v0.15.0

config-policy-controller v0.15.0

• The released image is quay.io/open-cluster-management/config-policy-controller:v0.15.0

What's Changed

• Update kubernetes-dependency-watches to v0.8.1 by @mprahl in #271
• Fix help messages in compliance messages getting removed on next eval by @mprahl in #273
• Ignore imagePullSecrets and secrets on ServiceAccounts by @JeffeyL in #272
• Make ConfigurationPolicy event driven by default by @mprahl in #274
• Retry evaluating the policy if a mapping error occurs by @mprahl in #275
• Refactor to split up handleObjectTemplates and help understandability by @JustinKuli in #276
• Use controller-runtime to protect metrics endpoint by @zyjjay in #261
• Address comments from #276 by @mprahl in #278
• Modify metrics options to account for deprecation of kube-rbac-proxy by @zyjjay in #281
• Add observedGeneration to OperatorPolicy status by @JustinKuli in #282
• Add user-defined compliance messages by @JustinKuli in #280
• E2E Tweaks/Fixes by @dhaiducek in #279
• Fix a bug when no namespace selector is specified by @mprahl in #283
• Use the controller-runtime cache to get the decryption key by @mprahl in #284
• Ensure pod restart when target kubeconfig changes by @zyjjay in #285
• Split kind.yaml workflow into parallel jobs by @JustinKuli in #287
• Update go-template-utils to v6.1.1 by @mprahl in #288
• Use --server-side for null test by @dhaiducek in #289
• BUG: event-driven mode not requeueing some enforcement errors by @JustinKuli in #290
• Update to Go v1.22 by @dhaiducek in #292
• Add sprig functions to customMessage templating by @JustinKuli in #293
• Add ocm-polices namespace by @yiraeChristineKim in #294
• Clean policies in ocm namespace after test by @yiraeChristineKim in #295
• Guard against nil pointer value in status error by @mprahl in #296
• Update go-template-utils to v6.3.0 by @mprahl in #297
• Sync common Makefile by @dhaiducek in #299
• Add a DryRun CLI by @JustinKuli in #298
• Small dryrun improvements by @JustinKuli in #300
• Correct details list when templates are removed by @JustinKuli in #301
• More dryrun improvements by @JustinKuli in #302
• Uninstall scenario improvements by @JustinKuli in #303
• Handle SCC annotations in namespaces by @JustinKuli in #305

Full Changelog: v0.14.0...v0.15.0

v0.14.0

config-policy-controller v0.14.0

• The released image is quay.io/open-cluster-management/config-policy-controller:v0.14.0

