kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	2b712107d2	feat: consider maxAPICallResponseLength (#9620 ) * chore: move global context package out of engine Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: consider maxAPICallResponseLength Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 15:35:57 +00:00
Charles-Edouard Brétéché	b59353c657	chore: move global context package out of engine (#9618 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 14:35:24 +00:00
Vishal Choudhary	10ae9e306c	feat: update refreshInterval in globalcontext CRD to use a duration (#9615 )	2024-02-02 12:06:51 +00:00
Khaled Emara	226fa9515a	feat: add globalcontext controller (#9601 ) * feat: add globalcontext controller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * rework controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cmd Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * engine Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * k8s resources Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * k8s resource Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * resync zero Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * api call Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * api call Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 10:41:35 +00:00
Mariam Fahmy	3510998d4f	feat: Support CEL expression warnings (#9566 ) * feat: support CEL expression warnings Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: allow the policy creation but return warnings to the API server Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2024-02-02 10:04:02 +00:00
shuting	5f0d53fe34	feat: apply `.matchConditions` when generating reports (#9599 ) * enable matchconditions for reports Signed-off-by: ShutingZhao <shuting@nirmata.com> * update Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: move files Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-02-02 08:32:28 +00:00
M Viswanath Sai	d102abeb99	Feat: Human readable timestamps in logs (#9276 ) * added timestamp flag and subsequent behaviour changes for logging Signed-off-by: mviswanathsai <mviswanath.sai.met21@itbhu.ac.in> * Changed verbose verbosity level in cli Signed-off-by: mviswanathsai <mviswanath.sai.met21@itbhu.ac.in> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log level Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: mviswanathsai <mviswanath.sai.met21@itbhu.ac.in> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 19:14:47 +00:00
Vishal Choudhary	34c6044c8f	chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3 (#9600 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-02-01 15:50:24 +00:00
Charles-Edouard Brétéché	1e0bac2d6f	feat: add global context crd to codegen (#9595 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 12:32:13 +00:00
Charles-Edouard Brétéché	0b85bc41b7	feat: add global context crd (#9591 ) * feat: add global context crd Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 10:58:31 +00:00
Anushka Mittal	ce0c704086	Deploy specific controllers (#8849 ) * Initial changes for deploy specific controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Include correct values in values.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Remove check for other controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Sanity checks for other controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * resolve lint errors Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add separate flags for all crds; conditions for controller crd relation Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm global Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm global Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 10:14:05 +00:00
D N Siva Sathyaseelan	f267d19761	test: added test for pkg/utils/policy/marshal.go (#9583 ) * test: added test for pkg/utils/policy/marshal.go Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * test: added test for pkg/utils/policy/marshal.go Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> --------- Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>	2024-01-31 23:00:22 +00:00
Anushka Mittal	cfc9683033	Changes to dynamically configure webhooks (#8437 ) * Changes to dynamically configure webhooks Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add unit tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add kuttl tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Refactoring Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct unit test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Change way of webhooks configured Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct tests with new changes Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add delete operation by default Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct tests with new changes Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct order for operations Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add corrections Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add mutatingwebhookconfiguration test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct unit test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Added policy.yaml in mutate webhook test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add corrections in kuttl test and code Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Change name of test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Changes