Merge branch 'master' into f-template-followups

* master: changelog++ Update CHANGELOG.md Abstract generate-root authentication into the strategy interface (#7698) Changelog: clarify enterprise seal migration fix changelog++ Update transit docs to add aes128/p384/p521 information (#7718) Show versions that are active when delete_version_after is configured (#7685) changelog++ agent: fix data race on inmemSink's token (#7707) Use docker instead of an external LDAP server that sometimes goes down (#7522) changelog++ Fix a nil map pointer in mergeEntity. (#7711) changelog++ TestSysRekey_Verification would fail sometimes when recovery=true (#7710)
hashicorp · Oct 24, 2019 · d5ce465 · d5ce465
2 parents 98348c8 + 33ff82b
commit d5ce465
Show file tree

Hide file tree

Showing 18 changed files with 526 additions and 367 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,9 @@ FEATURES:
    password will be rotated when it's checked back in.
  * **New UI Features** The UI now supports managing users and groups for the Userpass, Cert, Okta, and Radius auth methods.
  * **Vault Agent Template** Vault Agent now supports rendering templates containing Vault secrets to disk, similar to Consul Template [GH-7652]
+ * **Shamir with Stored Master Key** The on disk format for Shamir seals has changed,
+   allowing for a secondary cluster using Shamir downstream from a primary cluster
+   using AutoUnseal. [GH-7694]
 
 CHANGES: 
 
@@ -69,6 +72,7 @@ IMPROVEMENTS:
    from `telemetry` due to potential sensitive entries in those fields.
  * ui: when using raft storage, you can now join a raft cluster, download a
    snapshot, and restore a snapshot from the UI [GH-7410]
+ * ui: clarify when secret version is deleted in the secret version history dropdown [GH-7714]
  * sys: Add a new `sys/internal/counters/tokens` endpoint, that counts the
    total number of active service token accessors in the shared token storage.
    [GH-7541]
@@ -77,6 +81,7 @@ IMPROVEMENTS:
 
 BUG FIXES:
 
+ * agent: Fix a data race on the token value for inmemsink [GH-7707]
  * auth/gcp: Fix a bug where region information in instance groups names could
    cause an authorization attempt to fail [GCP-74]
  * cli: Fix a bug where a token of an unknown format (e.g. in ~/.vault-token)
@@ -89,6 +94,7 @@ BUG FIXES:
  * ui: using the `wrapped_token` query param will work with `redirect_to` and
    will automatically log in as intended [GH-7398]
  * ui: fix an error when initializing from the UI using PGP keys [GH-7542]
+ * ui: show all active kv v2 secret versions even when `delete_version_after` is configured [GH-7685] 
  * cli: Command timeouts are now always specified solely by the
    `VAULT_CLIENT_TIMEOUT` value. [GH-7469]
 
@@ -104,15 +110,18 @@ CHANGES:
 IMPROVEMENTS:
   * cli: Ignore existing token during CLI login [GH-7508]
   * core: Log proxy settings from environment on startup [GH-7528]
+  * core: Cache whether we've been initialized to reduce load on storage [GH-7549]
 
 BUG FIXES:
 
  * agent: Fix handling of gzipped responses [GH-7470]
  * cli: Fix panic when pgp keys list is empty [GH-7546]
  * core: add hook for initializing seals for migration [GH-7666]
- * core (enterprise): Fix seal migration in enterprise
+ * core (enterprise): Migrating from one auto unseal method to another never
+   worked on enterprise, now it does.
  * identity: Add required field `response_types_supported` to identity token
    `.well-known/openid-configuration` response [GH-7533]
+ * identity: Fixed nil pointer panic when merging entities [GH-7712]
  * secrets/database: Fix bug in combined DB secrets engine that can result in
    writes to static-roles endpoints timing out [GH-7518]
  * secrets/pki: Improve tidy to continue when value is nil [GH-7589]