Merge remote-tracking branch 'upstream/main' into feature/default-request-library

Author: AndyTitu

.github/ISSUE_TEMPLATE/1-bug-report.yml

@@ -0,0 +1,36 @@
+name: "🐛 Bug Report"
+description: Something isn't working as expected.
+labels: ["bug"]
+body:
+  - type: textarea
+    id: scenario
+    attributes:
+      label: Scenario & Reproduction Steps
+      description: When do you encounter this problem?
+      placeholder: "Please share as much context as you can about when you encounter this problem. If possible, sharing the steps to reproduce is immensely helpful."
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior
+      description: What is happening?
+      placeholder: "Please tell us about the problem you're encountering. e.g. an error you're encountering or an unexpected return value"
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: What would you have expected happened instead?
+      placeholder: "Please share what you had expected to happen. How should this have behaved?"
+  - type: input
+    id: version
+    attributes:
+      label: SDK version
+      description: "You can find the version you're using by running `npm list @1password/sdk`."
+  - type: textarea
+    id: info
+    attributes:
+      label: Additional information
+      description: Any additional information that's relevant to add?

.github/ISSUE_TEMPLATE/2-improvement.yml

@@ -0,0 +1,29 @@
+name: "↗️ Improvement"
+description: Something works but can be made better.
+labels: ["improvement"]
+body:
+  - type: textarea
+    id: current
+    attributes:
+      label: Current Behavior
+      description: How does this currently work?
+      placeholder: "Please tell us what you're currently doing and what hurdles you're running into with this."
+    validations:
+      required: true
+  - type: textarea
+    id: desired
+    attributes:
+      label: Desired Behavior
+      description: How would you prefer for this to work?
+      placeholder: "Please share how you'd prefer for this to work."
+  - type: textarea
+    id: value
+    attributes:
+      label: Benefits & Value
+      description: What is better about the new behavior? How will this help you?
+      placeholder: "Please share what benefits you'd like to get out of this improvement. What would you use this for? How does that improve with this change? Why should this change be made?"
+  - type: textarea
+    id: info
+    attributes:
+      label: Additional information
+      description: Any additional information that's relevant to add?

.github/ISSUE_TEMPLATE/3-feature-request.yml

@@ -0,0 +1,23 @@
+name: "✨ Feature request"
+description: I'd like to request new functionality.
+labels: ["feature-request"]
+body:
+  - type: textarea
+    id: usecase
+    attributes:
+      label: Use Case
+      description: What are you trying to achieve?
+      placeholder: "Tell us about the problem you're trying to solve. The more context you add, the better we can align a solution with your problem."
+    validations:
+      required: true
+  - type: textarea
+    id: requirements
+    attributes:
+      label: Requirements and desired behavior
+      description: What should the SDK do?
+      placeholder: If you already have an idea for what you'd like to be available in the SDK to solve your problem, feel free to share that here. How would you expect this to behave?
+  - type: textarea
+    id: info
+    attributes:
+      label: Additional information
+      description: Any additional information that's relevant to add?

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: "💬 Chat with us on Slack"
+    url: https://developer.1password.com/joinslack
+    about: Chat with us about SDKs in our Developer Slack workspace.
+  - name: "❓ General 1Password questions"
+    url: https://1password.community
+    about: I have a question about 1Password that's not directly related to SDKs.

.github/workflows/check-signed-commits.yml

@@ -0,0 +1,13 @@
+name: Check signed commits in PR 
+on: pull_request_target
+
+jobs:
+  build:
+    name: Check signed commits in PR 
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@main

.github/workflows/ok-to-test.yml

@@ -0,0 +1,25 @@
+# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
+name: Ok To Test
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  ok-to-test:
+    runs-on: ubuntu-latest
+    # required permissions for adding reactions to the pull request comments
+    permissions:
+      pull-requests: write
+    # Only run for PRs, not issue comments
+    if: ${{ github.event.issue.pull_request }}
+    steps:
+    - name: Slash Command Dispatch
+      uses: peter-evans/slash-command-dispatch@v3
+      with:
+        token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} 
+        reaction-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-type: pull-request
+        commands: ok-to-test
+        # The repository permission level required by the user to dispatch commands. Only allows 1Password collaborators to run this.
+        permission: write

.github/workflows/validate.yml

@@ -8,10 +8,14 @@ on:
   pull_request:
     paths-ignore:
       - '**.md'
+  repository_dispatch:
+    types: [ ok-to-test-command ]
 
 jobs:
 
