Pull in updated plugins

vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock

@@ -216,7 +216,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:450803219e484669ba680c777ecac629dac92abde2bc83009beaa630f5368e71"
+  digest = "1:606c7307ae83d1adc0901aa8909b700489d7f1294533344453436a8dbff0091b"
   name = "github.com/hashicorp/vault"
   packages = [
     "api",
@@ -226,6 +226,7 @@
     "helper/errutil",
     "helper/hclutil",
     "helper/jsonutil",
+    "helper/license",
     "helper/locksutil",
     "helper/logging",
     "helper/mlock",
@@ -245,7 +246,7 @@
     "version",
   ]
   pruneopts = "UT"
-  revision = "8655d167084028d627f687ddc25d0c71307eb5be"
+  revision = "c0739a0f2367d5fdd20cef502b628e01bdb90470"
 
 [[projects]]
   branch = "master"
@@ -287,6 +288,17 @@
   revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39"
   version = "v1.0.0"
 
+[[projects]]
+  digest = "1:c7a5e79396b6eb570159df7a1d487ce5775bf43b7907976fbef6de544ea160ad"
+  name = "github.com/pierrec/lz4"
+  packages = [
+    ".",
+    "internal/xxh32",
+  ]
+  pruneopts = "UT"
+  revision = "473cd7ce01a1113208073166464b98819526150e"
+  version = "v2.0.8"
+
 [[projects]]
   branch = "master"
   digest = "1:bd9efe4e0b0f768302a1e2f0c22458149278de533e521206e5ddc71848c269a0"

vendor/github.com/hashicorp/vault-plugin-auth-azure/path_config.go

@@ -16,26 +16,31 @@ func pathConfig(b *azureAuthBackend) *framework.Path {
 				Description: `The tenant id for the Azure Active Directory.  This is sometimes
 				referred to as Directory ID in AD.  This value can also be provided with the 
 				AZURE_TENANT_ID environment variable.`,
+				DisplayName: "Tenant ID",
 			},
 			"resource": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The resource URL for the vault application in Azure Active Directory.
 				This value can also be provided with the AZURE_AD_RESOURCE environment variable.`,
+				DisplayName: "Resource",
 			},
 			"environment": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The Azure environment name. If not provided, AzurePublicCloud is used.
 				This value can also be provided with the AZURE_ENVIRONMENT environment variable.`,
+				DisplayName: "Environment",
 			},
 			"client_id": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The OAuth2 client id to connection to Azure.
 				This value can also be provided with the AZURE_CLIENT_ID environment variable.`,
+				DisplayName: "Client ID",
 			},
 			"client_secret": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The OAuth2 client secret to connection to Azure.
 				This value can also be provided with the AZURE_CLIENT_SECRET environment variable.`,
+				DisplayName: "Client Secret",
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{

vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 
 	"encoding/json"
+
 	"github.com/hashicorp/go-gcp-common/gcputil"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@@ -20,11 +21,13 @@ func pathConfig(b *GcpAuthBackend) *framework.Path {
 				Description: `
 Google credentials JSON that Vault will use to verify users against GCP APIs.
 If not specified, will use application default credentials`,
+				DisplayName: "Credentials",
 			},
 			"google_certs_endpoint": {
 				Type: framework.TypeString,
 				Description: `
 Deprecated. This field does nothing and be removed in a future release`,
+				Deprecated: true,
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{

vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_config.go

@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
+	"fmt"
 	"net/http"
 
 	"context"
@@ -33,6 +34,10 @@ func pathConfig(b *jwtAuthBackend) *framework.Path {
 				Type:        framework.TypeCommaStringSlice,
 				Description: `A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with "oidc_discovery_url".`,
 			},
+			"jwt_supported_algs": {
+				Type:        framework.TypeCommaStringSlice,
+				Description: `A list of supported signing algorithms. Defaults to RS256.`,
+			},
 			"bound_issuer": {
 				Type:        framework.TypeString,
 				Description: "The value against which to match the 'iss' claim in a JWT. Optional.",
@@ -99,6 +104,7 @@ func (b *jwtAuthBackend) pathConfigRead(ctx context.Context, req *logical.Reques
 			"oidc_discovery_url":     config.OIDCDiscoveryURL,
 			"oidc_discovery_ca_pem":  config.OIDCDiscoveryCAPEM,
 			"jwt_validation_pubkeys": config.JWTValidationPubKeys,
+			"jwt_supported_algs":     config.JWTSupportedAlgs,
 			"bound_issuer":           config.BoundIssuer,
 		},
 	}
@@ -111,6 +117,7 @@ func (b *jwtAuthBackend) pathConfigWrite(ctx context.Context, req *logical.Reque
 		OIDCDiscoveryURL:     d.Get("oidc_discovery_url").(string),
 		OIDCDiscoveryCAPEM:   d.Get("oidc_discovery_ca_pem").(string),
 		JWTValidationPubKeys: d.Get("jwt_validation_pubkeys").([]string),
+		JWTSupportedAlgs:     d.Get("jwt_supported_algs").([]string),
 		BoundIssuer:          d.Get("bound_issuer").(string),
 	}
 
