kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00

Author	SHA1	Message	Date
Jim Bugwadia	c3be689851	remove TUF initialization from main (#4098 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-06-10 00:52:12 -07:00
Anton Popovichenko	afc9a56d33	Feature: Add support for allowing insecure registries. (#3983 ) Now you can work with self signed registries by updating your deployment with adding `--allowInsecureRegistry` to the `args` field. Signed-off-by: Anton Popovichenko <anton.popovichenko@mendix.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-25 11:03:36 +02:00
Jim Bugwadia	8fe9163f4e	fix attestation checks (#3999 ) * fix attestation checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * dos2unix Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-05-24 14:57:01 +08:00
Charles-Edouard Brétéché	1afda6a137	refactor: make registry client variables private (#3975 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-23 18:45:25 +05:30
Charles-Edouard Brétéché	840307fc69	chore: enable ifshort linter (#3945 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 18:55:13 +00:00
Charles-Edouard Brétéché	5aaf2d8770	chore: make kyverno api import aliases consistent (#3939 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	c12f94d6d4	chore: enble gci linter (#3930 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-17 07:56:48 +02:00
Jim Bugwadia	36affff4b7	Timeout and init (#3893 ) * increase timeout to 30s to match webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initialize Fulcio roots at startup Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add TUF root Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make helm-gen Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-12 10:55:14 +08:00
Charles-Edouard Brétéché	f508e9a0b8	chore: add unconvert linter (#3867 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 20:28:45 +01:00
Charles-Edouard Brétéché	e2cf6cea5a	fix: golangci-lint warnings in pkg (#3846 ) * fix: golangci-lint warnings in cmd Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: golangci-lint warnings in pkg Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-10 09:24:27 +00:00
Jim Bugwadia	db3502656d	Cert attestor (#3809 ) * add certificates attestor Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle duplicate images; use container name as key Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use OldObject for modify requests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use unique image names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com> * create a single annotation patch across rules and images Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and change annotation key name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * split certs from keys Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add Rekor and fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-05 21:57:20 -07:00
Charles-Edouard Brétéché	a592dad2aa	refactor: cosign package logger (#3773 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-02 21:03:44 +01:00
Charles-Edouard Brétéché	24ed931f42	refactor: remove some api unnecessary pointers (4) (#3713 ) * refactor: remove some api unnecessary pointers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (2) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (3) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (4) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-29 09:12:01 +02:00
Jim Bugwadia	9fde4fd6a1	Multiple keys (#3636 ) * fix autogen check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow multiple keys and fix root/intermediate certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make issuer/subject optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * enable CTLog options Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix split Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename CTLog -> Rekor Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * api/kyverno/v1/image_verification_test.go Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-22 07:10:02 +00:00
Jim Bugwadia	3b1a1acd9a	Image verify attestors (#3614 ) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-19 08:35:12 -07:00
Anushka Mittal	1714a328b6	add-kms-libraries for cosign (#3603 ) * add-kms-libraries Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Shifted providers to cosign package Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-14 15:24:34 +00:00
Charles-Edouard Brétéché	29d7010e25	refactor: move common utils (#3553 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 13:02:43 +00:00
shuting	d1bf3d4742	clean up dependencies (#3469 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-03-25 08:40:25 +00:00
Naman Lakhwani	433ad5e0c4	[imageVerify]: correcting error msg (#3398 ) * corrected err msgs Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * this msg is not required explicitly Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-03-18 12:47:27 -07:00
Christian Kotzbauer	860253d6aa	[ImageVerify] Verify additional certificate-extensions (#3404 ) * feat: add additionalExtensions to keyless imageVerify Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * feat: regenerate code Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>	2022-03-17 08:42:12 +00:00
Ivan Wallis	deda7a5336	support RSA, ECDSA and EDDSA public key verification (#3362 ) Signed-off-by: Ivan Wallis <iwallis@gmail.com>	2022-03-08 21:58:14 -08:00
Jim Bugwadia	bd1a145678	Fix keyless attest (#3219 ) * allow root cert for keyless attestations checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add logs and improve var names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle err in sig loading Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-13 20:35:11 -08:00
