v0.13.0-alpha.0

approver-policy provides a policy engine for certificates issued by cert-manager!

Read https://github.com/cert-manager/approver-policy/releases/tag/v0.13.0-alpha.0 before installing.
This release adds values.yaml jsonschema validation to the Helm chart and adds 'crds.enabled' and 'crds.keep' options to control the CRDs in Helm.

🔧 Breaking changes

By default, the Helm chart now adds the helm.sh/resource-policy: keep annotation to all CRDs.
This prevents accidental deletion of CRDs when uninstalling the component using Helm.
However, this also introduces an additional uninstallation step:

$ kubectl delete crd certificaterequestpolicies.policy.cert-manager.io

You can also not add the annotation by adding '--set crds.keep=false' to your installation and you can exclude the CRD from the Helm installation by setting '--set crds.enabled=false'.

What's Changed

• Remove README header since it is already included in the artifacthub sidebar by @inteon in #367
• Replace tab with spaces in API comment by @inteon in #369
• docs(api): fenced code block to fix generated API docs by @erikgb in #371
• docs(api): add ticks to Godoc to fix generated API docs by @erikgb in #372
• Add 'crds.enabled' and 'crds.keep' options to generated CRDs by @inteon in #376
• Enable helm-tool linter and schema generator by @inteon in #340

Dependabot:

• build(deps): bump the all group with 1 update by @dependabot in #368
• build(deps): bump the all group with 1 update by @dependabot in #375
• build(deps): bump the all group with 7 updates by @dependabot in #377

Makefile module updates:

• [CI] Merge self-upgrade into main by @github-actions in #370
• [CI] Merge self-upgrade into main by @github-actions in #373
• [CI] Merge self-upgrade into main by @github-actions in #374
• [CI] Merge self-upgrade into main by @github-actions in #378

Full Changelog: v0.12.1...v0.13.0-alpha.0

v0.12.1

Read https://github.com/cert-manager/approver-policy/releases/tag/v0.12.0 before installing.
This patch release improves the Helm chart README and metadata properties.

What's Changed

• Update Chart.yaml properties by @inteon in #364
• [CI] Merge self-upgrade into main by @github-actions in #365
• Update README header by @inteon in #366

Full Changelog: v0.12.0...v0.12.1

v0.12.0

approver-policy provides a policy engine for certificates issued by cert-manager!

Breaking Changes

This release of approver-policy changes how containers are built, which in turn changes the path at which the binary can be found inside the container.

This means that new container images cannot be used with older Helm charts, or with any software which expects the old path.

For the simplest upgrade experience, use the latest helm chart with the latest image.

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.12.0

What's Changed

• Add allow-all example by @inteon in #343
• fix: should reconcile certificate request policies consistently by @hrbasic in #353
• Remove unnecessary types by @inteon in #336
• Add thatsmrtalbot as reviewer by @ThatsMrTalbot in #360
• Use helm-tool for chart README by @ThatsMrTalbot in #349
• Docs: updating values.yaml for better comment docs by @ditatechwriter in #359
• Cleanup Chart.yaml and README.md by @inteon in #361

Dependabot updates

• build(deps): bump the all group with 1 update by @dependabot in #314
• build(deps): bump the all group with 3 updates by @dependabot in #323
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #326
• build(deps): bump the all group with 4 updates by @dependabot in #317
• build(deps): bump the all group with 3 updates by @dependabot in #330
• build(deps): bump the all group with 2 updates by @dependabot in #344
• build(deps): bump the all group with 7 updates by @dependabot in #355

Makefile updates

• Migrate makefiles and CI/CD by @inteon in #306
• Makefile modules upgrade: self-upgrade bugfix by @inteon in #322
• Upgrade self-upgrade by @inteon in #327
• Remove deprecated make targets by @inteon in #333
• Upload junit and coverage results to ARTIFACTS folder by @inteon in #334
• Upgrade repository-base module by @inteon in #346
• Upgrade oci module by @inteon in #354
• Use standardised release process by @inteon in #358
• [CI] Merge self-upgrade into main by @github-actions in #363

New Contributors

• @github-actions made their first contribution in #324
• @ThatsMrTalbot made their first contribution in #349
• @hrbasic made their first contribution in #353
• @ditatechwriter made their first contribution in #359

Full Changelog: v0.11.0...v0.12.0

v0.12.0-alpha.2

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.12.0-alpha.2

What's Changed

• fix: should reconcile certificate request policies consistently by @hrbasic in #353
• build(deps): bump the all group with 7 updates by @dependabot in #355
• [CI] Merge self-upgrade into main by @github-actions in #356

New Contributors

• @hrbasic made their first contribution in #353

Full Changelog: v0.12.0-alpha.1...v0.12.0-alpha.2

v0.12.0-alpha.1

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.12.0-alpha.1

What's Changed

• Migrate makefiles and CI/CD by @inteon in #306
• Remove deprecated make targets by @inteon in #333
• Remove unnecessary types by @inteon in #336
• Upload junit and coverage results to ARTIFACTS folder by @inteon in #334
• Add allow-all example by @inteon in #343
• Use helm-tool for chart README by @ThatsMrTalbot in #349

