1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

6304 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
147e3197c4
chore: add a timeout to setup-build-env action (#8153)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-29 08:39:43 +00:00
dependabot[bot]
af786b1504
chore(deps): bump go.opentelemetry.io/otel/metric from 1.16.0 to 1.17.0 (#8147)
Bumps [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-29 07:29:57 +00:00
Charles-Edouard Brétéché
bb3df218ed
fix: validate the YAML test file syntactically and schematically (#8145)
* fix: validate the YAML test file syntactically

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* schema validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 18:04:00 -04:00
Charles-Edouard Brétéché
ecc7b87df6
chore: remove old comment from helm chart (#8142)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 20:35:08 +00:00
Mariam Fahmy
5c9f78e627
chore: add kind config file for v1beta1 of validating admission policies (#8139)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-28 19:19:04 +00:00
Mariam Fahmy
8118e0213a
fix: vscode debug config (#8138)
* fix: vscode debug config

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix: modify vscode launch json file

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-28 17:58:36 +00:00
Ved Ratan
daadd36c72
[Feat]: Perform permissions check when TTL label is observed (#8128)
* added permissions check

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* issue_8091

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* log fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* refactor

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 16:18:48 +00:00
Mariam Fahmy
94aa1f18c6
feat: support namespaced parameter resources for CEL expressions in Kyverno policies (#8084)
* feat: support namespaced parameter resources for CEL expressions in Kyverno policies

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix lint issue

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix kuttl test

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-28 14:43:09 +00:00
Charles-Edouard Brétéché
0f9fe30c08
feat: allow overriding ca and tls secret names (#8137)
* feat: allow overriding ca and tls secret names

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 14:05:49 +00:00
Vishal Choudhary
b374c05517
fix: update certmanager and config to take common name and namespace as arguments (#8129)
* feat: add namespace and common name args

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: remove unnecessary dns name

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 12:04:37 +00:00
Charles-Edouard Brétéché
ce66667779
chore: add .helmignore to .helmignore (#8136)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 10:57:13 +00:00
Charles-Edouard Brétéché
93d01b3f36
feat: add ttl manager metric for tracked resources (#8134)
* feat: add ttl manager metric for tracked resources

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* lock

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-28 10:24:53 +00:00
dependabot[bot]
2fefc825ed
chore(deps): bump kyverno/action-install-cli from 0.1.0 to 0.2.0 (#8133)
Bumps [kyverno/action-install-cli](https://github.com/kyverno/action-install-cli) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/kyverno/action-install-cli/releases)
- [Commits](a3d781ac3f...fcee92fca5)

---
updated-dependencies:
- dependency-name: kyverno/action-install-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-28 07:35:53 +00:00
Charles-Edouard Brétéché
e4370f296a
fix: nancy ignore file (#8132)
* fix: nancy ignore file

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-27 20:48:49 +00:00
Sarthak Negi
fa5cb41a56
the renkor version in go mod file is v1.2.2. But nancy-ignore file is not updated (#8131)
Signed-off-by: sarthaksarthak9 <sarthaknegi908@gmail.com>
2023-08-27 19:34:00 +00:00
Charles-Edouard Brétéché
ff8129fdba
chore: bump kustomize (#8126)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-25 22:15:23 +00:00
Charles-Edouard Brétéché
1be6eeda91
fix: misleading warning about matching on status (#8127)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-25 21:44:08 +00:00
Ved Ratan
ebd9506f87
[Feat] TTL controller log improvements (#8112)
* upgraded verbose and enhanced label

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* enhancements

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
2023-08-25 22:32:56 +02:00
shuting
c751f1de58
fix: renew tls cert when ca cert is deleted (#8114)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-08-25 16:15:14 +00:00
Charles-Edouard Brétéché
58bf667f61
chore: bump a couple of deps (#8125)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-25 14:25:58 +00:00
Charles-Edouard Brétéché
ab6fc0ad1b
fix: reduce tls package dependencies (part 2) (#8109)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-25 11:24:52 +00:00
dependabot[bot]
da086a252a
chore(deps): bump k8s.io/cli-runtime from 0.28.0 to 0.28.1 (#8124)
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.28.0 to 0.28.1.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.28.0...v0.28.1)

---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-25 09:36:28 +00:00
Charles-Edouard Brétéché
ba2a787434
fix: conditions v2beta1 help (#8115)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-25 08:49:24 +00:00
dependabot[bot]
9c322f209d
chore(deps): bump k8s.io/pod-security-admission from 0.28.0 to 0.28.1 (#8123)
Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.28.0 to 0.28.1.
- [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.28.0...v0.28.1)

---
updated-dependencies:
- dependency-name: k8s.io/pod-security-admission
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-25 08:06:52 +00:00
dependabot[bot]
410c02b36f
chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#8119)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...f43a0e5ff2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-25 07:17:21 +00:00
dependabot[bot]
4700566966
chore(deps): bump fluxcd/flux2 from 2.0.1 to 2.1.0 (#8118)
Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](9b3162495c...22cf986a79)

---
updated-dependencies:
- dependency-name: fluxcd/flux2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-25 06:46:11 +00:00
Charles-Edouard Brétéché
b333c312ec
fix: cli tests scenarios_to_cli/other (#8116)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 23:02:47 +00:00
Charles-Edouard Brétéché
f64d8d1eec
fix: cel-variables kuttl test (#8113)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 17:30:06 +00:00
Charles-Edouard Brétéché
e7b7dc4b9d
fix: cli logs not working (#8110)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 16:17:20 +00:00
Mariam Fahmy
072ebeacdb
refactor: create cel package for compiling expressions (#8108)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-24 14:06:37 +00:00
Charles-Edouard Brétéché
23b7bd4644
chore: add otel collector to dev lab (#8106)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 13:04:01 +00:00
Charles-Edouard Brétéché
59c2a5d813
fix: reduce tls package dependencies (#8107)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 11:52:57 +00:00
Mariam Fahmy
10172ae8e0
feat: support variables for CEL in Kyverno policies (#8103)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 10:00:27 +00:00
Charles-Edouard Brétéché
967536db7d
chore: add kind config with kubelet and apiserver tracing (#8105)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 09:10:02 +00:00
Ved Ratan
780f1c1e09
[Feat]: added ttl-metrics (#8096)
* added ttl-metrics

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* applied changes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added gvr in labels

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
2023-08-24 10:32:46 +02:00
Charles-Edouard Brétéché
3c09d902fd
fix: context propagation in tracing (#8104)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 14:45:58 +08:00
AdamKorcz
da3531a0c0
chore: add mocks to mutate fuzzer (#8102)
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-08-23 21:45:01 +00:00
Dhananjay Kumar Sharma
04bc4ed7c6
Migrated scenario based tests to CLI (#8055)
* migrated scenarios to cli and resolved conflicts

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Modified Makefile

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update Makefile

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Create patchedresource.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update kyverno-test.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Delete test/cli/scenarios_to_cli/other /scenario_mutate_validate_qos directory

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update kyverno-test.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Create patchedresource.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update policy.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update policy.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-23 15:55:39 +00:00
Mariam Fahmy
333845677a
fix: check if client is set in CEL validations (#8099)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-23 17:22:37 +02:00
Mariam Fahmy
e1783e7375
refactor CEL validation in Kyverno policies (#8098)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-23 13:28:40 +00:00
Charles-Edouard Brétéché
87728f1771
refactor: background controller permissions (#8083)
* fix: reduce background controller permissions

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* debug

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-23 12:29:56 +00:00
dependabot[bot]
2d434c6f97
chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.0 (#8094)
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.1 to 0.16.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.1...v0.16.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-08-23 08:42:38 +00:00
dependabot[bot]
58b5d65c85
chore(deps): bump slsa-framework/slsa-github-generator (#8093)
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-23 16:11:32 +08:00
AdamKorcz
af33cd98c8
chore: improve performance of engine fuzzers (#8090)
Signed-off-by: AdamKorcz <adam@adalogics.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-22 22:35:06 +00:00
Charles-Edouard Brétéché
11ef5758e4
fix: mutate existing kuttl tests (#8088)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-22 16:50:26 +00:00
Charles-Edouard Brétéché
c8433bf048
fix: generate/clusterpolicy kuttl tests (#8087)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-22 16:06:04 +00:00
Charles-Edouard Brétéché
52971c372a
fix: generate/validation kuttl tests (#8085)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-22 23:29:53 +08:00
Charles-Edouard Brétéché
4058b0794e
fix: crash when applying unquoted null (#8081)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-22 12:05:08 +00:00
Mariam Fahmy
19b1944bc3
chore: replace usage of v1beta1 with v1alpha1 for cel subrule (#8082)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-22 11:33:33 +00:00
Charles-Edouard Brétéché
db2f47b8b5
fix: allow mutation of policy reports (#8080)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-22 09:44:25 +00:00