kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Jim Bugwadia	f29f6b0369	add comment Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-03-26 10:47:59 -07:00
Jim Bugwadia	908950c47a	address comments Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-03-25 21:27:16 -07:00
Jim Bugwadia	72cdbafbae	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-03-25 18:11:32 -07:00
Jim Bugwadia	8d03f8c59e	merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-03-25 18:00:02 -07:00
Jim Bugwadia	6dff9e0ab9	merge and resolve conflicts Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-03-25 16:43:12 -07:00
Jim Bugwadia	4d70013e22	Merge pull request #1724 from MarcelMue/fix-apipath-validation Make validateAPICall work with special characters in variables	2021-03-24 22:28:09 -07:00
shuting	c08843ef77	Add Images info to variables context (#1725 ) * - remove supportMutateValidate; - refactor new context in the webhook Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add ImageInfo to variables context Signed-off-by: Shuting Zhao <shutting06@gmail.com> * revert unexpected changes Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-23 10:34:03 -07:00
Shuting Zhao	d650d2b609	fixes variable substitution in context.apiCall.jmesPath Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-22 12:15:29 -07:00
Pooja Singh	4128410207	Enhancement/existence anchor - should loop all the items in the array (#1719 ) * updated validating policy code Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * changed existance logic to loop all the items in array Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * updated comments and error messages Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-03-19 15:18:26 -07:00
Max Goncharenko	3373a79f26	Bug Fix: #1585 issue; validate on DELETE the oldResource (#1710 ) * fix #1585 issue; validate on DELETE the oldResource Signed-off-by: Max Goncharenko <kacejot@fex.net> * apply PR edits for #1585 issue fix; add test with nested var Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-03-19 14:43:26 -07:00
Marcel Mueller	4f96232e62	Make validateAPICall work with special characters in variables Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-03-19 20:29:55 +01:00
Shuting Zhao	7502e5da98	fix variable substitution in NumericOperatorHandler Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-18 13:40:14 -07:00
Joshua Snider	6699bfab8c	Fix tests Signed-off-by: Joshua Snider <jsnider@mtu.edu>	2021-03-16 15:00:42 -04:00
Joshua Snider	9377f70840	Change isNotIn Signed-off-by: Joshua Snider <jsnider@mtu.edu>	2021-03-16 14:26:41 -04:00
Jim Bugwadia	ff4fb41bdf	Merge pull request #1680 from jsnider-mtu/bug/groupVersion-in-api-path Bug Fix #1679; Set Version to Group/Version for /apis/* URLs	2021-03-16 08:43:44 -07:00
Max Goncharenko	24c4f06ecd	Fix #1506 ; Resolve path reference in entire rule instead of just pattern/overlay Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-03-16 13:45:40 +02:00
Max Goncharenko	db49046e26	fix #1465 : raise log level to error; add failed rules (#1709 ) Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-03-15 15:34:21 -07:00
Arsh Sharma	1dfcef1cc8	fix: changed logic for In and NotIn for sets (#1704 ) Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>	2021-03-15 12:59:24 -07:00
shuting	70d90ffb06	- remove preProcessJSONPatches; - update local Dockerfile (#1703 ) Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-15 10:29:46 -07:00
Jim Bugwadia	bb361df696	Merge pull request #1597 from yashvardhan-kukreja/issue-1242/multiline-yaml-string-support feat: added functionality for delimiting multi-line block by newline characters	2021-03-10 09:58:38 -08:00
Joshua Snider	b0fd2403e8	Add unit test Signed-off-by: Joshua Snider <jsnider@mtu.edu>	2021-03-08 22:56:14 -05:00
Joshua Snider	23149738df	Set Version to Group/Version for /apis/* URLs Signed-off-by: Joshua Snider <jsnider@mtu.edu>	2021-03-06 00:22:12 -05:00
jsnider-mtu	81b147e279	Replace spaces with tabs Signed-off-by: jsnider-mtu <jsnider@mtu.edu>	2021-03-05 14:13:00 -05:00
jsnider-mtu	b86342c097	Fix API path Signed-off-by: jsnider-mtu <jsnider@mtu.edu>	2021-03-05 14:05:12 -05:00
Vyankatesh Kudtarkar	9e831ec959	Bug Fix: Extends match / exclude to use apiGroup and apiVersion (#1218 ) (#1656 ) * Extends match / exclude to use apiGroup and apiVersion Signed-off-by: vyankatesh <vyankatesh@neualto.com> * fix gvk issue Signed-off-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankatesh@neualto.com>	2021-03-04 16:45:52 -08:00
Yashvardhan Kukreja	10c714d5ba	feat: [preconditions, conditions] added backwards-compatible support for logical operators (#1604 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-03-01 20:31:06 -08:00
Yashvardhan Kukreja	ca347b27bf	feat: added functionality for delimiting multi-line block by newline characters Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-03-01 00:46:50 +05:30
Arsh Sharma	86879bd267	feat(operators): supporting subset checking (#1613 ) * fix(operators): supporting subset checking Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * fix(operators): removed print statement Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * test(operators): added test file for in Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * fix(operators): fixed switching Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * tests(operators): completed tests for In and NotIn Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * chore(operators): code cleanup Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * chore(operators): added comments for tests Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * fix(operators): changed logic based on new definitions Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * test: updated NotIn tests Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>	2021-02-26 10:53:54 -08:00
Jim Bugwadia	0d1f0b5897	Merge pull request #1636 from realshuting/1621_fix_configmap_variables Substitute variables in context.configMap	2021-02-25 19:53:11 -08:00
Shuting Zhao	7795f335c8	fix negative index Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 18:36:13 -08:00
Shuting Zhao	517c60fadc	add unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 18:02:52 -08:00