Dependabot updates:

• build(deps): bump the all group with 1 update by @dependabot in #314
• build(deps): bump the all group with 3 updates by @dependabot in #323
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #326
• build(deps): bump the all group with 4 updates by @dependabot in #317
• build(deps): bump the all group with 3 updates by @dependabot in #330
• build(deps): bump the all group with 2 updates by @dependabot in #344

Makefile updates:

• Makefile modules upgrade: self-upgrade bugfix by @inteon in #322
• Upgrade self-upgrade by @inteon in #327
• Upgrade repository-base module by @inteon in #346
• Upgrade oci module by @inteon in #354
• [CI] Merge self-upgrade into main by @github-actions in #324
• [CI] Merge self-upgrade into main by @github-actions in #328
• [CI] Merge self-upgrade into main by @github-actions in #331
• [CI] Merge self-upgrade into main by @github-actions in #332
• [CI] Merge self-upgrade into main by @github-actions in #335
• [CI] Merge self-upgrade into main by @github-actions in #337
• [CI] Merge self-upgrade into main by @github-actions in #338
• [CI] Merge self-upgrade into main by @github-actions in #339
• [CI] Merge self-upgrade into main by @github-actions in #342
• [CI] Merge self-upgrade into main by @github-actions in #345
• [CI] Merge self-upgrade into main by @github-actions in #347
• [CI] Merge self-upgrade into main by @github-actions in #348
• [CI] Merge self-upgrade into main by @github-actions in #350
• [CI] Merge self-upgrade into main by @github-actions in #352

New Contributors

• @github-actions made their first contribution in #324
• @ThatsMrTalbot made their first contribution in #349

Full Changelog: v0.11.0...v0.12.0-alpha.1

v0.12.0-alpha.0

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.12.0-alpha.0

Important: The released container images for v0.12.0-alpha.0 include an image for the s390x architecture. This is an oversight introduced by a new build process. We don't intend to widen our list of supported architectures for approver-policy in v0.12.0 - the correct list of supported architectures currently is amd64, arm64, armv7 and ppc64le.

v0.11.0

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.11.0

What's Changed

• feat: add allowed CEL validation rules by @erikgb in #277
• CEL expressions approver design by @erikgb in #256
• Add missing copyright by @inteon in #308
• Don't use ROOTDIR environment variable in tests. by @inteon in #309
• chore(deps): upgrade github.com/google/cel-go by @erikgb in #311
• build(deps): bump the all group with 3 updates by @dependabot in #312
• docs: brush-up policy examples by @erikgb in #310

Full Changelog: v0.10.1...v0.11.0

v0.10.1

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.10.1

What's Changed

• fix: dynamic cert runnable must NOT be leader election aware by @erikgb in #305

Full Changelog: v0.10.0...v0.10.1

v0.10.0

Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.10.0

What's Changed

• Metrics: add the approved_count and unmatched_count metrics by @maelvls in #289
• Advanced Metrics: Add the "denied_count" metric to account for the Denied=True condition by @maelvls in #293
• Add erikgb to project reviewers by @erikgb in #294
• Bump the all group with 3 updates by @dependabot in #296
• Use cert-manager's servertls.CertificateSource and simplify webhook code by @inteon in #298
• fix: typos in error message wrapping by @erikgb in #302
• Bump the all group with 2 updates by @dependabot in #299
• fix: should not change existing condition of type by @erikgb in #303
• build(deps): bump the all group with 2 updates by @dependabot in #304

New Contributors

• @maelvls made their first contribution in #289

Full Changelog: v0.9.0...v0.10.0

v0.9.0

📖 Documentation: Read the approver-policy installation instructions on the cert-manager website.

📦 Docker Image: quay.io/jetstack/cert-manager-approver-policy:v0.9.0

What's Changed

• Refactor Evaluate preparing for CEL by @erikgb in #272
• Fix typo pared -> paired by @SgtCoDFish in #279
• feat: add TODO for validation of fields with set semantics by @erikgb in #281
• Bump the all group with 3 updates by @dependabot in #282
• chore: add .gitattributes to mark generated files by @erikgb in #285
• chore: rename ' .gitattributes' to .gitattributes by @erikgb in #286
• Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #284
• Bump golang.org/x/net from 0.10.0 to 0.17.0 in /hack/tools by @dependabot in #283
• docs: refine CertificateRequestPolicy API docs by @erikgb in #280
• refactor: support for multiple errors on same field by @erikgb in #290
• chore(deps): bump K8s dependencies to latest releases by @erikgb in #291
• Bump the all group with 1 update by @dependabot in #292

Full Changelog: v0.8.0...v0.9.0