mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
4330 commits 16 branches 550 tags 288 MiB
Commit graph

4330 commits

This branch
This branch
All branches
Author SHA1 Message Date
Prateek Pandey
3f47ab6a5d
Cherry pick #3953 #3955 (#3960) 
* Cleanup URs on trigger deletion (#3955)

* Clean URs on trigger deletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Make kyverno api import aliases consistent

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Fix gofumpt error

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Remove unused code

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

* fix panic issue for ur (#3953)

* fix the import

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-18 11:45:29 +08:00
Prateek Pandey
7d66968d7f
fix: handle UR delete once trigger namespace deleted (#3934) (#3938) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-05-17 15:41:42 +08:00
Prateek Pandey
000c90d424
fix: use patch to update handler status in UR (#3927) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-05-17 12:59:11 +08:00
shuting
e779cb866a
Cleanup the UR for mutate policies once it's completed (#3923) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-05-16 04:45:44 +00:00
shuting
4972f20259
Remove permissions in helm-release workflow (#3901) (#3903) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-05-12 08:34:38 +00:00
shuting
e84b508ffb
Release v1.7.0-rc1 (#3896) 
Tag v1.7.0-rc1

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-05-12 05:23:14 +00:00
Jim Bugwadia
f05d86d375
cherry-pick #3893 (#3895) 2022-05-12 04:16:15 +00:00
Vyankatesh Kudtarkar
a0eadad77b
Fix subject match selector issue in cli (#3887) (#3892) 
Signed-off-by: Vyankatesh vyankateshkd@gmail.com
 2022-05-11 16:36:42 +00:00
Prateek Pandey
44be131ed0
skip var checks in attestations (#3876) (#3885) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-11 09:57:00 +00:00
Prateek Pandey
ac75ea1717
fix: undo length validation check for generate rule resource name (#3865) (#3872) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-11 05:44:50 +00:00
shuting
0e6bf44b0f
Handle errors properly for mutate and generate on existing resources (#3863) (#3866) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-05-10 23:08:50 +05:30
Prateek Pandey
eb25d6dc6f
refactor: remove unused functions (#3844) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-05-10 18:13:25 +08:00
Vyankatesh Kudtarkar
737d3bdd36
handle subresources (#3841) (#3848) 
* handle subresources

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix logger name

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix webhook and logs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-10 12:34:17 +08:00
Prateek Pandey
8b6d3d1f6a
feat: trigger generate on existing matched resource (#3819) 
* feat: trigger generate on existing matched resource

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* refactor the triggers and fix review comments

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* add trigger for other matching kinds

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* implement match exclude using dynamic client

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* refactor generate trigger

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* increase sleep timeout

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* optimize unstructured list

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* fix review comments

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* log refactor and clean debug comments

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-05-09 07:13:11 +00:00
Charles-Edouard Brétéché
bbe65959bc
refactor: webhook config package (part 2) (#3833) 
* refactor: webhookconfig package (part 1)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: webhook config package (part 2)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-08 14:14:31 +02:00
Charles-Edouard Brétéché
af56adb0a6
refactor: webhookconfig package (part 1) (#3831) 
* refactor: webhookconfig package (part 1)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: sonatype issue

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-08 12:47:49 +01:00
Jim Bugwadia
69ac94b0ee
fix check and add logs (#3838) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-08 07:45:02 +00:00
Sambhav Kothari
2dc54e5c1b
Allow variables of any kind to be defined (#3828) 
Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>
 2022-05-07 20:30:11 +00:00
Charles-Edouard Brétéché
306b22a5db
fix: policy deletion in webhookconfig (#3832) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-07 21:09:19 +01:00
Afzal Ansari
3845225db1
refactor: imported pkg redeclared and a few other unused func (#3827) 
* Removes paths redeclared

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes v1 redeclared

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes mergeSucceededResults func never used

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes func unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors getNamespacesForRule unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors policyNamespace unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors replacing loop with ...

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors func buildPolicyLabel unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* removes unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* removes unused comment

Signed-off-by: afzal442 <afzal442@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-07 16:44:57 +00:00
Afzal Ansari
5262ed9225
refactor: shell to prevent globbing and word splitting (#3829) 
* refactors scripts/create-e2e-infrastruture sh

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors scripts/deploy-controller.sh

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors scripts/generate-server-cert.sh

Signed-off-by: afzal442 <afzal442@gmail.com>

* minor changes

Signed-off-by: afzal442 <afzal442@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-07 16:46:50 +01:00
Moritz Johner
4d2ec26c90
CLI should respect scored annotation for warnings (#3821) 
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
 2022-05-07 13:33:50 +00:00
Sambhav Kothari
c3604c1170
Add an object_from_lists function (#3824) 2022-05-07 12:05:04 +00:00
Sambhav Kothari
876a216b5f
Improve logging and error handling in json context (#3825) 2022-05-07 11:32:48 +00:00
Sambhav Kothari
e55bf0bf6f
Relax JMESPath variable validation (#3826) 2022-05-07 16:40:53 +05:30
shuting
b4f2b63f53
Load mutate.targets via dclient (#3797) 
* Load mutate.targets via dclient

