mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3102 commits 16 branches 550 tags 288 MiB
Commit graph

1735 commits

Author SHA1 Message Date
Vyankatesh Kudtarkar
04dc3ddfe3
Remove sample Dir and Remove testcases from test_runner (#1686) 
* remove sample Dir and remove testcases form test_runner

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* change git URL for test

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix fmt issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* remove unused policy and test yamls

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix yaml path issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-03-16 14:35:32 -07:00
Jim Bugwadia
ee54b8bff3
Merge pull request #1716 from jsnider-mtu/change-isNotIn 
Change isNotIn
 2021-03-16 13:43:24 -07:00
Pooja Singh
861cec36c0
fixed issue (#1707) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-03-16 12:57:31 -07:00
Joshua Snider
6699bfab8c Fix tests 
Signed-off-by: Joshua Snider <jsnider@mtu.edu>
 2021-03-16 15:00:42 -04:00
shuting
c816cf3d69
Add certificate renewer in webhook registration controller (#1692) 
* load TLS pair from existing secret, if applicable

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove Kyverno managed secrets during shutdown

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add certificate renewer; - re-structure certificate package

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* commit un-saved file

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* eliminate throttling requests while registering webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* disable webhook monitor (in old pod) during rolling update

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove webhook cleanup logic from init container

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update PR template

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update link to the website repo

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update repo name

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-16 11:31:04 -07:00
Joshua Snider
9377f70840 Change isNotIn 
Signed-off-by: Joshua Snider <jsnider@mtu.edu>
 2021-03-16 14:26:41 -04:00
Jim Bugwadia
ff4fb41bdf
Merge pull request #1680 from jsnider-mtu/bug/groupVersion-in-api-path 
Bug Fix #1679; Set Version to Group/Version for /apis/* URLs
 2021-03-16 08:43:44 -07:00
Max Goncharenko
db49046e26
fix #1465: raise log level to error; add failed rules (#1709) 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
 2021-03-15 15:34:21 -07:00
Arsh Sharma
1dfcef1cc8
fix: changed logic for In and NotIn for sets (#1704) 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-03-15 12:59:24 -07:00
shuting
70d90ffb06
- remove preProcessJSONPatches; - update local Dockerfile (#1703) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-15 10:29:46 -07:00
Yashvardhan Kukreja
bc1e28dbd6
fix: overwrite the output file when repetedly executing kyverno apply command (#1701) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-11 16:30:37 -08:00
Vyankatesh Kudtarkar
274287617a
fix git branch issue in test command (#1697) 
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-03-11 11:46:36 -08:00
Pooja Singh
22f9eb0ac5
Merge pull request #1694 from NoSkillGirl/bug/1693_namespaceSelector_cli 
Policy without namespace selector gives error in Kyverno CLI - "pass the namespace labels"
 2021-03-12 00:39:25 +05:30
NoSkillGirl
9caa926225 code improvement 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-03-11 10:31:53 +05:30
NoSkillGirl
247c876d25 added condition for policy with namespace selector 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-03-11 00:24:21 +05:30
Jim Bugwadia
bb361df696
Merge pull request #1597 from yashvardhan-kukreja/issue-1242/multiline-yaml-string-support 
feat: added functionality for delimiting multi-line block by newline characters
 2021-03-10 09:58:38 -08:00
Pooja Singh
af4b85d3a8
Kyverno CLI - Namespace Selector (#1669) 
* added struct for namespace selector

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for namespace selector

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added test case

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* improved code

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-03-09 12:45:45 -08:00
Pooja Singh
4f3798862a
added condition for slash in cli (#1667) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-03-09 12:03:21 -08:00
Joshua Snider
b0fd2403e8 Add unit test 
Signed-off-by: Joshua Snider <jsnider@mtu.edu>
 2021-03-08 22:56:14 -05:00
Joshua Snider
23149738df Set Version to Group/Version for /apis/* URLs 
Signed-off-by: Joshua Snider <jsnider@mtu.edu>
 2021-03-06 00:22:12 -05:00
jsnider-mtu
81b147e279 Replace spaces with tabs 
Signed-off-by: jsnider-mtu <jsnider@mtu.edu>
 2021-03-05 14:13:00 -05:00
jsnider-mtu
b86342c097 Fix API path 
Signed-off-by: jsnider-mtu <jsnider@mtu.edu>
 2021-03-05 14:05:12 -05:00
Vyankatesh Kudtarkar
9e831ec959
Bug Fix: Extends match / exclude to use apiGroup and apiVersion (#1218) (#1656) 
* Extends match / exclude to use apiGroup and apiVersion

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix gvk issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-03-04 16:45:52 -08:00
Vyankatesh Kudtarkar
adb381705f
Fix: test command should return a status code for failure / success (#1655) 
* Fix: test command should return a status code for failure / success

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* add exit code for status sucess and fail

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-03-04 16:09:18 -08:00
Arsh Sharma
ccfe8c443c
fix: added details regarding match.resources (#1654) 
* fix: added details regarding match.resources

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: made revisions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: removed if not statement