@@ -133,6 +140,15 @@ func (b *jwtAuthBackend) pathConfigWrite(ctx context.Context, req *logical.Reque
 			}
 		}
 
+	case len(config.JWTSupportedAlgs) != 0:
+		for _, a := range config.JWTSupportedAlgs {
+			switch a {
+			case oidc.RS256, oidc.RS384, oidc.RS512, oidc.ES256, oidc.ES384, oidc.ES512, oidc.PS256, oidc.PS384, oidc.PS512:
+			default:
+				return logical.ErrorResponse(fmt.Sprintf("Invalid supported algorithm: %s", a)), nil
+			}
+		}
+
 	default:
 		return nil, errors.New("unknown condition")
 	}
@@ -182,6 +198,7 @@ type jwtConfig struct {
 	OIDCDiscoveryURL     string   `json:"oidc_discovery_url"`
 	OIDCDiscoveryCAPEM   string   `json:"oidc_discovery_ca_pem"`
 	JWTValidationPubKeys []string `json:"jwt_validation_pubkeys"`
+	JWTSupportedAlgs     []string `json:"jwt_supported_algs"`
 	BoundIssuer          string   `json:"bound_issuer"`
 
 	ParsedJWTPubKeys []interface{} `json:"-"`

vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go

@@ -136,7 +136,8 @@ func (b *jwtAuthBackend) pathLogin(ctx context.Context, req *logical.Request, d
 		}
 
 		verifier := provider.Verifier(&oidc.Config{
-			SkipClientIDCheck: true,
+			SkipClientIDCheck:    true,
+			SupportedSigningAlgs: config.JWTSupportedAlgs,
 		})
 
 		idToken, err := verifier.Verify(ctx, token)

vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock

@@ -203,7 +203,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:d00de8725219a569ffbb5dd1042e4ced1f3b5ccee2b07218371f71026cc7609a"
+  digest = "1:7be65468c591c5e836ec7ff70b6e7665452a6e700d5f0d5bb9edec8aa57b58e2"
   name = "github.com/hashicorp/vault"
   packages = [
     "api",
@@ -214,6 +214,7 @@
     "helper/errutil",
     "helper/hclutil",
     "helper/jsonutil",
+    "helper/license",
     "helper/locksutil",
     "helper/logging",
     "helper/mlock",
@@ -233,7 +234,7 @@
     "version",
   ]
   pruneopts = "UT"
-  revision = "add60e6dc7ff7b94487f3b5b680d00d7c05fe621"
+  revision = "c0739a0f2367d5fdd20cef502b628e01bdb90470"
 
 [[projects]]
   branch = "master"
@@ -275,6 +276,17 @@
   revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39"
   version = "v1.0.0"
 
+[[projects]]
+  digest = "1:c7a5e79396b6eb570159df7a1d487ce5775bf43b7907976fbef6de544ea160ad"
+  name = "github.com/pierrec/lz4"
+  packages = [
+    ".",
+    "internal/xxh32",
+  ]
+  pruneopts = "UT"
+  revision = "473cd7ce01a1113208073166464b98819526150e"
+  version = "v2.0.8"
+
 [[projects]]
   digest = "1:0e792eea6c96ec55ff302ef33886acbaa5006e900fefe82689e88d96439dcd84"
   name = "github.com/ryanuber/go-glob"

vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go

@@ -22,16 +22,20 @@ func pathConfig(b *kubeAuthBackend) *framework.Path {
 			"kubernetes_host": {
 				Type:        framework.TypeString,
 				Description: "Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.",
+				DisplayName: "Kubernetes Host",
 			},
+
 			"kubernetes_ca_cert": {
 				Type:        framework.TypeString,
 				Description: "PEM encoded CA cert for use by the TLS client used to talk with the API.",
+				DisplayName: "Kubernetes CA Certificate",
 			},
 			"token_reviewer_jwt": {
 				Type: framework.TypeString,
 				Description: `A service account JWT used to access the
 TokenReview API to validate other JWTs during login. If not set
 the JWT used for login will be used to access the API.`,
+				DisplayName: "Token Reviewer JWT",
 			},
 			"pem_keys": {
 				Type: framework.TypeCommaStringSlice,
@@ -39,6 +43,7 @@ the JWT used for login will be used to access the API.`,
 used to verify the signatures of kubernetes service account
 JWTs. If a certificate is given, its public key will be
 extracted. Not every installation of Kuberentes exposes these keys.`,
+				DisplayName: "Service account verification keys",
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{

vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/clients/sts.go

@@ -23,9 +23,9 @@ type STSClient struct {
 	client *sts.Client
 }
 
-func (c *STSClient) AssumeRole(userName, roleARN string) (*sts.AssumeRoleResponse, error) {
+func (c *STSClient) AssumeRole(roleSessionName, roleARN string) (*sts.AssumeRoleResponse, error) {
 	assumeRoleReq := sts.CreateAssumeRoleRequest()
 	assumeRoleReq.RoleArn = roleARN
-	assumeRoleReq.RoleSessionName = userName
+	assumeRoleReq.RoleSessionName = roleSessionName
 	return c.client.AssumeRole(assumeRoleReq)
 }

vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/path_creds.go

@@ -60,7 +60,7 @@ func (b *backend) operationCredsRead(ctx context.Context, req *logical.Request,
 		if err != nil {
 			return nil, err
 		}
-		assumeRoleResp, err := client.AssumeRole(generateUsername(req.DisplayName, roleName), role.RoleARN)
+		assumeRoleResp, err := client.AssumeRole(generateRoleSessionName(req.DisplayName, roleName), role.RoleARN)
 		if err != nil {
 			return nil, err
 		}
@@ -243,15 +243,24 @@ func (b *backend) operationCredsRead(ctx context.Context, req *logical.Request,
 
 // The max length of a username per AliCloud is 64.
 func generateUsername(displayName, roleName string) string {
-	username := fmt.Sprintf("%s-%s-", displayName, roleName)
+	return generateName(displayName, roleName, 64)
+}
 
-	// The time and random number take up to 15 more in length, so if the username
+// The max length of a role session name per AliCloud is 32.
+func generateRoleSessionName(displayName, roleName string) string {
+	return generateName(displayName, roleName, 32)
+}
+
+func generateName(displayName, roleName string, maxLength int) string {
+	name := fmt.Sprintf("%s-%s-", displayName, roleName)
+
+	// The time and random number take up to 15 more in length, so if the name
 	// is too long we need to trim it.
-	if len(username) > 49 {
-		username = username[:49]
+	if len(name) > maxLength-15 {
+		name = name[:maxLength-15]
 	}
 	r := rand.New(rand.NewSource(time.Now().UnixNano()))
-	return fmt.Sprintf("%s%d-%d", username, time.Now().Unix(), r.Intn(10000))
+	return fmt.Sprintf("%s%d-%d", name, time.Now().Unix(), r.Intn(10000))
 }
 
 const pathCredsHelpSyn = `

vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/README.md

@@ -84,6 +84,12 @@ instructions are only useful if you want to develop against the plugin.**
     $ vault secrets enable -path=gcpkms -plugin=vault-plugin-secrets-gcpkms plugin
     ```
 
+### Documentation
+
+The documentation for the plugin lives in the [main Vault
+repository](/hashicorp/vault) in the `website/` folder. Please make any
+documentation updates as separate Pull Requests against that repo.
+
 ### Tests
 
