Bump github.com/hashicorp/vault/api from 1.4.1 to 1.5.0 #69

Merged
dependabot[bot] merged 1 commits from dependabot/go_modules/github.com/hashicorp/vault/api-1.5.0 into v3 2022-03-26 17:10:13 +03:00
dependabot[bot] commented 2022-03-25 11:20:03 +03:00 (Migrated from github.com)

Bumps github.com/hashicorp/vault/api from 1.4.1 to 1.5.0.

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.5.0

July 21st, 2020

CHANGES:

  • audit: Token TTL and issue time are now provided in the auth portion of audit logs. [GH-9091]
  • auth/gcp: Changes the default name of the entity alias that gets created to be the role ID for both IAM and GCE authentication. [GH-99]
  • core: Remove the addition of newlines to parsed configuration when using integer/boolean values [GH-8928]
  • cubbyhole: Reject reads and writes to an empty ("") path. [GH-8971]
  • secrets/azure: Default password generation changed from uuid to cryptographically secure randomized string [GH-40]
  • storage/gcs: The credentials_file config option has been removed. The GOOGLE_APPLICATION_CREDENTIALS environment variable or default credentials may be used instead [GH-9424]
  • storage/raft: The storage configuration now accepts a new max_entry_size config that will limit the total size in bytes of any entry committed via raft. It defaults to "1048576" (1MiB). [GH-9027]
  • token: Token creation with custom token ID via id will no longer allow periods (.) as part of the input string. The final generated token value may contain periods, such as the s. prefix for service token indication. [GH-8646]
  • token: Token renewals will now return token policies within the token_policies , identity policies within identity_policies, and the full policy set within policies. [GH-8535]
  • go: Updated Go version to 1.14.4

FEATURES:

  • Monitoring: We have released a Splunk App [9] for Enterprise customers. The app is accompanied by an updated monitoring guide and a few new metrics to enable OSS users to effectively monitor Vault.
  • Password Policies: Allows operators to customize how passwords are generated for select secret engines (OpenLDAP, Active Directory, Azure, and RabbitMQ).
  • Replication UI Improvements: We have redesigned the replication UI to highlight the state and relationship between primaries and secondaries and improved management workflows, enabling a more holistic understanding of multiple Vault clusters.
  • Resource Quotas: As of 1.5, Vault supports specifying a quota to rate limit requests on OSS and Enterprise. Enterprise customers also have access to set quotas on the number of leases that can be generated on a path.
  • OpenShift Support: We have updated the Helm charts to allow users to install Vault onto their OpenShift clusters.
  • Seal Migration: We have made updates to allow migrations from auto unseal to Shamir unseal on Enterprise.
  • AWS Auth Web Identity Support: We've added support for AWS Web Identities, which will be used in the credentials chain if present.
  • Vault Monitor: Similar to the monitor command for Consul and Nomad, we have added the ability for Vault to stream logs from other Vault servers at varying log levels.
  • AWS Secrets Groups Support: IAM users generated by Vault may now be added to IAM Groups.
  • Integrated Storage as HA Storage: In Vault 1.5, it is possible to use Integrated Storage as HA Storage with a different storage backend as regular storage.
  • OIDC Auth Provider Extensions: We've added support to OIDC Auth to incorporate IdP-specific extensions. Currently this includes expanded Azure AD groups support.
  • GCP Secrets: Support BigQuery dataset ACLs in absence of IAM endpoints.
  • KMIP: Add support for signing client certificates requests (CSRs) rather than having them be generated entirely within Vault.

IMPROVEMENTS:

  • audit: Replication status requests are no longer audited. [GH-8877]
  • audit: Added mount_type field to requests and responses. [GH-9167]
  • auth/aws: Add support for Web Identity credentials [GH-7738]
  • auth/jwt: Support users that are members of more than 200 groups on Azure [GH-120]
  • auth/kerberos: Support identities without userPrincipalName [GH-44]
  • auth/kubernetes: Allow disabling iss validation [GH-91]
  • auth/kubernetes: Try reading the ca.crt and TokenReviewer JWT from the default service account [GH-83]
  • cli: Support reading TLS parameters from file for the vault operator raft join command. [GH-9060]
  • cli: Add a new subcommand, vault monitor, for tailing server logs in the console. [GH-8477]
  • core: Add the Go version used to build a Vault binary to the server message output. [GH-9078]
  • core: Added Password Policies for user-configurable password generation [GH-8637]
  • core: New telemetry metrics covering token counts, token creation, KV secret counts, lease creation. [GH-9239] [GH-9250] [GH-9244] [GH-9052]