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-03-03 11:22:45 -08:00
Yashvardhan Kukreja
10c714d5ba
feat: [preconditions, conditions] added backwards-compatible support for logical operators (#1604) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 20:31:06 -08:00
Yashvardhan Kukreja
6f15432a21
added: make target to auto generate code (#1603) 
* added: make auto-generate target to sync the auto-generated code by kubebuilder

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>

* synced: all the auto-generable files with kubebuilder's controller-gen

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 10:58:58 -08:00
Yashvardhan Kukreja
ca347b27bf
feat: added functionality for delimiting multi-line block by newline characters 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 00:46:50 +05:30
Arsh Sharma
da8e449d3c
fix: removed validator (#1646) 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-26 11:27:21 -08:00
Arsh Sharma
86879bd267
feat(operators): supporting subset checking (#1613) 
* fix(operators): supporting subset checking

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix(operators): removed print statement

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* test(operators): added test file for in

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix(operators): fixed switching

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* tests(operators): completed tests for In and NotIn

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* chore(operators): code cleanup

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* chore(operators): added comments for tests

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix(operators): changed logic based on new definitions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* test: updated NotIn tests

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-26 10:53:54 -08:00
Pooja Singh
070f13783f
added namespace label in context (#1644) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-25 20:52:53 -08:00
Jim Bugwadia
0d1f0b5897
Merge pull request #1636 from realshuting/1621_fix_configmap_variables 
Substitute variables in context.configMap
 2021-02-25 19:53:11 -08:00
Jim Bugwadia
b0ac8c5610
Merge pull request #1645 from realshuting/1340_json_patch 
Support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902
 2021-02-25 19:51:10 -08:00
Arsh Sharma
a0d28f0b16
fix: list operators in deny conditions (#1641) 
* fix: list operators in deny conditions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: regenerated YAMLs

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-25 19:13:35 -08:00
Pooja Singh
f438e0d5e6
Fix for - Generate policy fails if trigger resource name exceed 58 characters (#1631) 
* seperated generated-by label

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* restricted label to 63 characters

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* seperated labels and restriced char count to 63

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-25 18:48:45 -08:00
Shuting Zhao
7795f335c8 fix negative index 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 18:36:13 -08:00
Shuting Zhao
517c60fadc add unit tests 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 18:02:52 -08:00
Shuting Zhao
c4ebef7b0d - support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902 
- upgrade to evanphx/json-patch/v5

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 15:25:07 -08:00
Shuting Zhao
492d0e8009 remove kustomize patchesJSON6902 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 15:25:07 -08:00
Shuting Zhao
edc89c7b50 fix unit test 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 17:22:34 -08:00
Shuting Zhao
d770d6680b add request.namespace in the background process 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 17:22:23 -08:00
Shuting Zhao
17c72c1578 substitute variables in context.configMap 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 16:27:20 -08:00
shuting
267be0815f
Bug fixes - policy validation, auto-generated rules, apiCall support in mutate and generate (#1629) 
* Fix invalid policy reports generated for blocked resource

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1464 - copy context and preconditions to auto-gen rules

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1628 - add policy validations

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1593 - support apiCall in mutate and generate

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 12:08:26 -08:00
shuting
6fc349716c
Switch to use annotations to store resource info in cluster/reportChangeRequest (#1625) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes #1480

* store resource name and kind in (c)rcr's annotation
 2021-02-19 09:09:41 -08:00
Vyankatesh Kudtarkar
164885d087
Update Kyverno test command (#1608) 
* fix link (#1566)

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* update icon in chart.yaml

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* Adding default policies for restricted mode and adding notes to helm install (#1556)

* Adding default policies for restricted mode, taking validationFailureAction from values.yaml and adding notes on helm install

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding emoji

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Update NOTES.txt

* minor fix

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* adding to readme

Signed-off-by: Raj Das <mail.rajdas@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* update links and formatting in PR template (#1573)

* update links and formatting in PR template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update policy submission request template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix: restricting empty value to pass through the validation checks (#1574)

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* Actually fix contributor link in PR template (#1575)

* update links and formatting in PR template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update policy submission request template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* actually fix contrib guidelines

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* actually fix contrib guidelines

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* code improvement (#1567)

* code improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added if conditions

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed unit test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* feat(operators): support subset checking for in and notin (#1555)

* feat(operators): support subset checking for in and notin

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* feat(operators): fixed NotIn function

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* panic fix (#1601)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* update kyverno cli test cmd

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* code indentation

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* change  help text

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: Dekel <dekelb@users.noreply.github.com>
Co-authored-by: Shuting Zhao <shutting06@gmail.com>
Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com>
Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-02-17 11:30:41 -08:00
Jim Bugwadia
731474a9a2
rename context2 -> enginecontext (#1605) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-16 19:17:20 -08:00
Yashvardhan Kukreja
478f32b8b4
fix: allowed templatised values to be exempted from validation checks (#1599) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-16 13:06:07 -08:00
Pooja Singh
a21195f362
panic fix (#1609) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-16 12:48:04 -08:00
Pooja Singh
33ec907a09
panic fix (#1601) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-15 11:27:09 -08:00
Arsh Sharma
596bc9ba6f
feat(operators): support subset checking for in and notin (#1555) 
* feat(operators): support subset checking for in and notin

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* feat(operators): fixed NotIn function

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-10 13:05:36 -08:00