From abde1821d7f69f89204d45ee3ba5920e31c92ebf Mon Sep 17 00:00:00 2001 From: cezmunsta Date: Mon, 3 Mar 2025 12:51:23 +0000 Subject: [PATCH] Bumped version to 1.10.8 --- CHANGELOG.md | 381 --------------------------------------------- README.md | 2 +- cmd/cli.go | 2 +- config/versions.go | 4 +- go.mod | 1 + go.sum | 2 + 6 files changed, 7 insertions(+), 385 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index b4be6e4..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,381 +0,0 @@ -# CHANGELOG - -## 2025-01-08 v1.10.7 - -The changelog has been replaced with the release notes and the -file will be removed in future releases. - -- Bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 (#296) -- Updated versions.go (#295) -- Bumped golang.org/x/net to v0.33.0 (#294) -- Bump github/codeql-action from 3.27.9 to 3.28.0 (#293) -- Bump github.com/hashicorp/vault/sdk from 0.13.0 to 0.14.0 (#257) -- Bump github.com/hashicorp/vault/api from 1.14.0 to 1.15.0 (#258) -- Bump github/codeql-action from 3.27.5 to 3.27.9 (#290) -- Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#291) -- Bump actions/setup-go from 5.1.0 to 5.2.0 (#287) -- Bump golang.org/x/crypto from 0.29.0 to 0.31.0 (#288) -- Bump github/codeql-action from 3.27.4 to 3.27.5 (#283) -- Bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#284) -- Bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.7 (#282) -- Bump step-security/harden-runner from 2.10.1 to 2.10.2 (#281) -- Bump github/codeql-action from 3.27.1 to 3.27.4 (#280) -- Bump github/codeql-action from 3.27.0 to 3.27.1 (#278) -- Bump github/codeql-action from 3.26.6 to 3.27.0 (#274) -- Bump actions/setup-go from 5.0.2 to 5.1.0 (#276) -- Bump actions/checkout from 4.1.7 to 4.2.2 (#275) -- Bump actions/dependency-review-action from 4.3.4 to 4.4.0 (#277) -- Bump actions/upload-artifact from 4.4.0 to 4.4.3 (#270) -- Bump step-security/harden-runner from 2.9.1 to 2.10.1 (#259) -- Bump step-security/harden-runner from 2.8.1 to 2.9.1 (#256) -- Bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#255) -- Bump github.com/docker/docker from 25.0.5+incompatible to 25.0.6+incompatible (#244) -- Bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 (#233) -- Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 (#242) -- Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#232) -- Bump actions/upload-artifact from 4.3.3 to 4.4.0 (#254) -- Bump github/codeql-action from 3.25.8 to 3.26.6 (#253) -- Bump actions/dependency-review-action from 4.3.3 to 4.3.4 (#237) -- Bump actions/setup-go from 5.0.1 to 5.0.2 (#236) -- Bump actions/checkout from 4.1.6 to 4.1.7 (#229) -- Bump step-security/harden-runner from 2.8.0 to 2.8.1 (#228) -- Bump actions/dependency-review-action from 4.3.2 to 4.3.3 (#227) -- Bump github/codeql-action from 3.25.6 to 3.25.8 (#226) - - -## 2024-05-29 v1.10.6 - -- Fixed config version constants (#224) -- Bumped Go to 1.22 (#223) -- Cleanup of go.sum (#222) -- Bump github.com/hashicorp/vault/api from 1.13.0 to 1.14.0 (#220) -- Bump github.com/hashicorp/vault/sdk from 0.12.0 to 0.13.0 (#219) -- Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 (#221) -- Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#214) -- Bump actions/checkout from 4.1.5 to 4.1.6 (#216) -- Bump github/codeql-action from 3.25.3 to 3.25.6 (#217) -- Bump step-security/harden-runner from 2.7.1 to 2.8.0 (#218) -- Bump actions/checkout from 4.1.4 to 4.1.5 (#212) -- Bump actions/setup-go from 5.0.0 to 5.0.1 (#211) -- Bump actions/dependency-review-action from 4.3.1 to 4.3.2 (#210) -- Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0 (#203) -- Bump github.com/hashicorp/vault/sdk from 0.11.1 to 0.12.0 (#197) -- Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#204) -- Bump actions/checkout from 4.1.2 to 4.1.4 (#206) -- Bump github/codeql-action from 3.24.10 to 3.25.3 (#207) -- Bump actions/dependency-review-action from 4.2.5 to 4.3.1 (#208) -- Bump step-security/harden-runner from 2.7.0 to 