Bump github.com/hashicorp/vault/api from 1.11.0 to 1.12.0

[dependabot]

Bumps github.com/hashicorp/vault/api from 1.11.0 to 1.12.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.12.0

1.12.0

October 13, 2022

CHANGES:

• api: Exclusively use GET /sys/plugins/catalog endpoint for listing plugins, and add details field to list responses. [GH-17347]
• auth: GET /sys/auth/:name endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• auth: GET /sys/auth endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• auth: POST /sys/auth/:type endpoint response contains a warning for Deprecated auth methods. [GH-17058]
• auth: auth enable returns an error and POST /sys/auth/:type endpoint reports an error for Pending Removal auth methods. [GH-17005]
• core/entities: Fixed stranding of aliases upon entity merge, and require explicit selection of which aliases should be kept when some must be deleted [GH-16539]
• core: Bump Go version to 1.19.2.
• core: Validate input parameters for vault operator init command. Vault 1.12 CLI version is needed to run operator init now. [GH-16379]
• identity: a request to /identity/group that includes member_group_ids that contains a cycle will now be responded to with a 400 rather than 500 [GH-15912]
• licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades will not be allowed if the license termination time is before the build date of the binary.
• plugins: Add plugin version to auth register, list, and mount table [GH-16856]
• plugins: GET /sys/plugins/catalog/:type/:name endpoint contains deprecation status for builtin plugins. [GH-17077]
• plugins: GET /sys/plugins/catalog/:type/:name endpoint now returns an additional version field in the response data. [GH-16688]
• plugins: GET /sys/plugins/catalog/ endpoint contains deprecation status in detailed list. [GH-17077]
• plugins: GET /sys/plugins/catalog endpoint now returns an additional detailed field in the response data with a list of additional plugin metadata. [GH-16688]
• plugins: plugin info displays deprecation status for builtin plugins. [GH-17077]
• plugins: plugin list now accepts a -detailed flag, which display deprecation status and version info. [GH-17077]
• secrets/azure: Removed deprecated AAD graph API support from the secrets engine. [GH-17180]
• secrets: All database-specific (standalone DB) secrets engines are now marked Pending Removal. [GH-17038]
• secrets: GET /sys/mounts/:name endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• secrets: GET /sys/mounts endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• secrets: POST /sys/mounts/:type endpoint response contains a warning for Deprecated secrets engines. [GH-17058]
• secrets: secrets enable returns an error and POST /sys/mount/:type endpoint reports an error for Pending Removal secrets engines. [GH-17005]

FEATURES:

• GCP Cloud KMS support for managed keys: Managed keys now support using GCP Cloud KMS keys
• LDAP Secrets Engine: Adds the ldap secrets engine with service account check-out functionality for all supported schemas. [GH-17152]
• OCSP Responder: PKI mounts now have an OCSP responder that implements a subset of RFC6960, answering single serial number OCSP requests for a specific cluster's revoked certificates in a mount. [GH-16723]
• Redis DB Engine: Adding the new Redis database engine that supports the generation of static and dynamic user roles and root credential rotation on a stand alone Redis server. [GH-17070]
• Redis ElastiCache DB Plugin: Added Redis ElastiCache as a built-in plugin. [GH-17075]
• Secrets/auth plugin multiplexing: manage multiple plugin configurations with a single plugin process [GH-14946]
• Transform Key Import (BYOK): The transform secrets engine now supports importing keys for tokenization and FPE transformations
• HCP (enterprise): Adding foundational support for self-managed vault nodes to securely communicate with HashiCorp Cloud Platform as an opt-in feature
• ui: UI support for Okta Number Challenge. [GH-15998]

IMPROVEMENTS:

• :core/managed-keys (enterprise): Allow operators to specify PSS signatures and/or hash algorithm for the test/sign api
• activity (enterprise): Added new clients unit tests to test accuracy of estimates
• agent/auto-auth: Add exit_on_err which when set to true, will cause Agent to exit if any errors are encountered during authentication. [GH-17091]
• agent: Added disable_idle_connections configuration to disable leaving idle connections open in auto-auth, caching and templating. [GH-15986]
• agent: Added disable_keep_alives configuration to disable keep alives in auto-auth, caching and templating. [GH-16479]
• agent: JWT auto auth now supports a remove_jwt_after_reading config option which defaults to true. [GH-11969]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.12.0

October 13, 2022

SECURITY:

• secrets/pki: Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s CA into memory on startup, resulting in the revocation list not being checked, if the CRL has not yet been retrieved. This vulnerability, CVE-2022-41316, is fixed in Vault 1.12.0, 1.11.4, 1.10.7, and 1.9.10. [HSEC-2022-24]

CHANGES:

