1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
kyverno/pkg/engine/image_verify_test.go

1737 lines
70 KiB
Go
Raw Normal View History

package engine
import (
"context"
"encoding/json"
"fmt"
"strings"
"testing"
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
"time"
"github.com/go-logr/logr"
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/cosign"
"github.com/kyverno/kyverno/pkg/engine/adapters"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/engine/context/resolvers"
Enable flexible registry credential configurations (#7114) * types added Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret fetching and client creation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * moved to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * RegistryClientLoader Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/21991cec25093947ff3f62e4c223df0260c39944...555a30da2656b4a7cf47b107800bef097723363e) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update background scan logging messages (#7142) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update chart with v2 to v3 migration guidance. (#7144) * add Saxo Bank and Velux as adopters Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update chart README and validations Signed-off-by: Chip Zoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add Controller Internals info (#7147) Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.3 to 0.13.4 (#7150) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.3 to 0.13.4. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.3...api/v0.13.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#7149) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Added `omit-events` flag to allow disabling of event emission (#7010) * added comma seperated flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * reason added in logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added requested changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed flawed behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated test location and added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * omit events Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: let reports controller quit when loosing the lead (#7153) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump slsa-framework/slsa-github-generator (#7160) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: bump otel deps (#7152) * chore: bump otel deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 (#7172) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/docker/distribution (#7171) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#7177) Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/zapr/releases) - [Commits](https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/zapr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Add refactor note (#7169) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed typo in the v2 to v3 helm migration guide (#7163) * fixed typo in the v2 to v3 helm migration guide Signed-off-by: Richard Parke <richardparke15@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/distribution/distribution (#7178) Bumps [github.com/distribution/distribution](https://github.com/distribution/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/distribution/distribution/releases) - [Commits](https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/distribution/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tweaks (#7166) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logging feature to helm chart (#7181) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: hide json context from caller (#7139) * refactor: hide json context from caller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add omit-events feature in helm chart (#7185) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: preconditions in mutate existing rules (#7183) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: use structured jsonpatch instead of byte arrays (#7186) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret lister Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rclientloader to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added RegistryClientLoaderNewOrDie to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * CI fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * passing rclientloader directly Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Azure to ACR Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * adding kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * use pointer Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * global client Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * added kubeclient Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added nil kubeclient check Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factory Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * secrets lister Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factories Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: rparke <50015370+rparke@users.noreply.github.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-16 13:37:08 +00:00
"github.com/kyverno/kyverno/pkg/engine/factories"
"github.com/kyverno/kyverno/pkg/engine/internal"
"github.com/kyverno/kyverno/pkg/engine/jmespath"
"github.com/kyverno/kyverno/pkg/engine/mutate/patch"
"github.com/kyverno/kyverno/pkg/engine/policycontext"
engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
feat: add basic structure for image verify cache (#7890) * feat: add interface for image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add basic client for cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ttl to client Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add flags and flag setup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: added a default image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add propogation of cache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add useCache to image verification types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: add ivcache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logger to cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Signed-off-by: shuting <shutting06@gmail.com> * feat: add use cache to v2beta1 crd Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: change public attribute TTL to private Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: replace nil in test with disabled cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: convert ttl time to time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update opts to use time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat:add policy version and remove delete functions by adding policy version, old entries will automatically become outdated and we will not have to remove them manually Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove clear and update get and set to take interface as input Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * style: fix lint issue Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-06 19:54:52 +00:00
"github.com/kyverno/kyverno/pkg/imageverifycache"
"github.com/kyverno/kyverno/pkg/registryclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"gomodules.xyz/jsonpatch/v2"
"gotest.tools/assert"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
kubefake "k8s.io/client-go/kubernetes/fake"
)
var testPolicyGood = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "attest"
},
"spec": {
"rules": [
{
"name": "attest",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"image": "*",
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHMmDjK65krAyDaGaeyWNzgvIu155JI50B2vezCw8+3CVeE0lJTL5dbL3OP98Za0oAEBJcOxky8Riy/XcmfKZbw==\n-----END PUBLIC KEY-----",
"attestations": [
{
"predicateType": "https://example.com/CodeReview/v1",
"attestors": [
{
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHMmDjK65krAyDaGaeyWNzgvIu155JI50B2vezCw8+3CVeE0lJTL5dbL3OP98Za0oAEBJcOxky8Riy/XcmfKZbw==\n-----END PUBLIC KEY-----",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
}
]
}
],
"conditions": [
{
"all": [
{
"key": "{{ repo.uri }}",
"operator": "Equals",
"value": "https://github.com/example/my-project"
},
{
"key": "{{ repo.branch }}",
"operator": "Equals",
"value": "main"
}
]
}
]
}
]
}
]
}
]
}
}`
var testPolicyBad = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "attest"
},
"spec": {
"rules": [
{
