1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
kyverno/go.mod

347 lines
17 KiB
Modula-2
Raw Normal View History

module github.com/kyverno/kyverno
go 1.20
require (
github.com/IGLOU-EU/go-wildcard v1.0.3
github.com/Masterminds/sprig/v3 v3.2.3
github.com/aquilax/truncate v1.0.0
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230322223720-077b4a917a90
github.com/blang/semver/v4 v4.0.0
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
github.com/cyphar/filepath-securejoin v0.2.3
github.com/distribution/distribution v2.8.2+incompatible
github.com/evanphx/json-patch/v5 v5.6.0
github.com/fatih/color v1.15.0
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
github.com/go-git/go-billy/v5 v5.4.1
github.com/go-git/go-git/v5 v5.8.1
github.com/go-logr/logr v1.2.4
github.com/go-logr/zapr v1.2.4
github.com/google/gnostic v0.6.9
github.com/google/go-containerregistry v0.16.1
github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230403180904-b8d1c0a1df12
github.com/in-toto/in-toto-golang v0.6.0
github.com/jmoiron/jsonq v0.0.0-20150511023944-e874b168d07e
2020-06-25 19:00:35 +00:00
github.com/julienschmidt/httprouter v1.3.0
github.com/kataras/tablewriter v0.0.0-20180708051242-e063d29b7c23
github.com/kyverno/go-jmespath v0.4.1-0.20230705123211-d067dc3d6613
github.com/lensesio/tableprinter v0.0.0-20201125135848-89e81fc956e7
github.com/notaryproject/notation-core-go v1.0.0
github.com/notaryproject/notation-go v1.0.0
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.27.10
Added `fetchAttestations` method to notaryV2 implimentation (#6800) * moved to oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * linting error fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added error checking Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added final build Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added predicate fetching Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added checks in statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed continuous checking if predicate is found Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * run codegen all Signed-off-by: Jim Bugwadia <jim@nirmata.com> * changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * commented cert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added variable support to certs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryV2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * deprecated predicate types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * disallow keys and keyless under attestors if type is set to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * gcr crane implementation init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * using remote puller and pusher Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * implemented notation repository interface Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated notary implementation and fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added image verify test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * check image attestation notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for extract statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove status from policy webhooks (#6939) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: split chart values in readme per component (#6936) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: incorrect json patch validation (#6941) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add verbosity level in helm chart values (#6940) * feat: add verbosity level in helm chart values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: match on ephemeral containers (#6963) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refine event permissions in default roles (#6957) * remove the event delete permission Signed-off-by: ShutingZhao <shuting@nirmata.com> * add '- events.k8s.io/v1' Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add kuttl test for ephemeral containers (#6966) * Move Sam to Emeritus status Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add kuttl test for ephemeral containers Signed-off-by: Chip Zoller <chipzoller@gmail.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> * refactor: restructure cli test command (#6942) * refactor: restructure cli test command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add credential helpers flags (#6974) * feat: add credential helpers flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#6976) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/1f0aa582c8c8f5f7639610d6d38baddfea4fdcee...e5f43133f6e8736992c9f3c1b3296e24b37e17f2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Support for Context vars in cleanup (#6084) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump actions/setup-python from 4.5.0 to 4.6.0 (#6981) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435...57ded4d7d5e986d7296eab16560982c6dd7c923b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 3.1.2 to 3.1.3 (#6982) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/40a12dcee2df644d47232dde008099a3e9e4f865...894ff025c7b54547a9a2a1e9f228beae737ad3c2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix background variables validation (#6978) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: restrict default permissions (#6972) * restrict admission permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * restrict background permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * kuttl README (#6984) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Readme in context-cleanup-pod Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#6989) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/notaryproject/notation-core-go (#6987) Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) from 1.0.0-rc.2 to 1.0.0-rc.3. - [Release notes](https://github.com/notaryproject/notation-core-go/releases) - [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.0.0-rc.2...v1.0.0-rc.3) --- updated-dependencies: - dependency-name: github.com/notaryproject/notation-core-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: new access checks for background policies (#6970) * switch to use sar for access checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * update helm config Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix username Signed-off-by: ShutingZhao <shuting@nirmata.com> * update msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sa name Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kind image to 1.27.1 (#6993) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: bump k8s deps to 1.27 (#6868) * feat: bump k8s deps to 1.27 