to update webhooks manifest Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add corrections for dynamic-op-mutate kuttl test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add minor changes; remove unnecessary file Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct adding operations for MutatingWebhookConf Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * dynamic op mutate and validate added Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Resolve conflicts Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Filter rules for mutatingwebhookconf correctly Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * replace TestStep with Test in chainsaw tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * converted to new chainsaw-test format Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * minor corrections Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * remove isMutationEmpty() Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * initial changes for dynamic opn enhancements Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * rename variables Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * resolve lint errors Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * refactor code Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add changes for exclude operations Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add conformance tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add unit tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * corrections in conformance tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * modification in unit tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * correction in conformance tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shuting@nirmata.com> * update variable usage Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * remove testresults Signed-off-by: anushkamittal2001 <anushka@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2024-01-31 15:46:53 +00:00
shuting	635f160ae0	feat (generate): add `orphanDownstreamOnPolicyDelete` to preserve downstream on policy deletion (#9579 ) * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add .orphanDownstreamOnPolicyDelete Signed-off-by: ShutingZhao <shuting@nirmata.com> * update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-31 13:50:38 +02:00
Vishal Choudhary	82b65aebc4	feat: add fail/warn on deprecated/invalid operators (#8624 ) * feat: add fail/warn on deprecated/invalid operators Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nested for each Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-31 08:40:28 +00:00
Charles-Edouard Brétéché	e969e29eb8	chore: remove reports aggregation per namespace (#9570 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 23:08:47 +00:00
Khaled Emara	8fcd9945a1	feat: use custom events watcher (#9324 ) * feat: use cusotm events watcher This custom Event handler solved the problem of a goroutine per Event. Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(events): add unit test to EventGenerator Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(events): linter Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat: do away with EventBroadcaster Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * eddycharly fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:08:15 -08:00
Charles-Edouard Brétéché	9102753323	fix: make alternate reports storage transparent (#9553 ) * fix: make alternate reports storage transparent Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bg scan Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm manager Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:53:37 +00:00
dreamjz	08d098d262	feat(jmespath):time_parse() support epoch time (#9173 ) Signed-off-by: dreamjz <25699818+dreamjz@users.noreply.github.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 07:47:02 +00:00
Mariam Fahmy	831bf3c074	feat: reuse --protectManagedResources flag in the cleanup controller (#8566 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-30 07:08:30 +00:00
Pushkar Mishra	e6d438289e	added tests for validate foreach with 0 elements (#9459 ) * added tests for validate foreach with 0 doesn't skip Signed-off-by: Pushkar Mishra <pushkarmishra029@gmail.com> * fix Signed-off-by: Pushkar Mishra <pushkarmishra029@gmail.com> --------- Signed-off-by: Pushkar Mishra <pushkarmishra029@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 14:04:41 +00:00
Liang Deng	8298a9a858	fix: validate pattern premature skip (#9155 ) Signed-off-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-29 13:06:39 +00:00
Mariam Fahmy	9ed14cb779	feat: support vap bindings in reports (#9506 ) * feat: support vap bindings in reports Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: add binding to the rule response Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 12:49:17 +01:00
Charles-Edouard Brétéché	90cff77300	fix: CRDs codegen (#9542 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 09:45:52 +00:00
Charles-Edouard Brétéché	747bc017e5	fix: follow up for #9534 (#9543 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 08:54:58 +00:00
Vishal Choudhary	4108415153	feat: use awslabs keychain for AWS and gcr keychain for GCP (#9416 ) * feat: use awslabs keychain for AWS and gcr keychain for GCP Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: remove unused var Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: remove more unused vars Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: gofumpt Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 08:25:52 +00:00