"name": "attest",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"image": "*",
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHMmDjK65krAyDaGaeyWNzgvIu155JI50B2vezCw8+3CVeE0lJTL5dbL3OP98Za0oAEBJcOxky8Riy/XcmfKZbw==\n-----END PUBLIC KEY-----",
"attestations": [
{
"predicateType": "https://example.com/CodeReview/v1",
"conditions": [
{
"all": [
{
"key": "{{ repo.uri }}",
"operator": "Equals",
"value": "https://github.com/example/my-project"
},
{
"key": "{{ repo.branch }}",
"operator": "Equals",
"value": "prod"
}
]
}
]
}
]
}
]
}
]
}
}
`
var testResource = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "test",
"annotations": {}
},
"spec": {
"containers": [
{
"name": "pause2",
"image": "ghcr.io/jimbugwadia/pause2"
}
]
}
}`
var cosignTestResource = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "test",
"annotations": {}
},
"spec": {
"containers": [
{
"name": "pause2",
"image": "ghcr.io/kyverno/test-verify-image:signed"
}
]
}
}`
var cosignTestPolicy = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image",
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
}
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "check-signature",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"imageReferences": [
"ghcr.io/kyverno/test-verify-image:*"
],
"useCache": true,
"attestors": [
{
"entries": [
{
"keys": {
"publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM\n5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==\n-----END PUBLIC KEY-----",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
}
}
}
]
}
]
}
]
}
]
}
}`
var cosignTestPolicyUpdated = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image",
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
}
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "check-signature-updated",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"imageReferences": [
"ghcr.io/kyverno/test-verify-image:*"
],
"useCache": true,
"attestors": [
{
"entries": [
{
"keys": {
"publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM\n5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==\n-----END PUBLIC KEY-----",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
}
}
}
]
}
]
}
]
}
]
}
}`
var attestationPayloads = [][]byte{
[]byte(`{"payloadType":"https://example.com/CodeReview/v1","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL2V4YW1wbGUuY29tL0NvZGVSZXZpZXcvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiZ2hjci5pby9qaW1idWd3YWRpYS9wYXVzZTIiLCJkaWdlc3QiOnsic2hhMjU2IjoiYjMxYmZiNGQwMjEzZjI1NGQzNjFlMDA3OWRlYWFlYmVmYTRmODJiYTdhYTc2ZWY4MmU5MGI0OTM1YWQ1YjEwNSJ9fV0sInByZWRpY2F0ZSI6eyJhdXRob3IiOiJtYWlsdG86YWxpY2VAZXhhbXBsZS5jb20iLCJyZXBvIjp7ImJyYW5jaCI6Im1haW4iLCJ0eXBlIjoiZ2l0IiwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2V4YW1wbGUvbXktcHJvamVjdCJ9LCJyZXZpZXdlcnMiOlsibWFpbHRvOmJvYkBleGFtcGxlLmNvbSJdfX0=","signatures":[{"keyid":"","sig":"MEYCIQCrEr+vgPDmNCrqGDE/4z9iMLmCXMXcDlGKtSoiuMTSFgIhAN2riBaGk4accWzVl7ypi1XTRxyrPYHst8DesugPXgOf"}]}`),
[]byte(`{"payloadType":"cosign.sigstore.dev/attestation/v1","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJjb3NpZ24uc2lnc3RvcmUuZGV2L2F0dGVzdGF0aW9uL3YxIiwic3ViamVjdCI6W3sibmFtZSI6ImdoY3IuaW8vamltYnVnd2FkaWEvcGF1c2UyIiwiZGlnZXN0Ijp7InNoYTI1NiI6ImIzMWJmYjRkMDIxM2YyNTRkMzYxZTAwNzlkZWFhZWJlZmE0ZjgyYmE3YWE3NmVmODJlOTBiNDkzNWFkNWIxMDUifX1dLCJwcmVkaWNhdGUiOnsiRGF0YSI6ImhlbGxvIVxuIiwiVGltZXN0YW1wIjoiMjAyMS0xMC0wNVQwNToxODoxMVoifX0=","signatures":[{"keyid":"","sig":"MEQCIF5r9lf55rnYNPByZ9v6bortww694UEPvmyBIelIDYbIAiBNTGX4V64Oj6jZVRpkJQRxdzKUPYqC5GZTb4oS6eQ6aQ=="}]}`),
[]byte(`{"payloadType":"https://example.com/CodeReview/v1","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL2V4YW1wbGUuY29tL0NvZGVSZXZpZXcvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiZ2hjci5pby9qaW1idWd3YWRpYS9wYXVzZTIiLCJkaWdlc3QiOnsic2hhMjU2IjoiYjMxYmZiNGQwMjEzZjI1NGQzNjFlMDA3OWRlYWFlYmVmYTRmODJiYTdhYTc2ZWY4MmU5MGI0OTM1YWQ1YjEwNSJ9fV0sInByZWRpY2F0ZSI6eyJhdXRob3IiOiJtYWlsdG86YWxpY2VAZXhhbXBsZS5jb20iLCJyZXBvIjp7ImJyYW5jaCI6Im1haW4iLCJ0eXBlIjoiZ2l0IiwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2V4YW1wbGUvbXktcHJvamVjdCJ9LCJyZXZpZXdlcnMiOlsibWFpbHRvOmJvYkBleGFtcGxlLmNvbSJdfX0=","signatures":[{"keyid":"","sig":"MEUCIEeZbdBEFQzWqiMhB+SJgM6yFppUuQSKrpOIX1mxLDmRAiEA8pXqFq0GVc9LKhPzrnJRZhSruDNiKbiLHG5x7ETFyY8="}]}`),
}
var signaturePayloads = [][]byte{
[]byte(`{"critical":{"identity":{"docker-reference":"ghcr.io/kyverno/test-verify-image"},"image":{"docker-manifest-digest":"sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105"},"type":"cosign container image signature"},"optional":null}`),
}
var (
cfg = config.NewDefaultConfiguration(false)
metricsCfg = config.NewDefaultMetricsConfiguration()
jp = jmespath.New(cfg)
)
func testVerifyAndPatchImages(
ctx context.Context,
rclient registryclient.Client,
cmResolver engineapi.ConfigmapResolver,
pContext engineapi.PolicyContext,
cfg config.Configuration,
) (engineapi.EngineResponse, engineapi.ImageVerificationMetadata) {
e := NewEngine(
cfg,
metricsCfg,
jp,
nil,
Enable flexible registry credential configurations (#7114) * types added Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret fetching and client creation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * moved to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * RegistryClientLoader Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/21991cec25093947ff3f62e4c223df0260c39944...555a30da2656b4a7cf47b107800bef097723363e) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update background scan logging messages (#7142) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update chart with v2 to v3 migration guidance. (#7144) * add Saxo Bank and Velux as adopters Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update chart README and validations Signed-off-by: Chip Zoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add Controller Internals info (#7147) Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.3 to 0.13.4 (#7150) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.3 to 0.13.4. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.3...api/v0.13.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#7149) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Added `omit-events` flag to allow disabling of event emission (#7010) * added comma seperated flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * reason added in logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added requested changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed flawed behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated test location and added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * omit events Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: let reports controller quit when loosing the lead (#7153) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump slsa-framework/slsa-github-generator (#7160) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: bump otel deps (#7152) * chore: bump otel deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 (#7172) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/docker/distribution (#7171) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#7177) Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/zapr/releases) - [Commits](https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/zapr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Add refactor note (#7169) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed typo in the v2 to v3 helm migration guide (#7163) * fixed typo in the v2 to v3 helm migration guide Signed-off-by: Richard Parke <richardparke15@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/distribution/distribution (#7178) Bumps [github.com/distribution/distribution](https://github.com/distribution/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/distribution/distribution/releases) - [Commits](https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/distribution/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tweaks (#7166) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logging feature to helm chart (#7181) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: hide json context from caller (#7139) * refactor: hide json context from caller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add omit-events feature in helm chart (#7185) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: preconditions in mutate existing rules (#7183) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: use structured jsonpatch instead of byte arrays (#7186) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret lister Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rclientloader to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added RegistryClientLoaderNewOrDie to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * CI fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * passing rclientloader directly Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Azure to ACR Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * adding kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * use pointer Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * global client Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * added kubeclient Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added nil kubeclient check Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factory Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * secrets lister Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factories Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: rparke <50015370+rparke@users.noreply.github.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-16 13:37:08 +00:00