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump k8s 1.27.1 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com> * fix: disable autogen in foreach mutation with json patches (#6996) * fix: disable autogen in foreach mutation with json patches Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: add server ip config to cleanup controller (#6999) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add features section in helm values (#6935) * feat: add features section in helm values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * configs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * overrides Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add reports cleanup jobs to prevent outage (#6960) * feat: add reports cleanup jobs to prevent outage Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * security cotnext Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * feat: add registry credential helpers feature (#7002) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: improve instrumented clients (#7006) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: record configmap resource version to not reload when version didn't change (#7007) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#7012) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/9e9de2292db7abb3f51b7f4808d98f0d347a8919...204a51a57a74d190b284a0ce69b44bc37201f343) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add Red Hat ACM to the Adopters list (#7016) Red Hat ACM is useful for distributed kyverno policies across a managed fleet of clusters. Adding to adopters file with a link that describes details of using the ACM policy generator with Kyverno. Signed-off-by: Gus Parvin <gparvin@redhat.com> * fix: helm template with metricsRefreshInterval (#7019) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add support for Kubernetes API server POST (#6948) * allow POST for Kubernetes API calls Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and undo local changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix codegen and unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and extends docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * feat: update built-in resource schemas (#7014) * feat: update built-in resource schemas Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github.com/evanphx/json-patch/v5 (#7015) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#7025) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...8662eabe0e9f338a07350b7fd050732745f93848) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add DE-CIX as adopter of kyverno (#7027) Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> * refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#7033) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8662eabe0e9f338a07350b7fd050732745f93848...f3feb00acb00f31a6f60280e6ace9ca31d91c76a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add Saxo Bank and Velux as adopters (#7036) Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update development doc (#7037) Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix: generate policy validation to prevent endless loop (#7026) * refactor policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add loop check for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove deletionTimestamp checks (#7039) * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * add back source check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#7055) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.90.1...v2.100.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: add background scan interval log (#7065) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: flaky github action (#7068) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: engine response policy (#7063) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add opt-in setting to deploy v3 chart (#7066) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * require generate.apiVersion (#7080) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove excluded groups from matching (#7083) * fix: remove excluded groups from matching Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add config inclusions support (#7082) * feat: add config inclusions support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: add makefile target for kwok (#7097) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#7099) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/21991cec25093947ff3f62e4c223df0260c39944...555a30da2656b4a7cf47b107800bef097723363e) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * fixed error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo mistake Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod conflict fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated checks Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed verifying wrong ref Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cert in tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added warning when predicate type is used Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed mistake in assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixed api version in kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated admission controller assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed admission controller changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Signed-off-by: Gus Parvin <gparvin@redhat.com> Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Md Sahil <85174511+MdSahil-oss@users.noreply.github.com> Co-authored-by: Gus Parvin <gparvin@redhat.com> Co-authored-by: Raúl Garcia Sanchez <info@raulgarcia.de> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-01 08:05:28 +00:00
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc4
github.com/orcaman/concurrent-map/v2 v2.0.1
Notary v2 (#6011) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
2023-02-20 16:26:10 +00:00
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.16.0
github.com/robfig/cron v1.2.0
github.com/sigstore/cosign v1.13.1
github.com/sigstore/k8s-manifest-sigstore v0.4.4
github.com/sigstore/sigstore v1.5.2
github.com/spf13/cobra v1.7.0
github.com/stretchr/testify v1.8.4
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0
go.opentelemetry.io/otel v1.16.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.39.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0
go.opentelemetry.io/otel/exporters/prometheus v0.39.0
go.opentelemetry.io/otel/metric v1.16.0
go.opentelemetry.io/otel/sdk v1.16.0
go.opentelemetry.io/otel/sdk/metric v0.39.0
go.opentelemetry.io/otel/trace v1.16.0
go.uber.org/automaxprocs v1.5.3
go.uber.org/multierr v1.11.0
go.uber.org/zap v1.25.0
