Skip to content

Commit

Permalink
vault: Update to 1.5.0
Browse files Browse the repository at this point in the history
July 21st, 2020

CHANGES:

* audit: Token TTL and issue time are now provided in the auth portion of
  audit logs. [GH-9091]
* auth/gcp: Changes the default name of the entity alias that gets created
  to be the role ID for both IAM and GCE authentication. [GH-99]
* core: Remove the addition of newlines to parsed configuration when using
  integer/boolean values [GH-8928]
* cubbyhole: Reject reads and writes to an empty ("") path. [GH-8971]
* storage/gcs: The credentials_file config option has been removed. The
  GOOGLE_APPLICATION_CREDENTIALS environment variable or default
  credentials may be used instead [GH-9424]
* storage/raft: The storage configuration now accepts a new max_entry_size
  config that will limit the total size in bytes of any entry committed via
  raft. It defaults to "1048576" (1MiB). [GH-9027]
* token: Token creation with custom token ID via id will no longer allow
  periods (.) as part of the input string. The final generated token value
  may contain periods, such as the s. prefix for service token
  indication. [GH-8646]
* token: Token renewals will now return token policies within the
  token_policies , identity policies within identity_policies, and the full
  policy set within policies. [GH-8535]

FEATURES:

* Monitoring: We have released a Splunk App [9] for Enterprise
  customers. The app is accompanied by an updated monitoring guide and a
  few new metrics to enable OSS users to effectively monitor Vault.
* Password Policies: Allows operators to customize how passwords are
  generated for select secret engines (OpenLDAP, Active Directory, Azure,
  and RabbitMQ).
* Replication UI Improvements: We have redesigned the replication UI to
  highlight the state and relationship between primaries and secondaries
  and improved management workflows, enabling a more holistic understanding
  of multiple Vault clusters.
* Resource Quotas: As of 1.5, Vault supports specifying a quota to rate
  limit requests on OSS and Enterprise. Enterprise customers also have
  access to set quotas on the number of leases that can be generated on a
  path.
* OpenShift Support: We have updated the Helm charts to allow users to
  install Vault onto their OpenShift clusters.
* Seal Migration: We have made updates to allow migrations from auto unseal
  to Shamir unseal on Enterprise.
* AWS Auth Web Identity Support: We've added support for AWS Web
  Identities, which will be used in the credentials chain if present.
* Vault Monitor: Similar to the monitor command for Consul and Nomad, we
  have added the ability for Vault to stream logs from other Vault servers
  at varying log levels.
* AWS Secrets Groups Support: IAM users generated by Vault may now be added
  to IAM Groups.
* Integrated Storage as HA Storage: In Vault 1.5, it is possible to use
  Integrated Storage as HA Storage with a different storage backend as
  regular storage.
* OIDC Auth Provider Extensions: We've added support to OIDC Auth to
  incorporate IdP-specific extensions. Currently this includes expanded
  Azure AD groups support.
* GCP Secrets: Support BigQuery dataset ACLs in absence of IAM endpoints.

IMPROVEMENTS:

* audit: Replication status requests are no longer audited. [GH-8877]
* audit: Added mount_type field to requests and responses. [GH-9167]
* auth/aws: Add support for Web Identity credentials [GH-7738]
* auth/jwt: Support users that are members of more than 200 groups on Azure
  [GH-120]
* auth/kerberos: Support identities without userPrincipalName [GH-44]
* auth/kubernetes: Allow disabling iss validation [GH-91]
* auth/kubernetes: Try reading the ca.crt and TokenReviewer JWT from the
  default service account [GH-83]
* cli: Support reading TLS parameters from file for the vault operator raft
  join command. [GH-9060]
* cli: Add a new subcommand, vault monitor, for tailing server logs in the
  console. [GH-8477]
* core: Add the Go version used to build a Vault binary to the server
  message output. [GH-9078]
* core: Added Password Policies for user-configurable password generation
  [GH-8637]
* core: New telemetry metrics covering token counts, token creation, KV
  secret counts, lease creation. [GH-9239] [GH-9250] [GH-9244] [GH-9052]
* physical/gcs: The storage backend now uses a dedicated client for HA lock
  updates to prevent lock table update failures when flooded by other
  client requests. [GH-9424]
* physical/spanner: The storage backend now uses a dedicated client for HA
  lock updates to prevent lock table update failures when flooded by other
  client requests. [GH-9423]
* plugin: Add SDK method, Sys.ReloadPlugin, and CLI command, vault plugin
  reload, for reloading plugins. [GH-8777]
* plugin (enterprise): Add a scope field to plugin reload, which when
  global, reloads the plugin anywhere in a cluster. [GH-9347]
* sdk/framework: Support accepting TypeFloat parameters over the API
  [GH-8923]
* secrets/aws: Add iam_groups parameter to role create/update [GH-8811]
* secrets/database: Add static role rotation for MongoDB Atlas database
  plugin [GH-11]
* secrets/database: Add static role rotation for MSSQL database plugin
  [GH-9062]
* secrets/database: Allow InfluxDB to use insecure TLS without cert bundle
  [GH-8778]
* secrets/gcp: Support BigQuery dataset ACLs in absence of IAM endpoints
  [GH-78]
* secrets/pki: Allow 3072-bit RSA keys [GH-8343]
* secrets/ssh: Add a CA-mode role option to specify signing algorithm
  [GH-9096]
* secrets/ssh: The Vault SSH Helper can now be configured to reference a
  mount in a namespace [GH-44]
* secrets/transit: Transit requests that make use of keys now include a new
  field key_version in their responses [GH-9100]
* secrets/transit: Improving transit batch encrypt and decrypt latencies
  [GH-8775]
* sentinel: Add a sentinel config section, and
  "additional_enabled_modules", a list of Sentinel modules that may be
  imported in addition to the defaults.
* ui: Update TTL picker styling on SSH secret engine [GH-8891]
* ui: Only render the JWT input field of the Vault login form on mounts
  configured for JWT auth [GH-8952]
* ui: Add replication dashboards. Improve replication management
  workflows. [GH-8705].
* ui: Update alert banners to match design systems black text. [GH-9463].