Shuting Zhao	c4ebef7b0d	- support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902 - upgrade to evanphx/json-patch/v5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 15:25:07 -08:00
Shuting Zhao	492d0e8009	remove kustomize patchesJSON6902 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 15:25:07 -08:00
Shuting Zhao	d770d6680b	add request.namespace in the background process Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-22 17:22:23 -08:00
Shuting Zhao	17c72c1578	substitute variables in context.configMap Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-22 16:27:20 -08:00
shuting	267be0815f	Bug fixes - policy validation, auto-generated rules, apiCall support in mutate and generate (#1629 ) * Fix invalid policy reports generated for blocked resource Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix 1464 - copy context and preconditions to auto-gen rules Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix 1628 - add policy validations Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix 1593 - support apiCall in mutate and generate Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-22 12:08:26 -08:00
Arsh Sharma	596bc9ba6f	feat(operators): support subset checking for in and notin (#1555 ) * feat(operators): support subset checking for in and notin Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * feat(operators): fixed NotIn function Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>	2021-02-10 13:05:36 -08:00
Pooja Singh	c148573d48	issue fixed (#1558 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-08 10:36:39 -08:00
shuting	2f2d6c2e38	Upgrade client libraries to 0.20.2 (#1547 ) * upgrade clients to 0.20.2 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove debug log Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix e2e test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 20:26:56 -08:00
Yashvardhan Kukreja	6b3ab3fe23	added: generic NumericOperator to handle numeric operations for kyverno policies (#1536 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-02-05 19:49:23 -08:00
Max Goncharenko	536f364724	Add AND logical operator support (#1539 ) Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-02-05 17:52:31 -08:00
Pooja Singh	32522e7827	namespace selector (#1532 ) * updated crd with namespace selector Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for validate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added condition in utils for namespace labels Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function for extracting namespace label using lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added lister in generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * commented generate controller changes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in apply.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in generation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in mutation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label for validation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * using dynaminc informer Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-03 13:09:42 -08:00
Jim Bugwadia	0be7903c47	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-02 00:20:03 -08:00
Jim Bugwadia	2bb812aa2d	redo changes reverted by merge Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-01 23:22:19 -08:00
Jim Bugwadia	e8e3b93a5f	api server lookups (#1514 ) * initial commit for api server lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial commit for API server lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495) * Dockerfile refactored Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * Adding non-root commands to docker images and enhanced the dockerfiles Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * changing base image to scratch Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * Minor typo fix Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * changing dockerfiles to use /etc/passwd to use non-root user' Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * minor typo Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * minor typo Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert cli image name (#1507) Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Refactor resourceCache; Reduce throttling requests (background controller) (#1500) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add nil check for API client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-02-01 12:59:13 -08:00
shuting	c692263177	Refactor resourceCache; Reduce throttling requests (background controller) (#1500 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-29 17:38:23 -08:00
Pooja Singh	0396d5278e	added logic for generate policy with data (#1463 ) * added logic for generate policy with data Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * debuging data of configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed few print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for pod Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for pod Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * restructured Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed println Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * function rename Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed comment Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * small improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * extract annotation and label Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * extract annotation and label from updated target resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * updated test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-01-27 10:11:22 -08:00
shuting	d82f19be4e	Feature/fix dev mode execution (#1477 ) * add serverIP to X.509 certificate SANs * disable webhook monitor in debug mode Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-01-20 15:25:27 -08:00
shuting	3bc386955e	Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478 ) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-19 11:08:06 -08:00
Jim Bugwadia	f93e3020e1	support nested JMESPATH var substitution (#1471 )	2021-01-14 10:46:51 -08:00

1 2 3 4 5 ...

595 commits