Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/hashicorp/vault/api from 1.0.4 to 1.1.0 #15

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Bump github.com/hashicorp/vault/api from 1.0.4 to 1.1.0 #15

wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 1, 2021
edited
Loading

Bumps github.com/hashicorp/vault/api from 1.0.4 to 1.1.0.

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.1.0 (March 18th, 2019)

CHANGES:

  • auth/jwt: The groups_claim_delimiter_pattern field has been removed. If the groups claim is not at the top level, it can now be specified as a JSONPointer.
  • auth/jwt: Roles now have a "role type" parameter with a default type of "oidc". To configure new JWT roles, a role type of "jwt" must be explicitly specified.
  • cli: CLI commands deprecated in 0.9.2 are now removed. Please see the CLI help/warning output in previous versions of Vault for updated commands.
  • core: Vault no longer automatically mounts a K/V backend at the "secret/" path when initializing Vault
  • core: Vault's cluster port will now be open at all times on HA standby nodes
  • plugins: Vault no longer supports running netRPC plugins. These were deprecated in favor of gRPC based plugins and any plugin built since 0.9.4 defaults to gRPC. Older plugins may need to be recompiled against the latest Vault dependencies.

FEATURES:

  • Vault Agent Caching: Vault Agent can now be configured to act as a caching proxy to Vault. Clients can send requests to Vault Agent and the request will be proxied to the Vault server and cached locally in Agent. Currently Agent will cache generated leases and tokens and keep them renewed. The proxy can also use the Auto Auth feature so clients do not need to authenticate to Vault, but rather can make requests to Agent and have Agent fully manage token lifecycle.
  • OIDC Redirect Flow Support: The JWT auth backend now supports OIDC roles. These allow authentication via an OIDC-compliant provider via the user's browser. The login may be initiated from the Vault UI or through the vault login command.
  • ACL Path Wildcard: ACL paths can now use the + character to enable wild card matching for a single directory in the path definition.
  • Transit Auto Unseal: Vault can now be configured to use the Transit Secret Engine in another Vault cluster as an auto unseal provider.

IMPROVEMENTS:

  • auth/jwt: A default role can be set. It will be used during JWT/OIDC logins if a role is not specified.
  • auth/jwt: Arbitrary claims data can now be copied into token & alias metadata.
  • auth/jwt: An arbitrary set of bound claims can now be configured for a role.
  • auth/jwt: The name "oidc" has been added as an alias for the jwt backend. Either name may be specified in the auth enable command.
  • command/server: A warning will be printed when 'tls_cipher_suites' includes a blacklisted cipher suite or all cipher suites are blacklisted by the HTTP/2 specification [GH-6300]
  • core/metrics: Prometheus pull support using a new sys/metrics endpoint. [GH-5308]

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 1, 2021
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/api-1.1.0 branch from a7896d1 to 7ce9fce Compare May 12, 2021 13:31
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/hashicorp/vault/api-1.1.0 branch from 7ce9fce to ea96be6 Compare May 12, 2021 13:33
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 14, 2021

A newer version of github.com/hashicorp/vault/api exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@trishankatdatadog