-  validate:
+  integration-test-trusted:
+    # actions that are trusted by default must only be opened from within the repo, and skipped for forks because they'll fail there
+    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
@@ -47,5 +51,77 @@ jobs:
       - name: Lint with Ruff
         run: |
           pip install ruff
-          ruff check --output-format=github --exclude=src/onepassword/lib/ .
+          ruff check --output-format=github --exclude=src/onepassword/lib/,example/ .
         continue-on-error: true
+
+  # This action is called by the /ok-to-test command, once the forked PR's code has been security reviewed.
+  # It will checkout the forked (and now trusted) code and it will run the integration tests on it.
+  # If the tests are successful this action will proceed to update the status of the forked PR integration check.
+  integration-test-fork:
+    # required permissions for updating the status of the pull request checks
+    permissions:
+      pull-requests: write
+      checks: write
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    if: |
+      github.event_name == 'repository_dispatch' &&
+      github.event.client_payload.slash_command.args.named.sha != '' &&
+      contains(
+        github.event.client_payload.pull_request.head.sha,
+        github.event.client_payload.slash_command.args.named.sha
+      )
+    steps:
+
+    # Check out merge commit
+    - name: Fork based /ok-to-test checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.client_payload.pull_request.head.sha }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.x'
+          
+    - name: Integration Test
+      env:
+        OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }}
+      run: |
+        pip install pytest &&
+        pip install pytest-asyncio &&
+        pip install pydantic &&
+        python -m pytest src/onepassword/test_client.py
+
+    - run: |
+        echo "Integration tests completed successfully!"
+
+    # Update check run called "integration-fork" on the forked PR
+    - uses: actions/github-script@v6
+      id: update-check-run
+      if: ${{ always() }}
+      env:
+        job: ${{ github.job }}
+        ref: ${{ github.event.client_payload.pull_request.head.sha }}
+        # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
+        conclusion: ${{ job.status }} 
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const { data: checks } = await github.rest.checks.listForRef({
+            ...context.repo,
+            process.env.ref
+          });
+
+          const check = checks.check_runs.filter(c => c.name === process.env.job);
+
+          const { data: result } = await github.rest.checks.update({
+            ...context.repo,
+            check_run_id: check[0].id,
+            status: 'completed',
+            conclusion: process.env.conclusion
+          });
+
+          return result;

Makefile

@@ -0,0 +1,7 @@
+release:
+	src/release/scripts/release.sh
+
+prep-release:
+	src/release/scripts/prep-release.sh
+
+

README.md

@@ -1,11 +1,11 @@
 <p align="center">
   <a href="https://1password.com">
-      <h1 align="center">1Password Python SDK (beta)</h1>
+      <h1 align="center">1Password Python SDK</h1>
   </a>
 </p>
 
 <p align="center">
- <h4 align="center"> ❗ The 1Password SDK project is in beta. Future iterations may bring backwards-incompatible changes.</h4>
+ <h4 align="center">Build integrations that programmatically access your secrets in 1Password.</h4>
 </p>
 
 <p align="center">
@@ -14,27 +14,21 @@
 
 ---
 
-The 1Password Python SDK offers programmatic access to your secrets in 1Password with Python. During the beta, you can create, retrieve, update, and delete items and resolve secret references.
+## Requirements
 
-## 🔑 Authentication
+The 1Password Python SDK requires:
 
-1Password SDKs support authentication with [1Password Service Accounts](https://developer.1password.com/docs/service-accounts/get-started/). 
+- `libssl` 3
+- `glibc` 2.32 or later
 
-Before you get started, [create a service account](https://developer.1password.com/docs/service-accounts/get-started/#create-a-service-account) and give it the appropriate permissions in the vaults where the items you want to use with the SDK are saved.
-
-## ❗ Limitations
-
-1Password SDKs don't yet support using secret references with query parameters, so you can't retrieve file attachments or SSH keys, or get more information about field metadata.
-
-1Password SDKs currently only support operations on text and concealed fields. As a result, you can't edit items that include information saved in other types of fields.
-
-When managing items with 1Password SDKs, you must use [unique identifiers (IDs)](https://developer.1password.com/docs/sdks/concepts#unique-identifiers) in place of vault, item, and field names.
+If you're running a Linux distribution that still uses `libssl` version 1.1.1, such as Debian 11 or Ubuntu 20.04, you'll need to update to a later version of Linux or install the required dependencies.
 
