Pymongo-auth-aws

------------------------
- Add support for Python 3.13.

------------------------

- Support Python versions 3.8-3.12, to align with PyMongo 4 supported versions.
Drop support for Python 2.7, 3.4, 3.5, 3.6, and 3.7.
- Add Secure Software Development Life Cycle automation to release process.
GitHub Releases now include a Software Bill of Materials, and signature
files corresponding to the distribution files released on PyPI.

------------------------

- Use ``boto3`` to handle ``credentials``, expanding and standardizing
authorization capabilities. This includes EKS IAM credentials that use
``AssumeRoleWithWebIdentity``.
- Enable opt-in caching of fetched on-demand credentials, to prevent rate
limiting.
- Make the ``pymongo_auth_aws.auth.aws_temp_credentials`` function public
so it can be used in ``pymongocrypt``.


Notes
.....
Because we are now using ``boto3`` to handle credentials, the order and
locations of credentials are slightly different from before. Particularly,
if you have a shared AWS credentials or config file,
then those credentials will be used by default if AWS auth environment
variables are not set. To override this behavior, set
``AWS_SHARED_CREDENTIALS_FILE=""`` in your shell or add
``os.environ["AWS_SHARED_CREDENTIALS_FILE"] = ""`` to your script or
application. Alternatively, you can create an AWS profile specifically for
your MongoDB credentials and set ``AWS_PROFILE`` to that profile name.

------------------------

- Fix a bug which caused MONGODB-AWS authentication to fail in some
EC2 Instance configurations. Previous versions incorrectly used a POST
request when creating the session token for Instance Metadata Service
Version 2 (IMDSv2).

------------------------

- Fix a bug which caused authentication to fail when using non-default
STS hosts with more than one dot (``.``). For example,
"sts.us-west-2.amazonaws.com" is a valid STS host that would fail in
version 1.0.0.

------------------------

- Initial version.
- Implements `MONGODB-AWS authentication`_ support for PyMongo.

.. _credentials:
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html

.. _MONGODB-AWS authentication:
https://github.com/mongodb/specifications/blob/8f16c36/source/auth/auth.rst#mongodb-aws


=========================
pymongo-auth-aws Releases
=========================

Versioning
----------

pymongo-auth-aws's version numbers follow `semantic versioning`_: each version
number is structured "major.minor.patch". Patch releases fix bugs, minor
releases add features (and may fix bugs), and major releases include API
changes that break backwards compatibility (and may add features and fix
bugs).

In between releases we add .devN to the version number to denote the version
under development. So if we just released 1.0.0, then the current dev
version might be 1.0.1.dev0 or 1.1.0.dev0.

.. _semantic versioning: http://semver.org/

Release Process
---------------

pymongo-auth-aws ships universal Python wheels.

. Add a changelog entry for this release in CHANGELOG.rst.
. Bump "__version__" in pymongo-auth-aws/version.py. Commit the change and tag
the release. Immediately bump the "__version__" to "dev0" in a new commit::

$ Bump to release version number
$ git commit -a -m "pymongo-auth-aws <release version number>"
$ git tag -a <release version number> -m "pymongo-auth-aws <release version number>"
$ Bump to dev version number
$ git commit -a -m "BUMP pymongo-auth-aws <release version number>"
$ git push
$ git push --tags

. Build the release packages::

$ git clone gitgithub.com:mongodb/pymongo-auth-aws.git
$ cd pymongo-auth-aws/
$ git checkout "pymongo-auth-aws <release version number>"
$ python3 setup.py sdist
$ python3 setup.py bdist_wheel

This will create the following distributions::

$ ls dist
pymongo-auth-aws-<version>.tar.gz
pymongo-auth-aws-<version>-py2.py3-none-any.whl

. Upload all the release packages to PyPI with twine::

$ python3 -m twine upload dist/*