golang.org/x/crypto v0.12.0
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
golang.org/x/text v0.12.0
gomodules.xyz/jsonpatch/v2 v2.3.0
google.golang.org/grpc v1.57.0
gopkg.in/inf.v0 v0.9.1
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
gotest.tools v2.2.0+incompatible
k8s.io/api v0.27.4
k8s.io/apiextensions-apiserver v0.27.4
k8s.io/apimachinery v0.27.4
k8s.io/apiserver v0.27.4
k8s.io/cli-runtime v0.27.4
k8s.io/client-go v0.27.4
k8s.io/klog/v2 v2.100.1
k8s.io/kube-aggregator v0.27.4
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
k8s.io/pod-security-admission v0.27.4
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
sigs.k8s.io/controller-runtime v0.15.1
sigs.k8s.io/kustomize/api v0.13.4
sigs.k8s.io/kustomize/kyaml v0.14.2
sigs.k8s.io/structured-merge-diff/v4 v4.3.0
sigs.k8s.io/yaml v1.3.0
)
require (
cloud.google.com/go/compute v1.19.3 // indirect
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
github.com/google/cel-go v0.12.6 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
)
require (
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.0.0 // indirect
cloud.google.com/go/kms v1.10.1 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
cuelang.org/go v0.4.3 // indirect
dario.cat/mergo v1.0.0 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.28 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
Added `fetchAttestations` method to notaryV2 implimentation (#6800) * moved to oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * linting error fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added error checking Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added final build Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added predicate fetching Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added checks in statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed continuous checking if predicate is found Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * run codegen all Signed-off-by: Jim Bugwadia <jim@nirmata.com> * changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * commented cert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added variable support to certs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryV2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * deprecated predicate types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * disallow keys and keyless under attestors if type is set to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * gcr crane implementation init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * using remote puller and pusher Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * implemented notation repository interface Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated notary implementation and fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added image verify test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * check image attestation notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for extract statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove status from policy webhooks (#6939) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: split chart values in readme per component (#6936) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: incorrect json patch validation (#6941) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add verbosity level in helm chart values (#6940) * feat: add verbosity level in helm chart values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: match on ephemeral containers (#6963) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refine event permissions in default roles (#6957) * remove the event delete permission Signed-off-by: ShutingZhao <shuting@nirmata.com> * add '- events.k8s.io/v1' Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add kuttl test for ephemeral containers (#6966) * Move Sam to Emeritus status Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add kuttl test for ephemeral containers Signed-off-by: Chip Zoller <chipzoller@gmail.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> * refactor: restructure cli test command (#6942) * refactor: restructure cli test command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add credential helpers flags (#6974) * feat: add credential helpers flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#6976) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/1f0aa582c8c8f5f7639610d6d38baddfea4fdcee...e5f43133f6e8736992c9f3c1b3296e24b37e17f2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Support for Context vars in cleanup (#6084) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump actions/setup-python from 4.5.0 to 4.6.0 (#6981) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435...57ded4d7d5e986d7296eab16560982c6dd7c923b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 3.1.2 to 3.1.3 (#6982) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/40a12dcee2df644d47232dde008099a3e9e4f865...894ff025c7b54547a9a2a1e9f228beae737ad3c2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix background variables validation (#6978) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: restrict default permissions (#6972) * restrict admission permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * restrict background permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * kuttl README (#6984) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Readme in context-cleanup-pod Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#6989) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/notaryproject/notation-core-go (#6987) Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) from 1.0.0-rc.2 to 1.0.0-rc.3. - [Release notes](https://github.com/notaryproject/notation-core-go/releases) - [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.0.0-rc.2...v1.0.0-rc.3) --- updated-dependencies: - dependency-name: github.com/notaryproject/notation-core-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: new access checks for background policies (#6970) * switch to use sar for access checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * update helm config Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix username Signed-off-by: ShutingZhao <shuting@nirmata.com> * update msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sa name Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kind image to 1.27.1 (#6993) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: bump k8s deps to 1.27 (#6868) * feat: bump k8s deps to 1.27 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump k8s 1.27.1 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com> * fix: disable autogen in foreach mutation