Releases: open-policy-agent/gatekeeper
Releases · open-policy-agent/gatekeeper
v3.16.3
Chores
- bumping frameworks/constraints (cp - 3399) (#3400) #3400 (Jaydipkumar Arvindbhai Gabani)
- Prepare v3.16.3 release (#3401) #3401 (github-actions[bot])
v3.16.2
v3.16.1 has been erroneously published for a wrong commit and it has been deleted to avoid any confusion. Please make sure to use v3.16.2 release instead.
Chores
- bumping to frameworks 2ece026, cherry-pick (#3392) (#3393) #3393 (Jaydipkumar Arvindbhai Gabani)
- Prepare v3.16.1 release (#3394) #3394 (github-actions[bot])
- Prepare v3.16.2 release (#3396) #3396 (github-actions[bot])
v3.17.0-beta.0
Documentation
- updates docs with new external data provider (#3356) #3356 (Nilekh Chaudhari)
Chores
- bump clsx from 2.1.0 to 2.1.1 in /website (#3371) #3371 (dependabot[bot])
- bump the k8s group across 1 directory with 4 updates (#3368) #3368 (dependabot[bot])
- bump kubectl from v1.29.3 to v1.30.0 (#3359) #3359 (dependabot[bot])
- adding design docs for scoped EA, VAP as EP, pubsub CRD (#3367) #3367 (Jaydipkumar Arvindbhai Gabani)
- Prepare v3.17.0-beta.0 release (#3379) #3379 (github-actions[bot])
v3.16.0
Notable Changes
- 🐊 As previously announced,
validate-template-regoflag, which was used to validate Rego for constraint templates, is removed in this release. Please make use of Gator to validate constraint template in shift left manner to avoid any impact with this behavior change. - 🎓 Integration with Kubernetes Validating Admission Policy (VAP) is now alpha! We are working on changes to the Gatekeeper Policy Library to add CEL-based policies.
What's Changed
- chore: bump kubectl from v1.29.0 to v1.29.1 by @dependabot in #3232
- chore: bump golang from
6ac4c35toadf7ccbin /build/tooling by @dependabot in #3233 - chore: bump golang from
6ac4c35toadf7ccbin /test/image by @dependabot in #3231 - chore: bump golang from
adf7ccbto47fa179in /build/tooling by @dependabot in #3238 - chore: bump golang from
adf7ccbto47fa179in /test/image by @dependabot in #3236 - docs: add docs on how to contribute templates by @salaxander in #3242
- chore: Setting pubsub annotations using --set in makefile by @JaydipGabani in #3160
- fix: fixing panic in debug log by @JaydipGabani in #3244
- fix: fixing panic in error log by @JaydipGabani in #3246
- docs: add request input struct by @salaxander in #3234
- feat: Update audit and controller manager with pod labels in #3240
- ci: removing auto tagging workflow by @JaydipGabani in #3257
- chore: Prepare v3.16.0-beta.0 release by @github-actions in #3256
- ci: running ci with gatekeeper debug logs by @JaydipGabani in #3260
- fix: Remove validation of constraint template rego by @mzkhan in #3262
- ci: bump k8s matrix by @sozercan in #3267
- chore: bump kubectl from v1.29.1 to v1.29.2 by @dependabot in #3273
- chore: Upgrade controller-runtime to 0.17.2, remove fork by @maxsmythe in #3278
- ci: fix license lint by @sozercan in #3279
- fix #3261 Sort constraint status audit results by @prachirp in #3277
- chore: bump the k8s group with 4 updates by @dependabot in #3280
- chore: bump oras.land/oras-go from 1.2.4 to 1.2.5 by @dependabot in #3239
- chore: bump the all group with 10 updates by @dependabot in #3281
- feat: add disableAudit helm option by @DorB-P in #3270
- chore: bump cloud.google.com/go/trace from 1.10.4 to 1.10.5 by @dependabot in #3254
- feat: vap generation by @ritazh in #3266
- ci: pointing to correct versioned yaml on website creation by @JaydipGabani in #3258
- chore: bump the all group with 4 updates by @dependabot in #3292
- docs: document constraint match.source by @sozercan in #3291
- fix: update unit test for vap generation; add custom assets for envtest by @ritazh in #3289
- chore: bump github.com/golang/protobuf from 1.5.3 to 1.5.4 by @dependabot in #3301
- fix: fixing metrics views by @JaydipGabani in #3307
- chore: bump kubectl from v1.29.2 to v1.29.3 by @dependabot in #3317
- chore: bump the k8s group with 4 updates by @dependabot in #3318
- chore: bump the all group with 4 updates by @dependabot in #3313
- chore: bump follow-redirects from 1.15.4 to 1.15.6 in /website by @dependabot in #3316
- chore: bump google.golang.org/grpc from 1.61.0 to 1.61.1 by @dependabot in #3285
- chore: Prepare v3.16.0-beta.1 release by @github-actions in #3306
- fix: store constraint status audit results in sorted order by @prachirp in #3293
- chore: bump github.com/docker/docker from 25.0.1+incompatible to 25.0.2+incompatible by @dependabot in #3324
- chore: bump cloud.google.com/go/trace from 1.10.5 to 1.10.6 by @dependabot in #3319
- chore: bump frameworks to 359cf1b by @sozercan in #3326
- chore: bump github.com/docker/docker from 25.0.2+incompatible to 25.0.5+incompatible by @dependabot in #3327
- docs: fix go install gator by @sozercan in #3325
- chore: bump webpack-dev-middleware from 5.3.1 to 5.3.4 in /website by @dependabot in #3332
- chore: bump express from 4.18.1 to 4.19.2 in /website by @dependabot in #3334
- feat: enable vap in helm by @ritazh in #3329
- docs: update opa version in readme by @ritazh in #3330
- fix: over-restrictive validation of wildcard match patterns by @bencouture in #3310
- chore: bump to go 1.22 bookworm by @sozercan in #3323
- chore: update lint by @sozercan in #3338
- feat: Enable toggling of deferring to VAP by @maxsmythe in #3335
- feat(helm): matchConditions added in Validating & MutatingWebhookConfiguration by @leewoobin789 in #3343
- chore: Prepare v3.16.0-beta.2 release by @github-actions in #3344
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #3351
- chore: fix GO-2024-2687 by @sozercan in #3350
- docs: correcting metrics names by @JaydipGabani in #3353
- docs: add vap generation doc and demo by @ritazh in #3363
- chore: bump frameworks to c2efb0 by @sozercan in #3366
- chore: Prepare v3.16.0-rc.0 release by @github-actions in #3369
- chore: Prepare v3.16.0 release by @github-actions in #3375
New Contributors
- @mzkhan made their first contribution in #3262
- @DorB-P made their first contribution in #3270
- @bencouture made their first contribution in #3310
Full Changelog: v3.15.0...v3.16.0
Contributors
mzkhan, sozercan, and 10 other contributors
Assets 7
v3.16.0-rc.0
Documentation
- correcting metrics names (#3353) #3353 (Jaydipkumar Arvindbhai Gabani)
- add vap generation doc and demo (#3363) #3363 (Rita Zhang)
Chores
- fix GO-2024-2687 (#3350) #3350 (Sertaç Özercan)
- bump frameworks to c2efb0 (#3366) #3366 (Sertaç Özercan)
- Prepare v3.16.0-rc.0 release (#3369) #3369 (github-actions[bot])
Commits
v3.14.2
Bug Fixes
- CVE-2023-44487, CVE-2023-48795, GO-2024-2687, GHSA-7ww5-4wqc-m92c, CVE-2024-24557, GHSA-jq35-85cj-fj4p for release 3.14 (#3314) #3314 (Jaydipkumar Arvindbhai Gabani)
