open-policy-agent/gatekeeper v3.23.0-rc.1

on GitHub

Features

• Mark semantic log lines with structured field (#4482) #4482 (Ogulcan Aydogan)
• Implemented status resource routing for remote cluster mode (#4579) #4579 (abhisheksheth28)
• Add operations field to mutation ApplyTo spec (#4135) #4135 (Sai Kiran Pikili)

Bug Fixes

• Update runner for release workflow (CP #4636) (#4638) #4638 (abhisheksheth28)
• Allow mutation-webhook only operation without constraint client (#4423) #4423 (Alan Diaz)
• Retry VAP API discovery on transient failures (#4455) #4455 (Jaydip Gabani)
• Share StatsReporter across mutator controllers (#4465) #4465 (Jaydip Gabani)
• Unexport SupportedDrivers to enforce mutex-protected access (#4468) #4468 (Raajhesh Kannaa Chidambaram)
• Migrate OCI pulls to oras-go v2 (#4489) #4489 (Jaydip Gabani)
• Restore mutator conflict propagation via events channel (#4478) #4478 (Jaydip Gabani)
• Clean up stale VAPB when vap.k8s.io removed from constraint (#4446) #4446 (Jaydip Gabani)
• Propagate caller context in System.Publish (#4508) #4508 (Vedant Madane)
• audit: Keep export publish state updates across helpers (#4500) #4500 (Sertaç Özercan)
• Reject negative maxAuditResults in disk exporter config (#4506) #4506 (Sertaç Özercan)
• export: Synchronize disk cleanup map access in CloseConnection (#4505) #4505 (Sertaç Özercan)
• Cap gator Rego print buffering to prevent unbounded memory growth (#4503) #4503 (Sertaç Özercan)
• Avoid externaldata provider status reconcile loop (#4504) #4504 (Sertaç Özercan)
• Restore TLS readiness gate for webhook server (#4502) #4502 (Sertaç Özercan)
• Gh cli to support immutable releases (#4522) #4522 (abhisheksheth28)
• ci: Cve golang/net (#4562) #4562 (Nolan Emirot)
• Allow overlength status.gatekeeper.sh names in admission validation (#4529) #4529 (Copilot)
• Quote webhook exempt label values (#4557) #4557 (Zakhar Dvurechensky)
• Avoid ConstraintPodStatus update churn during VAPB generation wait (#4599) #4599 (Jaydip Gabani)
• Preserve admission operation for expanded reviews (#4560) #4560 (Zakhar Dvurechensky)
• Allow root file catalog content paths (#4583) #4583 (Immanuel Tikhonov)

Documentation

• Add Adoption and Integration section to website homepage (#4454) #4454 (Jaydip Gabani)
• Adding DELETE operation context for VAP integration (#4421) #4421 (Jaydip Gabani)
• Clarify validation and mutation scope (#4556) #4556 (Zakhar Dvurechensky)
• Guidance around how to safely disable audit #4483 (#4582) #4582 (Mallikarjuna Muchu)

Tests

• Add t.Parallel() to pkg/gator unit tests (#4610) #4610 (Ogulcan Aydogan)

Continuous Integration

• Publish fake-reader and fake-subscriber images to GHCR (#4408) #4408 (abhisheksheth28)
• Fix Slack meeting reminder schedule (#4584) #4584 (Jaydip Gabani)
• Fix license-lint checkout order (#4627) #4627 (Jaydip Gabani)
• Check out release PR workflow before Go setup (#4634) #4634 (Jaydip Gabani)

