·
12 commits
to main
since this release
v0.16.0
SgtCoDFish
Ashley Davis
This tag was signed with the committer’s verified signature.
SgtCoDFish
Ashley Davis
approver-policy provides a policy engine for certificates issued by cert-manager!
v0.16.0 adds an awesome improvement to the CEL validator courtesy of @jamesglennan!
The username field of CertificateRequest (CR) resources is now exposed to CEL, allowing for rich logical operators on the contents of the username.
This is useful for making complex decisions about whether the user who created the CR should be allowed to do so, beyond what's provided by Kubernetes' RBAC mechanism.
For example, if pods create their own CertificateRequests directly using RBAC, you might use this new feature to ensure that the CR inludes the Pod's ServiceAccount in the URIs field (for example, in a SPIFFE ID).
What's Changed
- Add CertificateRequest username to CEL Validator with serviceaccount functions by @jamesglennan in #514 🎉
- Various updates relating to makefile-modules, including #504, #507, #511, #512, #515, #520, #517 (@cert-manager-bot )
- Various @dependabot updates (#518, #516, #510, #519)
New Contributors
- @jamesglennan made their first contribution in #514 🎉
Special Thanks
- @erikgb for reviews!
Full Changelog: v0.15.2...v0.16.0
Contributors
erikgb, dependabot, and 2 other contributors