2.7.1 (#209) -- Bump golang.org/x/net from 0.17.0 to 0.23.0 (#201) -- Bump github/codeql-action from 3.24.9 to 3.24.10 (#196) -- Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#191) -- Bump github/codeql-action from 3.24.8 to 3.24.9 (#193) -- Bump actions/dependency-review-action from 4.1.3 to 4.2.5 (#195) -- Fixed missing versions in CHANGELOG - -## 2024-03-20 v1.10.5 - -- Bump step-security/harden-runner from 2.6.1 to 2.7.0 (#170) -- Bump github/codeql-action from 3.22.12 to 3.23.2 (#169) -- Bump actions/upload-artifact from 4.0.0 to 4.3.0 (#167) -- Bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#165) -- Bump github/codeql-action from 3.23.2 to 3.24.0 (#173) -- Bump github.com/opencontainers/runc from 1.1.6 to 1.1.12 (#171) -- Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0 (#168) -- Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#174) -- Bump github/codeql-action from 3.24.0 to 3.24.5 (#183) -- Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#181) -- Bump github.com/hashicorp/vault/sdk from 0.10.2 to 0.11.0 (#176) -- Bump github/codeql-action from 3.24.5 to 3.24.6 (#184) -- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#185) -- Bump github.com/hashicorp/vault/sdk from 0.11.0 to 0.11.1 (#188) -- Bump actions/checkout from 4.1.1 to 4.1.2 (#186) -- Bump github/codeql-action from 3.24.6 to 3.24.8 (#189) -- Bumped hashicorp/vault/api to v1.12.2 (#190) - -## 2024-01-08 v1.10.4 - -- Bump github.com/docker/docker (#126) -- Updated go-version for workflow (#127) -- Delete .github/workflows/push-go.yaml -- [StepSecurity] Apply security best practices (#128) -- Bump github.com/spf13/cobra from 1.4.0 to 1.7.0 (#137) -- Bump actions/checkout from 2.7.0 to 4.1.1 (#129) -- Bump ossf/scorecard-action from 2.0.6 to 2.3.1 (#132) -- Bump github/codeql-action from 2.1.27 to 2.22.5 (#130) -- Bump actions/upload-artifact from 3.1.0 to 3.1.3 (#134) -- Bump actions/dependency-review-action from 2.5.1 to 3.1.0 (#136) -- Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#135) -- Bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#133) -- Bump github.com/hashicorp/vault/sdk from 0.10.0 to 0.10.2 (#131) -- Display Vault API and SDK versions (#138) -- Create SECURITY.md (#139) -- Bump actions/dependency-review-action from 3.1.0 to 3.1.1 (#141) -- Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#140) -- Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#147) -- Updated golint version in workflow (#150) -- Bump actions/dependency-review-action from 3.1.1 to 3.1.4 (#151) -- Bump github/codeql-action from 2.22.5 to 2.22.8 (#148) -- Bump step-security/harden-runner from 2.6.0 to 2.6.1 (#146) -- Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#156) -- Bump github/codeql-action from 2.22.8 to 3.22.11 (#155) -- Bump actions/setup-go from 4.1.0 to 5.0.0 (#152) -- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#157) -- Bump github/codeql-action from 3.22.11 to 3.22.12 (#159) -- Bump github.com/containerd/containerd from 1.7.0 to 1.7.11 (#158) -- Bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#160) -- Updated PR workflow Go version (#161) - -## 2023-10-24 v1.10.3 - -- Bump golang.org/x/net from 0.15.0 to 0.17.0 (#124) - -## 2023-10-02 v1.10.2 - -- Speedup for tests by reducing to a single Vault node (#123) -- Refactored unit tests to use containers (#121) - The direct dependency on the main Vault package causes a number of - issues, such as unnecessary Dependabot activity due to CVEs in code - the is not used, etc. The SDK contains code that allows a test - cluster to be created from code and thus allows a more specific set of - dependencies and less maintenance. - N.B. config.VaultVersion has been set to "vaultVersion.Version" due to Vault no longer being a dependency and it will be removed completely in due course, as it is only displayed in the verbose version command. -- Bump github.com/hashicorp/vault from 1.14.0 to 1.14.1 (#119) - -## 2023-07-19 v1.10.1 - -- Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#118) -- Bumped Vault version to v1.14.0 (#115) -- Updated workflows for on-demand usage (#117) -- Optional renewal warning (#114) - -## 2023-06-23 v1.10.0 - -- Add support for M1 ARM (#85) -- Bump github.com/hashicorp/vault from 1.12.2 to 1.12.5 (#105) -- Disable CGO for builds (#104) - Avoid issues relating to GLIBC versions on older platforms. -- Bumped to go 1.20 (#106) -- Updated dev-vault helper to use hashicorp/vault (#107) -- Added missing --namespace flag from connect (#109) -- Tweaks to improve the dev-vault helper (#112) -- Add support for KV v2 (#110) - The KV version is determined based upon list responses, where an attempt is - first made to list a secret path as if it is v1. If this fails then an - attempt is made to list as if a secret path is v2. Secret paths can no longer - end in `/metadata` - -## 2023-03-09 v1.9.0 - -- Bump golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.7.0 (#102) -- Added scorecard badge to README (#100) -- Ugraded codeql-action to v2 -- Added OSSF scorecard -- Update Vault to v1.12.2 (#99) -- Improved dev-vault helper script (#98) - - Updated prepare_vault to wait for Vault to become available - (address:port test) before automatic login - - Added additional secret paths for testing - - Fixed lint issue, replacing `cat` with input redirection - - Optimised vault_exists - - Updated prepare_vault to wait for the container to be in - a running state - -## 2022-10-20 v1.8.0 - -- Update Vault to v1.12.0 (#97) -- Add support for multiple secret namespaces (#96) - -## 2022-07-29: v1.7.1 - -- Updated goutils to v1.1.1 (#93) -- Updated Vault to 1.11.1 (#92) -- Updated cobra@v1.4.0 (#91) -- PR workflow improvements (#89) -- Updated to Go 1.18 (#87) -- Updated dependencies (#82) - - -## 2021-11-28: v1.7.0 - -- Notify user when their token will soon expire (#81) - To help avoid unexpected expiration of tokens, the user is provided with a warning when they use a renewable token and it is due to expire in less than 7 days (default). - The threshold for notifying about renewing tokens, `SSH_MS_RENEW_THRESHOLD` can be defined for `make build` and `make binaries`. -- Use only vault/api in application code (#80) - To reduce size as well as simply issues arising from indirect dependencies, replacing the use of HashiCorp `vault/command` with the `api` in the helper code. -- Add support for SendEnv (#76) - In cases where the remote server supports environment variables being passed across, adding support for storing `SendEnv` in the connection's configuration -- Updated dependencies (#75) - - `vault` to v1.8.5 - - `vault/sdk` to v0.2.2-0.20211101151547-6654f4b913f9 - - `mimetype` to v1.4.0 - - `logrus` to v1.8.1 -- Fix incorrect conversion between integer types (#74) - Updated NGINX and PMM ports to become uint16 and switched to `strconv.ParseUint` -- Updated README - Added the CodeQL badge and updated the recommended version of Vault -- Adding CodeQL workflow -- Upgraded Vault to 1.8.4 (#73) - -## 2021-10-14: v1.6.0 - -- Added cache management (#72) - A new command, `cache`, has been created with subcommands for supported operations on the cache, which currently is limited to populating and purging. - The `purge` command has been replaced by `cache purge` -- Fix bad switch in cmd.inspectItem (#70) - -## 2021-09-21: v1.5.0 - -- Add option to view usable placeholders for User (#68) - Adding an option for the user to list the available ones makes the use - of templated users easier - ```shell - $ ssh_ms inspect placeholders - ``` -- Hash ControlPath socket names by default (#66) - Currently, the dynamic ControlPath is done in such a way as to make it easy to determine its purpose. However, should long HostName fields exist then this could potentially exceed the maximum path length for a UNIX socket (UNIX_PATH_MAX). By switching to using a hash, similar to %C in ssh, we can restrict the length of the path -- Moved go get golint to separate task - -## 2021-09-06: v1.4.0 - -- Upgrade Vault and Logrus (#64) - Vault has been upgraded to v1.8.2 and Logrus to v1.7.0 -- Add support for ForwardAgent (#62) - Whilst `ForwardAgent` is normally disabled for security reasons, there - are certain circumstances where it is required. An example of - required usage is where a third-party requires 2FA and a \ - certificate and key are injected into the user’s ssh-agent upon - successful authentication. -- Adding PR workflow (#63) -- Updated Vault to v1.8.1 (#61) -- Added push workflow for Go source code (#60) -- Remove warning during write (#59) - When writing a new connection, an unnecessary warning appeared: - ```shell - level=warning msg="Unable to find connection for: xxx" - ``` - This is no longer shown. - -## 2021-07-29: v1.3.0 - -- Extra information for versionCmd (#56) - The Go and Vault versions are now shown when using `version --verbose` -- Update Vault dependencies (#55) - Upgraded Vault to v1.8.0 -- Add option to check for the latest release (#52) - The user is now able to check for the latest release with `version --check` -- Enable cmd.TestCache (#50) - Caching is now tested during `cmd` tests -- Ignore misses for lock requests (#49) - Due to the locking mechanism sharing code with standard requests, warning messages - were always emitted during a request when the lock is absent (ideal state). These - are now hidden based upon the lock prefix - - -## 2021-06-21: v1.2.2 - -- Handle tilde in config.EnvBasePath (#47) - The tilde from the build option is not being parsed before use - - -## 2021-06-15: v1.2.1 - -- Ensure EnvBasePath exists (#45) - Fixes the issue where the storage path is absent and is not automatically created - -## 2021-06-15: v1.2.0 - -- Added missing entries from the changelog (#43) -- Fix override variables that aren't strings (#42) - Some of the overrides were no longer working due to being defined in a way other than as an - explicit string, which caused issues when building with overrides. -- Added support for message of the day (#37) - A "message of the day" can now be added to the stored configuration, allowing messages to - be displayed during the connection phase, including whatever relevant information is necessary. - This also allows the message to be managed without accessing an instance, which is where the motd - would normally be set; on-host motd messaging is not affected by this feature -- Updated Go-based tasks in Makefile (#36) -- Added extra tests to Makefile (#35) -- Added Vault tests (#34) - Vault TestCluster has now been integrated into the test suits, allowing tests - to run without access to a running Vault instance -- Update log level for messages (#33) - Changed levels for some getConnections messages - - -## 2020-05-08: v1.1.0 - -- Updated README (#32) -- Added dynamic ControlPath definition (#31): - In order to solve the problem of unnecessary `LocalForward` definitions - when creating multiple connections to the same host, a scenario that - occurs when a control path is used, specifying the `ControlPath` dynamically - allows detection of an active connection. When the first connection is created - the `ControlPath` is generated by SSH and we save the ports in the cache - directory. For the next connection, if the `Controlpath` is still in existence - then we can specify identical `LocalForward` entries without an issue. -- Added locking mechanism for write operations (#30): - In multi-user environments it is possible that more than one user attempts to perform - operations against the same key in Vault storage. The user's operation must now - acquire a lock to be able to perform a write operation against the storage layer -- Add connection search (#29): - The user can now `search` the existing list of connection using partial patterns, - or even regular expressions; partial expressions must still compile as a regex -- Added argument checker for better UX (#28): - Some basic argument checking is performed to help avoid common issues and - aborting early on in the execution process. -- Enhance caching (#27): - Caching operations and updates now take part when performing write operations - instead of only when requesting a connection for use. The normal cache expiry - operations take part during this process. -- Added support for representing the config in JSON format (#26): - For use internally, the config can now be converted to JSON by calling the - `Settings.ToJSON` function. -- Added dev-vault to Makefile (#25): - A test Vault container can be created and unlocked using `make dev-vault` -- Partial updates (#24): - The user can now apply an update to an existing connection by using `update` - instead of `write`. An error will now occur when trying to use `write` with - an existing entry, or trying to use `update` with a non-existent one. -- Major refactor of code (#22): - Extensive code rewrite to solve some problems that arose when adding new - features and fixing some bugs. - -Please see [README.md](README.md) for more details. - -## 2021-01-25: v1.0.1 - -- Makefile improvements (#17): - Various improvements relating to build operations. -- Enable comments to be applied to a rendered config (#15): - Added `--comment` to enable users to add contextual information, useful when - generating content for `~/.ssh/config`, etc -- Format port forwarding links to allow "open link" (#16): - HTTP links are generated, which the user's terminal should interpret and - allow them to open in their browser. -- Force xz compression (#14): - Use `-f` when compressing the binaries so as to be able to avoid - extra calls to purge beforehand. -- Added shell completion support (#13): - Initial support for generating shell completion. -- Improved builds via Makefile (#11): - Support has been added to build both Linux and MacOS binaries and - optionally rsync them to target destination for downloading. -- Refactor vault.WriteSecret (#9): - `vault.WriteSecret` is now aligned with the other helpers. It now accepts a - preformatted path instead of just the key. -- Add option to delete entries (#8): - User may now remove entries without the need for direct use of the Vault client. - -Please see [README.md](README.md) for more details. - -## 2020-02-14: v1.0.0 - -First release version of ssh_ms, including the following features: -- Connect to a remote host using a shared configuration from Vault -- Writing SSH configuration to Vault -- Listing existing configurations -- Show a configuration to allow redirection to ~/.ssh/config, etc -- Local caching of configurations (1w ttl) -- Integration with vault login to use stored token - -Please see [README.md](README.md) for more details. diff --git a/README.md b/README.md index 0c28eb8..3e9e904 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ $ go install github.com/cezmunsta/ssh_ms For ease of use, ensure that `${GOPATH}/bin` is in your `PATH` to use the tools with ease. -- `go` : `1.22` +- `go` : `1.23` - `vault`: `1.15` #### Go diff --git a/cmd/cli.go b/cmd/cli.go index 63afe9b..5e73c83 100644 --- a/cmd/cli.go +++ b/cmd/cli.go @@ -187,7 +187,7 @@ var ( purgeForce bool // Version of the code - Version = "1.10.7" + Version = "1.10.8" ) func init() { diff --git a/config/versions.go b/config/versions.go index f953272..3b97c6c 100644 --- a/config/versions.go +++ b/config/versions.go @@ -2,6 +2,6 @@ package config const ( - vaultAPIVersion = "v1.15.0" - vaultSDKVersion = "v0.14.0" + vaultAPIVersion = "v1.16.0" + vaultSDKVersion = "v0.15.2" ) diff --git a/go.mod b/go.mod index 296a13e..b168ff2 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/hashicorp/vault/sdk v0.15.2 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 + golang.org/x/mod v0.17.0 ) require ( diff --git a/go.sum b/go.sum index 1814e72..e829c54 100644 --- a/go.sum +++ b/go.sum @@ -171,6 +171,8 @@ golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=