What's Changed

• Adjust polarity of condition when CSV not found by @JustinKuli in #210
• Change undetermined OperatorPolicy names to '-' by @JustinKuli in #211
• Change unnamed related object from * to - by @yiraeChristineKim in #212
• Replace unmaintained release action by @dhaiducek in #213
• Filter out unrelated subscription resolution failures by @mprahl in #214
• Run framework tests on OCM PRs by @zyjjay in #216
• Log "Forbidden" update errors by @dhaiducek in #219
• Fix constraints not satisfiable message causing compliance flood by @JeffeyL in #220
• Handle policy recreation race condition by @mprahl in #221
• Sync common Makefile by @dhaiducek in #224
• MustNotHave mode for OperatorPolicy by @JustinKuli in #222
• Validate the subscription name by @mprahl in #225
• Fix handling of undefined fields for mustonlyhave by @dhaiducek in #223
• Skip checking the operator group namespace existence when it's invalid by @mprahl in #226
• Handle stuck deletes better in OperatorPolicy by @JustinKuli in #227
• Set default subscription values when not specified by @mprahl in #228
• Add a launch.json for local development by @mprahl in #229
• Improve OperatorGroup removal logic by @JustinKuli in #230
• Update the operator policy messages by @mprahl in #231
• Deprecate handling of InstallPlans in mustnothave mode by @zyjjay in #233
• Update controller-runtime to 0.17.3 by @JeffeyL in #232
• Make the capitalization consistent of operator policy messages by @mprahl in #234
• Dynamically append startingCSV to list of allowed operator versions by @zyjjay in #236
• Create missing namespaces for operator policy by @mprahl in #237
• OperatorPolicy Templates by @JustinKuli in #235
• Stop modifying spec.versions directly in musthaveInstallPlan by @mprahl in #238
• Fix status reporting inconsistency in mustnothave mode by @zyjjay in #240
• Add specific watches for some deleting resources by @JustinKuli in #241
• Wait for deployment in CRD status test by @JustinKuli in #243
• Prevent subscription creation if opgroup incorrect by @JustinKuli in #244
• Report compliant when NS missing in mustnothave by @JustinKuli in #245
• Hosted mode Testing for OperatorPolicy by @yiraeChristineKim in #242
• Reduce number of related InstallPlans by @JustinKuli in #239
• Add support for recording the diff in the ConfigurationPolicy status by @mprahl in #246
• Check and report on overlapping subs by @JustinKuli in #247
• Small improvements to recordDiff by @mprahl in #248
• Update kubernetes-dependency-watches to v0.7.0 by @mprahl in #250
• Delete the hosting test namespace before the hosted test namespace by @mprahl in #251
• Add upgradeApproval field to OperatorPolicy by @JustinKuli in #249
• Upgrade addon-framework to 0.9.3 by @xuezhaojun in #254
• Update to UBI 9 to match downstream by @mprahl in #255
• Add the recreateOption to the object template by @mprahl in #253
• Update Go packages by @dhaiducek in #257
• Limit the OperatorPolicy watches to the managed cluster namespace by @mprahl in #259
• Implement new ComplianceConfig field by @zyjjay in #252
• Update CRD descriptions by @dhaiducek in #218
• ACM-11453 Fix flaky subscription constraints not satisfiable condition by @JustinKuli in #258
• Add support for approving InstallPlans with multiple CSVs by @mprahl in #260
• Make the watch namespace on OperatorPolicy conditional by @mprahl in #263
• Handle hosted mode overlaps by @JustinKuli in #264
• Use suggested namespaces of packages by @JustinKuli in #266
• Unified not found behavior for Deployments with CRD and InstallPlan by @JeffeyL in #265
• Check the CSV against the allowed versions list by @JustinKuli in #267
• Update quay version in test by @JustinKuli in #268
• Restrict reported overlaps to enforced policies by @JustinKuli in #269
• Update the recreateOption documentation based on feedback by @mprahl in #270

New Contributors

• @xuezhaojun made their first contribution in #254

Full Changelog: v0.13.0...v0.14.0

v0.13.0

config-policy-controller v0.13.0

• The released image is quay.io/open-cluster-management/config-policy-controller:v0.13.0

