diff --git a/CHANGELOG.md b/CHANGELOG.md index f8d12fe4..324e7264 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ## UNRELEASED - update go dependencies (#14) +- bug: TXT content must be unquoted (#13) - feat(doc): Add the minimum requirements needed for the Exoscale Key in the documentation (#11) - Add Action to do releases (#8) diff --git a/Makefile b/Makefile index dde6ee3b..2a467a31 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ rendered-manifest.yaml: helm template \ exoscale-webhook \ --set image.repository=$(IMAGE_NAME) \ - --set image.tag=$(VERSION) \ + --set image.tag="latest" \ --namespace cert-manager \ ${DEPLOY_DIR} > "$(OUT)/rendered-manifest.yaml" cp "${OUT}/rendered-manifest.yaml" "${DEPLOY_DIR}-kustomize/deploy.yaml" diff --git a/README.md b/README.md index 4caf8a05..fa8529c9 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,14 @@ Here is an example of the minimal policy required for the IAM role: "expression": "resources.dns_domain.unicode_name != \"example.com\"", "action": "deny" }, + { + "expression": "parameters.has('type') && parameters.type != 'TXT'", + "action": "deny" + }, + { + "expression": "resources.has('dns_domain_record') && resources.dns_domain_record.has('type') && resources.dns_domain_record.type != 'TXT'", + "action": "deny" + }, { "expression": "operation in ['list-dns-domains', 'list-dns-domain-records', 'get-dns-domain-record', 'create-dns-domain-record', 'delete-dns-domain-record']", "action": "allow" diff --git a/deploy/exoscale-webhook-kustomize/deploy.yaml b/deploy/exoscale-webhook-kustomize/deploy.yaml index 17f34f1b..3fbae963 100644 --- a/deploy/exoscale-webhook-kustomize/deploy.yaml +++ b/deploy/exoscale-webhook-kustomize/deploy.yaml @@ -186,7 +186,7 @@ spec: serviceAccountName: cert-manager-webhook-exoscale containers: - name: exoscale-webhook - image: "exoscale/cert-manager-webhook-exoscale:dev" + image: "exoscale/cert-manager-webhook-exoscale:latest" imagePullPolicy: IfNotPresent args: - --tls-cert-file=/tls/tls.crt