Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update changelog version #80

Merged
merged 1 commit into from
Mar 24, 2021
Merged

Update changelog version #80

merged 1 commit into from
Mar 24, 2021

Conversation

tomhjp
Copy link
Contributor

@tomhjp tomhjp commented Mar 24, 2021

Missed this update ready for release from #79

0.1.0 (March 24th, 2021)

CHANGES

  • All secret engines are now supported [GH-63]
    • This makes several breaking changes to the configuration of the SecretProviderClass' objects entry
    • There is no top-level array entry under objects
    • objectVersion is now ignored
    • objectPath is renamed to secretPath
    • secretKey, secretArgs and method are newly available options
    • objectName no longer determines which key is read from the secret's data
    • If secretKey is set, that is the key from the secret's data that will be written
    • If secretKey is not set, the whole JSON response from Vault will be written
    • vaultSkipTLSVerify is no longer required to be set to "true" if the vaultAddress scheme is not https
  • The provider will now authenticate to Vault as the requesting pod's service account [GH-64]
    • This is likely a breaking change for existing deployments being upgraded
    • vault-csi-provider service account now requires cluster-wide permission to create service account tokens
    • auth/kubernetes mounts in Vault will now need to bind ACL policies to the requesting pods'
      service accounts instead of the provider's service account.
    • spec.parameters.kubernetesServiceAccountPath is now ignored and will log a warning if set
  • The provider now supports mTLS [GH-65]
    • spec.parameters.vaultCAPem is now ignored and will log a warning if set. This is a breaking change
    • spec.parameters.vaultTLSClientCertPath and spec.parameters.vaultTLSClientKeyPath are newly available options
      IMPROVEMENTS
  • The provider now uses the hashicorp/vault/api package to communicate with Vault [GH-61]
  • --version flag will now print the version of Go used to build the provider [GH-62]
  • CircleCI linting, tests and integration tests added [GH-60]

@tomhjp tomhjp requested a review from jasonodonnell March 24, 2021 15:59
Copy link
Contributor

@jasonodonnell jasonodonnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tomhjp tomhjp merged commit ef9e6a8 into master Mar 24, 2021
@tomhjp tomhjp deleted the update-changelog-version branch March 24, 2021 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants