Skip to content
This repository was archived by the owner on Nov 18, 2024. It is now read-only.

v3.0.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Sep 19:08
v3.0.0
32509a4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Added

  • It is now possible to manage multiple authorization servers at the same time
    by writing separate provider configurations to the servers/:name endpoint.
    Listing servers is supported at the servers endpoint.
  • Additionally, server configurations support a new client_secrets field that
    was not present in the plugin configuration in v2. When this field is set to a
    list, the plugin will attempt to use each secret in order until it receives a
    successful provider response.
  • The plugin configuration supports selecting a default server to use by setting
    the default_server field. When upgrading from v2, this field will be
    automatically set to maintain backward compatibility.
  • It is no longer necessary to explicitly specify a state when requesting an
    authorization code URL. The plugin will generate a random state and return it
    in the response.
  • Add the new tuning option tune_reap_server_deleted_seconds to control how
    long the plugin should wait before automatically deleting credentials that
    refer to a nonexistent (deleted) server.

Changed

  • [BREAKING] The plugin configuration no longer supports configuring a single
    provider for the entire engine. Instead, configure a provider using the new
    servers/:name endpoint and reference it in credentials.
  • [BREAKING] The config/auth_code_url endpoint has been removed and replaced
    by the auth-code-url endpoint, which accepts a server name as a parameter.
  • [BREAKING] The config/self/:name endpoint has been removed, and it is no
    longer possible to store an access token using the client credentials flow by
    reading from an unconfigured path at the self/:name endpoint. Instead,
    initialize such an access token by writing to the self/:name endpoint with
    any necessary configuration first.
  • The device code flow support library now sends an Accept: application/json
    header to improve compatibility with legacy device code endpoints that support
    both JSON and form-encoded responses.

Fixed

  • The scheduled processes for refreshing credentials, reaping credentials, and
    managing the device code flow no longer start on a Vault server configured as
    a performance secondary, performance standby, or disaster recovery secondary.

Build

  • Remove darwin/386 from distribution as it is no longer supported by Go or
    Vault.
Assets 32
Loading