v1.1.0

Bugfixes:

• Changed BlankEndEntityCertificate_CSRPassthrough -> BlankEndEntityCertificate_APICSRPassthrough to support cross account in the default case - #94
• Fixed user-agent injection for logs

Features:

• Added support to request CA certificates, if the isCA flag is set on cert-manager certificates, the aws-privateca-issuer plugin will vend a certificate issued via the acm-pca:::template/SubordinateCACertificate_PathLen0/V1 template - #55

v1.0.0

Important

• This release will be tagged v1.0.0 and signify production readiness for this plugin

Bugfixes:

• #12 STS GetCallerIdentity failing because of a region not specified bug
• #35 Certificates with Validity Duration under 24h failing to Issue

Features:

• #42 Add support for arbitrary AWS accessKey/secretKey k8s secrets
• #82 Ability to set enviornment variables via the helm chart's values.yaml, set via env

Maintenance:

• #64 Added several templates for use when cutting an issue against the repository
• #68 End-to-End test were re-written from a bash script to Go. Updated README for instructions on running the tests.
• #73 Added a post release helm test to verify functionality of container repository and helm chart
• #85 Add Github workflows to automatically run the end-to-end test on every PR. These will be required to pass before a PR is merged in
• #86 Update Helm Chart on release
• #87 Update Helm chart to point to new ECR

Release v0.3.1

Bugfix:

• IRSA Authentication Issue resolved: #40

Release 0.3.0

Important

• The IAM policy needed for running the issuer has been updated since the last version. acm-pca:DescribeCertificateAuthority is now necessary to generate certificates. Please refer to the Readme for a working policy document.
• The chart name for helm has changed. It will now be called aws-privateca-issuer. The last version supporting the old name will be 0.1.2, future versions will only use the new name.

Features:

• #29 Add support for certificate usages with templateARN

Bugfixes:

• #12 Fixes issues with missing issuer group
• #31 Support longer names for resources
• #35 Use the PrivateCA's Signature Algorithm as the Signature Algorithm

Maintenance:

• #14 Return certificates in the correct fields for cert-manager secrets
• #20 Upgrade to aws-sdk-go-v2 and Go 1.16
• #36 Pass user agent, including version info string

v0.2.1

• Separate rbac and service account in helm chart #7 (thanks @MattiasGees)
• Bump helm chart version to 0.1.1

v0.2.0

• #5 Adds Cert Manager approvals, thanks @JoshVanL

Attention:
Requires Cert-Manager > 1.3.0 or disabled approval check

v0.1.2

• #2 Fixes AssumeRoleWithWebIdentity, thanks @throwanexception

v0.1.1

Bugfixes

• Allow signing of ECDSA certificates #1

v0.1.0

Initial release