 This plugin has both unit tests and acceptance tests. To run the acceptance

vendor/vendor.json

@@ -1391,10 +1391,10 @@
 			"revisionTime": "2018-11-09T18:06:36Z"
 		},
 		{
-			"checksumSHA1": "Jj3mz58lSv0dsuXd6bVxGV4759w=",
+			"checksumSHA1": "UgLfwpXoRLpMOF0rzaj+cRcTtdo=",
 			"path": "github.com/hashicorp/vault-plugin-auth-azure",
-			"revision": "4c0b46069a2293d5a6ca7506c8d3e0c4a92f3dbc",
-			"revisionTime": "2018-12-07T23:25:28Z"
+			"revision": "0af1d040b5b329f41904cadcd96be55179468880",
+			"revisionTime": "2019-02-01T22:26:32Z"
 		},
 		{
 			"checksumSHA1": "4Z/niOo76EcP8KpLdSL5GdDcy78=",
@@ -1403,52 +1403,52 @@
 			"revisionTime": "2018-08-16T20:11:31Z"
 		},
 		{
-			"checksumSHA1": "llLHR3FVdqtuFgjIoL9GNN8zKKI=",
+			"checksumSHA1": "Nd9aBfL80t7N8B9VVsNBgihA5f4=",
 			"path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin",
-			"revision": "4d63bbfe6fcf0363a2ea2c273846e88b95d85089",
-			"revisionTime": "2018-12-10T20:01:33Z"
+			"revision": "7d4c2101e7d0b61ec9fb0dc3c75d79920c6369c5",
+			"revisionTime": "2019-02-01T21:54:14Z"
 		},
 		{
-			"checksumSHA1": "tt3FtyjXgdBI9Mb43UL4LtOZmAk=",
+			"checksumSHA1": "6B+p22t7wBR52hepGYd3t1JnDME=",
 			"path": "github.com/hashicorp/vault-plugin-auth-jwt",
-			"revision": "f428c77917331c1b87dae2dd37016bd1dd4c55da",
-			"revisionTime": "2018-10-31T19:59:42Z"
+			"revision": "a608a5ad1c249797e266cb8fcb4eac336aa72bef",
+			"revisionTime": "2019-01-28T23:42:21Z"
 		},
 		{
-			"checksumSHA1": "Ldg2jQeyPrpAupyQq4lRVN+jfFY=",
+			"checksumSHA1": "NfVgV3CmKXGRsXk1sYVgMMRZ5Zc=",
 			"path": "github.com/hashicorp/vault-plugin-auth-kubernetes",
-			"revision": "091d9e5d5fabce920533eff31ad778778992a671",
-			"revisionTime": "2018-11-30T16:25:33Z"
+			"revision": "db96aa4ab438cbc1cf544cec758d0d16ca4e9681",
+			"revisionTime": "2019-02-01T22:22:09Z"
 		},
 		{
 			"checksumSHA1": "PmhyvCKVlEMEP6JO31ozW+CBIiE=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin",
-			"revision": "540c0b6f1f113a1c6bdaa130a35ee8530c072b5a",
-			"revisionTime": "2018-11-09T18:28:34Z"
+			"revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8",
+			"revisionTime": "2019-01-31T22:24:16Z"
 		},
 		{
 			"checksumSHA1": "GOxdFElG31lXWgKFG9aqpDcG47M=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/client",
-			"revision": "540c0b6f1f113a1c6bdaa130a35ee8530c072b5a",
-			"revisionTime": "2018-11-09T18:28:34Z"
+			"revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8",
+			"revisionTime": "2019-01-31T22:24:16Z"
 		},
 		{
 			"checksumSHA1": "RaH2xTkjaToCk+RoPhap7I66ibo=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/util",
-			"revision": "540c0b6f1f113a1c6bdaa130a35ee8530c072b5a",
-			"revisionTime": "2018-11-09T18:28:34Z"
+			"revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8",
+			"revisionTime": "2019-01-31T22:24:16Z"
 		},
 		{
-			"checksumSHA1": "VLXyxS5dEoiWTSFmpMJIz+Pwtmw=",
+			"checksumSHA1": "l0xVOHA0/SIjNfrmBRbrFvMVOaw=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-alicloud",
-			"revision": "2aee79cc5cbf1bbca654dbc594f809cafc19cd8d",
-			"revisionTime": "2018-11-09T18:14:53Z"
+			"revision": "b0abe36195cb171e673a9f6425df977eff1ef825",
+			"revisionTime": "2019-01-31T21:18:12Z"
 		},
 		{
-			"checksumSHA1": "dqduixICi6NeyLNRCDdw62t1LFU=",
+			"checksumSHA1": "e96mN6plz/ApctpjvU2kiCumOl0=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-alicloud/clients",
-			"revision": "2aee79cc5cbf1bbca654dbc594f809cafc19cd8d",
-			"revisionTime": "2018-11-09T18:14:53Z"
+			"revision": "b0abe36195cb171e673a9f6425df977eff1ef825",
+			"revisionTime": "2019-01-31T21:18:12Z"
 		},
 		{
 			"checksumSHA1": "rgeBhrdLyF2orH3QA/H66ZSSbuo=",
@@ -1475,16 +1475,16 @@
 			"revisionTime": "2018-09-21T17:32:00Z"
 		},
 		{
-			"checksumSHA1": "TbPoZQkYZ7Bukdw6U+/GejbaZAs=",
+			"checksumSHA1": "StwRTX92gyH7iHkyZk4df+dLISM=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-gcpkms",
-			"revision": "6cd991800a6d7af69b1950ec4cbf402d021a099d",
-			"revisionTime": "2018-12-12T18:25:53Z"
+			"revision": "d6b25b0b4a39132ec3c02f19631b6a9bdadef042",
+			"revisionTime": "2019-01-16T16:49:38Z"
 		},
 		{
 			"checksumSHA1": "yhUUqN5rbEXnfI8WfGUofXToD+o=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-kv",
-			"revision": "9dbe04db0e34c9c3c75bedcdb16d8ff78f0c54bd",
-			"revisionTime": "2018-12-19T17:59:33Z"
+			"revision": "edbfe287c5d9277cecf2c91c79ffcc34f19d2049",
+			"revisionTime": "2019-01-15T20:37:47Z"
 		},
 		{
 			"checksumSHA1": "ldkAQ1CpiAaQ9sti0qIch+UyRsI=",