mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
2556 commits 17 branches 550 tags 289 MiB
Commit graph

426 commits

Author SHA1 Message Date
Shuting Zhao
77a6408f30 pass in patchedResource inside the same mutation rule 2020-01-15 18:15:48 -08:00
shravan
520e675155 Merge branch 'master' into 253_ValidationInMutationFlag_v2 2020-01-15 19:45:16 +05:30
Shivkumar Dudhani
dabe592d46
fix the bugs and add pre-condition checks (#606) 
* fix the bugs and add pre-condition checks

* add precondition documentation
 2020-01-13 11:21:14 -08:00
Shuting Zhao
cca5dd31b6 pass in original resource to validation if patches from mutation is nil 2020-01-13 10:15:52 -08:00
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
Shuting Zhao
f618bbcff3 pass in ctx to mutation and generation 2020-01-10 18:25:16 -08:00
Shuting Zhao
f78ca61859 generate violation in mutation when substitute path not present 2020-01-09 12:24:37 -08:00
Shuting Zhao
d0a1acbac4 fix build error 2020-01-08 16:56:41 -08:00
Shuting Zhao
e3123e96b6 Merge branch 'master' into add_testscenario 2020-01-08 16:48:15 -08:00
Shuting Zhao
472fa29fce move mutation to subpackage pkg/engine/mutate 2020-01-07 17:06:17 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
Shuting Zhao
08491df046 Merge commit 'ffd2179b0332738a088b362e94147a981f0d02ed' into 600_bug 
# Conflicts:
#	pkg/webhooks/mutation.go
 2020-01-07 14:17:25 -08:00
Shuting Zhao
cafc3883a4 - fix validation to process on patched resource; - format code 2020-01-07 11:32:52 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shuting Zhao
c97b3ce5b0 fetch annotation from resource annotation map 2020-01-06 19:24:24 -08:00
Shuting Zhao
ecbbd04bc5 - remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00
Shuting Zhao
9194251a38 fix pod controller annotation to "none" 2020-01-06 14:41:25 -08:00
Shuting Zhao
77955ff212 change the policy action to operate on it's own validationFailureAction 2020-01-06 14:41:02 -08:00
Shuting Zhao
f5411c1c76 update policymutation_test 2020-01-03 15:19:33 -08:00
Shuting Zhao
d36934fe11 Merge commit '5b8ab3842b43a72cc675b93b8b72e290adfca1d2' into 518_pod_controller 
# Conflicts:
#	pkg/api/kyverno/v1/types.go
#	pkg/engine/mutation.go
#	pkg/engine/mutation_test.go
#	pkg/engine/validation.go
#	pkg/policy/existing.go
 2020-01-02 10:32:17 -08:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549) 
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
 2019-12-30 17:08:50 -08:00
Shuting Zhao
56c03f712a only generate rule on policy creation 2019-12-27 15:57:43 -08:00
Shuting Zhao
bae2865550 - add =() to volumes; - update error msg 2019-12-27 14:59:12 -08:00
Shuting Zhao
f0d943e970 Merge branch 'master' into 518_pod_controller 2019-12-26 15:35:23 -08:00
Shuting Zhao
54ecb7738a - insert annotation to podTemplate; - skip apply rule on pod if annotation exists 2019-12-26 15:34:19 -08:00
Shivkumar Dudhani
085856baa1
add event source and format event messages (#565) 2019-12-26 11:50:41 -08:00
Shuting Zhao
b5255893e3 update autogen annotation for pod controllers 2019-12-26 10:09:49 -08:00
Shuting Zhao
8be4db3de3 Merge branch '529_query' into 518_pod_controller 2019-12-20 18:55:08 -08:00
Shuting Zhao
cc87ea7339 add unit test 2019-12-20 18:53:44 -08:00
Shuting Zhao
74b85d8143 generate rule for pod controllers 2019-12-20 18:53:29 -08:00
shivkumar dudhani
615f1ae940 Merge branch 'master' into 529_query 2019-12-17 16:22:00 -08:00
shivkumar dudhani
38987d50c3 store context values as single JSON document using merge patches. 2019-12-17 16:06:13 -08:00
shivkumar dudhani
793d878b18 correct webhook endpoint 2019-12-13 11:13:58 -08:00
shivkumar dudhani
5659f2fbcf merge master 2019-12-12 18:44:52 -08:00
shivkumar dudhani
8414681e60 support variable substitution in overlay mutation 2019-12-12 18:25:54 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
shivkumar dudhani
b5de11fc0e refactor engine packages for validate & generate 2019-12-12 15:02:59 -08:00
shivkumar dudhani
12edc56613 initial commit 2019-12-11 09:45:22 -08:00
Shuting Zhao
b2ad71cc5e remove channel, introduced a flag to indicate the webhook creation status 2019-12-05 15:49:02 -08:00
Shuting Zhao
183f844029 - move resourcewebhookregister to webhookconfig 2019-12-05 13:51:02 -08:00
Shuting Zhao
0f5cf40eda - holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient 2019-12-04 12:31:27 -08:00
Shuting Zhao
f506789498 create resource mutating webhook after verifying webhook is active 2019-11-25 18:07:11 -08:00
shivkumar dudhani
89d0cc8799 Merge branch 'v1.1.0' into 504_bug 2019-11-19 10:12:09 -08:00
Shivkumar Dudhani
a81d5c9ae7
update event message (#515) 2019-11-18 17:13:48 -08:00
shivkumar dudhani
3df71f6fea Merge branch 'v1.1.0' into 507_bug 2019-11-18 11:44:17 -08:00
Shivkumar Dudhani
61b202c64a
420 init container (#501) 
* init container to cleanup stale webhook configurations if any.

* remove test code

* use internal pkg for os signals

* move webhook cleanup before http.server shutown.

* update make file and remove init

* update CI script
 2019-11-18 11:41:37 -08:00
shivkumar dudhani
3c3931b67b wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00
shivkumar dudhani
57e8e2a395 Revert "wait for cache to sync and cleanup" 
This reverts commit 9c3b32b903.
 2019-11-15 15:57:18 -08:00
shivkumar dudhani
9c3b32b903 wait for cache to sync and cleanup 2019-11-15 15:53:22 -08:00
shivkumar dudhani
f97406698d remove namespace from resource spec 2019-11-15 12:03:58 -08:00