factories.DefaultRegistryClientFactory(adapters.RegistryClient(rclient), nil),
feat: add basic structure for image verify cache (#7890) * feat: add interface for image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add basic client for cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ttl to client Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add flags and flag setup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: added a default image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add propogation of cache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add useCache to image verification types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: add ivcache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logger to cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Signed-off-by: shuting <shutting06@gmail.com> * feat: add use cache to v2beta1 crd Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: change public attribute TTL to private Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: replace nil in test with disabled cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: convert ttl time to time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update opts to use time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat:add policy version and remove delete functions by adding policy version, old entries will automatically become outdated and we will not have to remove them manually Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove clear and update get and set to take interface as input Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * style: fix lint issue Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-06 19:54:52 +00:00
imageverifycache.DisabledImageVerifyCache(),
Enable flexible registry credential configurations (#7114) * types added Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret fetching and client creation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * moved to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * RegistryClientLoader Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/21991cec25093947ff3f62e4c223df0260c39944...555a30da2656b4a7cf47b107800bef097723363e) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update background scan logging messages (#7142) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update chart with v2 to v3 migration guidance. (#7144) * add Saxo Bank and Velux as adopters Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update chart README and validations Signed-off-by: Chip Zoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add Controller Internals info (#7147) Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.3 to 0.13.4 (#7150) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.3 to 0.13.4. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.3...api/v0.13.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#7149) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Added `omit-events` flag to allow disabling of event emission (#7010) * added comma seperated flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * reason added in logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added requested changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed flawed behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated test location and added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * omit events Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: let reports controller quit when loosing the lead (#7153) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump slsa-framework/slsa-github-generator (#7160) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: bump otel deps (#7152) * chore: bump otel deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 (#7172) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/docker/distribution (#7171) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#7177) Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/zapr/releases) - [Commits](https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/zapr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Add refactor note (#7169) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed typo in the v2 to v3 helm migration guide (#7163) * fixed typo in the v2 to v3 helm migration guide Signed-off-by: Richard Parke <richardparke15@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/distribution/distribution (#7178) Bumps [github.com/distribution/distribution](https://github.com/distribution/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/distribution/distribution/releases) - [Commits](https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/distribution/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tweaks (#7166) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logging feature to helm chart (#7181) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: hide json context from caller (#7139) * refactor: hide json context from caller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add omit-events feature in helm chart (#7185) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: preconditions in mutate existing rules (#7183) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: use structured jsonpatch instead of byte arrays (#7186) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret lister Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rclientloader to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added RegistryClientLoaderNewOrDie to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * CI fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * passing rclientloader directly Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Azure to ACR Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * adding kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * use pointer Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * global client Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * added kubeclient Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added nil kubeclient check Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factory Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * secrets lister Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factories Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: rparke <50015370+rparke@users.noreply.github.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-16 13:37:08 +00:00
factories.DefaultContextLoaderFactory(cmResolver),
nil,
)
return e.VerifyAndPatchImages(
ctx,
pContext,
)
}
func Test_CosignMockAttest(t *testing.T) {
policyContext := buildContext(t, testPolicyGood, testResource, "")
err := cosign.SetMock("ghcr.io/jimbugwadia/pause2:latest", attestationPayloads)
defer cosign.ClearMock()
assert.NilError(t, err)
er, ivm := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(er.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, er.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass,