 ## 🚀 Get started
 
 To use the 1Password Python SDK in your project:
 
-1. Provision your [service account](#authentication) token. We recommend provisioning your token from the environment. For example, to export your token to the `OP_SERVICE_ACCOUNT_TOKEN` environment variable:
+1. [Create a service account](https://my.1password.com/developer-tools/infrastructure-secrets/serviceaccount/) and give it the appropriate permissions in the vaults where the items you want to use with the SDK are saved.
+2. Provision your service account token. We recommend provisioning your token from the environment. For example, to export your token to the `OP_SERVICE_ACCOUNT_TOKEN` environment variable:
 
    **macOS or Linux**
 
@@ -48,13 +42,13 @@ To use the 1Password Python SDK in your project:
    $Env:OP_SERVICE_ACCOUNT_TOKEN = "<your-service-account-token>"
    ```
 
-2. Install the 1Password Python SDK in your project:
+3. Install the 1Password Python SDK in your project:
 
    ```bash
-   pip install git+ssh://[email protected]/1Password/[email protected].0-beta.9
+   pip install git+ssh://[email protected]/1Password/[email protected].1
    ```
 
-3. Use the Python SDK in your project:
+4. Use the Python SDK in your project:
 
 ```python
 import asyncio
@@ -77,10 +71,69 @@ if __name__ == '__main__':
 
 ```
 
-Make sure to use [secret reference URIs](https://developer.1password.com/docs/cli/secrets-reference-syntax/) with the syntax `op://vault/item/field` to securely load secrets from 1Password into your code.
+Make sure to use [secret reference URIs](https://developer.1password.com/docs/cli/secret-reference-syntax/) with the syntax `op://vault/item/field` to securely load secrets from 1Password into your code.
+
+## Supported functionality
+
+1Password SDKs are in active development. We're keen to hear what you'd like to see next. Let us know by [upvoting](https://github.com/1Password/onepassword-sdk-python/issues) or [filing](https://github.com/1Password/onepassword-sdk-python/issues/new/choose) an issue.
+
+### Item management
+
+Operations:
+
+- [x] [Retrieve secrets](https://developer.1password.com/docs/sdks/load-secrets)
+- [x] [Retrieve items](https://developer.1password.com/docs/sdks/manage-items#get-an-item)
+- [x] [Create items](https://developer.1password.com/docs/sdks/manage-items#create-an-item)
+- [x] [Update items](https://developer.1password.com/docs/sdks/manage-items#update-an-item)
+- [x] [Delete items](https://developer.1password.com/docs/sdks/manage-items#delete-an-item)
+- [x] [List items](https://developer.1password.com/docs/sdks/list-vaults-items/)
+- [ ] Add & update tags on items
+
+Field types:
+- [x] API Keys
+- [x] Passwords
+- [x] Concealed fields
+- [x] Text fields
+- [x] Notes
+- [x] SSH private keys (partially supported: supported in resolving secret references, not yet supported in item create/get/update)
+- [ ] SSH public keys, fingerprint and key type
+- [x] One-time passwords
+- [x] URLs
+- [ ] Websites (used to suggest and autofill logins)
+- [x] Phone numbers
+- [x] Credit card types
+- [ ] Files attachments and Document items
+
+### Vault management
+- [ ] Retrieve vaults
+- [ ] Create vaults ([#36](https://github.com/1Password/onepassword-sdk-python/issues/36))
+- [ ] Update vaults
+- [ ] Delete vaults
+- [x] [List vaults](https://developer.1password.com/docs/sdks/list-vaults-items/)
+
+### User & access management
+- [ ] Provision users
+- [ ] Retrieve users
+- [ ] List users
+- [ ] Suspend users
+- [ ] Create groups
+- [ ] Update group membership
+- [ ] Update vault access & permissions
+
+### Compliance & reporting
+- [ ] Watchtower insights
+- [ ] Travel mode
+- [ ] Events. For now, use [1Password Events Reporting API](https://developer.1password.com/docs/events-api/) directly.
+
+### Authentication
+
+- [x] [1Password Service Accounts](https://developer.1password.com/docs/service-accounts/get-started/)
+- [ ] User authentication
+- [ ] 1Password Connect. For now, use [1Password/connect-sdk-go](https://github.com/1Password/connect-sdk-go).
 
 ## 📖 Learn more
 
 - [Load secrets with 1Password SDKs](https://developer.1password.com/docs/sdks/load-secrets)
 - [Manage items with 1Password SDKs](https://developer.1password.com/docs/sdks/manage-items)
+- [List vaults and items with 1Password SDKs](https://developer.1password.com/docs/sdks/list-vaults-items)
 - [1Password SDK concepts](https://developer.1password.com/docs/sdks/concepts)