mohamedasifs123	e3274386e7	Update validate_resource.go (#9534 ) Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>	2024-01-28 20:41:42 +00:00
Charles-Edouard Brétéché	afede6486d	refactor: use single type for ephemeral reports (#9537 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-27 23:30:04 +00:00
Siva Sathyaseelan	06a5580b2c	test: added test for pkg/utils/admission/metadata.go (#9538 ) Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>	2024-01-27 21:27:54 +01:00
shuting	7170cbb0c2	feat:Webhook config per policy (#9483 ) * add spec.webhookConfigurations Signed-off-by: ShutingZhao <shuting@nirmata.com> * update crd Signed-off-by: ShutingZhao <shuting@nirmata.com> * configure webhook Signed-off-by: ShutingZhao <shuting@nirmata.com> * register webhook handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * skip storing finegrained policies in cache Signed-off-by: ShutingZhao <shuting@nirmata.com> * update resource validate handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate resource handler for fine-grained policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-27 13:00:22 +00:00
Charles-Edouard Brétéché	f4aba55e0a	fix: move new reports api to top level folder (#9531 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-27 08:03:01 +00:00
Mariam Fahmy	f01f0d6dc4	feat: support podSecurity exclusion in exceptions (#9343 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-26 18:43:07 +00:00
Florian Hopfensperger	8781a38849	feat: configure webhook scope based on resource and policy type (#8065 ) * feat: configure webhook scope based on policy type Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * Update pkg/controllers/webhook/controller.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> * feat: configure webhook scope based on resource type Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * review comments Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * sorting of webhooks Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * Update pkg/controllers/webhook/utils.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix imports Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> --------- Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 15:07:42 +00:00
Vishal Choudhary	e6c39f31a5	feat: add a new API group `reports.kyverno.io` (#9521 ) * feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 13:40:29 +00:00
Siva Sathyaseelan	b0737a7f51	test: added test for pkg/utils/admission/policy.go (#9520 ) Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>	2024-01-26 13:10:37 +00:00
Siva Sathyaseelan	ceb004c3a9	test: added test for pkg/utils/admission/exception.go (#9495 ) Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-25 22:59:34 +01:00
Charles-Edouard Brétéché	bc2c50058a	fix: reduce logs in controllers when an item is not found (#9509 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-25 01:12:15 +02:00
Charles-Edouard Brétéché	0b7a6a1e3e	fix: kyverno apply panic for mutate policies (#9492 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-24 09:37:48 +00:00
Vishal Choudhary	87c7ce254a	feat: add skipImageReferences in verify images (#8633 ) * feat: add skipImageReferences in verify images Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-23 12:27:39 +00:00
Mariam Fahmy	d47684c0d9	feat: support validatingadmissionpolicybindings in CLI apply command (#9468 ) * feat: support validatingadmissionpolicybindings in CLI apply command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix linter issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-23 11:47:38 +00:00
Siva Sathyaseelan	9da03844a5	test: added test for pkg/utils/admission/cleanup.go (#9486 ) Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 21:00:09 +01:00
Lukas Wöhrl	349e363a41	feat: support all valid jsonpatches in validation webhook (#9476 ) Signed-off-by: Lukas Wöhrl <lukas.woehrl@plentymarkets.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 14:49:08 +00:00
Vishal Choudhary	a0afda4f0a	fix: allow multiple keys in verifyImages.attestations.attestors.entries (#8880 ) * fix: allow multiple keys in verifyImages.attestations.attestors.entries Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-01-22 06:49:22 +00:00
Charles-Edouard Brétéché	8795916e14	fix: change generic policy to not return any (#9463 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-20 19:20:22 +02:00
Charles-Edouard Brétéché	a597d65a33	chore: bump otel deps (#9442 ) * chore: bump otel deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix semconv version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-19 09:36:28 +00:00
Mariam Fahmy	a791d9ac35	feat: skip generating VAP when an exception is defined (#9386 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-18 15:55:27 +00:00
Mariam Fahmy	b4acbdea2c	fix: use the correct API version for VAPs in the generated events (#9392 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-01-18 14:02:07 +00:00
Mariam Fahmy	f0564b3019	feat: re-evaluate policy exceptions for existing resources and modify reports accordingly (#8659 ) * feat: re-evaluate policy exceptions for existing resources and modify reports accordingly Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use v2 of exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use properties in the reports result Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-17 10:00:15 -08:00