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.4.1 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault/blob/main/CHANGELOG.md">github.com/hashicorp/vault/api's changelog</a>.</em></p> <blockquote> <h2>1.5.0</h2> <h3>July 21st, 2020</h3> <p>CHANGES:</p> <ul> <li>audit: Token TTL and issue time are now provided in the auth portion of audit logs. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9091">GH-9091</a>]</li> <li>auth/gcp: Changes the default name of the entity alias that gets created to be the role ID for both IAM and GCE authentication. [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-gcp/pull/99">GH-99</a>]</li> <li>core: Remove the addition of newlines to parsed configuration when using integer/boolean values [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8928">GH-8928</a>]</li> <li>cubbyhole: Reject reads and writes to an empty (&quot;&quot;) path. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8971">GH-8971</a>]</li> <li>secrets/azure: Default password generation changed from uuid to cryptographically secure randomized string [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-secrets-azure/pull/40">GH-40</a>]</li> <li>storage/gcs: The <code>credentials_file</code> config option has been removed. The <code>GOOGLE_APPLICATION_CREDENTIALS</code> environment variable or default credentials may be used instead [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9424">GH-9424</a>]</li> <li>storage/raft: The storage configuration now accepts a new <code>max_entry_size</code> config that will limit the total size in bytes of any entry committed via raft. It defaults to <code>&quot;1048576&quot;</code> (1MiB). [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9027">GH-9027</a>]</li> <li>token: Token creation with custom token ID via <code>id</code> will no longer allow periods (<code>.</code>) as part of the input string. The final generated token value may contain periods, such as the <code>s.</code> prefix for service token indication. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8646/files">GH-8646</a>]</li> <li>token: Token renewals will now return token policies within the <code>token_policies</code> , identity policies within <code>identity_policies</code>, and the full policy set within <code>policies</code>. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8535">GH-8535</a>]</li> <li>go: Updated Go version to 1.14.4</li> </ul> <p>FEATURES:</p> <ul> <li><strong>Monitoring</strong>: We have released a Splunk App [9] for Enterprise customers. The app is accompanied by an updated monitoring guide and a few new metrics to enable OSS users to effectively monitor Vault.</li> <li><strong>Password Policies</strong>: Allows operators to customize how passwords are generated for select secret engines (OpenLDAP, Active Directory, Azure, and RabbitMQ).</li> <li><strong>Replication UI Improvements</strong>: We have redesigned the replication UI to highlight the state and relationship between primaries and secondaries and improved management workflows, enabling a more holistic understanding of multiple Vault clusters.</li> <li><strong>Resource Quotas</strong>: As of 1.5, Vault supports specifying a quota to rate limit requests on OSS and Enterprise. Enterprise customers also have access to set quotas on the number of leases that can be generated on a path.</li> <li><strong>OpenShift Support</strong>: We have updated the Helm charts to allow users to install Vault onto their OpenShift clusters.</li> <li><strong>Seal Migration</strong>: We have made updates to allow migrations from auto unseal to Shamir unseal on Enterprise.</li> <li><strong>AWS Auth Web Identity Support</strong>: We've added support for AWS Web Identities, which will be used in the credentials chain if present.</li> <li><strong>Vault Monitor</strong>: Similar to the monitor command for Consul and Nomad, we have added the ability for Vault to stream logs from other Vault servers at varying log levels.</li> <li><strong>AWS Secrets Groups Support</strong>: IAM users generated by Vault may now be added to IAM Groups.</li> <li><strong>Integrated Storage as HA Storage</strong>: In Vault 1.5, it is possible to use Integrated Storage as HA Storage with a different storage backend as regular storage.</li> <li><strong>OIDC Auth Provider Extensions</strong>: We've added support to OIDC Auth to incorporate IdP-specific extensions. Currently this includes expanded Azure AD groups support.</li> <li><strong>GCP Secrets</strong>: Support BigQuery dataset ACLs in absence of IAM endpoints.</li> <li><strong>KMIP</strong>: Add support for signing client certificates requests (CSRs) rather than having them be generated entirely within Vault.</li> </ul> <p>IMPROVEMENTS:</p> <ul> <li>audit: Replication status requests are no longer audited. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8877">GH-8877</a>]</li> <li>audit: Added mount_type field to requests and responses. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9167">GH-9167</a>]</li> <li>auth/aws: Add support for Web Identity credentials [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/7738">GH-7738</a>]</li> <li>auth/jwt: Support users that are members of more than 200 groups on Azure [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-jwt/pull/120">GH-120</a>]</li> <li>auth/kerberos: Support identities without userPrincipalName [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-kerberos/issues/44">GH-44</a>]</li> <li>auth/kubernetes: Allow disabling <code>iss</code> validation [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-kubernetes/pull/91">GH-91</a>]</li> <li>auth/kubernetes: Try reading the ca.crt and TokenReviewer JWT from the default service account [<a href="https://github-redirect.dependabot.com/hashicorp/vault-plugin-auth-kubernetes/pull/83">GH-83</a>]</li> <li>cli: Support reading TLS parameters from file for the <code>vault operator raft join</code> command. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9060">GH-9060</a>]</li> <li>cli: Add a new subcommand, <code>vault monitor</code>, for tailing server logs in the console. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8477">GH-8477</a>]</li> <li>core: Add the Go version used to build a Vault binary to the server message output. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9078">GH-9078</a>]</li> <li>core: Added Password Policies for user-configurable password generation [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/8637">GH-8637</a>]</li> <li>core: New telemetry metrics covering token counts, token creation, KV secret counts, lease creation. [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9239">GH-9239</a>] [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9250">GH-9250</a>] [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9244">GH-9244</a>] [<a href="https://github-redirect.dependabot.com/hashicorp/vault/pull/9052">GH-9052</a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault/commit/340cc2fa263f6cbd2861b41518da8a62c153e2e7"><code>340cc2f</code></a> release: stage v1.5.0</li> <li><a href="https://github.com/hashicorp/vault/commit/6738690721a308d6773f86d8bce748ce50828b1e"><code>6738690</code></a> go mod vendor</li> <li><a href="https://github.com/hashicorp/vault/commit/871b5365aa3554ac7cf3128d5fbe950716000598"><code>871b536</code></a> Update SDK for 1.5</li> <li><a href="https://github.com/hashicorp/vault/commit/8e064d58f73c7b03f802d8fe2ddf58be46d9301c"><code>8e064d5</code></a> Add CL entry for mount_type addition (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9489">#9489</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9491">#9491</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/e1a7bc1d0e8dbdc555768b6d6751a59ba5a99da5"><code>e1a7bc1</code></a> Remove prefix for exception paths; add sys/internal/ui/mounts (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9512">#9512</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9517">#9517</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/678aece37e2dd3ff7c97ed779e4fc19a0fc30b52"><code>678aece</code></a> Backport 1.5.0: Updates the GCP auth plugin (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9507">#9507</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9508">#9508</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/5867017a7b7a5072555a11f1acec892ac365b30f"><code>5867017</code></a> Merge PR <a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9502">#9502</a>: Resource Quotas: Remove 'burst' Param from Rate Limiter (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9504">#9504</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/3cae7628630a1d846feb7bd5c948fce93a854e8b"><code>3cae762</code></a> remove default value based on workflow discussions (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9493">#9493</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9503">#9503</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/20ab4ab0e84ab5b8b7248d9cafb1401adcba4830"><code>20ab4ab</code></a> Fix quotas update (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9490">#9490</a>)</li> <li><a href="https://github.com/hashicorp/vault/commit/f21e736e13c1b92d20f996baf6368126f1cc7a4e"><code>f21e736</code></a> Remove namespace from mount_point label. (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9436">#9436</a>) (<a href="https://github-redirect.dependabot.com/hashicorp/vault/issues/9482">#9482</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/vault/compare/v1.4.1...v1.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/vault/api&package-manager=go_modules&previous-version=1.4.1&new-version=1.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-03-25 11:20:17 +03:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: unistack-org/micro-config-vault#69
No description provided.