd-theme (>=2.0.0)", "twine (>=4.0.0)", "wheel (>=0.42.0)"]
+dnssec = ["cryptography (>=43)"]
+doh = ["h2 (>=4.1.0)", "httpcore (>=1.0.0)", "httpx (>=0.26.0)"]
+doq = ["aioquic (>=1.0.0)"]
+idna = ["idna (>=3.7)"]
+trio = ["trio (>=0.23)"]
+wmi = ["wmi (>=1.5.1)"]
+
+[[package]]
 name = "filelock"
 version = "3.17.0"
 description = "A platform independent file lock."
@@ -762,6 +793,43 @@ files = [
 ]
 
 [[package]]
+name = "gssapi"
+version = "1.9.0"
+description = "Python GSSAPI Wrapper"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "gssapi-1.9.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:261e00ac426d840055ddb2199f4989db7e3ce70fa18b1538f53e392b4823e8f1"},
+    {file = "gssapi-1.9.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:14a1ae12fdf1e4c8889206195ba1843de09fe82587fa113112887cd5894587c6"},
+    {file = "gssapi-1.9.0-cp310-cp310-win32.whl", hash = "sha256:2a9c745255e3a810c3e8072e267b7b302de0705f8e9a0f2c5abc92fe12b9475e"},
+    {file = "gssapi-1.9.0-cp310-cp310-win_amd64.whl", hash = "sha256:dfc1b4c0bfe9f539537601c9f187edc320daf488f694e50d02d0c1eb37416962"},
+    {file = "gssapi-1.9.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:67d9be5e34403e47fb5749d5a1ad4e5a85b568e6a9add1695edb4a5b879f7560"},
+    {file = "gssapi-1.9.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:11e9b92cef11da547fc8c210fa720528fd854038504103c1b15ae2a89dce5fcd"},
+    {file = "gssapi-1.9.0-cp311-cp311-win32.whl", hash = "sha256:6c5f8a549abd187687440ec0b72e5b679d043d620442b3637d31aa2766b27cbe"},
+    {file = "gssapi-1.9.0-cp311-cp311-win_amd64.whl", hash = "sha256:59e1a1a9a6c5dc430dc6edfcf497f5ca00cf417015f781c9fac2e85652cd738f"},
+    {file = "gssapi-1.9.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b66a98827fbd2864bf8993677a039d7ba4a127ca0d2d9ed73e0ef4f1baa7fd7f"},
+    {file = "gssapi-1.9.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2bddd1cc0c9859c5e0fd96d4d88eb67bd498fdbba45b14cdccfe10bfd329479f"},
+    {file = "gssapi-1.9.0-cp312-cp312-win32.whl", hash = "sha256:10134db0cf01bd7d162acb445762dbcc58b5c772a613e17c46cf8ad956c4dfec"},
+    {file = "gssapi-1.9.0-cp312-cp312-win_amd64.whl", hash = "sha256:e28c7d45da68b7e36ed3fb3326744bfe39649f16e8eecd7b003b082206039c76"},
+    {file = "gssapi-1.9.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:cea344246935b5337e6f8a69bb6cc45619ab3a8d74a29fcb0a39fd1e5843c89c"},
+    {file = "gssapi-1.9.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:1a5786bd9fcf435bd0c87dc95ae99ad68cefcc2bcc80c71fef4cb0ccdfb40f1e"},
+    {file = "gssapi-1.9.0-cp313-cp313-win32.whl", hash = "sha256:c99959a9dd62358e370482f1691e936cb09adf9a69e3e10d4f6a097240e9fd28"},
+    {file = "gssapi-1.9.0-cp313-cp313-win_amd64.whl", hash = "sha256:a2e43f50450e81fe855888c53df70cdd385ada979db79463b38031710a12acd9"},
+    {file = "gssapi-1.9.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:c0e378d62b2fc352ca0046030cda5911d808a965200f612fdd1d74501b83e98f"},
+    {file = "gssapi-1.9.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:b74031c70864d04864b7406c818f41be0c1637906fb9654b06823bcc79f151dc"},
+    {file = "gssapi-1.9.0-cp38-cp38-win32.whl", hash = "sha256:f2f3a46784d8127cc7ef10d3367dedcbe82899ea296710378ccc9b7cefe96f4c"},
+    {file = "gssapi-1.9.0-cp38-cp38-win_amd64.whl", hash = "sha256:a81f30cde21031e7b1f8194a3eea7285e39e551265e7744edafd06eadc1c95bc"},
+    {file = "gssapi-1.9.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:cbc93fdadd5aab9bae594538b2128044b8c5cdd1424fe015a465d8a8a587411a"},
+    {file = "gssapi-1.9.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:5b2a3c0a9beb895942d4b8e31f515e52c17026e55aeaa81ee0df9bbfdac76098"},
+    {file = "gssapi-1.9.0-cp39-cp39-win32.whl", hash = "sha256:060b58b455d29ab8aca74770e667dca746264bee660ac5b6a7a17476edc2c0b8"},
+    {file = "gssapi-1.9.0-cp39-cp39-win_amd64.whl", hash = "sha256:11c9fe066edb0fa0785697eb0cecf2719c7ad1d9f2bf27be57b647a617bcfaa5"},
+    {file = "gssapi-1.9.0.tar.gz", hash = "sha256:f468fac8f3f5fca8f4d1ca19e3cd4d2e10bd91074e7285464b22715d13548afe"},
+]
+
+[package.dependencies]
+decorator = "*"
+
+[[package]]
 name = "h11"
 version = "0.14.0"
 description = "A pure-Python, bring-your-own-I/O implementation of HTTP/1.1"
@@ -1542,19 +1610,19 @@ cli = ["click (>=5.0)"]
 
