vault-pki-backend-venafi icon indicating copy to clipboard operation
vault-pki-backend-venafi copied to clipboard

Published 20 hours ago verified publisher icon Venafi

Bump github.com/Venafi/vcert/v5 from 5.5.0 to 5.7.1

Open dependabot[bot] opened this issue 5 months ago • 0 comments

Bumps github.com/Venafi/vcert/v5 from 5.5.0 to 5.7.1.

Release notes

Sourced from github.com/Venafi/vcert/v5's releases.

v5.7.1 Support for VCP Provisioning

VCert SDK

This enables a new method Provision Certificate where you can provide:

  • Certificate ID or Pickup ID (a.k.a Request ID in VCP)
  • Keystore ID: The ID in VCP where you chose to perform provisioning
  • Keystore Name: Name of your Cloud Keystore (along with Provider Name)
  • Provider Name: Name of yout Cloud Provider (along with Keystore Name)
  • Keystore Object: You can feed the method with Keystore object in case you already know the data. This avoids running an extra API call for getting this information.
  • Certificate Name: Name of the certificate that should have when provisioned (valid for Azure Key Vault or Google Certificate Manager)
  • ARN: AWS Resource Name. To be specified in case of doing a certificate replacement, in which you would point to an already existing ARN.

[!IMPORTANT] ⚠️ This is a breaking change against the previous v5.7.0 pre-release, since now we removed the ProvisionCertificate function from endpoint.go file and thus removing it to be defined for other connectors, since this provision feature only makes sense for Venafi Control Plane's perspective

VCert CLI

Enabled command provision and subcommand cloudkeystore which allows to specify provisioning from VCP to specified Cloud Keystore with following flags:

  • --certificate-id: The id of the certificate to be provisioned to a cloud keystore.
  • --keystore-id: The id of the cloud keystore where the certificate will be provisioned.
  • --keystore-name: The name of the cloud keystore where the certificate will be provisioned. Must be set along with provider-name flag.
  • --pickup-id: Use to specify the unique identifier of the certificate returned by the enroll or renew actions.
  • --provider-name: The name of the cloud provider which owns the cloud keystore where the certificate will be provisioned. Must be set along with keystore-name flag.
  • --certificate-name: Use to specify Cloud Keystore Certificate Name to be set or replaced by provisioned certificate (only for Azure Key Vault and Google Certificate Manager)
  • --arn: Use to specify AWS Resource Name which provisioned certificate will replace (only for AWS Certificate Manager)

Example returned info for Azure Key Vault:

cloudId: https://my-key-vault.vault.azure.net/certificates/something-venafi-example-com/asdf4q23g528cuhip4bjdeonvszr0fnc6
azureName: something-venafi-example-com
azureVersion: asdf4q23g528cuhip4bjdeonvszr0fnc6
machineIdentityId: 9326192f-30a6-47f2-8b95-3523d3eacd68
machineIdentityActionType: New

Notice cloudId, which is the generic ID of the Cloud platform where your certificate is located.

To find out more, check here

NEW CHANGES

VCert Playbook

Enhancements:

  • Allows the use of useLegacyP12 attribute in installations block as an option in playbooks. (PR#464)

... (truncated)

Changelog

Sourced from github.com/Venafi/vcert/v5's changelog.

5.6.3 (April 9th, 2024)

General:

  • Updates all playbook samples, removing deprecated attributes and making sure they work out-of-the-box

VCert SDK:

  • Adds TokenURL to endpoint.Authentication
  • Cloud Connector will stop using the TokenURL attribute from endpoint.OAuthProvider and start using the new one (above)

VCert CLI:

  • Internal changes to make use fo the new TokenURL attribute
  • Renames getcred command flag --idp-jwt back to --external-jwt
  • Fixes an issue whereby using getcred command to request a TPP access token by using username/password threw the deprecation warning message. This should not happen for getcred command
  • Fixes an issue whereby requesting an access token for VCP platform printed the wrong expiration date. Now it properly prints the expiration date

VCert SDK:

  • Adds new attribute config.connection.credentials.tokenURL to playbook file. This attribute should be used to pass the VCP token url value
  • Stops using config.connection.credentials.idP.tokenURL for the VCP token url value
  • Enhances the task run. Now, a failed task will not terminate the playbook execution, instead it will run all tasks and errors will be reported at the end of the run.

5.6.2 (April 4th, 2024)

VCert SDK:

  • Removes TenantID from endpoint.Authentication struct
  • cloud.Connector will use endpoint.Authentication.OAuthProvider.TokenURL instead of building the URL (using the tenantID) to obtain the access token

VCert CLI:

  • Removes --tenant-id flag for getcred command
  • Adds --token-url flag for getcred command

VCert Playbook:

  • Removes tenantId attribute from config.connection.credentials object
  • Now uses config.connection.credentials.idP.tokenURL for Venafi Control Plane service account authentication

5.6.1 (April 2nd, 2024)

VCert SDK:

  • Adds UserAgent header to api requests for TPP, Cloud and Firefly connectors
  • Adds functionality to convert a Platform type to a ConnectorType enum

5.6.0 (March 28th, 2024)

VCert SDK:

  • Adds support for service account authentication in Cloud connector

VCert CLI:

  • Adds new attributes to getcred command: tenant-id and external-jwt for Venafi Control Plane (VCP) service

... (truncated)

Commits
  • bbf788e Merge pull request #493 from Venafi/VC-32829/cucumber-tests-for-provisioning-2
  • 2609fc1 fixes regex reading cloud ID depending if JSON output or not
  • f7e1fd7 fix cloud ID validation during cleanup in cucumber tests
  • aa37719 Merge pull request #494 from Venafi/cloud-cert-id-fix
  • b88242f fix(cloud-connector): Adds certificate ID
  • e437fc3 fixes golangci-lint issues
  • ab03020 changes output in CLI to unify returned ID's from providers in Cloud ID. Prov...
  • 38f28d3 Merge pull request #492 from Venafi/VC-32829/cucumber-tests-for-provisioning
  • 23ba91f changes var name from keystore id to cloud id and refactors cucumber tests ac...
  • a6c362e adds logic for google provider cucumber tests. removes unused gemfile. adds n...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Sep 11 '24 19:09 dependabot[bot]