search

seatgeek / hashi-helper

Disaster Recovery and Configuration Management for Consul and Vault
BSD 3-Clause "New" or "Revised" License
187 stars 20 forks source link

Bump github.com/hashicorp/vault from 1.3.2 to 1.11.2 #283

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/hashicorp/vault from 1.3.2 to 1.11.2.

Release notes

Sourced from github.com/hashicorp/vault's releases.

v1.11.2

No release notes provided.

v1.11.1

No release notes provided.

v1.11.0

1.11.0

Unreleased

CHANGES:

  • auth/aws: Add RoleSession to DisplayName when using assumeRole for authentication [GH-14954]
  • auth: Remove support for legacy MFA (https://www.vaultproject.io/docs/v1.10.x/auth/mfa) [GH-14869]
  • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
  • core: Bump Go version to 1.17.9. [GH-go-ver-1110]
  • licensing (enterprise): Remove support for stored licenses and associated sys/license and sys/license/signed endpoints in favor of autoloaded licenses.
  • replication (enterprise): The /sys/replication/performance/primary/mount-filter endpoint has been removed. Please use Paths Filter instead.
  • ui: Upgrade Ember to version 3.28 [GH-14763]

FEATURES:

  • Non-Disruptive Intermediate/Root Certificate Rotation: This allows import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations. [GH-15277]
  • api/command: Global -output-policy flag to determine minimum required policy HCL for a given operation [GH-14899]
  • nomad: Bootstrap Nomad ACL system if no token is provided [GH-12451]
  • storage/dynamodb: Added AWS_DYNAMODB_REGION environment variable. [GH-15054]

IMPROVEMENTS:

  • agent/auto-auth: Add min_backoff to the method stanza for configuring initial backoff duration. [GH-15204]
  • agent: Update consult-template to v0.29.0 [GH-15293]
  • agent: Upgrade hashicorp/consul-template version for sprig template functions and improved writeTo function [GH-15092]
  • api: Add ability to pass certificate as PEM bytes to api.Client. [GH-14753]
  • api: Add context-aware functions to vault/api for each API wrapper function. [GH-14388]
  • api: Added MFALogin() for handling MFA flow when using login helpers. [GH-14900]
  • api: If the parameters supplied over the API payload are ignored due to not being what the endpoints were expecting, or if the parameters supplied get replaced by the values in the endpoint's path itself, warnings will be added to the non-empty responses listing all the ignored and replaced parameters. [GH-14962]
  • api: Provide a helper method WithNamespace to create a cloned client with a new NS [GH-14963]
  • api: Use the context passed to the api/auth Login helpers. [GH-14775]
  • auth/okta: Add support for Google provider TOTP type in the Okta auth method [GH-14985]
  • auth: enforce a rate limit for TOTP passcode validation attempts [GH-14864]
  • cli/debug: added support for retrieving metrics from DR clusters if unauthenticated_metrics_access is enabled [GH-15316]
  • cli/vault: warn when policy name contains upper-case letter [GH-14670]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault's changelog.

1.12.0

Unreleased

CHANGES:

  • core: Bump Go version to 1.17.12.
  • identity: a request to /identity/group that includes member_group_ids that contains a cycle will now be responded to with a 400 rather than 500 [GH-15912]
  • licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades will not be allowed if the license termination time is before the build date of the binary.

IMPROVEMENTS:

  • agent: Added disable_idle_connections configuration to disable leaving idle connections open in auto-auth, caching and templating. [GH-15986]
  • auth/oidc: Adds support for group membership parsing when using SecureAuth as an OIDC provider. [GH-16274]
  • core (enterprise): Add check to vault server command to ensure configured storage backend is supported.
  • core/activity: generate hyperloglogs containing clientIds for each month during precomputation [GH-16146]
  • core/activity: refactor activity log api to reuse partial api functions in activity endpoint when current month is specified [GH-16162]
  • core/activity: use monthly hyperloglogs to calculate new clients approximation for current month [GH-16184]
  • core/quotas (enterprise): Added ability to add path suffixes for lease-count resource quotas
  • core/quotas (enterprise): Added ability to add role information for lease-count resource quotas, to limit login requests on auth mounts made using that role
  • core/quotas: Added ability to add path suffixes for rate-limit resource quotas [GH-15989]
  • core/quotas: Added ability to add role information for rate-limit resource quotas, to limit login requests on auth mounts made using that role [GH-16115]
  • core: Add sys/loggers and sys/loggers/:name endpoints to provide ability to modify logging verbosity [GH-16111]
  • core: Limit activity log client count usage by namespaces [GH-16000]
  • docs: Clarify the behaviour of local mounts in the context of DR replication [GH-16218]
  • physical/postgresql: pass context to queries to propagate timeouts and cancellations on requests. [GH-15866]
  • plugins: Use AutoMTLS for secrets engines and auth methods run as external plugins. [GH-15671]
  • secret/nomad: allow reading CA and client auth certificate from /nomad/config/access [GH-15809]
  • secret/pki: Add signature_bits to sign-intermediate, sign-verbatim endpoints [GH-16124]
  • secret/pki: Allow issuing certificates with non-domain, non-email Common Names from roles, sign-verbatim, and as issuers (cn_validations). [GH-15996]
  • secret/transit: Allow importing Ed25519 keys from PKCS#8 with inner RFC 5915 ECPrivateKey blobs (NSS-wrapped keys). [GH-15742]
  • secrets/kubernetes: Add allowed_kubernetes_namespace_selector to allow selecting Kubernetes namespaces with a label selector when configuring roles. [GH-16240]
  • secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. [GH-16018]
  • ssh: Addition of an endpoint ssh/issue/:role to allow the creation of signed key pairs [GH-15561]
  • ui: Changed the tokenBoundCidrs tooltip content to clarify that comma separated values are not accepted in this field. [GH-15852]
  • ui: Removed deprecated version of core-js 2.6.11 [GH-15898]
  • website/docs: Update replication docs to mention Integrated Storage [GH-16063]

BUG FIXES:

  • agent/template: Fix parsing error for the exec stanza [GH-16231]
  • agent: Update consul-template for pkiCert bug fixes [GH-16087]
  • api/sys/internal/specs/openapi: support a new "dynamic" query parameter to generate generic mountpaths [GH-15835]
  • api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P.+) endpoints where it was not properly handling /auth/ [GH-15552]
  • api: properly handle switching to/from unix domain socket when changing client address [GH-11904]
  • core (enterprise): Fix bug where wrapping token lookup does not work within namespaces. [GH-15583]
  • core/auth: Return a 403 instead of a 500 for a malformed SSCT [GH-16112]
  • core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically [GH-16088]
  • core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty
  • core/seal: Fix possible keyring truncation when using the file backend. [GH-15946]

... (truncated)

Commits
  • 3a8aa12 backport of commit ab1c8339274bd23ceadebb1b0513694693c20add (#16277)
  • 4bd97c8 backport of commit dace65f781b2116aaf6cd3a6eabc5ce105140e7f (#16500)
  • 81aefc4 backport of commit eb6359bc3060b3b934955a2f9308daabda43162f (#16499)
  • a117c14 backport of commit 19fa7ea0aeec3e9bbca33cbe96f792151ae2de17 (#16496)
  • 79a5725 backport of commit 4bcc7e1bb3a799dacfa3c8a9081920636516a73f (#16493)
  • 719734c Backport of UI: Fix JWT Auth Failure to 1.11.2 (#16476)
  • 0935c8b backport of commit dc5133feafd6e0ad0554d5a0974e003b20120422 (#16490)
  • d7c1e3d Correct the Transit HMAC key source in docs (#16463) (#16467)
  • e251cc5 backport of commit 09696daf9681d10773db00d891cef866017d7db3 (#16457)
  • 2d79a90 backport of commit dc8689110d03f17d601611431d063ceb3101b13d (#16452)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #288.