shuting	600e19b340	fix: clean up URs if the trigger doesn't exist (#9355 ) * clean up URs if trigger is not present Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * increase timeout Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: clarify user variables failure Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-09 10:30:31 +01:00
kanha gupta	f7a962fd11	support for SHA256 jmespath function (#9144 ) Signed-off-by: Kanha gupta <kanhag4163@gmail.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-01-05 10:44:26 +00:00
shuting	025a477688	fix: non-trigger resources should be skipped for background policies regardless of `skipBackgroundRequests` settings (#9333 ) * fix skip checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: skip request for non-triggers Signed-off-by: ShutingZhao <shuting@nirmata.com> * add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: empty policy Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-04 12:47:58 +02:00
Mariam Fahmy	f8c5571ddc	fix: remove the check of exclude in VAPs (#9331 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-03 17:37:30 +00:00
Khaled Emara	88798c3e39	feat: add new client for events (#9323 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-03 01:12:05 +00:00
Gurmannat Sohal	6902a2b092	Unit tests for Pod Security Admission Integrations (#8585 ) * feat: enable field-restricted exclusions using the psa Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * initial unit tests * Add all remaining unit tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fine grain unit tests by adding fields and values * add detailed pod level exclusion and related tests * add tests for init & ephemeral containers * add kuttl tests for the new advanced support * add kuttl tests for the new advanced support * add readme for kuttl tests * add replacement in go.mod * resolving CI errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * updating pod-security-admissio Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolving null pointer panic Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolved conformance error Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chainsaw Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove duplication Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix linting Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove over computation Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * added field checks, pss skip condition Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * correcting chainsaw tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * merge branch 'main' into unit-tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix builds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Liang Deng <283304489@qq.com> Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:28:08 +08:00
Mariam Fahmy	4fff841cdc	fix: remove policy informer from vap controller (#9279 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-26 11:45:26 +00:00
Mariam Fahmy	5f09fa810c	chore: introduce v2 for updaterequests (#9267 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-23 00:09:02 +00:00
Charles-Edouard Brétéché	2b5aef75f1	feat: add cleanup policies v2 (#9261 ) * feat: add cleanup policies v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-22 20:43:27 +02:00
Vishal Choudhary	ce00df13fa	fix: use http.MaxBytesReader instead of content length for API Calls (#9265 ) * fix: use http.MaxBytesReader instead of content length for API Calls Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: added test for chunked transfer Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-22 17:05:52 +00:00
Mariam Fahmy	6bffca067a	chore: introduce v2 for internal reports resources (#9262 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-22 14:09:00 +00:00
shuting	67b96a7cf2	refactor: mutate checks (#9255 ) * refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-22 15:07:17 +02:00
Shubham Singh	6aaa06702f	bug: making `images` consistent with `image` (#9147 ) * adding `ReferenceWithTag` and `GetReferenceWithTag` + Populating them Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * Adding tests for the same Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * `ReferenceWithTag()` -> `ReferenceWithTag` Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * `Strings()` -> `ReferenceWithTag` Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * added `ReferenceWithTag` to image_test Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * sorting out linter Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> --------- Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-22 11:15:50 +00:00
Charles-Edouard Brétéché	b54e6230c5	refactor: events controller (#9236 ) * refactor: make events controller shutdown graceful Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * drain Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: events controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exception Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove queue Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-22 11:47:22 +01:00
Mariam Fahmy	b61a1f3d18	fix: set v2beta1 of exceptions the storage version (#9254 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-22 10:13:58 +00:00