with json patches (#6996) * fix: disable autogen in foreach mutation with json patches Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: add server ip config to cleanup controller (#6999) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add features section in helm values (#6935) * feat: add features section in helm values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * configs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * overrides Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add reports cleanup jobs to prevent outage (#6960) * feat: add reports cleanup jobs to prevent outage Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * security cotnext Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * feat: add registry credential helpers feature (#7002) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: improve instrumented clients (#7006) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: record configmap resource version to not reload when version didn't change (#7007) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#7012) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/9e9de2292db7abb3f51b7f4808d98f0d347a8919...204a51a57a74d190b284a0ce69b44bc37201f343) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add Red Hat ACM to the Adopters list (#7016) Red Hat ACM is useful for distributed kyverno policies across a managed fleet of clusters. Adding to adopters file with a link that describes details of using the ACM policy generator with Kyverno. Signed-off-by: Gus Parvin <gparvin@redhat.com> * fix: helm template with metricsRefreshInterval (#7019) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add support for Kubernetes API server POST (#6948) * allow POST for Kubernetes API calls Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and undo local changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix codegen and unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and extends docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * feat: update built-in resource schemas (#7014) * feat: update built-in resource schemas Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github.com/evanphx/json-patch/v5 (#7015) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#7025) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...8662eabe0e9f338a07350b7fd050732745f93848) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add DE-CIX as adopter of kyverno (#7027) Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> * refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#7033) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8662eabe0e9f338a07350b7fd050732745f93848...f3feb00acb00f31a6f60280e6ace9ca31d91c76a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add Saxo Bank and Velux as adopters (#7036) Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update development doc (#7037) Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix: generate policy validation to prevent endless loop (#7026) * refactor policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add loop check for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove deletionTimestamp checks (#7039) * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * add back source check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#7055) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.90.1...v2.100.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: add background scan interval log (#7065) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: flaky github action (#7068) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: engine response policy (#7063) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add opt-in setting to deploy v3 chart (#7066) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * require generate.apiVersion (#7080) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove excluded groups from matching (#7083) * fix: remove excluded groups from matching Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add config inclusions support (#7082) * feat: add config inclusions support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: add makefile target for kwok (#7097) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#7099) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/21991cec25093947ff3f62e4c223df0260c39944...555a30da2656b4a7cf47b107800bef097723363e) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * fixed error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo mistake Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod conflict fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated checks Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed verifying wrong ref Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cert in tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added warning when predicate type is used Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed mistake in assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixed api version in kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated admission controller assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed admission controller changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Signed-off-by: Gus Parvin <gparvin@redhat.com> Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Md Sahil <85174511+MdSahil-oss@users.noreply.github.com> Co-authored-by: Gus Parvin <gparvin@redhat.com> Co-authored-by: Raúl Garcia Sanchez <info@raulgarcia.de> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-01 08:05:28 +00:00
github.com/Microsoft/go-winio v0.6.1 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
github.com/alibabacloud-go/tea v1.1.20 // indirect
github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
github.com/aliyun/credentials-go v1.2.7 // indirect
github.com/aws/aws-sdk-go-v2 v1.17.7 // indirect
github.com/aws/aws-sdk-go-v2/config v1.18.19 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.18 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.15.6 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.20.8 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/clbanning/mxj/v2 v2.5.7 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/cockroachdb/apd/v2 v2.0.2 // indirect
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/coreos/go-oidc/v3 v3.5.0 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/djherbis/times v1.5.0 // indirect
github.com/docker/cli v24.0.0+incompatible // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker v24.0.0+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/emicklei/go-restful/v3 v3.10.2 // indirect
github.com/emicklei/proto v1.11.1 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
