Migrate from onelogin namespace to python3_saml namespace#441
Migrate from onelogin namespace to python3_saml namespace#441Nyefan wants to merge 7 commits intoSAML-Toolkits:masterfrom
onelogin namespace to python3_saml namespace#441Conversation
…to avoid conflicting with onelogin BREAKING CHANGE: imports will need to be changed from `from onelogin.<path> import ...` to `from python3_saml.<path> import ...`
chore(INFRA-831): move application to a new namespace (python3_saml) to avoid conflicting with onelogin
|
Hi @Nyefan, I will consider this change for a future 2.0.0 release. Can you provide more details about the HIGH CVE? In a new release of python3-saml I plan to force: |
|
Sorry, it took me awhile to get back to this - the problem we had is not the CVE in |
chore(INFRA-1072): migrate tests to the new package namespace (python3_saml)
SAML-Toolkits#441 BREAKING CHANGE - this increases the minimum supported python version from 3.7 to 3.8. There is no combination of lxml and xmlsec that I could find that passes tests on python 3.7.
SAML-Toolkits#441 BREAKING CHANGE - this increases the minimum supported python version from 3.7 to 3.8. There is no clean combination of lxml and xmlsec that I could find that passes tests on python 3.7.
ds/INFRA-1072
|
@pitbulk I have fixed the failing tests and updated xml and xmlsec to match the versions you mentioned above. If you're willing to accept this PR still, it should be ready to go to a version 2.0.0 whenever you're ready to pull the trigger. |
2 participants
Currently, any code base depending on both the
python3-samlandoneloginpackages are not able to use the latest versions of both packages. In particular, it is not possible to usepython3-saml>1.14.0oronelogin>3.1.6because of the conflictingonelogin.saml2.authpackage and the import ofonelogin.apiin onelogin's top level__init__.py.This can be mitigated by users by installing one or both in their own separate prefixes and manipulating the order of these prefixes in the PYTHONPATH at the beginning of any files which depend on either (but not both) package. However, this is clunky and error prone and can be fixed upstream by changing the import path of python3-saml from
onelogin.<package>topython3_saml.<package>.Also, there is a HIGH CVE in xmlsec and lxml that requires updating python3-saml to 1.16.0 to mitigate unless we want to build them from source every time we build a container.
This PR migrates all packages. tests, demos, build files, and the readme to use
python3_saml. Thedocsdirectory has been ignored since that is (maybe?) autogenerated from some other source, but I can update the docs as well if you are amenable to this change. It would be a breaking change for all consumers requiring a 2.0.0 release, but I suspect it would be a welcome one.