 [[package]]
 name = "python-freeipa"
-version = "1.0.8"
+version = "1.0.9"
 description = "Lightweight FreeIPA client"
 optional = false
-python-versions = "*"
+python-versions = "<4.0,>=3.9"
 files = [
-    {file = "python-freeipa-1.0.8.tar.gz", hash = "sha256:9e9424cf17ff4d4a7e903cc2836b67c87a86d19e0db6c7cf652b79e65fc56f4b"},
+    {file = "python_freeipa-1.0.9-py3-none-any.whl", hash = "sha256:4d8d7203b5ad937bfa4163e3feb06020c60937053b96339d08d4e6f6040971cf"},
+    {file = "python_freeipa-1.0.9.tar.gz", hash = "sha256:3f871e27de594700b20588245593757e107309ddcc890d6caa66f412ed978b40"},
 ]
 
 [package.dependencies]
 requests = "*"
-
-[package.extras]
-tests = ["responses"]
+requests-gssapi = "*"
+srvlookup = "*"
 
 [[package]]
 name = "python-keycloak"
@@ -1660,6 +1728,24 @@ socks = ["PySocks (>=1.5.6,!=1.5.7)"]
 use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
 
 [[package]]
+name = "requests-gssapi"
+version = "1.3.0"
+description = "A GSSAPI authentication handler for python-requests"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "requests-gssapi-1.3.0.tar.gz", hash = "sha256:4d52bf8c2aa2a829130efcca85c14943fdd0aa75455aab985b2b8726159c20ca"},
+    {file = "requests_gssapi-1.3.0-py3-none-any.whl", hash = "sha256:f36303cd989c54d54630c30f1ef73d7e23acdede2285c941631192e51b4da418"},
+]
+
+[package.dependencies]
+gssapi = "*"
+requests = ">=1.1.0"
+
+[package.extras]
+dev = ["black (==24.2.0)", "isort (==5.13.2)", "pytest", "tox (>=4.0.0)"]
+
+[[package]]
 name = "requests-toolbelt"
 version = "1.0.0"
 description = "A utility belt for advanced users of python-requests"
@@ -1789,6 +1875,22 @@ files = [
 ]
 
 [[package]]
+name = "srvlookup"
+version = "3.0.0"
+description = "Service lookup using DNS SRV records"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "srvlookup-3.0.0.tar.gz", hash = "sha256:8c0d96501df0117bce82ac2076a03a1c450bca43dc4cf83e54b026f6c2ed5c3e"},
+]
+
+[package.dependencies]
+dnspython = ">=2.0.0"
+
+[package.extras]
+testing = ["coverage", "flake8", "flake8-comprehensions", "flake8-deprecated", "flake8-import-order", "flake8-print", "flake8-quotes", "flake8-rst-docstrings", "flake8-tuple", "yapf"]
+
+[[package]]
 name = "statsd"
 version = "4.0.1"
 description = "A simple statsd client."
@@ -2061,4 +2163,4 @@ propcache = ">=0.2.0"
 [metadata]
 lock-version = "2.0"
 python-versions = "~=3.13.0"
-content-hash = "d77500c82966dcf248e9944fc9700fdedcafc513cc2a654a7912c41c909deb52"
+content-hash = "87027aac2cf49f679aabf0870ecbadb9c997779dfef249357c5c477ac6688013"
diff --git a/pyproject.toml b/pyproject.toml
index 621125d..a15ad53 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -20,7 +20,7 @@ kubernetes_asyncio = "32.0.0"
 loguru = "0.7.3"
 pydantic = "2.10.6"
 pydantic-settings = "2.7.1"
-python-freeipa = "1.0.8"  # 1.0.9 adds gssapi which currently can't be built in our image
+python-freeipa = "1.0.9"
 python-keycloak = "5.3.1"
 sentry-sdk = "2.21.0"
 tabulate = { extras = ["widechars"], version = "0.9.0" }
author	Chris Lovering <[email protected]>	2025-02-15 16:31:55 +0000
committer	Chris Lovering <[email protected]>	2025-02-15 16:33:13 +0000
commit	9699e6eee373e48f901a3993e562674855f54700 (patch)
tree	7ee501950cbc29df31a12d094590f644d9871073
parent	Sort dependencies (diff)