feat: support attestations with multiple signatures (#5409) * add new attribute ".verifyImages.attestations.attestors" Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update CRDs Signed-off-by: ShutingZhao <shuting@nirmata.com> * support multiple subjects for attestations Signed-off-by: ShutingZhao <shuting@nirmata.com> * - fix entries check; - refactors code Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * - allow both attestors and attestations; - make attestations.attestor optional Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the invalid test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix empty attestor Signed-off-by: ShutingZhao <shuting@nirmata.com> * add cleanup steps Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update api/kyverno/v1/image_verification_types.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-12-01 22:09:44 +00:00
fmt.Sprintf("expected: %v, got: %v, failure: %v",
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
engineapi.RuleStatusPass, er.PolicyResponse.Rules[0].Status(), er.PolicyResponse.Rules[0].Message()))
assert.Equal(t, ivm.IsEmpty(), false)
assert.Equal(t, ivm.IsVerified("ghcr.io/jimbugwadia/pause2:latest"), true)
}
func Test_CosignMockAttest_fail(t *testing.T) {
policyContext := buildContext(t, testPolicyBad, testResource, "")
err := cosign.SetMock("ghcr.io/jimbugwadia/pause2:latest", attestationPayloads)
defer cosign.ClearMock()
assert.NilError(t, err)
er, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(er.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, er.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusFail)
}
func buildContext(t *testing.T, policy, resource string, oldResource string) *PolicyContext {
var cpol kyvernov1.ClusterPolicy
err := json.Unmarshal([]byte(policy), &cpol)
assert.NilError(t, err)
resourceUnstructured, err := kubeutils.BytesToUnstructured([]byte(resource))
assert.NilError(t, err)
policyContext, err := policycontext.NewPolicyContext(
jp,
*resourceUnstructured,
kyvernov1.Create,
nil,
cfg,
)
assert.NilError(t, err)
policyContext = policyContext.
WithPolicy(&cpol).
WithNewResource(*resourceUnstructured)
if oldResource != "" {
oldResourceUnstructured, err := kubeutils.BytesToUnstructured([]byte(oldResource))
assert.NilError(t, err)
err = enginecontext.AddOldResource(policyContext.JSONContext(), []byte(oldResource))
assert.NilError(t, err)
policyContext = policyContext.WithOldResource(*oldResourceUnstructured)
}
return policyContext
}
var testSampleSingleKeyPolicy = `
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image",
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
}
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "check-signature",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"imageReferences": [
"ghcr.io/kyverno/test-verify-image:*"
],
"attestors": [
{
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM\n5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==\n-----END PUBLIC KEY-----",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
}
]
}
]
}
]
}
]
}
}
`
var testSampleMultipleKeyPolicy = `
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image",
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
}
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "check-signature",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"imageReferences": [
"ghcr.io/kyverno/test-verify-image:*"
],
"attestors": [
{
"count": COUNT,
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "KEY1",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
},
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "KEY2",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
}
]
}
]
}
]
}
]
}
}
`
var testConfigMapMissing = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
},
"name": "image-verify-polset"
},
"spec": {
"background": false,
"failurePolicy": "Fail",
"rules": [
{
"context": [
{
"configMap": {
"name": "myconfigmap",
"namespace": "mynamespace"
},
"name": "myconfigmap"
}
],
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"name": "image-verify-pol1",
"verifyImages": [
{
"imageReferences": [
"ghcr.io/*"
],
"mutateDigest": false,
"verifyDigest": false,
"attestors": [
{
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "{{myconfigmap.data.configmapkey}}",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
}
]
}
]
}
]
}
],
"validationFailureAction": "Audit",
"webhookTimeoutSeconds": 30
}
}`
var testSampleResource = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {"name": "test"},
"spec": {
"containers": [
{
"name": "pause2",
"image": "ghcr.io/kyverno/test-verify-image:signed"
}
]
}
}`
var testConfigMapMissingResource = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"labels": {
"run": "test"
},
"name": "test"
},
"spec": {
"containers": [
{
"image": "nginx:latest",
"name": "test",
"resources": {}
}
]
}
}`
var (
testVerifyImageKey = `-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==\n-----END PUBLIC KEY-----\n`
testOtherKey = `-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpNlOGZ323zMlhs4bcKSpAKQvbcWi5ZLRmijm6SqXDy0Fp0z0Eal+BekFnLzs8rUXUaXlhZ3hNudlgFJH+nFNMw==\n-----END PUBLIC KEY-----\n`
)
func Test_NoMatch(t *testing.T) {
policyContext := buildContext(t, testConfigMapMissing, testConfigMapMissingResource, "")
err, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(err.PolicyResponse.Rules), 0)
}
func Test_ConfigMapMissingFailure(t *testing.T) {
ghcrImage := strings.Replace(testConfigMapMissingResource, "nginx:latest", "ghcr.io/kyverno/test-verify-image:signed", -1)
policyContext := buildContext(t, testConfigMapMissing, ghcrImage, "")
resolver, err := resolvers.NewClientBasedResolver(kubefake.NewSimpleClientset())
assert.NilError(t, err)
resp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), resolver, policyContext, cfg)
assert.Equal(t, len(resp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, resp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusError, resp.PolicyResponse.Rules[0].Message())
}
func Test_SignatureGoodSigned(t *testing.T) {
policyContext := buildContext(t, testSampleSingleKeyPolicy, testSampleResource, "")
policyContext.Policy().GetSpec().Rules[0].VerifyImages[0].MutateDigest = true
engineResp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass, engineResp.PolicyResponse.Rules[0].Message())
constainers, found, err := unstructured.NestedSlice(engineResp.PatchedResource.UnstructuredContent(), "spec", "containers")
assert.NilError(t, err)
assert.Equal(t, true, found)
image, found, err := unstructured.NestedString(constainers[0].(map[string]interface{}), "image")
assert.NilError(t, err)
assert.Equal(t, true, found)
assert.Equal(t, "ghcr.io/kyverno/test-verify-image:signed@sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105", image)
}
func Test_SignatureUnsigned(t *testing.T) {
unsigned := strings.Replace(testSampleResource, ":signed", ":unsigned", -1)
policyContext := buildContext(t, testSampleSingleKeyPolicy, unsigned, "")
engineResp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusFail, engineResp.PolicyResponse.Rules[0].Message())
}
func Test_SignatureWrongKey(t *testing.T) {
otherKey := strings.Replace(testSampleResource, ":signed", ":signed-by-someone-else", -1)
policyContext := buildContext(t, testSampleSingleKeyPolicy, otherKey, "")
engineResp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusFail, engineResp.PolicyResponse.Rules[0].Message())
}
func Test_SignaturesMultiKey(t *testing.T) {
policy := strings.Replace(testSampleMultipleKeyPolicy, "KEY1", testVerifyImageKey, -1)
policy = strings.Replace(policy, "KEY2", testVerifyImageKey, -1)
policy = strings.Replace(policy, "COUNT", "0", -1)
policyContext := buildContext(t, policy, testSampleResource, "")
engineResp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass, engineResp.PolicyResponse.Rules[0].Message())
}
func Test_SignaturesMultiKeyFail(t *testing.T) {
policy := strings.Replace(testSampleMultipleKeyPolicy, "KEY1", testVerifyImageKey, -1)
policy = strings.Replace(policy, "COUNT", "0", -1)
policyContext := buildContext(t, policy, testSampleResource, "")
engineResp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusFail, engineResp.PolicyResponse.Rules[0].Message())
}
func Test_SignaturesMultiKeyOneGoodKey(t *testing.T) {
policy := strings.Replace(testSampleMultipleKeyPolicy, "KEY1", testVerifyImageKey, -1)
policy = strings.Replace(policy, "KEY2", testOtherKey, -1)
policy = strings.Replace(policy, "COUNT", "1", -1)
policyContext := buildContext(t, policy, testSampleResource, "")
engineResp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass, engineResp.PolicyResponse.Rules[0].Message())
}
func Test_SignaturesMultiKeyZeroGoodKey(t *testing.T) {
