approver-policy provides a policy engine for certificates issued by cert-manager!
v0.17.0 could be considered a bugfix release, but one of the changes is important enough to deserve a minor release for increased visibility:
It turns out that approver-policy did not consider the cert-manager issuer group and kind defaults when matching policies against cert-manager CertificateRequest resources. This was probably not intentional and has now been fixed. So if a CertificateRequest does not specify spec.issuerRef.group or spec.issuerRef.kind, approver-policy will default to the same values as cert-manager:
cert-manager.iofor issuer groupIssuerfor issuer kind
What's Changed
- test(e2e): rework to facilitate adding more tests by @erikgb in #525
- fix: apply cert-manager default issuer kind/group when matching policies by @erikgb in #523
- BUGFIX: Webhook CA Secret name should match Helm templated RBAC by @erikgb in #534
- Various updates relating to makefile-modules, including #524, #526, #527, #529, #532 (@cert-manager-bot )
- Various @dependabot updates (#522, #528, #530, #531, #533)
Full Changelog: v0.16.0...v0.17.0
Contributors
erikgb, dependabot, and cert-manager-bot