- Test with k8s versions 1.27-1.31
github.com/hashicorp/go-sockaddrv1.0.6 -> v1.0.7github.com/hashicorp/vault/apiv1.14.0 -> v1.15.0github.com/hashicorp/vault/sdkv0.13.0 -> v0.14.0k8s.io/apiv0.31.0 -> v0.31.2k8s.io/apimachineryv0.31.0 -> v0.31.2
- Build with go 1.22.6
- Test with k8s versions 1.26-1.30
- Migrate from gopkg.in/go-jose/go-jose.v2 to github.com/go-jose/go-jose/v4
github.com/go-test/deepv1.1.0 -> v1.1.1github.com/hashicorp/capv0.6.0 -> v0.7.0github.com/hashicorp/go-hclogv1.6.2 -> v1.6.3github.com/hashicorp/vault/apiv1.12.2 -> v1.14.0github.com/hashicorp/vault/sdkv0.11.1 -> v0.13.0k8s.io/apiv0.29.3 -> v0.31.0k8s.io/apimachineryv0.29.3 -> v0.31.0
- Updated
gopkg.in/square/[email protected]togopkg.in/go-jose/[email protected] - Updated dependencies
github.com/docker/dockerv24.0.7+incompatible -> v24.0.9+incompatiblegithub.com/go-jose/go-jose/v3v3.0.1 -> v3.0.3github.com/hashicorp/capv0.4.1 -> v0.6.0github.com/hashicorp/vault/apiv1.11.0 -> v1.12.2github.com/hashicorp/vault/sdkv0.10.2 -> v0.11.1golang.org/x/netv0.22.0 -> v0.23.0k8s.io/apiv0.29.1 -> v0.29.3k8s.io/apimachineryv0.29.1 -> v0.29.3
- Allow TLS client to use the host's root CA set when no CA certificates are provided and
disable_local_ca_jwtis true if running Vault in a Kubernetes pod. Additionally, validate the configuration's provided CA PEM bundle. GH-238
- Build with go 1.21.3
- Test with k8s versions 1.24-1.28
- Updated dependencies GH-209 GH-225 GH-230:
github.com/docker/dockerv24.0.5+incompatible -> v24.0.7+incompatiblegithub.com/go-jose/go-jose/v3v3.0.0 -> v3.0.1github.com/hashicorp/capv0.3.4 -> v0.4.1github.com/hashicorp/go-hclogv1.5.0 -> v1.6.2github.com/hashicorp/go-sockaddrv1.0.2 -> v1.0.6github.com/hashicorp/vault/apiv1.9.2 -> v1.11.0github.com/hashicorp/vault/sdkv0.9.2 -> v0.10.2golang.org/x/cryptov0.11.0 -> v0.14.0golang.org/x/modv0.12.0 -> v0.14.0golang.org/x/netv0.13.0 -> v0.19.0golang.org/x/sysv0.10.0 -> v0.13.0golang.org/x/textv0.11.0 -> v0.13.0golang.org/x/toolsv0.12.0 -> v0.16.1k8s.io/apiv0.28.1 -> v0.29.1k8s.io/apimachineryv0.28.1 -> v0.29.1
- Use annotations with the prefix
vault.hashicorp.com/alias-metadata-from the client token's associated service account as alias metadata for the Vault entity GH-226
- Support bound service account namespace selector GH-218
- Indicate that token reviewer JWT is set on config read GH-221
- Allow any token type for TokenReviewer validation GH-207
- update dependencies GH-206
- github.com/hashicorp/cap v0.3.4
- github.com/hashicorp/vault/api v1.9.2
- github.com/hashicorp/vault/sdk v0.9.2
- k8s.io/api v0.28.1
- k8s.io/apimachinery v0.28.1
- Add display attributes for OpenAPI OperationID's GH-192
- update dependencies GH-196
- github.com/hashicorp/cap v0.3.0
- github.com/hashicorp/vault/api v1.9.1
- k8s.io/api v0.27.2
- k8s.io/apimachinery v0.27.2
- enable plugin multiplexing GH-186
- update dependencies
github.com/hashicorp/vault/apiv1.9.0github.com/hashicorp/vault/sdkv0.8.1github.com/go-test/deepv1.0.8 -> v1.1.0github.com/hashicorp/go-hclogv1.3.1 -> v1.5.0k8s.io/apiv0.25.3 -> v0.26.3k8s.io/apimachineryv0.25.3 -> v0.26.3
- Return HTTP 403 error code instead of 500 when JWT validation fails due to invalid issuer, audiences, or signing algorithm GH-179
- Checks the Kubernetes API is audience-aware by checking for at least one compatible audience in the response from TokenReviews GH-179
- Update to Go 1.19 GH-166
- Update dependencies GH-166: | MODULE | VERSION | NEW VERSION | DIRECT | VALID TIMESTAMPS | |---------------------------------|------------------------------------|-------------|--------|------------------| | github.com/hashicorp/go-hclog | v1.1.0 | v1.3.1 | true | true | | github.com/hashicorp/go-uuid | v1.0.2 | v1.0.3 | true | true | | github.com/hashicorp/go-version | v1.2.0 | v1.6.0 | true | true | | github.com/hashicorp/vault/api | v1.5.0 | v1.8.2 | true | true | | github.com/hashicorp/vault/sdk | v0.5.3 | v0.6.1 | true | true | | k8s.io/api | v0.0.0-20190409092523-d687e77c8ae9 | v0.25.3 | true | true | | k8s.io/apimachinery | v0.22.2 | v0.25.3 | true | true |