Notary v2 (#6011) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
2023-02-20 16:26:10 +00:00
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/go-ldap/ldap/v3 v3.4.5 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.21.4 // indirect
github.com/go-openapi/errors v0.20.3 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/loads v0.21.2 // indirect
github.com/go-openapi/runtime v0.25.0 // indirect
github.com/go-openapi/spec v0.20.8 // indirect
github.com/go-openapi/strfmt v0.21.7 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-openapi/validate v0.22.1 // indirect
github.com/go-piv/piv-go v1.11.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.12.0 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/glog v1.1.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/certificate-transparency-go v1.1.4 // indirect
feat: allow users enable JSON logging with a --loggingFormat=json flag (#4661) * feat: add feature flag to disable background scan (#4638) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * allow users configure JSON logging with a --logging-format=json flag Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Clean up changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * added kubeconfig and context flag to kyverno apply (#4524) Signed-off-by: Sandesh More <sandesh.more@infracloud.io> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: publish sbom result to a different repositry from an image (#4665) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Fix issue for wildcard versions (#4670) * Fix wildcard issue Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com> * Delete res.yaml Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com> Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: bump minimum go version (#4677) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: namespaced policy not validated in engine (#4653) * fix: namespaced policy not validated in engine Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: handle auth permission for cloneList validation (#4684) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: bump net standard lib (#4685) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * small fixes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add json logger Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix import Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix go mod Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix go mod Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: simplify go mod (#4692) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: jmespath random error handling (#4697) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * refactor: replace signal package by signal.NotifyContext (#4691) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: namespaced policy targets namespace validation and scoping them to the policy's namespace (#4671) Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: shutdown controllers workers gracefully (#4681) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: split webhook handlers per failure policy (#4650) * fix: split webhook handlers per failure policy Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix handlers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * rolling update Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * better error message Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * refactor: use pod name as leader id (#4680) * refactor: use pod name as leader id Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix manifests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * leader client Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: missing client wrapper (#4703) * fix: missing client wrapper Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * v1beta1 Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * v1alpha2 Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * policy report Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: refactor manifests related makefile targets (#4706) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * deps Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Sandesh More <34198712+sandeshlmore@users.noreply.github.com> Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
2022-09-29 07:49:29 +00:00
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/go-github/v45 v45.2.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/gxui v0.0.0-20151028112939-f85e0a97b3a4 // indirect
github.com/google/s2a-go v0.1.3 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/trillian v1.5.1 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.8.0 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/vault/api v1.9.0 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jedisct1/go-minisign v0.0.0-20230211184525-1f273d8dc776 // indirect
github.com/jellydator/ttlcache/v2 v2.11.1 // indirect
github.com/jinzhu/copier v0.3.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
Added `fetchAttestations` method to notaryV2 implimentation (#6800) * moved to oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * linting error fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added error checking Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added final build Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added predicate fetching Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added checks in statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed continuous checking if predicate is found Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * run codegen all Signed-off-by: Jim Bugwadia <jim@nirmata.com> * changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * commented cert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added variable support to certs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryV2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * deprecated predicate types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * disallow keys and keyless under attestors if type is set to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * gcr crane implementation init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * using remote puller and pusher Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * implemented notation repository interface Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated notary implementation and fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added image verify test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * check image attestation notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for extract statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove status from policy webhooks (#6939) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: split chart values in readme per component (#6936) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: incorrect json patch validation (#6941) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add verbosity level in helm chart values (#6940) * feat: add verbosity level in helm chart values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: match on ephemeral containers (#6963) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refine event permissions in default roles (#6957) * remove the event delete permission Signed-off-by: ShutingZhao <shuting@nirmata.com> * add '- events.k8s.io/v1' Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add kuttl test for ephemeral containers (#6966) * Move Sam to Emeritus status Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add kuttl test for ephemeral containers Signed-off-by: Chip Zoller <chipzoller@gmail.