policy := strings.Replace(testSampleMultipleKeyPolicy, "KEY1", testOtherKey, -1)
policy = strings.Replace(policy, "KEY2", testOtherKey, -1)
policy = strings.Replace(policy, "COUNT", "1", -1)
policyContext := buildContext(t, policy, testSampleResource, "")
resp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(resp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, resp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusFail, resp.PolicyResponse.Rules[0].Message())
}
func Test_RuleSelectorImageVerify(t *testing.T) {
policyContext := buildContext(t, testSampleSingleKeyPolicy, testSampleResource, "")
rule := newStaticKeyRule("match-all", testOtherKey)
spec := policyContext.Policy().GetSpec()
spec.Rules = append(spec.Rules, *rule)
applyAll := kyvernov1.ApplyAll
spec.ApplyRules = &applyAll
resp, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(resp.PolicyResponse.Rules), 2)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, resp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass, resp.PolicyResponse.Rules[0].Message())
assert.Equal(t, resp.PolicyResponse.Rules[1].Status(), engineapi.RuleStatusFail, resp.PolicyResponse.Rules[1].Message())
applyOne := kyvernov1.ApplyOne
spec.ApplyRules = &applyOne
resp, _ = testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(resp.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, resp.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass, resp.PolicyResponse.Rules[0].Message())
}
func newStaticKeyRule(name, key string) *kyvernov1.Rule {
return &kyvernov1.Rule{
Name: name,
MatchResources: kyvernov1.MatchResources{
All: kyvernov1.ResourceFilters{
{
ResourceDescription: kyvernov1.ResourceDescription{
Kinds: []string{"Pod"},
},
},
},
},
VerifyImages: []kyvernov1.ImageVerification{
{
ImageReferences: []string{"*"},
Attestors: []kyvernov1.AttestorSet{
{
Entries: []kyvernov1.Attestor{
{
Keys: &kyvernov1.StaticKeyAttestor{
PublicKeys: key,
},
},
},
},
},
},
},
}
}
var testNestedAttestorPolicy = `
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image-keyless",
"annotations": {
"pod-policies.kyverno.io/autogen-controllers": "none"
}
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "check-image-keyless",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"verifyImages": [
{
"imageReferences": [
"ghcr.io/kyverno/test-verify-image:*"
],
"attestors": [
{
"count": COUNT,
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "KEY1",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
},
{
"attestor": {
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "KEY2",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
}
]
}
}
]
}
]
}
]
}
]
}
}
`
func Test_NestedAttestors(t *testing.T) {
policy := strings.Replace(testNestedAttestorPolicy, "KEY1", testVerifyImageKey, -1)
policy = strings.Replace(policy, "KEY2", testVerifyImageKey, -1)
policy = strings.Replace(policy, "COUNT", "0", -1)
policyContext := buildContext(t, policy, testSampleResource, "")
err, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(err.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, err.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass)
policy = strings.Replace(testNestedAttestorPolicy, "KEY1", testVerifyImageKey, -1)
policy = strings.Replace(policy, "KEY2", testOtherKey, -1)
policy = strings.Replace(policy, "COUNT", "0", -1)
policyContext = buildContext(t, policy, testSampleResource, "")
err, _ = testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(err.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, err.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusFail)
policy = strings.Replace(testNestedAttestorPolicy, "KEY1", testVerifyImageKey, -1)
policy = strings.Replace(policy, "KEY2", testOtherKey, -1)
policy = strings.Replace(policy, "COUNT", "1", -1)
policyContext = buildContext(t, policy, testSampleResource, "")
err, _ = testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(err.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, err.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass)
}
func Test_ExpandKeys(t *testing.T) {
as := internal.ExpandStaticKeys(createStaticKeyAttestorSet("", true, false, false))
assert.Equal(t, 1, len(as.Entries))
as = internal.ExpandStaticKeys(createStaticKeyAttestorSet(testOtherKey, true, false, false))
assert.Equal(t, 1, len(as.Entries))
as = internal.ExpandStaticKeys(createStaticKeyAttestorSet(testOtherKey+testOtherKey+testOtherKey, true, false, false))
assert.Equal(t, 3, len(as.Entries))
as = internal.ExpandStaticKeys(createStaticKeyAttestorSet("", false, true, false))
assert.Equal(t, 1, len(as.Entries))
assert.DeepEqual(t, &kyvernov1.SecretReference{Name: "testsecret", Namespace: "default"},
as.Entries[0].Keys.Secret)
as = internal.ExpandStaticKeys(createStaticKeyAttestorSet("", false, false, true))
assert.Equal(t, 1, len(as.Entries))
assert.DeepEqual(t, "gcpkms://projects/test_project_id/locations/asia-south1/keyRings/test_key_ring_name/cryptoKeys/test_key_name/versions/1", as.Entries[0].Keys.KMS)
as = internal.ExpandStaticKeys((createStaticKeyAttestorSet(testOtherKey, true, true, false)))
assert.Equal(t, 2, len(as.Entries))
assert.DeepEqual(t, testOtherKey, as.Entries[0].Keys.PublicKeys)
assert.DeepEqual(t, &kyvernov1.SecretReference{Name: "testsecret", Namespace: "default"}, as.Entries[1].Keys.Secret)
}
func createStaticKeyAttestorSet(s string, withPublicKey, withSecret, withKMS bool) kyvernov1.AttestorSet {
var entries []kyvernov1.Attestor
if withPublicKey {
attestor := kyvernov1.Attestor{
Keys: &kyvernov1.StaticKeyAttestor{
PublicKeys: s,
},
}
entries = append(entries, attestor)
}
if withSecret {
attestor := kyvernov1.Attestor{
Keys: &kyvernov1.StaticKeyAttestor{
Secret: &kyvernov1.SecretReference{
Name: "testsecret",
Namespace: "default",
},
},
}
entries = append(entries, attestor)
}
if withKMS {
kmsKey := "gcpkms://projects/test_project_id/locations/asia-south1/keyRings/test_key_ring_name/cryptoKeys/test_key_name/versions/1"
attestor := kyvernov1.Attestor{
Keys: &kyvernov1.StaticKeyAttestor{
KMS: kmsKey,
},
}
entries = append(entries, attestor)
}
return kyvernov1.AttestorSet{Entries: entries}
}
func Test_ChangedAnnotation(t *testing.T) {
annotationKey := kyverno.AnnotationImageVerify
annotationNew := fmt.Sprintf("\"annotations\": {\"%s\": \"%s\"}", annotationKey, "true")
newResource := strings.ReplaceAll(testResource, "\"annotations\": {}", annotationNew)
policyContext := buildContext(t, testPolicyGood, testResource, testResource)
hasChanged := internal.HasImageVerifiedAnnotationChanged(policyContext, logr.Discard())
assert.Equal(t, hasChanged, false)
policyContext = buildContext(t, testPolicyGood, newResource, testResource)
hasChanged = internal.HasImageVerifiedAnnotationChanged(policyContext, logr.Discard())
assert.Equal(t, hasChanged, true)
annotationOld := fmt.Sprintf("\"annotations\": {\"%s\": \"%s\"}", annotationKey, "false")
oldResource := strings.ReplaceAll(testResource, "\"annotations\": {}", annotationOld)
policyContext = buildContext(t, testPolicyGood, newResource, oldResource)
hasChanged = internal.HasImageVerifiedAnnotationChanged(policyContext, logr.Discard())
assert.Equal(t, hasChanged, true)
}
func Test_MarkImageVerified(t *testing.T) {
image := "ghcr.io/jimbugwadia/pause2:latest"
policyContext := buildContext(t, testPolicyGood, testResource, "")
err := cosign.SetMock(image, attestationPayloads)
defer cosign.ClearMock()
assert.NilError(t, err)
engineResponse, verifiedImages := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResponse.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResponse.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass)
assert.Assert(t, verifiedImages.Data != nil)
assert.Equal(t, len(verifiedImages.Data), 1)
assert.Equal(t, verifiedImages.IsVerified(image), true)
patches, err := verifiedImages.Patches(false, logr.Discard())
assert.NilError(t, err)
assert.Equal(t, len(patches), 2)
resource := testApplyPatches(t, patches)
patchedAnnotations := resource.GetAnnotations()
assert.Equal(t, len(patchedAnnotations), 1)
json := patchedAnnotations[kyverno.AnnotationImageVerify]
assert.Assert(t, json != "")
verified, err := engineutils.IsImageVerified(resource, image, logr.Discard())
assert.NilError(t, err)
assert.Equal(t, verified, engineapi.ImageVerificationPass)
}
func testApplyPatches(t *testing.T, patches []jsonpatch.JsonPatchOperation) unstructured.Unstructured {
patchedResource, err := engineutils.ApplyPatches([]byte(testResource), patch.ConvertPatches(patches...))