Naman Lakhwani	d3dd7a7b45	fixing and adding tests (#3112 ) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-01-27 22:50:29 -08:00
Jim Bugwadia	7cf1dd2b15	update cosign to 1.5.0 and fix issuer and subject for keyless (#3089 ) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-27 21:13:23 -08:00
Sambhav Kothari	2eb8f5f285	Fix memory leak when updating ggcr keychain (#3088 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-26 12:45:05 -08:00
Mritunjay Kumar Sharma	cdedf11a1c	bumps k8s libraries for k8s v1.23 upgrade for kyverno (#3043 ) * bumps k8s libraries for k8s v1.23 upgrade for kyverno Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes kustomize version Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates golang to v1.17 to test fails Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates logr package to 1.2.2 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Fixed tests for `pkg/cosign` and `pkg/webhooks/generation` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * fix go-logr deps version issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> * fix kube-openapi commit hash Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-22 20:26:53 +08:00
Sambhav Kothari	1af9e48b0d	Add image data to validate image configs (#2946 ) * Add image data to validate image configs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add tests for image context Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add e2e test cases for image size policy Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-17 04:06:44 +00:00
Jim Bugwadia	59d4cf8c0b	check for issuer and subject only when declared in policy. fix log levels (#2973 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-13 12:49:52 +08:00
Naman Lakhwani	59a460b31e	adding support for Cosign key-value annotations (#2824 ) * adding annotation check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * updating manifests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * changing map val type to string form interface{} Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * passing args to opts Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-16 06:19:44 +00:00
Naman Lakhwani	edafffd2bd	added issuer check (#2804 ) * added issuer check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * switch to using SimpleContainerImage Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * added subject check and required test cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * small nits Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * correcting tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 19:46:22 +00:00
Joel Kamp	081dd97cc3	fix: update registry credentials on verify (#2798 ) Signed-off-by: Joel Kamp <joel.kamp@invitae.com>	2021-12-06 16:08:16 -08:00
Jim Bugwadia	8a0d465d90	fix signature (#2740 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:12:12 +08:00
Jim Bugwadia	50cb1859c3	add keyless verification (#2677 ) * add keyless verification Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter warning Signed-off-by: Jim Bugwadia <jim@nirmata.com> * wrap error with details Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-04 23:26:22 -07:00
Batuhan Apaydın	4eab46fb7d	feat: support other key methods (#2607 ) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 00:45:35 -07:00
Jim Bugwadia	4019d6b8b2	merge main and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-29 09:18:47 -07:00
Marcus Noble	1966c82c6d	Fix various go lint issues (#2639 ) * Fix various go lint issues Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix if mistake Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Simplified returns Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 17:06:03 +02:00
Marcus Noble	a923dce631	Cleanup imports (#2635 ) Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 12:24:26 +02:00
Jim Bugwadia	f35bbe77b7	handle Cosign payload variations Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-28 15:48:35 -07:00
Jim Bugwadia	3a166f1faf	handle Critical and critical in Cosign response payload Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-28 10:58:55 -07:00
Jim Bugwadia	ef9e9ec9ac	add variable substitutoion for imageVerify and allow PEM in ConfigMaps Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-26 10:41:27 -07:00
Jim Bugwadia	676bd5f4be	fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 11:18:36 -07:00
Jim Bugwadia	619ee6ac61	fix loop Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 09:55:23 -07:00
Jim Bugwadia	7c57ac24e6	update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 00:58:45 -07:00
Jim Bugwadia	90edc69dcf	merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-05 22:42:42 -07:00
Jim Bugwadia	2bd5bca721	merge foreach and add attestation checks Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 14:24:06 -07:00
Jim Bugwadia	249c0f62f8	support attestations Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 01:19:47 -07:00
Jim Bugwadia	0dbe7ea675	start attestation support Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-01 11:10:36 -07:00
Jim Bugwadia	23af42dc92	allow alternate image repositories (#2393 ) * allow alternate image repositories Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate CRD YAMLs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-16 16:11:38 -07:00
Jim Bugwadia	8af814c7af	update cosign to v1.0.0 (#2221 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-08-02 13:51:36 -07:00

1 2

52 commits