v1.0.2

Added

• Experimental support for custom authorization policies based on Open Policy Agent (OPA) (#2416)
• SPIRE Server can now be configured to emit audit logs (#2297, #2391, #2394, #2396, #2442, #2458)
• Envoy SDS v3 API in agent now supports the SPIFFE Certificate Validator for federated SPIFFE authentication (#2435, #2460)
• SPIRE OIDC Discovery Provider now intelligently handles host headers (#2404, #2453)
• SPIRE OIDC Discovery Provider can now serve over HTTP using the allow_insecure_scheme setting (#2404)
• Metrics configuration options to filter out metrics and labels (#2400)
• The k8s-workload-registrar now supports identity template based workload registration (#2417)
• Enhancements in filtering support in server APIs (#2467, #2463, #2464, #2468)
• Improvements in logging of errors in peertracker (#2469)

Changed

• CRD mode of the k8s-workload-registrar now uses SPIRE certificates for the validating webhook (#2321)
• The vault UpstreamAuthority plugin now continues retrying to renew tokens on failures until the lease time is exceeded (#2445)

Fixed

• Fixed a nil pointer dereference when the deprecated allow_unsafe_ids setting was configured (#2477)

Deprecated

• The SPIRE OIDC Discovery Provider domain configurable has been deprecated in favor of domains (#2404)