Bump github.com/hashicorp/vault/api from 1.5.0 to 1.8.0

[dependabot]

Bumps github.com/hashicorp/vault/api from 1.5.0 to 1.8.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.8.0

1.8.0

July 28th, 2021

CHANGES:

• agent: Errors in the template engine will no longer cause agent to exit unless explicitly defined to do so. A new configuration parameter, exit_on_retry_failure, within the new top-level stanza, template_config, can be set to true in order to cause agent to exit. Note that for agent to exit if template.error_on_missing_key is set to true, exit_on_retry_failure must be also set to true. Otherwise, the template engine will log an error but then restart its internal runner. [GH-11775]
• agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
• core (enterprise): License/EULA changes that ensure the presence of a valid HashiCorp license to start Vault. More information is available in the Vault License FAQ

FEATURES:

• GCP Secrets Engine Static Accounts: Adds ability to use existing service accounts for generation of service account keys and access tokens. [GH-12023]
• Key Management Secrets Engine (Enterprise): Adds general availability for distributing and managing keys in AWS KMS. [GH-11958]
• License Autoloading (Enterprise): Licenses may now be automatically loaded from the environment or disk.
• MySQL Database UI: The UI now supports adding and editing MySQL connections in the database secret engine [GH-11532]
• Vault Diagnose: A new vault operator command to detect common issues with vault server setups.

IMPROVEMENTS:

• agent/template: Added static_secret_render_interval to specify how often to fetch non-leased secrets [GH-11934]
• agent: Allow Agent auto auth to read symlinked JWT files [GH-11502]
• api: Allow a leveled logger to be provided to api.Client through SetLogger. [GH-11696]
• auth/aws: Underlying error included in validation failure message. [GH-11638]
• cli/api: Add lease lookup command [GH-11129]
• core: Add prefix_filter to telemetry config [GH-12025]
• core: Add a darwin/arm64 binary release supporting the Apple M1 CPU [GH-12071]
• core: Add a small (<1s) exponential backoff to failed TCP listener Accept failures. [GH-11588]
• core (enterprise): Add controlled capabilities to control group policy stanza
• core: Add metrics for standby node forwarding. [GH-11366]
• core: Add metrics to report if a node is a perf standby, if a node is a dr secondary or primary, and if a node is a perf secondary or primary. [GH-11472]
• core: Send notifications to systemd on start, stop, and configuration reload. [GH-11517]
• core: add irrevocable lease list and count apis [GH-11607]
• core: allow arbitrary length stack traces upon receiving SIGUSR2 (was 32MB) [GH-11364]
• db/cassandra: Added tls_server_name to specify server name for TLS validation [GH-11820]
• go: Update to Go 1.16.5 [GH-11802]
• raft: Improve raft batch size selection [GH-11907]
• raft: change freelist type to map and set nofreelistsync to true [GH-11895]
• replication: Delay evaluation of X-Vault-Index headers until merkle sync completes.
• secrets/rabbitmq: Add ability to customize dynamic usernames [GH-11899]
• secrets/ad: Add rotate-role endpoint to allow rotations of service accounts. [GH-11942]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.8.0

July 28th, 2021

CHANGES:

• agent: Errors in the template engine will no longer cause agent to exit unless explicitly defined to do so. A new configuration parameter, exit_on_retry_failure, within the new top-level stanza, template_config, can be set to true in order to cause agent to exit. Note that for agent to exit if template.error_on_missing_key is set to true, exit_on_retry_failure must be also set to true. Otherwise, the template engine will log an error but then restart its internal runner. [GH-11775]
• agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
• core (enterprise): License/EULA changes that ensure the presence of a valid HashiCorp license to start Vault. More information is available in the Vault License FAQ

FEATURES:

• GCP Secrets Engine Static Accounts: Adds ability to use existing service accounts for generation of service account keys and access tokens. [GH-12023]
• Key Management Secrets Engine (Enterprise): Adds general availability for distributing and managing keys in AWS KMS. [GH-11958]
• License Autoloading (Enterprise): Licenses may now be automatically loaded from the environment or disk.
• MySQL Database UI: The UI now supports adding and editing MySQL connections in the database secret engine [GH-11532]
• Vault Diagnose: A new vault operator command to detect common issues with vault server setups.

SECURITY:

• storage/raft: When initializing Vault’s Integrated Storage backend, excessively broad filesystem permissions may be set for the underlying Bolt database used by Vault’s Raft implementation. This vulnerability, CVE-2021-38553, was fixed in Vault 1.8.0.
• ui: The Vault UI erroneously cached and exposed user-viewed secrets between authenticated sessions in a single shared browser, if the browser window / tab was not refreshed or closed between logout and a subsequent login. This vulnerability, CVE-2021-38554, was fixed in Vault 1.8.0 and will be addressed in pending 1.7.4 / 1.6.6 releases.

IMPROVEMENTS:

• agent/template: Added static_secret_render_interval to specify how often to fetch non-leased secrets [GH-11934]
• agent: Allow Agent auto auth to read symlinked JWT files [GH-11502]
• api: Allow a leveled logger to be provided to api.Client through SetLogger. [GH-11696]
• auth/aws: Underlying error included in validation failure message. [GH-11638]
• cli/api: Add lease lookup command [GH-11129]
• core: Add prefix_filter to telemetry config [GH-12025]
• core: Add a darwin/arm64 binary release supporting the Apple M1 CPU [GH-12071]
• core: Add a small (<1s) exponential backoff to failed TCP listener Accept failures. [GH-11588]
• core (enterprise): Add controlled capabilities to control group policy stanza
• core: Add metrics for standby node forwarding. [GH-11366]
• core: Add metrics to report if a node is a perf standby, if a node is a dr secondary or primary, and if a node is a perf secondary or primary. [GH-11472]
• core: Send notifications to systemd on start, stop, and configuration reload. [GH-11517]
• core: add irrevocable lease list and count apis [GH-11607]
• core: allow arbitrary length stack traces upon receiving SIGUSR2 (was 32MB) [GH-11364]
• core: Improve renew/revoke performance using per-lease locks [GH-11122]
• db/cassandra: Added tls_server_name to specify server name for TLS validation [GH-11820]
• go: Update to Go 1.16.5 [GH-11802]

... (truncated)

Commits

• 82a99f1 Use a mode when opening the db file that won't result in excessive perms. (#1...
• 43cfab4 Add fallback font for masked-input (#12152) (#12158)
• ca2ad70 Update node to latest stable version (#12049) (#12154)
• 9f77f5a Re-adding deleted changelog note (#12141)
• c3855d7 Backport: 1.8.x UI/database cg read role (#12111) (#12136)
• 5c7e855 Fix KV Version History queryParams on the component LinkedBlock (#12079) (#12...
• 4ffff3a changelog: update feature formatting for gcp and key management secrets (#121...
• 46ed883 Change changelog type for openldap bug fix (#12112) (#12114)
• ed8d36b UI: Automatically refresh page on logout (#12035) (#12082)
• df0c8d3 Backport recent diagnose fixes to 1.8.x (#12108)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

Coverage remained the same at 49.843% when pulling 57738c7 on dependabot/go_modules/github.com/hashicorp/vault/api-1.8.0 into 5d28c18 on main.

[dependabot]

Superseded by #579.