Bump github.com/hashicorp/vault/api from 1.6.0 to 1.7.2

[dependabot]

Bumps github.com/hashicorp/vault/api from 1.6.0 to 1.7.2.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.7.2

1.7.2

May 20th, 2021

SECURITY:

• Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

• agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
• auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [GH-11494]

IMPROVEMENTS:

• api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
• auth/aws: Underlying error included in validation failure message. [GH-11638]
• http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
• secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
• secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
• secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

• agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [GH-11576]
• agent: Fixed agent templating to use configured tls servername values [GH-11288]
• core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
• core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
• identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
• replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
• secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
• secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
• secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
• secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
• storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
• ui: Fix entity group membership and metadata not showing [GH-11641]
• ui: Fix text link URL on database roles list [GH-11597]

v1.7.1

Release vault 1.7.1

v1.7.0

1.7.0

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.7.2

May 20th, 2021

SECURITY:

• Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked. This issue affects Vault and Vault Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and 1.7.2 (CVE-2021-32923).

CHANGES:

• agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
• auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for signing JWTs [GH-11494]

IMPROVEMENTS:

• api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
• auth/aws: Underlying error included in validation failure message. [GH-11638]
• http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
• secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
• secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
• secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

• agent/cert: Fix issue where the API client on agent was not honoring certificate information from the auto-auth config map on renewals or retries. [GH-11576]
• agent: Fixed agent templating to use configured tls servername values [GH-11288]
• core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
• core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
• identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
• replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
• secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
• secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
• secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
• secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
• storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
• ui: Fix entity group membership and metadata not showing [GH-11641]
• ui: Fix text link URL on database roles list [GH-11597]

1.7.1

21 April 2021

SECURITY:

• The PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the

... (truncated)

Commits

• db0e424 Don't force config regeneration (#11668)
• 055e15c Upgrade packagespec to 0.2.6 (#11671)
• fff6f65 Reload raft TLS keys on active startup (#11660) (#11663)
• 814ad56 go vendor cleanup
• 48c5544 Vault 1.7.2 Pre-staging (#11651)
• a671890 Patch expiration fix over from ENT (#11650) (#11652)
• 8ade2f9 Backport 11259 changes 1.7.x (#11520)
• 1164f75 UI/fix identity model (#11641) (#11642)
• f0acfa8 AWS Auth: Update error message to include underlying error (#11638) (#11639)
• fbff9bb Add ability to customize some timeouts in MongoDB database plugin (#11600) (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)