build(deps): bump github.com/hashicorp/vault/sdk from 0.8.1 to 0.9.0

[dependabot]

Bumps github.com/hashicorp/vault/sdk from 0.8.1 to 0.9.0.

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

0.9.0 (November 14th, 2017)

DEPRECATIONS/CHANGES:

• HSM config parameter requirements: When using Vault with an HSM, a new parameter is required: hmac_key_label. This performs a similar function to key_label but for the HMAC key Vault will use. Vault will generate a suitable key if this value is specified and generate_key is set true.
• API HTTP client behavior: When calling NewClient the API no longer modifies the provided client/transport. In particular this means it will no longer enable redirection limiting and HTTP/2 support on custom clients. It is suggested that if you want to make changes to an HTTP client that you use one created by DefaultConfig as a starting point.
• AWS EC2 client nonce behavior: The client nonce generated by the backend that gets returned along with the authentication response will be audited in plaintext. If this is undesired, the clients can choose to supply a custom nonce to the login endpoint. The custom nonce set by the client will from now on, not be returned back with the authentication response, and hence not audit logged.
• AWS Auth role options: The API will now error when trying to create or update a role with the mutually-exclusive options disallow_reauthentication and allow_instance_migration.
• SSH CA role read changes: When reading back a role from the ssh backend, the TTL/max TTL values will now be an integer number of seconds rather than a string. This better matches the API elsewhere in Vault.
• SSH role list changes: When listing roles from the ssh backend via the API, the response data will additionally return a key_info map that will contain a map of each key with a corresponding object containing the key_type.
• More granularity in audit logs: Audit request and response entries are still in RFC3339 format but now have a granularity of nanoseconds.
• High availability related values have been moved out of the storage and ha_storage stanzas, and into the top-level configuration. redirect_addr has been renamed to api_addr. The stanzas still support accepting HA-related values to maintain backward compatibility, but top-level values will take precedence.
• A new seal stanza has been added to the configuration file, which is optional and enables configuration of the seal type to use for additional data protection, such as using HSM or Cloud KMS solutions to encrypt and decrypt data.

FEATURES:

• RSA Support for Transit Backend: Transit backend can now generate RSA keys which can be used for encryption and signing. [GH-3489]
• Identity System: Now in open source and with significant enhancements, Identity is an integrated system for understanding users across tokens and enabling easier management of users directly and via groups.
• External Groups in Identity: Vault can now automatically assign users and systems to groups in Identity based on their membership in external groups.

... (truncated)

Commits

• bdac185 Cut version 0.9.0
• be83081 changelog++
• f056cf9 Sync docs
• 4033471 Prep for 0.9.0
• 4a60247 Fix mount path for credential values in aliases (#3580)
• c1ed4a0 Bump go version in Dockerfile
• 2a7f3e9 Acquire state lock at the start of UnsealWithRecoveryKeys (#3579)
• b659e94 API refactoring and doc updates (#3577)
• 58ce26a Update the path for generating DR Operation tokens (#3578)
• 81f968f Remove unused recovery field in dynamodb backend (#3569)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)