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> * refactor: restructure cli test command (#6942) * refactor: restructure cli test command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add credential helpers flags (#6974) * feat: add credential helpers flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#6976) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/1f0aa582c8c8f5f7639610d6d38baddfea4fdcee...e5f43133f6e8736992c9f3c1b3296e24b37e17f2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Support for Context vars in cleanup (#6084) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump actions/setup-python from 4.5.0 to 4.6.0 (#6981) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435...57ded4d7d5e986d7296eab16560982c6dd7c923b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 3.1.2 to 3.1.3 (#6982) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/40a12dcee2df644d47232dde008099a3e9e4f865...894ff025c7b54547a9a2a1e9f228beae737ad3c2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix background variables validation (#6978) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: restrict default permissions (#6972) * restrict admission permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * restrict background permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * kuttl README (#6984) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Readme in context-cleanup-pod Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#6989) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/notaryproject/notation-core-go (#6987) Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) from 1.0.0-rc.2 to 1.0.0-rc.3. - [Release notes](https://github.com/notaryproject/notation-core-go/releases) - [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.0.0-rc.2...v1.0.0-rc.3) --- updated-dependencies: - dependency-name: github.com/notaryproject/notation-core-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: new access checks for background policies (#6970) * switch to use sar for access checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * update helm config Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix username Signed-off-by: ShutingZhao <shuting@nirmata.com> * update msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sa name Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kind image to 1.27.1 (#6993) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: bump k8s deps to 1.27 (#6868) * feat: bump k8s deps to 1.27 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump k8s 1.27.1 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com> * fix: disable autogen in foreach mutation with json patches (#6996) * fix: disable autogen in foreach mutation with json patches Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: add server ip config to cleanup controller (#6999) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add features section in helm values (#6935) * feat: add features section in helm values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * configs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * overrides Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add reports cleanup jobs to prevent outage (#6960) * feat: add reports cleanup jobs to prevent outage Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * security cotnext Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * feat: add registry credential helpers feature (#7002) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: improve instrumented clients (#7006) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: record configmap resource version to not reload when version didn't change (#7007) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#7012) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/9e9de2292db7abb3f51b7f4808d98f0d347a8919...204a51a57a74d190b284a0ce69b44bc37201f343) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add Red Hat ACM to the Adopters list (#7016) Red Hat ACM is useful for distributed kyverno policies across a managed fleet of clusters. Adding to adopters file with a link that describes details of using the ACM policy generator with Kyverno. Signed-off-by: Gus Parvin <gparvin@redhat.com> * fix: helm template with metricsRefreshInterval (#7019) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add support for Kubernetes API server POST (#6948) * allow POST for Kubernetes API calls Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and undo local changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix codegen and unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and extends docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * feat: update built-in resource schemas (#7014) * feat: update built-in resource schemas Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github.com/evanphx/json-patch/v5 (#7015) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#7025) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...8662eabe0e9f338a07350b7fd050732745f93848) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add DE-CIX as adopter of kyverno (#7027) Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> * refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#7033) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8662eabe0e9f338a07350b7fd050732745f93848...f3feb00acb00f31a6f60280e6ace9ca31d91c76a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add Saxo Bank and Velux as adopters (#7036) Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update development doc (#7037) Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix: generate policy validation to prevent endless loop (#7026) * refactor policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add loop check for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove deletionTimestamp checks (#7039) * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * add back source check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#7055) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.90.1...v2.100.