assert.NilError(t, err)
assert.Assert(t, patchedResource != nil)
u := unstructured.Unstructured{}
err = u.UnmarshalJSON(patchedResource)
assert.NilError(t, err)
return u
}
func Test_ParsePEMDelimited(t *testing.T) {
testPEMPolicy := `{
"apiVersion": "kyverno.io/v1",
"kind": "Policy",
"metadata": {
"name": "check-image"
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "check-image",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"verifyImages": [
{
"imageReferences": [
"*"
],
"attestors": [
{
"count": 1,
"entries": [
{
"keys": {
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
"publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfVMHGmFK4OgVqhy36KZ7a3r4R4/o\nCwaCVvXZV4ZULFbkFZ0IodGqKqcVmgycnoj7d8TpKpAUVNF8kKh90ewH3A==\n-----END PUBLIC KEY-----\n-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0f1W0XigyPFbX8Xq3QmkbL9gDFTf\nRfc8jF7UadBcwKxiyvPSOKZn+igQfXzpNjrwPSZ58JGvF4Fs8BB3fSRP2g==\n-----END PUBLIC KEY-----",
"rekor": {
"url": "https://rekor.sigstore.dev",
"ignoreTlog": true
},
"ctlog": {
"ignoreSCT": true
Support for Cosign 2.0 (#7248) * cosign 2.0 version upgrade Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * IgnoreTlog and IgnoreSCT updated Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cli packages Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * in-toto-golang update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rekor Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed cosign 1.13.1 dependency Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added default rekor url Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cosign option Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix failing test: Test_VerifyManifest_MustAll_InvalidYAML Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * suggestions from jim Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updates to cosign verification Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test ignore sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * downgrading gcr version Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * null pointer error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated failing cli tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl test with complete subjects Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed issue with wildcard replacement Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * engine tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed conflicts with notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen and test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added pubkeys test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add default CTLogPubKeys Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * cleanup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * unwanted test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auth checks with the APIVersion and the subresource (#7628) * fix auth checks with apiVersion and subresource Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove duplicate code Signed-off-by: ShutingZhao <shuting@nirmata.com> * update permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: Swap any/all in the error message. (#7688) Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add background only policy support (#6666) * feat: add background only policy support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all disabled Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: pr updater workflow (#7697) * fix: pr updater workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update .github/workflows/pr-update.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: customizable tracer configuration (#7644) * fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...d13028333d784fcc802b67ec924bcebe75aa0a5f) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d13028333d784fcc802b67ec924bcebe75aa0a5f...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * fix: lock schema manager when updating it (#7704) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add kuttl tests for background only policies (#7709) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Feat: Upgrade controller-gen to v0.12.0 and fix tooling (#7683) * Upgrade controller-gen and fix tooling Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Address comments Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add a marker in the sed command Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Upgrade to the latest version and rearrange the annotations Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Fix failing Verify Codegen tests Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Remove unnecessary file Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Restore original version in test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> * Add creationTimestamp: null again in the test folder Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> --------- Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: release signing (#7711) (#7713) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github token instead of pat (#7716) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7719) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: make `test --fail-only` return 1 if there are failed tests (#7717) Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove redundant tests (#7702) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use gh token instead of pat (#7723) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove obsolete scripts (#7720) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permission (#7729) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat (#7727) * fix: remove jmespath replace directive Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use github token instead of pat Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use golang builtin version management (#7654) * fix: use golang builtin version management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: template for user setup in kuttl (#7731) Signed-off-by: Alok N <alokme123@gmail.com> * feat: Add option to add imagePullSecrets to cleanup CronJobs (#7730) * Add option to add imagePullSecrets to cleanup CronJobs Signed-off-by: Alexander Olzem <olzemal@pm.me> * Update chart README Signed-off-by: Alexander Olzem <olzemal@pm.me> --------- Signed-off-by: Alexander Olzem <olzemal@pm.me> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: typo in check cmd (#7733) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: nits in cli flags (#7736) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump ko version (#7738) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: bump kind node versions (#7737) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refactor cli values loading and remove dead code (#7739) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * [Feature] round() JMESPath function (#7489) * adding roundoff Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * removing unnecessary Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding test Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * adding edge case Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fixing error Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function call Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * updating function jpRound Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * error handling negative Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump ubuntu from `6120be6` to `0bced47` in /.devcontainer (#7744) Bumps ubuntu from `6120be6` to `0bced47`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: improve cli apply args check (#7746) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove cli dead code (#7748) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Replaced gcr crane with gcr remote (#7747) * fix: oras-go/v2 version in go.sum Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move kyverno constants out of v1 package (#7760) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use register-gen to register k8s types (#7761) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump fluxcd/flux2 from 0.41.2 to 2.0.0 (#7764) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.41.2 to 2.0.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/dbda8fbdb8b58ed1ee69343025a6091eae0d1828...9ea0a535eab2c99121fb3ac742e333b4a9f07970) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: introduce defaulters-gen (#7765) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add table output to cli apply command (#7757) * feat: add table output to cli apply command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factorise Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore: bump cosign in gh workflows (#7715) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: switch to deepcopy-gen (#7766) * chore: switch to deepcopy-gen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: increase linter timeout (#7767) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * undo: revert back to cosign 2.0.2 cosign 2.1.1 has dependency conflicts with oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove markers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: remove 0_14 version of gcr k8s-sigstore-manifest got a new version so we can finally upgrade gcr to v0.15 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add: add logging to tlogs and sct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo: remove registryOpts in favor of registry client opts added the missing parts from registryOptions in registry client opts Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: add generated files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: clean go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove bad logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update kubebuilder version in crds Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update: rollback policy to ignore tlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: JaeHeung Han <hylowaker@users.noreply.github.com> Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Signed-off-by: Carles Figuerola <cfiguerola@expediagroup.com> Signed-off-by: Alok N <alokme123@gmail.com> Signed-off-by: Alexander Olzem <olzemal@pm.me> Signed-off-by: Rexbeast2 <ssukhveer514@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: JaeHeung Han <hylowaker@users.noreply.github.com> Co-authored-by: Daniel Laszlo <laszlodaniel@icloud.com> Co-authored-by: Md Shahbaz Alam <shahbazalam75508@gmail.com> Co-authored-by: shahbaz <shahbaz@shahbaz.myguest.virtualbox.org> Co-authored-by: Carles-Figuerola <carles@figuerola.info> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Alex Olzem <olzemal@gmail.com> Co-authored-by: SukhveerS <78963782+Rexbeast2@users.noreply.github.com>
2023-08-15 14:25:55 +00:00
}
}
}
]
}
]
}
]
}
]
}
}`
image := "ghcr.io/jimbugwadia/pause2:latest"
policyContext := buildContext(t, testPEMPolicy, testResource, "")
err := cosign.SetMock(image, signaturePayloads)
