Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth/centrify: Centrify auth method is now deprecated #23050

Merged
merged 4 commits into from
Sep 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog/23050.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:deprecation
auth/centrify: Centrify plugin is deprecated as of 1.15, slated for removal in 1.17
```
11 changes: 7 additions & 4 deletions helper/builtinplugins/registry.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,13 @@ func newRegistry() *registry {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"approle": {Factory: credAppRole.Factory},
"aws": {Factory: credAws.Factory},
"azure": {Factory: credAzure.Factory},
"centrify": {Factory: credCentrify.Factory},
"approle": {Factory: credAppRole.Factory},
"aws": {Factory: credAws.Factory},
"azure": {Factory: credAzure.Factory},
"centrify": {
Factory: credCentrify.Factory,
DeprecationStatus: consts.Deprecated,
},
"cert": {Factory: credCert.Factory},
"cf": {Factory: credCF.Factory},
"gcp": {Factory: credGcp.Factory},
Expand Down
3 changes: 2 additions & 1 deletion website/content/docs/deprecation/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ description: |-

# Feature deprecation notice and plans

This announcement page is maintained and updated periodically to communicate important decisions made concerning End of Support(EoS) for Vault features as well as features we have removed or disabled from the product. We document the removal of features, enable the community with a plan and timeline for eventual deprecations, and supply alternative paths to explore and evaluate to minimize business disruptions. If you have questions or concerns about a deprecated feature, please create a topic on [the community forum](https://discuss.hashicorp.com/c/vault/30) or raise a ticket with your support team. Please refer to the [FAQ](/vault/docs/deprecation/faq) page for frequently asked questions concerning Vault feature deprecations.
This announcement page is maintained and updated periodically to communicate important decisions made concerning End of Support (EoS) for Vault features as well as features we have removed or disabled from the product. We document the removal of features, enable the community with a plan and timeline for eventual deprecations, and supply alternative paths to explore and evaluate to minimize business disruptions. If you have questions or concerns about a deprecated feature, please create a topic on [the community forum](https://discuss.hashicorp.com/c/vault/30) or raise a ticket with your support team. Please refer to the [FAQ](/vault/docs/deprecation/faq) page for frequently asked questions concerning Vault feature deprecations.

**Deprecation Announcement**: This indicates the release version during which the announcement was made to deprecate a feature.

Expand All @@ -35,6 +35,7 @@ This announcement page is maintained and updated periodically to communicate imp
| SHA-1 certificate signing | v1.11 | v1.11 | v1.12 | Go version 1.18 removes support for SHA-1 by default. As Vault updates its Go version to 1.18, you should plan to move off SHA-1 for certficate signing. Operators can set a Go [environmental variable](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1) to restore SHA-1 support if they need to continue using SHA-1. It is unknown at this time when Go will remove the environmental variable support. Therefore, we highly encourage you to migrate off of SHA-1 for certificate signing. |[FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)|
| Consul secrets engine parameter changes | v1.11 | N/A | N/A | The `policies` parameter on the Consul secrets engine has been changed in favor of `consul_policies`. The `token_type` and `policy` parameters have been deprecated as the latest versions of Consul no longer support the older ACL system they were used for. | [Consul secrets engine API documentation](/vault/api-docs/secret/consul) |
| Vault Agent API proxy support | v1.14 | v1.16 | v1.17 | Migrate to [Vault Proxy](/vault/docs/proxy/index) by v1.17|
| Centrify Auth Method | v1.15 | v1.17 | v1.17 | Use as an external plugin, but support will not be available. | |

*If you use **Standalone DB Engines** or **AppID (Community)**, you should actively plan to migrate away from their usage. If you use these features and upgrade to Release 1.12, Vault will log error messages and shut down, and any attempts to add new mounts will result in an error.
This behavior may temporarily be overridden when starting the Vault server by using the `VAULT_ALLOW_PENDING_REMOVAL_MOUNTS` environment variable until they are officially removed in Vault version 1.13.
Expand Down