BUG FIXES:

* auth/oci: Fix issue where users of the Oracle Cloud Infrastructure (OCI)
  auth method could not authenticate when the plugin backend was mounted at
  a non-default path. [GH-7]
* core: Extend replicated cubbyhole fix in 1.4.0 to cover case where a
  performance primary is also a DR primary [GH-9148]
* seal/awskms: fix AWS KMS auto-unseal when AWS_ROLE_SESSION_NAME not set
  [GH-9416]
* sentinel: fix panic due to concurrent map access when rules iterate over
  metadata maps
* secrets/aws: Fix issue where performance standbys weren't able to
  generate STS credentials after an IAM access key rotation in AWS and root
  IAM credential update in Vault [GH-9186]
* secrets/database: Fix issue where rotating root database credentials
  while Vault's storage backend is unavailable causes Vault to lose access
  to the database [GH-8782]
* secrets/database: Fix issue that prevents performance standbys from
  connecting to databases after a root credential rotation [GH-9129]
* secrets/gcp: Fix issue were updates were not being applied to the
  token_scopes of a roleset. [GH-90]
* secrets/kv: Return the value of delete_version_after when reading
  kv/config, even if it is set to the default. [GH-42]
* ui: Add Toggle component into core addon so it is available in KMIP and
  other Ember Engines.[GH-8913]
* ui: Disallow max versions value of large than 9999999999999999 on kv2
  secrets engine. [GH-9242]
* ui: Add and upgrade missing dependencies to resolve a failure with make
  static-dist. [GH-9277]
  • Loading branch information
iquiw committed Jul 23, 2020
1 parent 9250cb1 commit ad65954
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 5 deletions.
2 changes: 1 addition & 1 deletion vault/Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# $NetBSD$

DISTNAME= vault-1.4.3
DISTNAME= vault-1.5.0
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=hashicorp/}

Expand Down
10 changes: 6 additions & 4 deletions vault/distinfo
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
$NetBSD$

SHA1 (vault-1.4.3.tar.gz) = b78225f2d06a4c9bb7c7e0136254de7b79c4503a
RMD160 (vault-1.4.3.tar.gz) = f50a00f8ac67f4a9821b8269af850f89b96add8a
SHA512 (vault-1.4.3.tar.gz) = 638bdeaaee122263d8f8c44b6db48b0f10869dd6f2cd6d35bcefb96e8b25dde4596a4a41f287d065f0cece01c5e75f9a4ae220864dddc381365fe57faeb2efe2
Size (vault-1.4.3.tar.gz) = 33169383 bytes
SHA1 (vault-1.5.0.tar.gz) = 8128f8ab999db6eafdd02e11bb32973b6f6bb65a
RMD160 (vault-1.5.0.tar.gz) = 628ec25d71fe3e76bdac0f7949388b876e41ec2c
SHA512 (vault-1.5.0.tar.gz) = 245d5ea837f561d6c3832a0cb28d851dabe908fac2be7e53d3fd466689778d67b2cd5d9ea8c297f8daceb003c571a9768254a7e27d1fbeb1a376ac75e3c6edfb
Size (vault-1.5.0.tar.gz) = 34940170 bytes
SHA1 (patch-vendor_github.com_docker_docker_client_client__unix.go) = 51a400f6adaa6abe4cd42c31cfba4f037d9d81e5
SHA1 (patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go) = 125e35b6f5e9a0cdec8c0a5e0b7c67cc326467ea
SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb
SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_term_termios__bsd.go) = 9696daf0158de14d8756748b0dc5398be9ff64f4
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
$NetBSD$

Build client_unix.go for NetBSD.

--- vendor/github.com/docker/docker/client/client_unix.go.orig 2020-07-18 02:21:10.000000000 +0000
+++ vendor/github.com/docker/docker/client/client_unix.go
@@ -1,4 +1,4 @@
-// +build linux freebsd openbsd darwin solaris illumos
+// +build linux freebsd openbsd netbsd darwin solaris illumos

package client // import "github.com/docker/docker/client"

Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
$NetBSD$

Provides stat conversion function for NetBSD.

--- vendor/github.com/docker/docker/pkg/system/stat_netbsd.go.orig 2020-07-23 04:42:05.263335746 +0000
+++ vendor/github.com/docker/docker/pkg/system/stat_netbsd.go
@@ -0,0 +1,13 @@
+package system
+
+import "syscall"
+
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+ return &StatT{size: s.Size,
+ mode: uint32(s.Mode),
+ uid: s.Uid,
+ gid: s.Gid,
+ rdev: uint64(s.Rdev),
+ mtim: s.Mtimespec}, nil
+}

0 comments on commit ad65954

Please sign in to comment.