hub_Prateek	f344bcf9a7	Fixed error log (#9232 ) * Fixed error log Signed-off-by: hub-Prateek <prateeksaxena462003@gmail.com> * Removed the event Signed-off-by: hub-Prateek <prateeksaxena462003@gmail.com> --------- Signed-off-by: hub-Prateek <prateeksaxena462003@gmail.com>	2023-12-22 07:32:08 +00:00
Honnix	47cafaabd3	Support more signature algorithms (#9102 ) * Support more signature algorithms Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fix codegen Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fail loudly for unsupported algorithm Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fix codegen Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fix more Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> --------- Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-21 13:27:33 +05:30
shuting	85e0d9b836	fix mutate existing force reconciliation (#9230 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-20 16:29:37 +00:00
Charles-Edouard Brétéché	c335670065	chore: add missing context unit test (#9213 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-19 15:54:48 +00:00
Mariam Fahmy	8e0a7aa204	feat: promote policy exceptions to v2 (#9208 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-19 10:43:39 +00:00
shuting	7282ecca9f	fix: add `skipBackgoundRequests` to configure loop protection option (#9157 ) * fix typo Signed-off-by: ShutingZhao <shuting@nirmata.com> * add new attribute skipBackgroundRequests Signed-off-by: ShutingZhao <shuting@nirmata.com> * move to per rule config Signed-off-by: ShutingZhao <shuting@nirmata.com> * check flag Signed-off-by: ShutingZhao <shuting@nirmata.com> * clean up Signed-off-by: ShutingZhao <shuting@nirmata.com> * update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix logger Signed-off-by: ShutingZhao <shuting@nirmata.com> * add retryCount to ur.status Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-19 06:25:12 +00:00
Charles-Edouard Brétéché	8a7c2f0332	chore: bump a couple of deps (#9198 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-19 02:52:23 +00:00
kanha gupta	cdc68a629a	support for Add Variable unit test (#9124 ) Signed-off-by: Kanha gupta <kanhag4163@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-19 00:14:17 +00:00
Mariam Fahmy	68a1258899	fix: limit the trigger name to a maximum of 63 characters for mutate existing rules (#9162 ) * fix: limit the trigger name to a maximum of 63 characters for mutate existing rules Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-18 09:23:40 +00:00
Vishal Choudhary	c5298cdf85	chore: use sigstore/cosign 2.2.2 on main (#9179 ) * chore: use official cosign on main Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * cleanup: remove redundant if check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * cleanup: extra require statement Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-18 06:41:26 +00:00
Jim Bugwadia	f4f34419d9	improve messages (#9168 ) * improve messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix typo Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2023-12-16 10:50:08 +02:00
Mariam Fahmy	eab6b4eceb	fix: updaterequests stuck in pending/fail infinite loop (#9119 ) * fix: updaterequests stuck in pending/fail infinite loop Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: prevent creating URs upon DELETE unless it is specified Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-15 16:42:10 +02:00
shuting	7eb9347ced	fix logger level (#9163 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-15 09:51:24 +00:00
Vishal Choudhary	1f4181645b	fix: allow changes to preexisting resource in violation of a policy in Enforce (#9027 ) * fix: allow changes to preexisting resource in violation of a policy in Enforce Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: missing error check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * nit: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update old policy context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: preconditions always retured true internal.CheckPreconditions always returned true when v.anyAllConditions, it should be populated with rule.RawAnyAllConditions when newValidator() is used to create a validator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: fix chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nit Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * debug Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add namespace Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test for bad to good conversion Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test step Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-12 09:17:53 +00:00
Zadkiel Aharonian	5e96b26a48	feat: webhook labels (#9015 ) Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-07 12:58:31 +00:00
Mariam Fahmy	955738ce20	chore: set cert renewal time to 15 days before expiration (#8567 ) * chore: set cert renewal time to 15 days before expiration Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-06 13:37:01 +00:00
Jim Bugwadia	46f02a8ba7	optimize JSON context processing using in-memory maps (#8322 ) * optimize JSON context processing using in memory maps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate resource diff Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * copy resource, as it can be modified Signed-off-by: Jim Bugwadia <jim@nirmata.com> * clear prior resource to prevent mutating original Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter fix Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix ImageInfo to unstructured conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix custom image extractors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not update mutated resource in JSON context Signed-off-by: Jim Bugwadia <jim@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-04 07:35:36 +00:00