Dependencies

• Bump the k8s group with 5 updates (#4412) #4412 (dependabot[bot])
• Bump golang from 889885d to 100774d in /build/tooling (#4413) #4413 (dependabot[bot])
• Bump golang from 889885d to 100774d in /test/image (#4414) #4414 (dependabot[bot])
• Bump golang from 889885d to 100774d (#4415) #4415 (dependabot[bot])
• Bump kubectl from v1.35.1 to v1.35.2 (#4416) #4416 (dependabot[bot])
• Bump golang from 889885d to 100774d in /test/externaldata/dummy-provider (#4417) #4417 (dependabot[bot])
• Bump golang from 889885d to 100774d in /test/export/fake-subscriber (#4418) #4418 (dependabot[bot])
• Bump golang from 889885d to 100774d in /test/export/fake-reader (#4419) #4419 (dependabot[bot])
• Bump the all group with 5 updates (#4420) #4420 (dependabot[bot])
• Bump svgo from 2.8.0 to 2.8.2 in /website (#4425) #4425 (dependabot[bot])
• Bump sigs.k8s.io/controller-runtime from 0.23.1 to 0.23.3 in the k8s group (#4427) #4427 (dependabot[bot])
• Bump go.yaml.in/yaml/v2 from 2.4.3 to 2.4.4 (#4428) #4428 (dependabot[bot])
• Bump golang from 100774d to ab8c494 (#4429) #4429 (dependabot[bot])
• Bump golang from 100774d to ab8c494 in /test/externaldata/dummy-provider (#4430) #4430 (dependabot[bot])
• Bump golang from 100774d to ab8c494 in /test/image (#4431) #4431 (dependabot[bot])
• Bump golang from 100774d to ab8c494 in /build/tooling (#4432) #4432 (dependabot[bot])
• Bump the all group with 5 updates (#4433) #4433 (dependabot[bot])
• Bump golang from 100774d to ab8c494 in /test/export/fake-subscriber (#4434) #4434 (dependabot[bot])
• Bump golang from 100774d to ab8c494 in /test/export/fake-reader (#4435) #4435 (dependabot[bot])
• Bump the all group with 2 updates (#4443) #4443 (dependabot[bot])
• Bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4450) #4450 (dependabot[bot])
• Bump golang from ab8c494 to ce3f1c8 (#4456) #4456 (dependabot[bot])
• Bump kubectl from v1.35.2 to v1.35.3 (#4458) #4458 (dependabot[bot])
• Bump golang from ab8c494 to ce3f1c8 in /test/externaldata/dummy-provider (#4457) #4457 (dependabot[bot])
• Bump golang from ab8c494 to ce3f1c8 in /test/image (#4459) #4459 (dependabot[bot])
• Bump golang from ab8c494 to ce3f1c8 in /build/tooling (#4460) #4460 (dependabot[bot])
• Bump the k8s group with 5 updates (#4461) #4461 (dependabot[bot])
• Bump golang from ab8c494 to ce3f1c8 in /test/export/fake-subscriber (#4462) #4462 (dependabot[bot])
• Bump golang from ab8c494 to ce3f1c8 in /test/export/fake-reader (#4463) #4463 (dependabot[bot])
• Bump the all group across 1 directory with 4 updates (#4467) #4467 (dependabot[bot])
• Bump yaml from 1.10.2 to 1.10.3 in /website (#4470) #4470 (dependabot[bot])
• Bump picomatch from 2.3.1 to 2.3.2 in /website (#4471) #4471 (dependabot[bot])
• Bump the all group across 1 directory with 3 updates (#4472) #4472 (dependabot[bot])
• Bump brace-expansion from 1.1.12 to 1.1.13 in /website (#4473) #4473 (dependabot[bot])
• Bump node-forge from 1.3.2 to 1.4.0 in /website (#4474) #4474 (dependabot[bot])
• Bump lodash from 4.17.23 to 4.18.1 in /website (#4493) #4493 (dependabot[bot])
• Bump the all group across 1 directory with 3 updates (#4492) #4492 (dependabot[bot])
• Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#4498) #4498 (dependabot[bot])
• Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.40.0 to 1.43.0 (#4499) #4499 (dependabot[bot])
• Bump golang from ce3f1c8 to c0074c7 (#4509) #4509 (dependabot[bot])
• Bump golang from ce3f1c8 to c0074c7 in /test/image (#4510) #4510 (dependabot[bot])
• Bump golang from ce3f1c8 to c0074c7 in /test/externaldata/dummy-provider (#4511) #4511 (dependabot[bot])
• Bump golang from ce3f1c8 to c0074c7 in /build/tooling (#4512) #4512 (dependabot[bot])
• Bump golang from ce3f1c8 to c0074c7 in /test/export/fake-subscriber (#4514) #4514 (dependabot[bot])
• Bump golang from ce3f1c8 to c0074c7 in /test/export/fake-reader (#4515) #4515 (dependabot[bot])
• Bump the all group across 1 directory with 5 updates (#4519) #4519 (dependabot[bot])
• Bump follow-redirects from 1.15.6 to 1.16.0 in /website (#4520) #4520 (dependabot[bot])
• Bump golang from c0074c7 to 4a7137e (#4536) #4536 (dependabot[bot])
• Bump postcss from 8.4.31 to 8.5.12 in /website (#4531) #4531 (dependabot[bot])
• Bump the k8s group across 1 directory with 5 updates (#4524) #4524 (dependabot[bot])
• Bump golang from c0074c7 to 4a7137e in /test/image (#4532) #4532 (dependabot[bot])