• api: Exclusively use GET /sys/plugins/catalog endpoint for listing plugins, and add details field to list responses. [GH-17347]
• auth: GET /sys/auth/:name endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• auth: GET /sys/auth endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• auth: POST /sys/auth/:type endpoint response contains a warning for Deprecated auth methods. [GH-17058]
• auth: auth enable returns an error and POST /sys/auth/:type endpoint reports an error for Pending Removal auth methods. [GH-17005]
• core/entities: Fixed stranding of aliases upon entity merge, and require explicit selection of which aliases should be kept when some must be deleted [GH-16539]
• core: Bump Go version to 1.19.2.
• core: Validate input parameters for vault operator init command. Vault 1.12 CLI version is needed to run operator init now. [GH-16379]
• identity: a request to /identity/group that includes member_group_ids that contains a cycle will now be responded to with a 400 rather than 500 [GH-15912]
• licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades will not be allowed if the license expiration time is before the build date of the binary.
• plugins: Add plugin version to auth register, list, and mount table [GH-16856]
• plugins: GET /sys/plugins/catalog/:type/:name endpoint contains deprecation status for builtin plugins. [GH-17077]
• plugins: GET /sys/plugins/catalog/:type/:name endpoint now returns an additional version field in the response data. [GH-16688]
• plugins: GET /sys/plugins/catalog/ endpoint contains deprecation status in detailed list. [GH-17077]
• plugins: GET /sys/plugins/catalog endpoint now returns an additional detailed field in the response data with a list of additional plugin metadata. [GH-16688]
• plugins: plugin info displays deprecation status for builtin plugins. [GH-17077]
• plugins: plugin list now accepts a -detailed flag, which display deprecation status and version info. [GH-17077]
• secrets/azure: Removed deprecated AAD graph API support from the secrets engine. [GH-17180]
• secrets: All database-specific (standalone DB) secrets engines are now marked Pending Removal. [GH-17038]
• secrets: GET /sys/mounts/:name endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• secrets: GET /sys/mounts endpoint now returns an additional deprecation_status field in the response data for builtins. [GH-16849]
• secrets: POST /sys/mounts/:type endpoint response contains a warning for Deprecated secrets engines. [GH-17058]
• secrets: secrets enable returns an error and POST /sys/mount/:type endpoint reports an error for Pending Removal secrets engines. [GH-17005]

FEATURES:

• GCP Cloud KMS support for managed keys: Managed keys now support using GCP Cloud KMS keys
• LDAP Secrets Engine: Adds the ldap secrets engine with service account check-out functionality for all supported schemas. [GH-17152]
• OCSP Responder: PKI mounts now have an OCSP responder that implements a subset of RFC6960, answering single serial number OCSP requests for a specific cluster's revoked certificates in a mount. [GH-16723]
• Redis DB Engine: Adding the new Redis database engine that supports the generation of static and dynamic user roles and root credential rotation on a stand alone Redis server. [GH-17070]
• Redis ElastiCache DB Plugin: Added Redis ElastiCache as a built-in plugin. [GH-17075]
• Secrets/auth plugin multiplexing: manage multiple plugin configurations with a single plugin process [GH-14946]
• Transform Key Import (BYOK): The transform secrets engine now supports importing keys for tokenization and FPE transformations
• HCP (enterprise): Adding foundational support for self-managed vault nodes to securely communicate with HashiCorp Cloud Platform as an opt-in feature
• ui: UI support for Okta Number Challenge. [GH-15998]
• Plugin Versioning: Vault supports registering, managing, and running plugins with semantic versions specified.

IMPROVEMENTS:

• core/managed-keys (enterprise): Allow operators to specify PSS signatures and/or hash algorithm for the test/sign api
• activity (enterprise): Added new clients unit tests to test accuracy of estimates

... (truncated)

Commits

• 558abfa import new sdk (#17488)
• 6545e24 bump sdk to 1.12.0 (#17487)
• 2068a5f backport of commit 495bf0a7ec21748d4b646932539910d9c2a3e8c8 (#17483)
• cb6652b backport of commit 4625729de15bf9992d63dbfc1be7099a12286429 (#17479)
• 90b89f9 backport of commit c023246b9050955ca78b5b3affbf1afc9072a89e (#17473)
• cb5d319 backport of #17340 (#17469)
• eb5f980 backport of commit e9914734e14852264dedc235726ba036fa183223 (#17464)
• d463811 Update 1.12 to go 1.19.2 (#17438)
• 12df3b0 backport of commit cfc6b436074140af83e11e896308b147b22a6609 (#17465)
• 4d0c1ec backport of commit 50a1f9e86a027af858a7c140288a9cc06f207053 (#17466)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (919defd) 51.06% compared to head (baa3eb9) 51.06%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #176   +/-   ##
=======================================
  Coverage   51.06%   51.06%           
=======================================
  Files           2        2           
  Lines          94       94           
=======================================
  Hits           48       48           
  Misses         44       44           
  Partials        2        2           

Flag	Coverage Δ
unittests	51.06% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[marcofranssen]

LGTM 🚀