Charles-Edouard Brétéché	095b22b6af	fix: ttl cleanup not working with cluster wide resources (#9060 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-03 00:35:13 +01:00
Jim Bugwadia	296578a456	create interpreter once and reuse across searches (#8299 ) * create interpreter once and reuse across searches Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * refactor(jmespath): reuse fCall instead of intr Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * refactor(jmespath): use new api Use the new JMESPath API to decouple Interpreter from FunctionCaller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore: bump go-jmespath Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(jmespath): test case using older API Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Khaled Emara <KhaledEmaraDev@gmail.com>	2023-11-30 16:59:11 +01:00
Mariam Fahmy	1404ea0966	fix: delete VAPs in case Kyverno policies can't be translated (#8887 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-27 06:36:01 +00:00
Vishal Choudhary	c630f17ec4	fix: block mutation only when failurePolicy is set to fail (#8952 ) * fix: only block mutation when failurePolicy is set to fail Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: kuttl test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add else check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update defaulting ns label policy's failure policy to be fail based on readme, this test has nothing to do with failurePolicy and resource should not be blocked in case of ignore failurePolicy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: there is another Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update policy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * nit Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add logs Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update pkg/webhooks/resource/mutation/mutation.go Signed-off-by: shuting <shuting@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2023-11-22 17:01:46 +00:00
Vishal Choudhary	72524c792c	fix: update KeysAreMissing() to ignore negations in resource (#8953 ) * fix: update KeysAreMissing() to ignore negations in resource KeysAreMissing() checks if a key is missing in a resource, since a negation should not be present in the resource, it should not count as a missing key Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pod is supposed to fail Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-11-22 09:06:40 +00:00
Vishal Choudhary	5fe16cd487	feat: add checks for max response size in API Call (#8957 ) * feat: add checks for max response size in API Call GET request Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: added changes suggested by jim Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-11-21 10:01:51 +00:00
UgOrange	0079ca1e39	feat: Add external_url_check custom JMESPath function (#8614 ) Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com> Signed-off-by: UgOrange <lichanghao.orange@bytedance.com>	2023-11-21 04:17:26 +00:00
AdamKorcz	31c089bcc6	fix: change names of fuzzing policies (#8947 ) Signed-off-by: AdamKorcz <adam@adalogics.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-11-20 01:05:58 +00:00
Dirk Pahl	d8c2c5818d	Make server ports configurable, resolves #7279 (#7728 ) * Make server ports configurable, resolves #7279 Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Make server ports configurable, resolves #7279 Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Switch to flags instead of env vars Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Could not use internal package in webhooks pkg Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Add helm chart changes Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * make codegen-docs-all Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * make codegen-manifest-all Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> --------- Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> Co-authored-by: Dirk Pahl <dirk.pahl@deutschebahn.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-17 14:19:53 +00:00
shuting	7b5d7c1e50	chore: bump k8s package to 1.29 (#8929 ) * bumo k8s pkgs to 1.29 Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace to fork Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-11-17 15:42:47 +08:00
Romuald	139551b7ac	fix: use ungreedy pattern to process all variables (#8311 ) * use ungreedy pattern to process all variables Signed-off-by: Romuald du Song <rdusong@chapsvision.com> * use different strategy for regexp to remove the use of ungreedy flag Signed-off-by: Romuald du Song <rdusong@chapsvision.com> --------- Signed-off-by: Romuald du Song <rdusong@chapsvision.com>	2023-11-14 13:23:28 +00:00
Mariam Fahmy	c0e0cea9f4	feat: compute policy exceptions as a part of the rule execution (#8713 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-11-13 15:43:25 +00:00
Mariam Fahmy	31858abb0b	fix: use validate.message in case there is no message associated with the CEL expression (#8883 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-13 14:53:24 +00:00