• Bump golang from c0074c7 to 4a7137e in /test/externaldata/dummy-provider (#4533) #4533 (dependabot[bot])
• Bump kubectl from v1.35.3 to v1.36.0 (#4535) #4535 (dependabot[bot])
• Bump golang from c0074c7 to 4a7137e in /build/tooling (#4534) #4534 (dependabot[bot])
• Bump golang from c0074c7 to 4a7137e in /test/export/fake-reader (#4537) #4537 (dependabot[bot])
• Bump golang from c0074c7 to 4a7137e in /test/export/fake-subscriber #4538 (dependabot[bot])
• Bump the all group across 1 directory with 5 updates #4540 (dependabot[bot])
• Bump the all group with 3 updates (#4544) #4544 (dependabot[bot])
• Bump fast-uri from 3.1.0 to 3.1.2 in /website (#4547) #4547 (dependabot[bot])
• Bump @babel/plugin-transform-modules-systemjs from 7.18.6 to 7.29.4 in /website (#4548) #4548 (dependabot[bot])
• Bump golang from 4a7137e to a085df6 in /test/image #4550 (dependabot[bot])
• Bump golang from 4a7137e to a085df6 in /test/externaldata/dummy-provider #4552 (dependabot[bot])
• Bump golang from 4a7137e to a085df6 in /test/export/fake-subscriber #4555 (dependabot[bot])
• Bump kubectl from v1.36.0 to v1.36.1 #4573 (dependabot[bot])
• Bump distroless/static-debian12 from 20bc6c0 to 9c346e4 #4574 (dependabot[bot])
• Bump golang from 4a7137e to a085df6 #4549 (dependabot[bot])
• Bump golang from 4a7137e to a085df6 in /build/tooling #4551 (dependabot[bot])
• Bump golang from 4a7137e to a085df6 in /test/export/fake-reader #4554 (dependabot[bot])
• Bump distroless/static-debian12 from 20bc6c0 to 9c346e4 in /test/externaldata/dummy-provider #4575 (dependabot[bot])
• Bump the all group across 1 directory with 6 updates #4576 (dependabot[bot])
• Bump distroless/static-debian12 from 20bc6c0 to 9c346e4 in /test/export/fake-subscriber #4578 (dependabot[bot])
• Bump distroless/static-debian12 from 20bc6c0 to 9c346e4 in /test/export/fake-reader #4577 (dependabot[bot])
• Bump kind version from 0.29.0 to 0.30.0 (#4569) #4569 (Ogulcan Aydogan)
• Bump the k8s group across 1 directory with 5 updates #4572 (dependabot[bot])
• Bump golang.org/x/net to v0.55.0 (#4585) #4585 (Jaydip Gabani)
• Bump golang from a085df6 to 0dcba0d in /test/image #4588 (dependabot[bot])
• Bump golang from a085df6 to 0dcba0d #4590 (dependabot[bot])
• Bump golang from a085df6 to 0dcba0d in /build/tooling #4591 (dependabot[bot])
• Bump the all group across 1 directory with 7 updates #4601 (dependabot[bot])
• Bump golang from a085df6 to 0dcba0d in /test/externaldata/dummy-provider #4589 (dependabot[bot])
• Bump golangci-lint to v2.5.0 (#4571) #4571 (Ogulcan Aydogan)
• Bump shell-quote from 1.7.3 to 1.8.4 in /website #4604 (dependabot[bot])
• Bump golang from a085df6 to 0dcba0d in /test/export/fake-reader #4592 (dependabot[bot])
• Bump golang from a085df6 to 0dcba0d in /test/export/fake-subscriber (#4593) #4593 (dependabot[bot])
• Bump joi from 17.6.0 to 17.13.4 in /website (#4611) #4611 (dependabot[bot])
• Bump golang from 0dcba0d to bbf22dd in /test/image (#4612) #4612 (dependabot[bot])
• Bump golang from 0dcba0d to bbf22dd (#4614) #4614 (dependabot[bot])
• Bump golang from 0dcba0d to bbf22dd in /test/externaldata/dummy-provider (#4615) #4615 (dependabot[bot])
• Bump golang from 0dcba0d to bbf22dd in /build/tooling (#4613) #4613 (dependabot[bot])
• Bump the k8s group across 1 directory with 5 updates (#4617) #4617 (dependabot[bot])
• Bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1 (#4618) #4618 (dependabot[bot])
• Bump golang from 0dcba0d to bbf22dd in /test/export/fake-reader (#4619) #4619 (dependabot[bot])
• Bump kind to v0.32.0, kustomize to v5.8.1, yq to v4.53.3, oras to v1.3.2 #4609 (Ogulcan Aydogan)
• Bump golang/govulncheck-action from 31f7c5463448f83528bd771c2d978d940080c9fd to 3fa7bd9cee2cfdf3499a8803b226e43de7b7cdb4 in the all group across 1 directory (#4621) #4621 (dependabot[bot])
• Bump kubectl from v1.36.1 to v1.36.2 (#4616) #4616 (dependabot[bot])
• Bump golang from 0dcba0d to bbf22dd in /test/export/fake-subscriber (#4620) #4620 (dependabot[bot])
• Bump frameworks/constraint to e1eaa1b (#4626) #4626 (Jaydip Gabani)
• Bump cert-controller (#4625) #4625 (Jaydip Gabani)
• Bump github.com/go-chi/chi/v5 from 5.2.2 to 5.2.4 (#4628) #4628 (dependabot[bot])
• Bump google.golang.org/grpc from 1.81.0 to 1.81.1 (#4631) #4631 (dependabot[bot])
• Bump actions/checkout from 6.0.3 to 7.0.0 in the all group across 1 directory (#4632) #4632 (dependabot[bot])
• Bump http-proxy-middleware from 2.0.9 to 2.0.10 in /website (#4633) #4633 (dependabot[bot])

