vault: Update to 1.5.0

[Iku Iwasa <iku.iwasa%gmail.com@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Iku Iwasa <iku.iwasa%gmail.com@localhost>
Pushed By:	iquiw
Date:		Thu Jul 23 13:47:31 2020 +0900
Changeset:	ad65954614ba6e9eb176a9a2e49b884b811386fa

Modified Files:
	vault/Makefile
	vault/distinfo
Added Files:
	vault/patches/patch-vendor_github.com_docker_docker_client_client__unix.go
	vault/patches/patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go

Log Message:
vault: Update to 1.5.0

July 21st, 2020

CHANGES:

* audit: Token TTL and issue time are now provided in the auth portion of
  audit logs. [GH-9091]
* auth/gcp: Changes the default name of the entity alias that gets created
  to be the role ID for both IAM and GCE authentication. [GH-99]
* core: Remove the addition of newlines to parsed configuration when using
  integer/boolean values [GH-8928]
* cubbyhole: Reject reads and writes to an empty ("") path. [GH-8971]
* storage/gcs: The credentials_file config option has been removed. The
  GOOGLE_APPLICATION_CREDENTIALS environment variable or default
  credentials may be used instead [GH-9424]
* storage/raft: The storage configuration now accepts a new max_entry_size
  config that will limit the total size in bytes of any entry committed via
  raft. It defaults to "1048576" (1MiB). [GH-9027]
* token: Token creation with custom token ID via id will no longer allow
  periods (.) as part of the input string. The final generated token value
  may contain periods, such as the s. prefix for service token
  indication. [GH-8646]
* token: Token renewals will now return token policies within the
  token_policies , identity policies within identity_policies, and the full
  policy set within policies. [GH-8535]

FEATURES:

* Monitoring: We have released a Splunk App [9] for Enterprise
  customers. The app is accompanied by an updated monitoring guide and a
  few new metrics to enable OSS users to effectively monitor Vault.
* Password Policies: Allows operators to customize how passwords are
  generated for select secret engines (OpenLDAP, Active Directory, Azure,
  and RabbitMQ).
* Replication UI Improvements: We have redesigned the replication UI to
  highlight the state and relationship between primaries and secondaries
  and improved management workflows, enabling a more holistic understanding
  of multiple Vault clusters.
* Resource Quotas: As of 1.5, Vault supports specifying a quota to rate
  limit requests on OSS and Enterprise. Enterprise customers also have
  access to set quotas on the number of leases that can be generated on a
  path.
* OpenShift Support: We have updated the Helm charts to allow users to
  install Vault onto their OpenShift clusters.
* Seal Migration: We have made updates to allow migrations from auto unseal
  to Shamir unseal on Enterprise.
* AWS Auth Web Identity Support: We've added support for AWS Web
  Identities, which will be used in the credentials chain if present.
* Vault Monitor: Similar to the monitor command for Consul and Nomad, we
  have added the ability for Vault to stream logs from other Vault servers
  at varying log levels.
* AWS Secrets Groups Support: IAM users generated by Vault may now be added
  to IAM Groups.
* Integrated Storage as HA Storage: In Vault 1.5, it is possible to use
  Integrated Storage as HA Storage with a different storage backend as
  regular storage.
* OIDC Auth Provider Extensions: We've added support to OIDC Auth to
  incorporate IdP-specific extensions. Currently this includes expanded
  Azure AD groups support.
* GCP Secrets: Support BigQuery dataset ACLs in absence of IAM endpoints.

IMPROVEMENTS:

* audit: Replication status requests are no longer audited. [GH-8877]
* audit: Added mount_type field to requests and responses. [GH-9167]
* auth/aws: Add support for Web Identity credentials [GH-7738]
* auth/jwt: Support users that are members of more than 200 groups on Azure
  [GH-120]
* auth/kerberos: Support identities without userPrincipalName [GH-44]
* auth/kubernetes: Allow disabling iss validation [GH-91]
* auth/kubernetes: Try reading the ca.crt and TokenReviewer JWT from the
  default service account [GH-83]
* cli: Support reading TLS parameters from file for the vault operator raft
  join command. [GH-9060]
* cli: Add a new subcommand, vault monitor, for tailing server logs in the
  console. [GH-8477]
* core: Add the Go version used to build a Vault binary to the server
  message output. [GH-9078]
* core: Added Password Policies for user-configurable password generation
  [GH-8637]
* core: New telemetry metrics covering token counts, token creation, KV
  secret counts, lease creation. [GH-9239] [GH-9250] [GH-9244] [GH-9052]
* physical/gcs: The storage backend now uses a dedicated client for HA lock
  updates to prevent lock table update failures when flooded by other
  client requests. [GH-9424]
* physical/spanner: The storage backend now uses a dedicated client for HA
  lock updates to prevent lock table update failures when flooded by other
  client requests. [GH-9423]
* plugin: Add SDK method, Sys.ReloadPlugin, and CLI command, vault plugin
  reload, for reloading plugins. [GH-8777]
* plugin (enterprise): Add a scope field to plugin reload, which when
  global, reloads the plugin anywhere in a cluster. [GH-9347]
* sdk/framework: Support accepting TypeFloat parameters over the API
  [GH-8923]
* secrets/aws: Add iam_groups parameter to role create/update [GH-8811]
* secrets/database: Add static role rotation for MongoDB Atlas database
  plugin [GH-11]
* secrets/database: Add static role rotation for MSSQL database plugin
  [GH-9062]
* secrets/database: Allow InfluxDB to use insecure TLS without cert bundle
  [GH-8778]
* secrets/gcp: Support BigQuery dataset ACLs in absence of IAM endpoints
  [GH-78]
* secrets/pki: Allow 3072-bit RSA keys [GH-8343]
* secrets/ssh: Add a CA-mode role option to specify signing algorithm
  [GH-9096]
* secrets/ssh: The Vault SSH Helper can now be configured to reference a
  mount in a namespace [GH-44]
* secrets/transit: Transit requests that make use of keys now include a new
  field key_version in their responses [GH-9100]
* secrets/transit: Improving transit batch encrypt and decrypt latencies
  [GH-8775]
* sentinel: Add a sentinel config section, and
  "additional_enabled_modules", a list of Sentinel modules that may be
  imported in addition to the defaults.
* ui: Update TTL picker styling on SSH secret engine [GH-8891]
* ui: Only render the JWT input field of the Vault login form on mounts
  configured for JWT auth [GH-8952]
* ui: Add replication dashboards. Improve replication management
  workflows. [GH-8705].
* ui: Update alert banners to match design systems black text. [GH-9463].

BUG FIXES:

* auth/oci: Fix issue where users of the Oracle Cloud Infrastructure (OCI)
  auth method could not authenticate when the plugin backend was mounted at
  a non-default path. [GH-7]
* core: Extend replicated cubbyhole fix in 1.4.0 to cover case where a
  performance primary is also a DR primary [GH-9148]
* seal/awskms: fix AWS KMS auto-unseal when AWS_ROLE_SESSION_NAME not set
  [GH-9416]
* sentinel: fix panic due to concurrent map access when rules iterate over
  metadata maps
* secrets/aws: Fix issue where performance standbys weren't able to
  generate STS credentials after an IAM access key rotation in AWS and root
  IAM credential update in Vault [GH-9186]
* secrets/database: Fix issue where rotating root database credentials
  while Vault's storage backend is unavailable causes Vault to lose access
  to the database [GH-8782]
* secrets/database: Fix issue that prevents performance standbys from
  connecting to databases after a root credential rotation [GH-9129]
* secrets/gcp: Fix issue were updates were not being applied to the
  token_scopes of a roleset. [GH-90]
* secrets/kv: Return the value of delete_version_after when reading
  kv/config, even if it is set to the default. [GH-42]
* ui: Add Toggle component into core addon so it is available in KMIP and
  other Ember Engines.[GH-8913]
* ui: Disallow max versions value of large than 9999999999999999 on kv2
  secrets engine. [GH-9242]
* ui: Add and upgrade missing dependencies to resolve a failure with make
  static-dist. [GH-9277]

