Added
- LDevID-based TPM attestation can now be performed via a new
tpm_devid
NodeAttestor plugin (#2111, #2427) - Caller details are now logged for unauthorized Server API calls (#2399)
- The
aws_iid
NodeAttestor plugin now supports attesting nodes across multiple AWS accounts via AWS IAM role assumption (#2387) - Added support for running the
k8s_sat
NodeAttestor plugin with Kubernetes v1.21 (#2423) - Call counter metrics are now emitted for SPIRE Server rate limiters (#2422)
- SPIRE Server now logs a message on startup when configured TTL values may result in SVIDs with a shorter lifetime than expected (#2284)
Changed
- Updated a trust domain validation error message to mention that underscores are valid trust domain characters (#2392)
Fixed
- Fixed bugs that broke the ACME bundle endpoint when using the
aws_kms
KeyManager plugin (#2390, #2397) - Fixed a bug that resulted in SPIRE Agent sending unnecessary updates over the Workload API (#2305)
- Fixed a bug in the
k8s_psat
NodeAttestor plugin that prevented it from being configured with kubeconfig files (#2421)