What's Changed

• Check all items in lists by @JustinKuli in #164
• Don't attempt to merge mustonlyhave list by @dhaiducek in #165
• Reduce some noisy logs by @JustinKuli in #166
• Update to go-template-utils v4.0.0 by @mprahl in #167
• Fix items in nested lists not always being matched by @JustinKuli in #168
• Update packages by @dhaiducek in #169
• Handle values omitted from the API server in arrays of objects by @mprahl in #172
• Enable configuring the controller namespace by @dhaiducek in #173
• Verify with the API server if an empty map is equal to nil by @mprahl in #171
• Fix flaky event recording config-policy-controller E2E test by @yiraeChristineKim in #174
• Change to defaultConsistentlyDuration in case23 by @yiraeChristineKim in #175
• Sync common Makefile by @dhaiducek in #176
• Gosec fixes; Add generated code check by @dhaiducek in #177
• Fix a bug related to unnamed objects by @mprahl in #178
• ACM-8739: ACM Policy that applies stringdata in a secret regression with templates by @JeffeyL in #179
• Stop the NS controller manager during hosted mode uninstalls by @mprahl in #180
• Fix checking the controller installation state at startup by @mprahl in #181
• Require objectDefinition and remediationAction by @dhaiducek in #183
• Stop getting the K8s version of target cluster in uninstall mode by @mprahl in #184
• Stop refreshing the discovery when in uninstall mode by @mprahl in #185
• Sync common Makefile by @dhaiducek in #186
• Use OLM_VERSION by @dhaiducek in #190
• Add diff logging by @dhaiducek in #191
• Handle preexisting operator by @JustinKuli in #192
• Update to Go v1.21 by @dhaiducek in #193
• 9283 review followup by @JustinKuli in #194
• Return a subscription from handleSubscription by @JustinKuli in #198
• Sync common Makefile by @dhaiducek in #197
• Implement OperatorPolicy health checks for CSV by @JeffeyL in #196
• Enable status reporting for CatalogSource in OperatorPolicy by @zyjjay in #195
• Sync common Makefile and Dependabot by @dhaiducek in #201
• Include the compliance history database IDs in compliance events by @mprahl in #200
• Bump the github-actions group with 2 updates by @dependabot in #202
• Handle InstallPlan approval based on spec.versions by @JustinKuli in #199
• Sync common makefile by @dhaiducek in #205
• Simplify actions; Resolve gosec issues by @dhaiducek in #203
• Allow configuring a default namespace for operators by @JustinKuli in #204
• Add more validation to the OperatorPolicy by @JustinKuli in #207
• Emit fewer OperatorPolicy events by @JustinKuli in #208
• Upgrade controller-gen by @dhaiducek in #206
• Reduce debug logs for operatorpolicy test by @JustinKuli in #209

New Contributors

• @dependabot made their first contribution in #202

Full Changelog: v0.12.0...v0.13.0

v0.12.0

config-policy-controller v0.12.0

• The released image is quay.io/open-cluster-management/config-policy-controller:v0.12.0

What's Changed

• Optimize handleObjects method by @clyang82 in #134
• Change FieldValidation to strict by @clyang82 in #135
• Bug: Objects are pruned on templating errors by @yiraeChristineKim in #139
• Add error output for api-resources command by @dhaiducek in #141
• [Critical Bug]unexpectedly deleted when pruneObjectBehavior is None by @yiraeChristineKim in #142
• Refactor object template status generation by @mprahl in #143
• Remove unnecessary ConfigurationPolicy compliance change by @mprahl in #146
• Consolidate mustnothave deletion compliance messages by @mprahl in #147
• 📝 Parallelize the Config Policy controller E2E tests by @yiraeChristineKim in #145
• Bug: ACM-5052, Policy gets shortly into non-compliant state by @JeffeyL in #144
• Explicitly enable CGO by @mprahl in #151
• Reduce the copying when evaluating a policy by @mprahl in #156
• Log policy NonCompliance by @gparvin in #136
• NamespaceSelector 'reconciler' to help trigger evaluations by @JustinKuli in #158
• Create CRD for OperatorPolicy by @zyjjay in #155
• Empty label fields in policies are ignored by @zyjjay in #150
• ACM-6596: Initialize controller for OperatorPolicy by @JeffeyL in #160
• Fix compliance when created resource has a status by @JustinKuli in #161
• Allow OperatorPolicy to create OLM subscriptions by @zyjjay in #162
• Add an error when apiVersion is missing by @JustinKuli in #163

New Contributors

• @clyang82 made their first contribution in #134
• @JeffeyL made their first contribution in #144
• @zyjjay made their first contribution in #155

Full Changelog: v0.11.0...v0.12.0

v0.11.0

config-policy-controller v0.11.0

• The released image is quay.io/open-cluster-management/config-policy-controller:v0.11.0

