v1.2.8

• Fix benign problem where Completed pods would log errors when labeling was attempted #405

• Fix benign problem where pods that were just terminated logged an error when the operator tried to label them #405

• Set a lot of Info logs to Debug level #405

• Improvements to AWS, GCP & Azure IAM integrations: decouple IAM integration reconcilers to ensure failures in one do not affect others. #395

Full Changelog: v1.2.7...v1.2.8

v1.2.7

What's Changed

• Fix bug where external access policy is not created for protected services with ingress by @NetanelBollag in #404
• Support templating AWS intents by $(AWS_REGION) & $(AWS_ACCOUNT_ID) by @amitlicht in #403

Full Changelog: v1.2.6...v1.2.7

v1.2.6

What's Changed

• Fixed a case where intents to services with a NamedPort created network policies without port specification by @omris94 in #398

Full Changelog: v1.2.5...v1.2.6

v1.2.5

What's Changed

• Azure IAM enforcement now also supports Azure Key vault in addition to all other resources by @amitlicht in #390
• Fixed bug where cluster name could not be discovered automatically due to bug in AWS SDK by @otterobert in #396

Full Changelog: v1.2.4...v1.2.5

v1.2.4

What's Changed

• Bugfix: ignore error 404 NOT_FOUND on attempting to delete user assigned identities by @amitlicht in #393
• Intents operator now reports Service and Ingress resources to Otterize Cloud to accommodate a more accurate calculation of blocking status when in shadow mode by @NetanelBollag in #394

Full Changelog: v1.2.3...v1.2.4

v1.2.3

What's Changed

• Change GCP intent update to only change partial policy role binding by @otterobert in #389

Full Changelog: v1.2.2...v1.2.3

v1.2.2

What's Changed

• Improvement: Otterize network policies auto-allows DNS traffic if target is the cluster's DNS server and an Otterize network policy would block it by @orishoshan in #386

Full Changelog: v1.2.1...v1.2.2

v1.2.1

What's Changed

• Preparation for release of Azure IAM support
• Preparation for release of Google Cloud IAM support: Add support for GCP resources with wildcards by @otterobert in #367
• Report enforcement status to Otterize Cloud for AWS IAM, PostgreSQL, GCP and Azure by @orishoshan in #383

Full Changelog: v1.2.0...v1.2.1

v1.2.0

What's Changed

• Add support for AWS IAM RolesAnywhere with cert-manager csi-driver-spiffe, which enables cross-cloud AWS IAM access by @orishoshan in #372
  Learn more: https://github.com/otterize/otterize-csi-spiffe-demo
  Note: AWS IAM policies now have names that contain the cluster name, whereas before they didn't. When upgrading, please ensure to clean up leftover policies.
  Old policies were named otterize-policy-<namespace>-<servicename>
  New policies are named otr-<namespace>.<servicename>@<clustername> (same pattern as IAM roles).

• Preparation for release of Google Cloud IAM and Azure IAM by @amitlicht and @otterobert

• Improvement: untag AWS roles and policies only if configuration has changed by @orishoshan in #376

• Fixed bug where ClientIntents deletion might not be reported to Otterize Cloud by @NetanelBollag in #377

Full Changelog: v1.1.13...v1.2.0

v1.1.13

What's Changed

• Preparation for Azure IAM support by @amitlicht in #368

Full Changelog: v1.1.12...v1.1.13