Sat, 23 Oct 2021 19:00:45 CDT | login

Information for build htvault-config-1.4-1.osg36.el8

Package Namehtvault-config
SummaryConfiguration for Hashicorp Vault for use with htgettoken client
DescriptionInstalls plugins and configuration for Hashicorp Vault for use with htgettoken as a client.
Built byDave Dykstra
State complete
StartedTue, 20 Jul 2021 20:24:39 CDT
CompletedTue, 20 Jul 2021 20:27:37 CDT
Taskbuild (osg-3.6-el8, /svn/native/redhat/branches/osg-3.6/htvault-config:26544)
Extra{'source': {'original_url': 'svn+'}}
htvault-config-1.4-1.osg36.el8.src.rpm (info) (download)
htvault-config-1.4-1.osg36.el8.x86_64.rpm (info) (download)
Changelog * Tue Jul 20 2021 Dave Dykstra <> 1.4-1 - Updated the token exchange PR for vault-plugin-secrets-oauthapp to send the client secret in the initial authorization request in the device flow - Updated to vault-plugin-secrets-oauthapp-2.2.0 * Mon Jul 12 2021 Dave Dykstra <> 1.3-1 - Added license in COPYING file - Updated to vault-plugin-secrets-oauthapp-2.1.0 - Updated the token exchange PR for vault-plugin-secrets-oauthapp to accept comma-separated lists of audiences - Added audit log at /var/log/htvault-config/auditlog - Enabled delayed log compression and daily logs instead of weekly - Add support for moving the master in a high-availability cluster from one machine to another and for changing the name of either peer - If 'name' is missing from a yaml list, give a helpful error message instead of causing a python crash - Limit vault token policies for oidc and kerberos to a single role and issuer. To use these limited policies for kerberos requires htgettoken >= 1.3 so for now the coarse-grained kerberos is still supported as well but it will be removed later. - Remove the default policy from vault tokens. * Thu Jun 17 2021 Dave Dykstra <> 1.2-1 - Update to vault-plugin-auth-jwt-0.9.4 and require vault-1.7.3 * Mon May 10 2021 Dave Dykstra <> 1.1-1 - Correctly disable secret oauth module instead of incorrect auth module when something changes requiring clearing out of old secrets. - Allow dashes in names by converting them in bash variables to underscores, and reject any other non-alphanumeric or underscore in names. - Fix bug in RFC8693 token exchange pull request to puppetlabs plugin which caused comma-separated scopes to get sent to the token issuer instead of space-separated scopes. * Wed May 05 2021 Dave Dykstra <> 1.0-2 - Add Requires: python3-PyYAML * Tue May 04 2021 Dave Dykstra <> 1.0-1 - Convert to using yaml files instead of shell variables to configure. - Only update the vault configuration for things that have changed in the configuration, and include removing things that have been removed. - Keep secrets off command line to hide them from 'ps'. - Require at least vault-1.7.1 * Thu Apr 15 2021 Dave Dykstra <> 0.7-1 - Update to vault-plugin-secrets-oauthapp version 2.0.0 - Update to final version of PR for periodic refresh of credentials - Move the 'PartOf' rule in htvault-config.service to the correct section. - Prevent vault DB initialization failure from blocking future attempts. - Change to have vault listen on all interfaces with tls for port 8200, and to use port 8202 for non-tls localhost access. * Thu Apr 08 2021 Dave Dykstra <> 0.6-1 - Update vault-plugin-secrets-oauthapp to version 1.10.1, including applying a bug fix for broken minimum_seconds option - Disable periodic refresh of credentials; make it be only on demand - Require at least vault-1.7.0 * Mon Mar 22 2021 Dave Dykstra <> 0.5-2 - Update vault-plugin-auth-jwt to version 0.9.2 * Fri Feb 19 2021 Dave Dykstra <> 0.5-1 - Always reconfigure everything when systemd service is started, just don't disable/reenable oauthapp because that wipes out stored secrets. - Support multiple roles per issuer. * Thu Feb 18 2021 Dave Dykstra <> 0.4-1 - Rename the few OIDC-related variables that didn't begin with OIDC to begin with OIDC. * Wed Feb 17 2021 Dave Dykstra <> 0.3-1 - Rename make-downloads to make-source-tarball and make it have more in common with the vault-rpm build * Mon Feb 01 2021 Dave Dykstra <> 0.2-1 - Pre-download and prepare all the go modules using new make-downloads script, so no network is needed during rpm build. * Fri Jan 29 2021 Dave Dykstra <> 0.1-1 - Initial pre-release, including parameterization based on shell variables