Chores

• Update test tooling versions (YQ, BATS, ORAS) (#4449) #4449 (Ogulcan Aydogan)
• Bumping on sha that pins deps to full commit (#4479) #4479 (Jaydip Gabani)
• Patch docs for 3.22.1 release (#4518) #4518 (github-actions[bot])
• Update kustomize version from 3.8.9 to 5.6.0 (#4466) #4466 (Ogulcan Aydogan)
• Patch docs for 3.22.2 release (#4543) #4543 (github-actions[bot])
• Update curl to 8.20 (#4559) #4559 (Nolan Emirot)
• Align helm version in CI workflows to 3.17.4 (#4570) #4570 (Ogulcan Aydogan)
• Bumping frameworks version (#4606) #4606 (Jaydip Gabani)
• Use go-version-file in CI workflows instead of hardcoded version (#4608) #4608 (Ogulcan Aydogan)
• Warning for deprecate --sync-vap-enforcement-scope flag (#4623) #4623 (abhisheksheth28)
• Bumping trivy to 0.69.3 (#4424) #4424 (Jaydip Gabani)

New Contributors

• @ogulcanaydogan made their first contribution in #4449
• @raajheshkannaa made their first contribution in #4468
• @VedantMadane made their first contribution in #4508
• @emirot made their first contribution in #4562
• @Zakharden made their first contribution in #4557
• @immanuwell made their first contribution in #4583
• @Mallikarjunadevops made their first contribution in #4582
• @pikilisaikiran made their first contribution in #4135

Full Changelog: v3.23.0-beta.0...v3.23.0-rc.1