Mon, 25 Oct 2021 23:37:36 CDT | login

Information for build htvault-config-1.6-1.osg35.el7

ID14942
Package Namehtvault-config
Version1.6
Release1.osg35.el7
Epoch
Sourcesvn+https://vdt.cs.wisc.edu/svn/native/redhat/trunk/htvault-config#26619
SummaryConfiguration for Hashicorp Vault for use with htgettoken client
DescriptionInstalls plugins and configuration for Hashicorp Vault for use with htgettoken as a client.
Built byDave Dykstra
State complete
Volume DEFAULT
StartedThu, 16 Sep 2021 17:16:15 CDT
CompletedThu, 16 Sep 2021 17:22:15 CDT
Taskbuild (osg-el7, /svn/native/redhat/trunk/htvault-config:26619)
Extra{'source': {'original_url': 'svn+https://vdt.cs.wisc.edu/svn/native/redhat/trunk/htvault-config#26619'}}
Tags
osg-3.5-el7-development
osg-3.5-el7-release
osg-3.5-el7-release-3.5.48
osg-3.5-el7-release-3.5.49
osg-3.5-el7-rolling
osg-3.5-el7-testing
RPMs
src
htvault-config-1.6-1.osg35.el7.src.rpm (info) (download)
x86_64
htvault-config-1.6-1.osg35.el7.x86_64.rpm (info) (download)
Logs
x86_64
root.log
hw_info.log
installed_pkgs.log
mock_output.log
state.log
build.log
Changelog * Wed Sep 15 2021 Dave Dykstra <dwd@fnal.gov> 1.6-1 - Update to vault-plugin-secrets-oauthapp 3.0.0-beta.4 which includes a replacement for PR #64. * Mon Sep 13 2021 Dave Dykstra <dwd@fnal.gov> 1.5-1 - Require at least vault version 1.8.2 - Update to vault-plugin-auth-jwt to the master branch at the time of the 0.10.1 tag of the release-1.8 branch - Update to vault-plugin-secrets-oauthapp 3.0.0-beta.3 and use its new feature of combining all providers in a single plugin process - Include vault-plugin-secrets-oauthapp PR #64 which enables a default "legacy" server so older versions of htgettoken can still work. - Reconfigure kerberos if the service name changes. - Add a "kerbservice" issuers keyword to select non-default kerberos service for a particular issuer - Immediately fail with a clear message if there's a duplicate name in a configuration list - Allow vault tokens to read auth/token/lookup-self so clients can look up the remaining time to live on the tokens * Tue Jul 20 2021 Dave Dykstra <dwd@fnal.gov> 1.4-1 - Updated the token exchange PR for vault-plugin-secrets-oauthapp to send the client secret in the initial authorization request in the device flow - Updated to vault-plugin-secrets-oauthapp-2.2.0 * Mon Jul 12 2021 Dave Dykstra <dwd@fnal.gov> 1.3-1 - Added license in COPYING file - Updated to vault-plugin-secrets-oauthapp-2.1.0 - Updated the token exchange PR for vault-plugin-secrets-oauthapp to accept comma-separated lists of audiences - Added audit log at /var/log/htvault-config/auditlog - Enabled delayed log compression and daily logs instead of weekly - Add support for moving the master in a high-availability cluster from one machine to another and for changing the name of either peer - If 'name' is missing from a yaml list, give a helpful error message instead of causing a python crash - Limit vault token policies for oidc and kerberos to a single role and issuer. To use these limited policies for kerberos requires htgettoken >= 1.3 so for now the coarse-grained kerberos is still supported as well but it will be removed later. - Remove the default policy from vault tokens. * Thu Jun 17 2021 Dave Dykstra <dwd@fnal.gov> 1.2-1 - Update to vault-plugin-auth-jwt-0.9.4 and require vault-1.7.3 * Mon May 10 2021 Dave Dykstra <dwd@fnal.gov> 1.1-1 - Correctly disable secret oauth module instead of incorrect auth module when something changes requiring clearing out of old secrets. - Allow dashes in names by converting them in bash variables to underscores, and reject any other non-alphanumeric or underscore in names. - Fix bug in RFC8693 token exchange pull request to puppetlabs plugin which caused comma-separated scopes to get sent to the token issuer instead of space-separated scopes. * Wed May 05 2021 Dave Dykstra <dwd@fnal.gov> 1.0-2 - Add Requires: python3-PyYAML * Tue May 04 2021 Dave Dykstra <dwd@fnal.gov> 1.0-1 - Convert to using yaml files instead of shell variables to configure. - Only update the vault configuration for things that have changed in the configuration, and include removing things that have been removed. - Keep secrets off command line to hide them from 'ps'. - Require at least vault-1.7.1 * Thu Apr 15 2021 Dave Dykstra <dwd@fnal.gov> 0.7-1 - Update to vault-plugin-secrets-oauthapp version 2.0.0 - Update to final version of PR for periodic refresh of credentials - Move the 'PartOf' rule in htvault-config.service to the correct section. - Prevent vault DB initialization failure from blocking future attempts. - Change to have vault listen on all interfaces with tls for port 8200, and to use port 8202 for non-tls localhost access. * Thu Apr 08 2021 Dave Dykstra <dwd@fnal.gov> 0.6-1 - Update vault-plugin-secrets-oauthapp to version 1.10.1, including applying a bug fix for broken minimum_seconds option - Disable periodic refresh of credentials; make it be only on demand - Require at least vault-1.7.0 * Mon Mar 22 2021 Dave Dykstra <dwd@fnal.gov> 0.5-2 - Update vault-plugin-auth-jwt to version 0.9.2 * Fri Feb 19 2021 Dave Dykstra <dwd@fnal.gov> 0.5-1 - Always reconfigure everything when systemd service is started, just don't disable/reenable oauthapp because that wipes out stored secrets. - Support multiple roles per issuer. * Thu Feb 18 2021 Dave Dykstra <dwd@fnal.gov> 0.4-1 - Rename the few OIDC-related variables that didn't begin with OIDC to begin with OIDC. * Wed Feb 17 2021 Dave Dykstra <dwd@fnal.gov> 0.3-1 - Rename make-downloads to make-source-tarball and make it have more in common with the vault-rpm build * Mon Feb 01 2021 Dave Dykstra <dwd@fnal.gov> 0.2-1 - Pre-download and prepare all the go modules using new make-downloads script, so no network is needed during rpm build. * Fri Jan 29 2021 Dave Dykstra <dwd@fnal.gov> 0.1-1 - Initial pre-release, including parameterization based on shell variables