What's Changed

• Make config policies with no objects compliant by @willkutler in #108
• Fix status for invalid object by @willkutler in #107
• Update go-yaml by @dhaiducek in #109
• Sync the common Makefile by @dhaiducek in #110
• Fix order of events on create or delete by @willkutler in #112
• Fix compliance state on missing obj evt by @willkutler in #113
• Pod history toggling issue by @yiraeChristineKim in #111
• Pull in the new template utils with copy template functions by @gparvin in #114
• Bug : Objects managed by ConfigurationPolicies are left behind if they are renamed by @yiraeChristineKim in #115
• Use patches for adding and removing finalizers by @mprahl in #118
• Tweak error handling by @dhaiducek in #117
• Account for existing finalizers when adding the prune object finalizer by @mprahl in #119
• Add refetch before updating status by @dhaiducek in #120
• Update release regex by @dhaiducek in #122
• Type Assertion Paranoia by @JustinKuli in #121
• Update OWNERS by @gparvin in #125
• Upgrade go-template-utils to v3.2.0 by @dhaiducek in #126
• QPS config by @JustinKuli in #127
• Bug: ConfigurationPolicy message for enforce omits objects when multiple namespaces are specified by @yiraeChristineKim in #116
• Fix behavior when the kube api might omit some more fields by @JustinKuli in #128
• Bug: Policy compliance status is truncated by @yiraeChristineKim in #129
• Upgrade: Go v1.20 and packages by @dhaiducek in #130
• Bug: crash-looping config-policy-controller-uninstaller by @yiraeChristineKim in #131
• Clear compliancyDetails on template error by @dhaiducek in #133
• Update API discovery cache even when incomplete by @JustinKuli in #132

New Contributors

• @yiraeChristineKim made their first contribution in #111

Full Changelog: v0.10.0...v0.11.0

v0.10.0

config-policy-controller v0.10.0

• The released image is quay.io/open-cluster-management/config-policy-controller:v0.10.0

What's Changed

• Update go-template-utils to v3.0.0 by @mprahl in #74
• Initialize klog explicitly by @mprahl in #75
• Update go-template-utils to v3.0.1 by @mprahl in #76
• Limit policy status event messages to 1024 characters by @mprahl in #78
• Add description for pruneObjectBehavior by @gparvin in #79
• The ConfigurationPolicy error message for a missing namespace by @ChunxiAlexLuo in #80
• Set "oldest" tag in Makefile; Bump to K8s v1.19 by @dhaiducek in #82
• Add metric to monitor common related objects by @dhaiducek in #77
• Send compliance events on the hosting cluster by @JustinKuli in #83
• Remove confusing Undetermined compliance state by @JustinKuli in #85
• Metrics for configuration policy errors by @willkutler in #84
• Add a metric to measure how long resolving policy templates take by @ChunxiAlexLuo in #81
• Skip pruning when the CRD is being deleted by @JustinKuli in #86
• Limit the watch implicitly created on CRDs by @mprahl in #88
• Use a single dynamic client in the reconciler by @mprahl in #87
• Fire event on object update by @willkutler in #90
• Fix the conditions history in compliancyDetails by @mprahl in #91
• add tests for evaluation metrics by @willkutler in #92
• Clean up when deployment is being deleted by @JustinKuli in #96
• Fix the gosec:G601 error by @mprahl in #97
• Allow multiline templatization by @willkutler in #95
• Move kustomize prereq by @dhaiducek in #98
• Revert "Fix the conditions history in compliancyDetails" by @mprahl in #99
• Fix hosted mode uninstalls by @mprahl in #100
• Make the case23 test more reliable by @mprahl in #102
• Use the controller ServiceAccount for tests by @dhaiducek in #101
• Trigger uninstalls through a new annotation by @mprahl in #104
• add label to designate config policy as template by @willkutler in #103
• Process object-templates-raw properly with no templatization by @willkutler in #105
• Remove the unused Deployment finalizer by @mprahl in #106

Full Changelog: v0.9.0...v0.10.0

v0.9.0

config-policy-controller v0.9.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/config-policy-controller:v0.9.0

v0.8.0

config-policy-controller v0.8.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/config-policy-controller:v0.8.0

v0.7.0

config-policy-controller v0.7.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/config-policy-controller:v0.7.0

v0.6.0

config-policy-controller v0.6.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/config-policy-controller:v0.6.0