build(deps): bump github.com/hashicorp/vault/sdk from 0.9.0 to 0.9.1

[dependabot[bot]]

Bumps github.com/hashicorp/vault/sdk from 0.9.0 to 0.9.1.

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.9.1 (December 21st, 2017)

DEPRECATIONS/CHANGES:

• AppRole Case Sensitivity: In prior versions of Vault, list operations against AppRole roles would require preserving case in the role name, even though most other operations within AppRole are case-insensitive with respect to the role name. This has been fixed; existing roles will behave as they have in the past, but new roles will act case-insensitively in these cases.
• Token Auth Backend Roles parameter types: For allowed_policies and disallowed_policies in role definitions in the token auth backend, input can now be a comma-separated string or an array of strings. Reading a role will now return arrays for these parameters.
• Transit key exporting: You can now mark a key in the transit backend as exportable at any time, rather than just at creation time; however, once this value is set, it still cannot be unset.
• PKI Secret Backend Roles parameter types: For allowed_domains and key_usage in role definitions in the PKI secret backend, input can now be a comma-separated string or an array of strings. Reading a role will now return arrays for these parameters.
• SSH Dynamic Keys Method Defaults to 2048-bit Keys: When using the dynamic key method in the SSH backend, the default is now to use 2048-bit keys if no specific key bit size is specified.
• Consul Secret Backend lease handling: The consul secret backend can now accept both strings and integer numbers of seconds for its lease value. The value returned on a role read will be an integer number of seconds instead of a human-friendly string.
• Unprintable characters not allowed in API paths: Unprintable characters are no longer allowed in names in the API (paths and path parameters), with an extra restriction on whitespace characters. Allowed characters are those that are considered printable by Unicode plus spaces.

FEATURES:

• Transit Backup/Restore: The transit backend now supports a backup operation that can export a given key, including all key versions and configuration, as well as a restore operation allowing import into another Vault.
• gRPC Database Plugins: Database plugins now use gRPC for transport, allowing them to be written in other languages.
• Nomad Secret Backend: Nomad ACL tokens can now be generated and revoked using Vault.
• TLS Cert Auth Backend Improvements: The cert auth backend can now match against custom certificate extensions via exact or glob matching, and additionally supports max_ttl and periodic token toggles.

IMPROVEMENTS:

• auth/cert: Support custom certificate constraints [GH-3634]

... (truncated)

Commits

• 87b6919 Cut version 0.9.1
• b971438 Bump vars for 0.9.1
• ce4b28e Sync in plugin updates
• ea5a3dd changelog++
• 706591e Allow log level to be specified in an env var (#3721)
• 4122bc9 changelog++
• 10ab224 Bust recovery cache after unsealed is set true to force migration
• f46e6ca fix consul tls settings (#3719)
• ccf10f6 check schema and table before create it (#3716)
• 8c4f369 Revert grabbing lock in database Connection funcs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[TJM]

Interesting. I wonder why they would bump us to 0.9.1 from 2017 when 1.3.2 is out?

[alexhung]

@TJM being super cautious? 😄 I'm gonna reach out to our Vault contact at HashiCorp and ask what kind of risk we are taking on if we jump right to latest. The sdk and api modules are way old.

[TJM]

I was incorrect... apparently the version of the SDK is different than the release version on Vault, which is different than the API version, all of which (and more) are in the same git repo.

https://github.com/hashicorp/vault/tags

https://pkg.go.dev/github.com/hashicorp/vault/sdk/logical

We are now on the latest SDK and API.

[alexhung]

Ah right. I wish GitHub has better releases support for monorepo.