Chores
- Prepare v3.14.2 release (#3362) #3362 (github-actions[bot])
v3.16.0-beta.2
Features
- enable vap in helm (#3329) #3329 (Rita Zhang)
- Enable toggling of deferring to VAP (#3335) #3335 (Max Smythe)
- helm: matchConditions added in Validating & MutatingWebhookConfiguration (#3343) #3343 (leewoobin789)
Bug Fixes
- store constraint status audit results in sorted order (#3293) #3293 (Prachi Pendse)
- over-restrictive validation of wildcard match patterns (#3310) #3310 (Ben Couture)
Documentation
- fix go install gator (#3325) #3325 (Sertaç Özercan)
- update opa version in readme (#3330) #3330 (Rita Zhang)
Chores
- bump github.com/docker/docker from 25.0.1+incompatible to 25.0.2+incompatible (#3324) #3324 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.5 to 1.10.6 (#3319) #3319 (dependabot[bot])
- bump frameworks to 359cf1b (#3326) #3326 (Sertaç Özercan)
- bump github.com/docker/docker from 25.0.2+incompatible to 25.0.5+incompatible (#3327) #3327 (dependabot[bot])
- bump webpack-dev-middleware from 5.3.1 to 5.3.4 in /website (#3332) #3332 (dependabot[bot])
- bump express from 4.18.1 to 4.19.2 in /website (#3334) #3334 (dependabot[bot])
- bump to go 1.22 bookworm (#3323) #3323 (Sertaç Özercan)
- update lint (#3338) #3338 (Sertaç Özercan)
- Prepare v3.16.0-beta.2 release (#3344) #3344 (github-actions[bot])
v3.16.0-beta.1
Features
- add disableAudit helm option (#3270) #3270 (Dor Bareket)
- vap generation (#3266) #3266 (Rita Zhang)
Bug Fixes
- Remove validation of constraint template rego (#3262) #3262 (Mohammad Zuber Khan)
- update unit test for vap generation; add custom assets for envtest (#3289) #3289 (Rita Zhang)
- fixing metrics views (#3307) #3307 (Jaydipkumar Arvindbhai Gabani)
Documentation
- document constraint match.source (#3291) #3291 (Sertaç Özercan)
Continuous Integration
- bump k8s matrix (#3267) #3267 (Sertaç Özercan)
- fix license lint (#3279) #3279 (Sertaç Özercan)
- pointing to correct versioned yaml on website creation (#3258) #3258 (Jaydipkumar Arvindbhai Gabani)
Chores
- bump kubectl from v1.29.1 to v1.29.2 (#3273) #3273 (dependabot[bot])
- Upgrade controller-runtime to 0.17.2, remove fork (#3278) #3278 (Max Smythe)
- bump the k8s group with 4 updates (#3280) #3280 (dependabot[bot])
- bump oras.land/oras-go from 1.2.4 to 1.2.5 (#3239) #3239 (dependabot[bot])
- bump the all group with 10 updates (#3281) #3281 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.4 to 1.10.5 (#3254) #3254 (dependabot[bot])
- bump the all group with 4 updates (#3292) #3292 (dependabot[bot])
- bump github.com/golang/protobuf from 1.5.3 to 1.5.4 (#3301) #3301 (dependabot[bot])
- bump kubectl from v1.29.2 to v1.29.3 (#3317) #3317 (dependabot[bot])
- bump the k8s group with 4 updates (#3318) #3318 (dependabot[bot])
- bump the all group with 4 updates (#3313) #3313 (dependabot[bot])
- bump follow-redirects from 1.15.4 to 1.15.6 in /website (#3316) #3316 (dependabot[bot])
- bump google.golang.org/grpc from 1.61.0 to 1.61.1 (#3285) #3285 (dependabot[bot])
- Prepare v3.16.0-beta.1 release (#3306) #3306 (github-actions[bot])
Commits
v3.15.1
Features
- Update audit and controller manager with pod labels (#3240) (cherry pick) (#3294) #3294 (James Bruce)
Chores
- Prepare v3.15.1 release (#3304) #3304 (github-actions[bot])