Skip to content

Commit

Permalink
Update changelog for v1.1.0 (#2590)
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Harding <[email protected]>
  • Loading branch information
@azdagron
azdagron authored Oct 8, 2021
1 parent f632710 commit faf1f9d
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,39 @@
# Changelog

## [1.1.0] - 2021-10-10

### Added
- SPIRE images are now published to GitHub Container Registry. They will continue to be published to Google Container Registry over the course of the next release (#2576,#2580)
- SPIRE Server now implements the [TrustDomain API](https://github.com/spiffe/spire-api-sdk/blob/main/proto/spire/api/server/trustdomain/v1/trustdomain.proto) and related CLI commands (https://github.com/spiffe/spire/projects/11)
- The SVIDStore plugin type has been introduced to enable, amongst other things, agentless workload scenarios (#2176,#2483)
- The TPM DevID Node Attestor emits a new `issuer:cn` selector with the common name of the issuing certificate (#2581)
- The K8s Bundle Notifier plugin now supports pushing the bundle to resources in multiple clusters (#2531)
- A built-in AWS Secrets Manager SVIDStore plugin has been introduced, which can push workload SVIDs into AWS secrets for use in Lambda functions, etc. (#2542)
- The agent and entry list commands in the CLI gained additional filtering capabilities (#2478,#2479)
- The GCP CAS UpstreamAuthority has a new `ca_pool` configurable to identify which CA pool the signing CA resides in (#2569)

### Changed
- With the GA release of GCP CAS, the UpstreamAuthority plugin now needs to know which pool the CA belongs to. If not configured, it will do a pessimistic scan of all pools to locate the correct CA. This scan will be removed in a future release (#2569)
- The K8s Workload Registrar now supports Kubernetes 1.22 (#2515,#2540)
- Self-signed CA certificates serial numbers are now conformant to RFC 5280 (#2494)
- The AWS KMS Key Manager plugin now creates keys with a very strict policy by default (#2424)
- The deprecated agent key file (`svid.key`) is proactively removed by the agent. It was only maintained to accomodate rollback from v1.0 to v0.12 (#2493)

### Removed
- Support for the deprecated Registration API has been removed (#2487)
- Legacy (v0) plugin support has been removed. All plugins must now be authored using the plugin SDK.
- The deprecated `service_account_whitelist` configurables have been removed from the SAT and PSAT Node Attestor plugins (#2543)
- The deprecated `projectid_whitelist` configurable has been removed from the GCP IIT Node Attestor plugin (#2492)
- The deprecated `bundle_endpoint` and `registration_uds_path` configurables have been removed from SPIRE Server (#2486,#2519)

### Fixed
- The GCP CAS UpstreamAuthority now works with the GA release of GCP CAS (#2569)
- Fixed a variety of issues with the scratch image, preparatory to publishing as the official image on GitHub Container Registry (#2582)
- Kubernetes Workload Attestor now uses the canonical path for the service account token (#2583)
- The server socketPath is now appropriately overriden via the configuration file (#2570)
- The server now restarts appropriately after undergoing forceful shutdown (#2496)
- The server CLI list commands now work reliably for large listings (#2456)

## [1.0.2] - 2021-09-02

### Added
Expand Down

0 comments on commit faf1f9d

Please sign in to comment.