Charles-Edouard Brétéché
6f040af4d0
refactor: cut dependency between image verifier and registry client ( #7536 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 16:19:38 +00:00
Charles-Edouard Brétéché
cbce1c91b7
fix: cosign global var ( #7397 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-02 12:18:10 +00:00
Vishal Choudhary
80d139bb5d
Added fetchAttestations method to notaryV2 implimentation ( #6800 )
...
* moved to oras
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* linting error fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added error checking
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed errors
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added final build
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added predicate fetching
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added checks in statements
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed continuous checking if predicate is found
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* renamed notaryv2 to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* changed notaryv2 to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* run codegen all
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* commented cert
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added variable support to certs
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* renamed notaryV2 to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* deprecated predicate types
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* disallow keys and keyless under attestors if type is set to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* gcr crane implementation init
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* types
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* using remote puller and pusher
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* implemented notation repository interface
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated notary implementation and fixed errors
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed oras
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* kuttl test init
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added image verify test
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* check image attestation notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added readme
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added tests for extract statements
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: remove status from policy webhooks (#6939 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: split chart values in readme per component (#6936 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix: incorrect json patch validation (#6941 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add verbosity level in helm chart values (#6940 )
* feat: add verbosity level in helm chart values
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: match on ephemeral containers (#6963 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: refine event permissions in default roles (#6957 )
* remove the event delete permission
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add '- events.k8s.io/v1'
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Add kuttl test for ephemeral containers (#6966 )
* Move Sam to Emeritus status
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* add kuttl test for ephemeral containers
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
---------
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* refactor: restructure cli test command (#6942 )
* refactor: restructure cli test command
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add credential helpers flags (#6974 )
* feat: add credential helpers flags
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#6976 )
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](1f0aa582c8...e5f43133f6#6084 )
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Removed duplicate import
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* make verify-codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Updated kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Fixed kuttl failure
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* moved policy check to validation
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reused functions
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added more configMap
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* removed unecessary check
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* auto codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* updated codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Renamed ApplyJMESPath() to applyJMESPath()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
---------
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump actions/setup-python from 4.5.0 to 4.6.0 (#6981 )
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](d27e3f3d7c...57ded4d7d5#6982 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](40a12dcee2...894ff025c7#6978 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: restrict default permissions (#6972 )
* restrict admission permissions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* restrict background permissions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update install.yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* kuttl README (#6984 )
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Removed duplicate import
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* make verify-codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Updated kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Fixed kuttl failure
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* moved policy check to validation
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reused functions
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added more configMap
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* removed unecessary check
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* auto codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* updated codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Renamed ApplyJMESPath() to applyJMESPath()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added Readme in context-cleanup-pod
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
---------
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#6989 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2#6987 )
Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go ) from 1.0.0-rc.2 to 1.0.0-rc.3.
- [Release notes](https://github.com/notaryproject/notation-core-go/releases )
- [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.0.0-rc.2...v1.0.0-rc.3 )
---
updated-dependencies:
- dependency-name: github.com/notaryproject/notation-core-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: new access checks for background policies (#6970 )
* switch to use sar for access checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update helm config
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix username
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update msg
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix sa name
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update install.yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump kind image to 1.27.1 (#6993 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: bump k8s deps to 1.27 (#6868 )
* feat: bump k8s deps to 1.27
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bump k8s 1.27.1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
* fix: disable autogen in foreach mutation with json patches (#6996 )
* fix: disable autogen in foreach mutation with json patches
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: add server ip config to cleanup controller (#6999 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add features section in helm values (#6935 )
* feat: add features section in helm values
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* configs
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* overrides
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add reports cleanup jobs to prevent outage (#6960 )
* feat: add reports cleanup jobs to prevent outage
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* security cotnext
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* feat: add registry credential helpers feature (#7002 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: improve instrumented clients (#7006 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: record configmap resource version to not reload when version didn't change (#7007 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#7012 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9e9de2292d...204a51a57a#7016 )
Red Hat ACM is useful for distributed kyverno policies across a
managed fleet of clusters. Adding to adopters file with a link that
describes details of using the ACM policy generator with Kyverno.
Signed-off-by: Gus Parvin <gparvin@redhat.com>
* fix: helm template with metricsRefreshInterval (#7019 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* add support for Kubernetes API server POST (#6948 )
* allow POST for Kubernetes API calls
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add kuttl tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt and undo local changes
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix codegen and unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests and extends docs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* feat: update built-in resource schemas (#7014 )
* feat: update built-in resource schemas
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix unit test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: use github.com/evanphx/json-patch/v5 (#7015 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#7025 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e#7027 )
Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>
* refactor: engine patchers (#7030 )
* refactor: engine patchers
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#7033 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8662eabe0e...f3feb00acb#7036 )
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* update development doc (#7037 )
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: generate policy validation to prevent endless loop (#7026 )
* refactor policy validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add loop check for generate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: remove deletionTimestamp checks (#7039 )
* remove deletionTimestamp check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove deletionTimestamp check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add back source check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove deletionTimestamp check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#7055 )
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog ) from 2.90.1 to 2.100.1.
- [Release notes](https://github.com/kubernetes/klog/releases )
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes/klog/compare/v2.90.1...v2.100.1 )
---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: add background scan interval log (#7065 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: flaky github action (#7068 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* refactor: engine response policy (#7063 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add opt-in setting to deploy v3 chart (#7066 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* require generate.apiVersion (#7080 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: remove excluded groups from matching (#7083 )
* fix: remove excluded groups from matching
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add config inclusions support (#7082 )
* feat: add config inclusions support
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: add makefile target for kwok (#7097 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#7099 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e#7098 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: mutation code (#7095 )
* fix: mutation code
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* lazy loading of context vars (#7071 )
* lazy loading of context vars
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* gofumpt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add kuttl tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* [Feature] Add kuttl tests with policy exceptions disabled (#7117 )
* added tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* removed redundant code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* typo fix and README changes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* Conditions message (#7113 )
* add message to conditions
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* extend tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123 )
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](21991cec25...555a30da26#7121 )
Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize ) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/kyaml
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102 )
Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go ) from 2.0.2 to 2.1.0.
- [Release notes](https://github.com/oras-project/oras-go/releases )
- [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0 )
---
updated-dependencies:
- dependency-name: oras.land/oras-go/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* add condition msg to v2beta1 (#7126 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: print container flags and their values (#7127 )
* add condition msg to v2beta1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* print flags settings
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove the container flag genWorker from the admission controller (#7132 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103 )
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.54.0 to 1.55.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* remove the duplicate entry (#7125 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120 )
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fixed error
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* undo mistake
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go mod conflict fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* changes from review
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* NIT
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated image
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated checks
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed verifying wrong ref
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated cert in tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added warning when predicate type is used
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: panic for policy variable validation (#7079 )
* fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* check errors
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: remove policy-reporter from dev lab (#7196 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: cleanup controller metrics name (#7198 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: http request metrics (#7197 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove unused code (#7203 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle Deny rules where conditions eval to true (#7204 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* [Bug] Enforce message wrong (#7208 )
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fixed tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3#7215 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17#7220 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: mutate existing auth check (#7219 )
* fix auth check when using variables in ns
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: do not exclude kube-system service accounts by default (#7225 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* docs: add reports system design doc (#6949 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227 )
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228 )
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61#7232 )
Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/pod-security-admission
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: match logic misbehave (#7218 )
* add rule name in ur for mutate existing
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix match logic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix the match logic to only apply to the new object, unless it's a delete request
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240 )
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241 )
Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242 )
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver ) from 0.27.1 to 0.27.2.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases )
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* updated kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed mistake in assert
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* quote image in error (#7259 )
Signed-off-by: bakito <github@bakito.ch>
* fix: auto update webhooks not configuring fail endpoint (#7261 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix latest version check (#7263 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270 )
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases )
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md )
- [Commits](7319e4733e...58d5258088#7272 )
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime ) from 0.14.6 to 0.15.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add yaml util to check empty document (#7276 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fixed api version in kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go sum update
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated admission controller assert
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated image
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed admission controller changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go mod fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Signed-off-by: Gus Parvin <gparvin@redhat.com>
Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: bakito <github@bakito.ch>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Md Sahil <85174511+MdSahil-oss@users.noreply.github.com>
Co-authored-by: Gus Parvin <gparvin@redhat.com>
Co-authored-by: Raúl Garcia Sanchez <info@raulgarcia.de>
Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-01 16:05:28 +08:00
Jim Bugwadia
29997fe446
Notary v2 ( #6011 )
...
* fix make debug-deploy
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* improve log messages
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* initial update
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* initial update
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update registry credentials handling order
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* comment out ACR helper - breaks anonymous image pull
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* merge main and refactor verifiers
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix opt init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove local address
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update to NotaryV2 RC
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update deps
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format imports
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove env and no-op statement
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix merge issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issue
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove unused field
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* renable ACR credential helper
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update .vscode/launch.json
Signed-off-by: shuting <shutting06@gmail.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2023-02-20 16:26:10 +00:00
Fish-pro
fdfdcc058f
Remove dependency on github.com/pkg/errors ( #6165 )
...
Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
2023-02-01 14:38:04 +08:00
Charles-Edouard Brétéché
94abfaf13e
refactor: move util funcs in sub packages ( #5754 )
...
* refactor: move util func in sub packages
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* Update pkg/utils/kube/crd.go
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
2022-12-22 06:39:54 +00:00
Charles-Edouard Brétéché
2fea112a60
feat: add engine traces ( #5463 )
...
* feat: make traces better
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add tracing in engine validation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* refactor
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* audit
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* values
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chart deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* trace
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fixes and image verification
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* mutate
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* mutate
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove chart deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove tempo
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bump deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* makefile
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* makefile
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* makefile
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* makefile
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* prometheus
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* child span
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* more spans
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* audit
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix cosign spans
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix cosign spans
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* mutation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* mutation tracing
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-12-12 20:32:11 +00:00
Charles-Edouard Brétéché
718f80c5a1
refactor: tracing package ( #5643 )
...
* refactor: tracing package
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* child span
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-12-11 21:39:37 +01:00
Charles-Edouard Brétéché
ff728d5f2b
feat: propagate context through engine ( #5639 )
...
* feat: propagate context through engine
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: propagate context through engine
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: propagate context through engine
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: propagate context through engine
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-12-09 21:45:11 +08:00
Charles-Edouard Brétéché
39b72eefb9
feat: add http clients tracing ( #5630 )
...
* feat: add http clients tracing
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* check we are in a span before creating one and and context to metrics recording calls
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-12-09 09:09:11 +00:00
Charles-Edouard Brétéché
7219b4f8a3
refactor: registry client ( #5596 )
...
* refactor: registry client
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-12-07 23:08:37 +08:00
Charles-Edouard Brétéché
5b89e2e5f8
refactor: make policy context immutable and fields private ( #5523 )
...
* refactor: make policy context immutable and fields private
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* refactor: make policy context immutable and fields private
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-12-02 16:14:23 +08:00
shuting
ef06833613
feat: support attestations with multiple signatures ( #5409 )
...
* add new attribute ".verifyImages.attestations.attestors"
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Update CRDs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* support multiple subjects for attestations
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* - fix entries check; - refactors code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix linter
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* - allow both attestors and attestations; - make attestations.attestor optional
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove the invalid test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix empty attestor
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add cleanup steps
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Update api/kyverno/v1/image_verification_types.go
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* update codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-12-01 22:09:44 +00:00
Jim Bugwadia
f70c6ef444
Fix multi attestor keyless ( #5432 )
...
* match atleast one signature
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* gofumpt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* gofumpt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-11-22 06:37:24 +00:00
Pratik Shah
8a0083105d
Added support to specify key signature algorithm in verifyImages ( #4855 )
...
Signed-off-by: Pratik Shah <pratik@infracloud.io>
Signed-off-by: Pratik Shah <pratik@infracloud.io>
2022-10-14 05:39:57 +00:00
Batuhan Apaydın
2860775dc3
feature: use cert extension oid as key ( #4854 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-10 12:39:09 -07:00
Jim Bugwadia
106880c8d0
fix extension checks ( #4836 )
...
* fix extension checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-06 13:08:34 -07:00
Pradeep Lakshmi Narasimha
4e1c1e6785
fix: subject and issuer validation when attestations are present ( #4786 )
...
Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>
Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-10-04 18:03:56 +08:00
yinka
688b4fb8e3
add package logger in files ( #4766 )
...
* add package logger in files
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* add package logger to initContainer and other files
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* helm docs
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* helm default values
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* release notes
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-02 19:45:03 +00:00
Charles-Edouard Brétéché
fc1a4601a7
refactor: introduce wildcard utils package ( #4406 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-08-25 05:23:01 +00:00
Charles-Edouard Brétéché
144985ee5a
chore: fix golangcilint timeout ( #4388 )
...
* chore: fix golangcilint timeout
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix commit sha
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* add .gitattributes
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-08-24 21:08:24 +08:00
Jim Bugwadia
22eb79a7f0
Fix PEM delimiter parse ( #4331 )
...
* update log levels
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* do not generate policy reports for blocked images
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix PEM delimiter parsing and add test case
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-08-12 10:06:14 +00:00
Jim Bugwadia
943c3a1929
use failurePolicy to block or allow requests, on policy errors ( #4183 )
...
* use failurePolicy to block or allow requests, on policy errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add warnings
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* codegen
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle network errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix title conversion
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix path in generated file
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix fake metrics
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add check for klog flag initialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* check for flag reinitialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* check for flag reinitialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix spelling
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix flag init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-08-02 20:24:02 +05:30
Tathagata Paul
3e2894b6fa
feat: Opentelemetry support for metrics and traces ( #3910 )
...
* integrating opentelemetry
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* fix multiple imports
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* fixed cli help statement
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* added init file for metrics
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-07-11 17:49:47 +00:00
Furkan Türkal
af3da5e19a
bump cosign to 1.9.1 to fix fulcio panic ( #4117 )
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-06-16 16:03:22 +00:00
Jim Bugwadia
c3be689851
remove TUF initialization from main ( #4098 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-06-10 00:52:12 -07:00
Anton Popovichenko
afc9a56d33
Feature: Add support for allowing insecure registries. ( #3983 )
...
Now you can work with self signed registries by updating your deployment with adding `--allowInsecureRegistry` to the `args` field.
Signed-off-by: Anton Popovichenko <anton.popovichenko@mendix.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-25 11:03:36 +02:00
Jim Bugwadia
8fe9163f4e
fix attestation checks ( #3999 )
...
* fix attestation checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make codegen
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* dos2unix
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-24 14:57:01 +08:00
Charles-Edouard Brétéché
1afda6a137
refactor: make registry client variables private ( #3975 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-23 18:45:25 +05:30
Charles-Edouard Brétéché
840307fc69
chore: enable ifshort linter ( #3945 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 18:55:13 +00:00
Charles-Edouard Brétéché
5aaf2d8770
chore: make kyverno api import aliases consistent ( #3939 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché
0099ef54ad
chore: enable gofmt and gofumpt linters ( #3931 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché
c12f94d6d4
chore: enble gci linter ( #3930 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-05-17 07:56:48 +02:00
Jim Bugwadia
36affff4b7
Timeout and init ( #3893 )
...
* increase timeout to 30s to match webhook timeout
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* initialize Fulcio roots at startup
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add TUF root
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix chart
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make helm-gen
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-12 10:55:14 +08:00
Charles-Edouard Brétéché
f508e9a0b8
chore: add unconvert linter ( #3867 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-10 20:28:45 +01:00
Charles-Edouard Brétéché
e2cf6cea5a
fix: golangci-lint warnings in pkg ( #3846 )
...
* fix: golangci-lint warnings in cmd
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: golangci-lint warnings in pkg
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-10 09:24:27 +00:00
Jim Bugwadia
db3502656d
Cert attestor ( #3809 )
...
* add certificates attestor
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle duplicate images; use container name as key
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* use OldObject for modify requests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* use unique image names
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* merge main
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* create a single annotation patch across rules and images
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt and change annotation key name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* split certs from keys
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add Rekor and fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-05 21:57:20 -07:00
Charles-Edouard Brétéché
a592dad2aa
refactor: cosign package logger ( #3773 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-02 21:03:44 +01:00
Charles-Edouard Brétéché
24ed931f42
refactor: remove some api unnecessary pointers (4) ( #3713 )
...
* refactor: remove some api unnecessary pointers
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: remove some api unnecessary pointers (2)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: remove some api unnecessary pointers (3)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: remove some api unnecessary pointers (4)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-04-29 09:12:01 +02:00
Jim Bugwadia
9fde4fd6a1
Multiple keys ( #3636 )
...
* fix autogen check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* allow multiple keys and fix root/intermediate certs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make issuer/subject optional
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* enable CTLog options
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix split
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make codegen
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* rename CTLog -> Rekor
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* api/kyverno/v1/image_verification_test.go
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-04-22 07:10:02 +00:00
Jim Bugwadia
3b1a1acd9a
Image verify attestors ( #3614 )
...
* fix logs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix logs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* support multiple attestors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* rm CLI tests (not currently supported)
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* apply attestor repo
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix entryError assignment
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add intermediary certs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-04-19 08:35:12 -07:00
Anushka Mittal
1714a328b6
add-kms-libraries for cosign ( #3603 )
...
* add-kms-libraries
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
* Shifted providers to cosign package
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
2022-04-14 15:24:34 +00:00
Charles-Edouard Brétéché
29d7010e25
refactor: move common utils ( #3553 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-04-05 13:02:43 +00:00
shuting
d1bf3d4742
clean up dependencies ( #3469 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-03-25 08:40:25 +00:00
Naman Lakhwani
433ad5e0c4
[imageVerify]: correcting error msg ( #3398 )
...
* corrected err msgs
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
* this msg is not required explicitly
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-03-18 12:47:27 -07:00
Christian Kotzbauer
860253d6aa
[ImageVerify] Verify additional certificate-extensions ( #3404 )
...
* feat: add additionalExtensions to keyless imageVerify
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
* feat: regenerate code
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
2022-03-17 08:42:12 +00:00
Ivan Wallis
deda7a5336
support RSA, ECDSA and EDDSA public key verification ( #3362 )
...
Signed-off-by: Ivan Wallis <iwallis@gmail.com>
2022-03-08 21:58:14 -08:00
Jim Bugwadia
bd1a145678
Fix keyless attest ( #3219 )
...
* allow root cert for keyless attestations checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add logs and improve var names
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle err in sig loading
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
2022-02-13 20:35:11 -08:00
Naman Lakhwani
d3dd7a7b45
fixing and adding tests ( #3112 )
...
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
2022-01-27 22:50:29 -08:00
Jim Bugwadia
7cf1dd2b15
update cosign to 1.5.0 and fix issuer and subject for keyless ( #3089 )
...
* update cosign to 1.5.0 and add checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix subject and issuer checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-01-27 21:13:23 -08:00