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: add background scan interval log (#7065) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: flaky github action (#7068) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: engine response policy (#7063) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add opt-in setting to deploy v3 chart (#7066) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * require generate.apiVersion (#7080) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove excluded groups from matching (#7083) * fix: remove excluded groups from matching Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add config inclusions support (#7082) * feat: add config inclusions support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: add makefile target for kwok (#7097) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#7099) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/21991cec25093947ff3f62e4c223df0260c39944...555a30da2656b4a7cf47b107800bef097723363e) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * fixed error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo mistake Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod conflict fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated checks Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed verifying wrong ref Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cert in tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added warning when predicate type is used Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed mistake in assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/7319e4733ec7a184d739a6f412c40ffc339b69c7...58d525808845e4c8ff229ea1d5d7c496504a79bc) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixed api version in kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated admission controller assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed admission controller changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Signed-off-by: Gus Parvin <gparvin@redhat.com> Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Md Sahil <85174511+MdSahil-oss@users.noreply.github.com> Co-authored-by: Gus Parvin <gparvin@redhat.com> Co-authored-by: Raúl Garcia Sanchez <info@raulgarcia.de> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-01 08:05:28 +00:00
github.com/klauspost/compress v1.16.5 // indirect
github.com/leodido/go-urn v1.2.2 // indirect
github.com/letsencrypt/boulder v0.0.0-20230331213904-8c67769be400 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
feat: add engine traces (#5463) * feat: make traces better Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add tracing in engine validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * audit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chart deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * trace Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes and image verification Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutate Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutate Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove chart deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove tempo Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * prometheus Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * child span Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more spans Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * audit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cosign spans Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cosign spans Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutation tracing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-12-12 20:32:11 +00:00
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.18 // indirect
github.com/mattn/go-runewidth v0.0.14 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/oklog/ulid v1.3.1 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 // indirect
github.com/open-policy-agent/gatekeeper v0.0.0-20210824170141-dd97b8a7e966 // indirect
github.com/open-policy-agent/opa v0.51.0 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pelletier/go-toml/v2 v2.0.7 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
github.com/protocolbuffers/txtpbfmt v0.0.0-20230328191034-3462fbc510c0 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/r3labs/diff v1.1.0 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 // indirect
github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect
github.com/segmentio/ksuid v1.0.4 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
github.com/sigstore/fulcio v1.1.0 // indirect
github.com/sigstore/rekor v1.0.1 // indirect
github.com/sirupsen/logrus v1.9.1 // indirect
github.com/skeema/knownhosts v1.2.0 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.15.0 // indirect
github.com/spiffe/go-spiffe/v2 v2.1.3 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/tektoncd/chains v0.15.0 // indirect
github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/theupdateframework/go-tuf v0.5.2 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tjfoc/gmsm v1.4.1 // indirect
github.com/transparency-dev/merkle v0.0.1 // indirect
github.com/vbatts/tar-split v0.11.3 // indirect
github.com/veraison/go-cose v1.1.0 // indirect
Notary v2 (#6011) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
2023-02-20 16:26:10 +00:00
github.com/x448/float16 v0.8.4 // indirect
github.com/xanzy/go-gitlab v0.81.0 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
Yaml signing and verification (#4235) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 17:14:54 +00:00
github.com/yashtewari/glob-intersection v0.1.0 // indirect
github.com/zeebo/errs v1.3.0 // indirect
go.mongodb.org/mongo-driver v1.11.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.39.0 // indirect
go.opentelemetry.io/proto/otlp v0.19.0 // indirect
go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.12.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/term v0.11.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.3 // indirect
google.golang.org/api v0.122.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
k8s.io/component-base v0.27.4 // indirect
k8s.io/kubectl v0.26.3 // indirect
oras.land/oras-go/v2 v2.2.1 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/release-utils v0.7.3 // indirect
)