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Do not fail on namespace cleanup for e2e generate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Fix wildcard name listing for a certain namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Rename onPolicyUpdate to mutateExistingOnPolicyUpdate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Enable "mutateExistingOnPolicyUpdate" on policy events

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-05-06 05:46:36 +00:00
Jim Bugwadia
db3502656d
Cert attestor (#3809) 
* add certificates attestor

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle duplicate images; use container name as key

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use OldObject for modify requests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use unique image names

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* merge main

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* create a single annotation patch across rules and images

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fmt and change annotation key name

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* split certs from keys

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add Rekor and fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-05 21:57:20 -07:00
Jim Bugwadia
76608e315e
handle duplicate images; use container name as key (#3779) 
* handle duplicate images; use container name as key

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use OldObject for modify requests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use unique image names

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* merge main

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* create a single annotation patch across rules and images

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fmt and change annotation key name

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-05 14:06:18 -07:00
Charles-Edouard Brétéché
5d2e2faf72
fix: autogen rules in status (#3728) 
* refactor: autogen package logger

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: add rules to status only when necessary

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-05 15:11:26 +00:00
Prateek Pandey
2af9046e13
refact: disable leader for update request controller (#3807) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-05-05 14:19:19 +00:00
Charles-Edouard Brétéché
d480f9f8f4
chore: remove broken .ca from helm chart (#3811) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-05 13:53:04 +00:00
Charles-Edouard Brétéché
25c2bf0e1f
fix: remove k8s apiserver from self-generated cert (#3803) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-05 13:26:55 +00:00
Vyankatesh Kudtarkar
13d8a96f92
Policy Validation check for onPolicyUpdate flag (#3814) 
* policy validation check for OnPolicyUpdate flag

* add validation check for onupdatepolicy flag
 2022-05-05 21:04:49 +08:00
shuting
8a9a98d8b5
Add handler to UR.status (#3791) 
* - Add "handler" to "ur.status"
- Mark / Unmark handler upon UR reconciliation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add field onPolicyUpdate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Update API docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add delay in generate e2e tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Remove duplicate logic for cleaning up the cloned resource

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-05-05 16:26:27 +05:30
Charles-Edouard Brétéché
4d08354498
fix: remove kubeconfig (#3802) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-05 10:12:43 +00:00
Prateek Pandey
c79dc82eaa
fix: cleanup old dependencies from go.sum and go.mod (#3806) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-05-05 08:56:22 +00:00
Charles-Edouard Brétéché
9a1a82e3b5
feat: parse all root CA certs (#3808) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-05 09:31:22 +01:00
Prateek Nandle
5be6a4e2b0
removed kubeconfig flags (#3744) 
Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 21:11:21 +02:00
Sambhav Kothari
6e48fdf4ce
Fix issue with image registry when decoding OCI descriptors with out of spec keys (#3799) 2022-05-04 13:38:56 -04:00
Charles-Edouard Brétéché
bb6e9a1ada
refactor: move config controller in controllers package (#3790) 
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: move config controller in controllers package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 16:05:03 +00:00
Charles-Edouard Brétéché
288125ebd0
chore: add informer util (#3796) 2022-05-04 12:39:14 +00:00
Charles-Edouard Brétéché
0a783bdc7d
chore: remove useless util NewKubeClient (#3795) 2022-05-04 13:14:17 +01:00
Charles-Edouard Brétéché
db735f2165
fix: pod stay in terminating when scaling to 0 (#3793) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-04 10:57:56 +00:00
gsweene2
af51ceb4ff
Add JMESPath Function items (#3777) 
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
 2022-05-04 10:33:24 +00:00
Vyankatesh Kudtarkar
fca068d0f6
Fix Cli test for image verification (#3760) 
* fix Cli test for image verification
 2022-05-04 04:11:59 +00:00
Frank Jogeleit
43fc77c71f
Add rule to PolicyViolation event messages (#3787) 
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-03 18:35:42 +00:00
Charles-Edouard Brétéché
2b6549fd5b
chore: remove config flags (#3786) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 17:52:10 +00:00
Charles-Edouard Brétéché
32789d1c0d
fix: add missing tombstone calls (#3784) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-03 16:58:20 +00:00
Charles-Edouard Brétéché
400e486b46
refactor: create a package for controllers and move certmanager in it (#3782) 
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 00:23:34 +08:00
Charles-Edouard Brétéché
207459cc40
refactor: policycache package logger (#3783) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 20:24:11 +08:00