defer cosign.ClearMock()
assert.NilError(t, err)
engineResponse, verifiedImages := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
assert.Equal(t, len(engineResponse.PolicyResponse.Rules), 1)
refactor: engine rule response creation (#6784) * refactor: engine rule response creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * private fields Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more private Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 10:35:38 +00:00
assert.Equal(t, engineResponse.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass)
assert.Assert(t, verifiedImages.Data != nil)
assert.Equal(t, len(verifiedImages.Data), 1)
assert.Equal(t, verifiedImages.IsVerified(image), true)
}
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
func testImageVerifyCache(
ivCache imageverifycache.Client,
ctx context.Context,
rclient registryclient.Client,
cmResolver engineapi.ConfigmapResolver,
pContext engineapi.PolicyContext,
cfg config.Configuration,
) (engineapi.EngineResponse, engineapi.ImageVerificationMetadata) {
e := NewEngine(
cfg,
metricsCfg,
jp,
nil,
factories.DefaultRegistryClientFactory(adapters.RegistryClient(rclient), nil),
ivCache,
factories.DefaultContextLoaderFactory(cmResolver),
nil,
)
return e.VerifyAndPatchImages(
ctx,
pContext,
)
}
func errorAssertionUtil(t *testing.T, image string, ivm engineapi.ImageVerificationMetadata, er engineapi.EngineResponse) {
assert.Equal(t, len(er.PolicyResponse.Rules), 1)
assert.Equal(t, er.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass, er.PolicyResponse.Rules[0].Message())
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
assert.Equal(t, ivm.IsEmpty(), false)
assert.Equal(t, ivm.IsVerified(image), true)
}
func Test_ImageVerifyCacheCosign(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(true),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(24 * time.Hour),
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, cosignTestPolicy, cosignTestResource, "")
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime < firstOperationTime/10, "cache entry is valid, so image verification should be from cache.", firstOperationTime, secondOperationTime)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
func Test_ImageVerifyCacheDisabled(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(false),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(24 * time.Hour),
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, cosignTestPolicy, cosignTestResource, "")
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime > firstOperationTime/10 && secondOperationTime < firstOperationTime*10, "cache is disabled, so image verification should not be from cache.", firstOperationTime, secondOperationTime)
}
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
func Test_ImageVerifyCacheExpiredCosign(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(true),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(2 * time.Second),
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, cosignTestPolicy, cosignTestResource, "")
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
time.Sleep(5 * time.Second)
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime > firstOperationTime/10 && secondOperationTime < firstOperationTime*10, "cache entry is expired, so image verification should not be from cache.", firstOperationTime, secondOperationTime)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
func Test_changePolicyCacheVerificationCosign(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(true),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(60 * time.Minute),
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, cosignTestPolicy, cosignTestResource, "")
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
policyContext = buildContext(t, cosignTestPolicyUpdated, cosignTestResource, "")
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime > firstOperationTime/10 && secondOperationTime < firstOperationTime*10, "cache entry not found, so image verification should not be from cache.", firstOperationTime, secondOperationTime)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
var verifyImageNotaryPolicy = `{
"apiVersion": "kyverno.io/v2beta1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image-notary"
},
"spec": {
"validationFailureAction": "Enforce",
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "verify-signature-notary",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"verifyImages": [
{
"type": "Notary",
"imageReferences": [
"ghcr.io/kyverno/test-verify-image*"
],
"useCache": true,
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
"attestors": [
{
"count": 1,
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
}
]
}
]
}
}`
var verifyImageNotaryUpdatedPolicy = `{
"apiVersion": "kyverno.io/v2beta1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image-notary"
},
"spec": {
"validationFailureAction": "Enforce",
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "verify-signature-notary-1",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"verifyImages": [
{
"type": "Notary",
"imageReferences": [
"ghcr.io/kyverno/test-verify-image*"
],
"useCache": true,
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
"attestors": [
{
"count": 1,
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
}
]
}
]
}
}`
var verifyImageNotaryResource = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": null,
"labels": {
"run": "test"
},
"name": "test",
"namespace": "default"
},
"spec": {
"containers": [
{
"image": "ghcr.io/kyverno/test-verify-image:signed",
"name": "test",
"resources": {}
}
],
"dnsPolicy": "ClusterFirst",
"restartPolicy": "Always"
},
"status": {}
}`
func Test_ImageVerifyCacheNotary(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(true),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(24 * time.Hour),
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, verifyImageNotaryPolicy, verifyImageNotaryResource, "")
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime < firstOperationTime/10, "cache entry is valid, so image verification should be from cache.", firstOperationTime, secondOperationTime)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
func Test_ImageVerifyCacheExpiredNotary(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(true),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(2 * time.Second),
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, verifyImageNotaryPolicy, verifyImageNotaryResource, "")
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
time.Sleep(5 * time.Second)
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime > firstOperationTime/10 && secondOperationTime < firstOperationTime*10, "cache entry is expired, so image verification should not be from cache.", firstOperationTime, secondOperationTime)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
func Test_changePolicyCacheVerificationNotary(t *testing.T) {
opts := []imageverifycache.Option{
imageverifycache.WithCacheEnableFlag(true),
imageverifycache.WithMaxSize(1000),
imageverifycache.WithTTLDuration(60 * time.Minute),
}
imageVerifyCache, err := imageverifycache.New(opts...)
assert.NilError(t, err)
image := "ghcr.io/kyverno/test-verify-image:signed"
policyContext := buildContext(t, verifyImageNotaryPolicy, verifyImageNotaryResource, "")
start := time.Now()
er, ivm := testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
firstOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
policyContext = buildContext(t, verifyImageNotaryUpdatedPolicy, verifyImageNotaryResource, "")
start = time.Now()
er, ivm = testImageVerifyCache(imageVerifyCache, context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
secondOperationTime := time.Since(start)
errorAssertionUtil(t, image, ivm, er)
assert.Check(t, secondOperationTime > firstOperationTime/10 && secondOperationTime < firstOperationTime*10, "cache entry not found, so image verification should not be from cache.", firstOperationTime, secondOperationTime)
added verify image ristretto cache implementation (#7969) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
}
var excludeVerifyImageNotaryPolicy = `{
"apiVersion": "kyverno.io/v2beta1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image-notary"
},
"spec": {
"validationFailureAction": "Enforce",
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "verify-signature-notary",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"verifyImages": [
{
"type": "Notary",
"imageReferences": [
"ghcr.io/*"
],
"skipImageReferences" : [
"ghcr.io/invalid-user*"
],
"attestors": [
{
"count": 1,
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
}
]
}
]
}
}`
var excludeVerifyImageNotaryResourcePass = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": null,
"labels": {
"run": "test"
},
"name": "test",
"namespace": "default"
},
"spec": {
"containers": [
{
"image": "ghcr.io/kyverno/test-verify-image:signed",
"name": "test",
"resources": {}
}
],
"dnsPolicy": "ClusterFirst",
"restartPolicy": "Always"
},
"status": {}
}`
var excludeVerifyImageNotaryResourceSkip = `{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": null,
"labels": {
"run": "test"
},
"name": "testskip",
"namespace": "default"
},
"spec": {
"containers": [
{
"image": "ghcr.io/invalid-user/invalid-image:v1",
"name": "test",
"resources": {}
}
],
"dnsPolicy": "ClusterFirst",
"restartPolicy": "Always"
},
"status": {}
}`
func Test_SkipImageReferences(t *testing.T) {
policyContextPass := buildContext(t, excludeVerifyImageNotaryPolicy, excludeVerifyImageNotaryResourcePass, "")
// Passes as image is included and not excluded