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=ad65954614ba6e9eb176a9a2e49b884b811386fa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 vault/Makefile                                       |  2 +-
 vault/distinfo                                       | 10 ++++++----
 ...r_github.com_docker_docker_client_client__unix.go | 12 ++++++++++++
 ...thub.com_docker_docker_pkg_system_stat__netbsd.go | 20 ++++++++++++++++++++
 4 files changed, 39 insertions(+), 5 deletions(-)

diffs:
diff --git a/vault/Makefile b/vault/Makefile
index a40072608f..ca2bd7eec2 100644
--- a/vault/Makefile
+++ b/vault/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	vault-1.4.3
+DISTNAME=	vault-1.5.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=hashicorp/}
 
diff --git a/vault/distinfo b/vault/distinfo
index ad8ebdd60d..40e49330df 100644
--- a/vault/distinfo
+++ b/vault/distinfo
@@ -1,8 +1,10 @@
 $NetBSD$
 
-SHA1 (vault-1.4.3.tar.gz) = b78225f2d06a4c9bb7c7e0136254de7b79c4503a
-RMD160 (vault-1.4.3.tar.gz) = f50a00f8ac67f4a9821b8269af850f89b96add8a
-SHA512 (vault-1.4.3.tar.gz) = 638bdeaaee122263d8f8c44b6db48b0f10869dd6f2cd6d35bcefb96e8b25dde4596a4a41f287d065f0cece01c5e75f9a4ae220864dddc381365fe57faeb2efe2
-Size (vault-1.4.3.tar.gz) = 33169383 bytes
+SHA1 (vault-1.5.0.tar.gz) = 8128f8ab999db6eafdd02e11bb32973b6f6bb65a
+RMD160 (vault-1.5.0.tar.gz) = 628ec25d71fe3e76bdac0f7949388b876e41ec2c
+SHA512 (vault-1.5.0.tar.gz) = 245d5ea837f561d6c3832a0cb28d851dabe908fac2be7e53d3fd466689778d67b2cd5d9ea8c297f8daceb003c571a9768254a7e27d1fbeb1a376ac75e3c6edfb
+Size (vault-1.5.0.tar.gz) = 34940170 bytes
+SHA1 (patch-vendor_github.com_docker_docker_client_client__unix.go) = 51a400f6adaa6abe4cd42c31cfba4f037d9d81e5
+SHA1 (patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go) = 125e35b6f5e9a0cdec8c0a5e0b7c67cc326467ea
 SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb
 SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_term_termios__bsd.go) = 9696daf0158de14d8756748b0dc5398be9ff64f4
diff --git a/vault/patches/patch-vendor_github.com_docker_docker_client_client__unix.go b/vault/patches/patch-vendor_github.com_docker_docker_client_client__unix.go
new file mode 100644
index 0000000000..0d603a6c24
--- /dev/null
+++ b/vault/patches/patch-vendor_github.com_docker_docker_client_client__unix.go
@@ -0,0 +1,12 @@
+$NetBSD$
+
+Build client_unix.go for NetBSD.
+
+--- vendor/github.com/docker/docker/client/client_unix.go.orig	2020-07-18 02:21:10.000000000 +0000
++++ vendor/github.com/docker/docker/client/client_unix.go
+@@ -1,4 +1,4 @@
+-// +build linux freebsd openbsd darwin solaris illumos
++// +build linux freebsd openbsd netbsd darwin solaris illumos
+ 
+ package client // import "github.com/docker/docker/client"
+ 
diff --git a/vault/patches/patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go b/vault/patches/patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go
new file mode 100644
index 0000000000..6e6938219e
--- /dev/null
+++ b/vault/patches/patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go
@@ -0,0 +1,20 @@
+$NetBSD$
+
+Provides stat conversion function for NetBSD.
+
+--- vendor/github.com/docker/docker/pkg/system/stat_netbsd.go.orig	2020-07-23 04:42:05.263335746 +0000
++++ vendor/github.com/docker/docker/pkg/system/stat_netbsd.go
+@@ -0,0 +1,13 @@
++package system
++
++import "syscall"
++
++// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
++func fromStatT(s *syscall.Stat_t) (*StatT, error) {
++	return &StatT{size: s.Size,
++		mode: uint32(s.Mode),
++		uid:  s.Uid,
++		gid:  s.Gid,
++		rdev: uint64(s.Rdev),
++		mtim: s.Mtimespec}, nil
++}