AdamKorcz	4da963367d	Close reponse right after succesful request (#8894 ) Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-11-13 13:41:32 +00:00
Satyajit Behera	adc0f175d2	Reduced verbosity of admission request filter INFO log message (#8712 ) * Reduced verbosity of admission request filter INFO log message Signed-off-by: satyazzz123 <beherasatyajit716@gmail.com> * Changed the verbosity level to 4 Signed-off-by: Satyajit Behera <105061492+satyazzz123@users.noreply.github.com> --------- Signed-off-by: satyazzz123 <beherasatyajit716@gmail.com> Signed-off-by: Satyajit Behera <105061492+satyazzz123@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-10 11:34:34 +00:00
Jim Bugwadia	c1015bf619	Reduce deps (#8654 ) * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove cosign dependency from API package Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update UserAgent Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-09 13:04:24 +00:00
Vishal Choudhary	878bc48e51	chore: bump cosign to v2.2.1 (#8855 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-11-09 12:22:35 +00:00
shuting	5bd3faca97	chore (deps): bump a couple of deps (#8867 ) * bump github.com/distribution/distribution from 2.8.2+incompatible to 2.8.3+incompatible Signed-off-by: ShutingZhao <shuting@nirmata.com> * bump sigs.k8s.io/kubectl-validate from 0.0.1 to 0.0.2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 Signed-off-by: ShutingZhao <shuting@nirmata.com> * bump sigstore/scaffolding from 838c26c783a08cf497dfff29d95ca90c6eeba3df to 46eb35c1c415d976c7f9d3ee4c936e65c35e8e3e Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-11-09 16:25:15 +05:30
Chandan-DK	cafc0990f9	fix: generate policy fails if triggered resource name exceeds 63 characters limit (#8466 ) * fix: generate label resource name character length issue Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add source label Signed-off-by: Chandan-DK <chandandk468@gmail.com> * modify newUR function Signed-off-by: Chandan-DK <chandandk468@gmail.com> * fix Signed-off-by: Chandan-DK <chandandk468@gmail.com> * improve readability Signed-off-by: Chandan-DK <chandandk468@gmail.com> * remove generate source name label Signed-off-by: Chandan-DK <chandandk468@gmail.com> * Revert changes Signed-off-by: Chandan-DK <chandandk468@gmail.com> * update ResourceSpec Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add URGenerateResourceUIDLabel Signed-off-by: Chandan-DK <chandandk468@gmail.com> * make codegen crds all Signed-off-by: Chandan-DK <chandandk468@gmail.com> * make codegen client all Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add GenerateSourceUIDLabel Signed-off-by: Chandan-DK <chandandk468@gmail.com> * modify comment Signed-off-by: Chandan-DK <chandandk468@gmail.com> * make codegen crds all Signed-off-by: Chandan-DK <chandandk468@gmail.com> * make codegen-docs-all Signed-off-by: Chandan-DK <chandandk468@gmail.com> * make codegen-all Signed-off-by: Chandan-DK <chandandk468@gmail.com> * set trigger uid Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add uid in transform() Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add name label Signed-off-by: Chandan-DK <chandandk468@gmail.com> * fix: use resource name labels along with its UID Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use the resource name label only if its uid label isn't set Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add kuttl tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: delete the trigger resource in the test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: delete the source in the kuttl test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add generate trigger uid label Signed-off-by: Chandan-DK <chandandk468@gmail.com> * modify TriggerInfo function Signed-off-by: Chandan-DK <chandandk468@gmail.com> * populate uid field for new update requests Signed-off-by: Chandan-DK <chandandk468@gmail.com> * populate new ur spec with uid Signed-off-by: Chandan-DK <chandandk468@gmail.com> * handle downstream resources cleanup Signed-off-by: Chandan-DK <chandandk468@gmail.com> * populate uid of ur status Signed-off-by: Chandan-DK <chandandk468@gmail.com> * fetch triggers by the UID label Signed-off-by: ShutingZhao <shuting@nirmata.com> * label triggers Signed-off-by: ShutingZhao <shuting@nirmata.com> * fetch trigger by comparing UID Signed-off-by: ShutingZhao <shuting@nirmata.com> * fetch cloneList downstream resource by UID Signed-off-by: ShutingZhao <shuting@nirmata.com> * update test names Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove trigger name label assertions from kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add unit name selector Signed-off-by: ShutingZhao <shuting@nirmata.com> * add sleep Signed-off-by: ShutingZhao <shuting@nirmata.com> * assert events on failures Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Chandan-DK <chandandk468@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-06 10:37:13 +00:00
Vishal Choudhary	6ad156f5d0	feat: update descriptions of image verify cache flags (#8770 ) * feat: update descriptions of image verify cache flags Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update cmd/internal/flag.go Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update description of imageVerifyCacheEnabled Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-02 16:10:17 +00:00

1 2 3 4 5 ...

3621 commits