feat:Add support for condition validation across multiple image verification attestations or context entry (#9960) * added Validate in ImageVerification Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> * added Validate in ImageVerification Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> * validate block added Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> * Name feild is added in Attestation struct Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> * added imageInfo in policy context Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added response from FetchAttestations to contex entry Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added validate logic Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * condition for name collision in Attestation array is added Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added multiple image verification test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added multiple image verification test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * unit test added Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * ValidateVariable is applied in validate Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * change in regex, logic, conformance test, unit test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some change in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * context entries are added as variables Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical implementations Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Validate and multiple Image verification is working Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * moved validate to verify Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in imageverifier Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in imageverifier Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * unit test added Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added validate in verifyimage in v2 policies Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * validate is moved to verifyAttestation Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in unit tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * removed loadcontext Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * enhanced tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * enhanced tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Added getRawResp to fing report in statemants Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * aome changes in unit tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * aome changes in unit tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in ivm Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * changes in verify in imageverifer Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test for trivy and vex Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added Validate in ImageVerification Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> * added Validate in ImageVerification Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> * added imageInfo in policy context Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added response from FetchAttestations to contex entry Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added validate logic Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * condition for name collision in Attestation array is added Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added multiple image verification test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added multiple image verification test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * unit test added Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * ValidateVariable is applied in validate Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * change in regex, logic, conformance test, unit test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some change in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * context entries are added as variables Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some logical implementations Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Validate and multiple Image verification is working Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * moved validate to verify Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in conformance test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in imageverifier Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Some changes in imageverifier Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * unit test added Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * lint fixes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added validate in verifyimage in v2 policies Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * validate is moved to verifyAttestation Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in unit tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * removed loadcontext Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * enhanced tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * enhanced tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * Added getRawResp to fing report in statemants Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * aome changes in unit tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * aome changes in unit tests Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * helm test fix Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * some changes in ivm Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * changes in verify in imageverifer Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * test Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * codegen applied Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * codegen resolved Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> --------- Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in> Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> Signed-off-by: D N Siva Sathyaseelan <95441117+sivasathyaseeelan@users.noreply.github.com> Co-authored-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
2024-09-05 10:33:37 +00:00
erPass, ivm := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContextPass, cfg)
assert.Equal(t, len(erPass.PolicyResponse.Rules), 1)
assert.Equal(t, erPass.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass,
fmt.Sprintf("expected: %v, got: %v, failure: %v",
engineapi.RuleStatusPass, erPass.PolicyResponse.Rules[0].Status(), erPass.PolicyResponse.Rules[0].Message()))
assert.Equal(t, ivm.IsEmpty(), false)
policyContextSkip := buildContext(t, excludeVerifyImageNotaryPolicy, excludeVerifyImageNotaryResourceSkip, "")
// Skipped as image is excluded
erSkip, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContextSkip, cfg)
assert.Equal(t, len(erSkip.PolicyResponse.Rules), 1)
assert.Equal(t, erSkip.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusSkip,
fmt.Sprintf("expected: %v, got: %v, failure: %v",
engineapi.RuleStatusPass, erSkip.PolicyResponse.Rules[0].Status(), erSkip.PolicyResponse.Rules[0].Message()))
}
var multipleImageVerificationAttestationPolicyPass = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image-attestation"
},
"spec": {
"validationFailureAction": "Enforce",
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "verify-attestation-notary",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"context": [
{
"name": "keys",
"configMap": {
"name": "keys",
"namespace": "notary-verify-attestation"
}
}
],
"verifyImages": [
{
"type": "Notary",
"imageReferences": [
"ghcr.io/kyverno/test-verify-image*"
],
"attestations": [
{
"type": "sbom/cyclone-dx",
"name": "sbom",
"attestors": [
{
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
},
{
"type": "vulnerability-scan",
"name": "scan",
"attestors": [
{
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
}
],
"validate": {
"deny": {
"conditions": {
"any": [
{
"key": "{{ time_after('{{ sbom.metadata.timestamp }}', '{{ scan.descriptor.timestamp }}' ) }}",
"operator": "Equals",
"value": "False"
}
]
}
},
"message": "Sample Validation"
}
}
]
}
]
}
}`
var multipleImageVerificationAttestationPolicyFail = `{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "check-image-attestation"
},
"spec": {
"validationFailureAction": "Enforce",
"webhookTimeoutSeconds": 30,
"failurePolicy": "Fail",
"rules": [
{
"name": "verify-attestation-notary",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"context": [
{
"name": "keys",
"configMap": {
"name": "keys",
"namespace": "notary-verify-attestation"
}
}
],
"verifyImages": [
{
"type": "Notary",
"imageReferences": [
"ghcr.io/kyverno/test-verify-image*"
],
"attestations": [
{
"type": "sbom/cyclone-dx",
"name": "sbom",
"attestors": [
{
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
},
{
"type": "vulnerability-scan",
"name": "scan",
"attestors": [
{
"entries": [
{
"certificates": {
"cert": "-----BEGIN CERTIFICATE-----\nMIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG\nTm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx\nMTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0\ndGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+\nb+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL\nhVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m\nIia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0\nVp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f\nETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG\nA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G\nCSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9\nkYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8\nZq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF\nByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ\n5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0\nuOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz\n-----END CERTIFICATE-----"
}
}
]
}
]
}
],
"validate": {
"deny": {
"conditions": {
"any": [
{
"key": "{{ time_after('{{ sbom.metadata.timestamp }}', '{{ scan.descriptor.timestamp }}' ) }}",
"operator": "Equals",
"value": "True"
}
]
}
},
"message": "Sample Validation"
}
}
]
}
]
}
}`
func Test_MultipleImageVerificationAttestationPass(t *testing.T) {
policyContextPass := buildContext(t, multipleImageVerificationAttestationPolicyPass, excludeVerifyImageNotaryResourcePass, "")
// Passes as image is included and not excluded
erPass, ivm := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContextPass, cfg)
assert.Equal(t, len(erPass.PolicyResponse.Rules), 1)
assert.Equal(t, erPass.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass,
fmt.Sprintf("expected: %v, got: %v, failure: %v",
engineapi.RuleStatusPass, erPass.PolicyResponse.Rules[0].Status(), erPass.PolicyResponse.Rules[0].Message()))
assert.Equal(t, ivm.IsEmpty(), false)
policyContextSkip := buildContext(t, excludeVerifyImageNotaryPolicy, excludeVerifyImageNotaryResourceSkip, "")
// Skipped as image is excluded
erSkip, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContextSkip, cfg)
assert.Equal(t, len(erSkip.PolicyResponse.Rules), 1)
assert.Equal(t, erSkip.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusSkip,
fmt.Sprintf("expected: %v, got: %v, failure: %v",
engineapi.RuleStatusPass, erSkip.PolicyResponse.Rules[0].Status(), erSkip.PolicyResponse.Rules[0].Message()))
}
func Test_MultipleImageVerificationAttestationFail(t *testing.T) {
policyContextPass := buildContext(t, multipleImageVerificationAttestationPolicyFail, excludeVerifyImageNotaryResourcePass, "")
// Passes as image is included and not excluded
erPass, ivm := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContextPass, cfg)
assert.Equal(t, len(erPass.PolicyResponse.Rules), 1)
assert.Equal(t, erPass.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusPass,
fmt.Sprintf("expected: %v, got: %v, failure: %v",
engineapi.RuleStatusPass, erPass.PolicyResponse.Rules[0].Status(), erPass.PolicyResponse.Rules[0].Message()))
assert.Equal(t, ivm.IsEmpty(), false)
policyContextSkip := buildContext(t, excludeVerifyImageNotaryPolicy, excludeVerifyImageNotaryResourceSkip, "")
// Skipped as image is excluded
erSkip, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContextSkip, cfg)
assert.Equal(t, len(erSkip.PolicyResponse.Rules), 1)
assert.Equal(t, erSkip.PolicyResponse.Rules[0].Status(), engineapi.RuleStatusSkip,
fmt.Sprintf("expected: %v, got: %v, failure: %v",
engineapi.RuleStatusPass, erSkip.PolicyResponse.Rules[0].Status(), erSkip.PolicyResponse.Rules[0].Message()))
}