kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
vivek kumar sahu	17052436cb	Treat normal and precondition variable equally (#4217 ) * When the value of the variables not present will assigned as nil Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fixed failing test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * remove extra line Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-18 04:34:36 +00:00
Jim Bugwadia	4aa0767728	add applyRules to control whether one or all rules are applied (#4196 ) * add ruleSelector Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix selector logic for skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generated paths Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add image variable to context when rule processing starts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update generate rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-29 15:02:26 +08:00
vivek kumar sahu	f6c131cfcc	precondition failure will skip rule independent of audit or enforce mode (#4163 ) * precondition fails will skip rule independent of audit or enforce mode Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli-test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * small fix Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-14 09:35:27 +05:30
Charles-Edouard Brétéché	5aaf2d8770	chore: make kyverno api import aliases consistent (#3939 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	c12f94d6d4	chore: enble gci linter (#3930 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-17 07:56:48 +02:00
Dhaval Shah	fce35b91d2	[Bugbash] Kceu22 bugbash/fix staticcheck warnings (#3917 ) * cleanup: error string formating Fixes Staticcheck ST1005 KubeCon EU 2022 BugBash Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: merge var declaration with assignment Fixes staticcheck S1021 Kubecon EU 2022 Bugbash Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup normalize yoda condition to simple compare fixes staticcheck ST1017 Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: remove extraneous err param on executeTest err is not used anywhere except to throw Fatal inside execureTest() fix staticcheck SA4009 Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * fix: match validation error message to actual errors Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: more of normalize validation error messages Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: additional error message formatting fixes Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-14 22:04:35 +01:00
Jim Bugwadia	76608e315e	handle duplicate images; use container name as key (#3779 ) * handle duplicate images; use container name as key Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use OldObject for modify requests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use unique image names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com> * create a single annotation patch across rules and images Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and change annotation key name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-05 14:06:18 -07:00
Sambhav Kothari	0a5f004047	Allow non-object type elements for foreach rules (#3763 ) Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-02 16:39:37 +00:00
Charles-Edouard Brétéché	cf86887d55	refactor: remove some api unnecessary pointers (#3704 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-28 12:41:10 +08:00
Jim Bugwadia	ab5171cee5	Verify digest (#3679 ) * add verifyDigest to check all tags are converted to digests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add required to check for image verification annotation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate CRD Signed-off-by: Jim Bugwadia <jim@nirmata.com> * adding imageverify true/false patch Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * patch addition logic Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * image verify CLI tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fixes and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix digest mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix policy cache Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-27 15:09:52 +00:00
Vyankatesh Kudtarkar	79be6379b2	fix test cli CI failures from main (#3682 )	2022-04-26 20:00:46 +08:00
Vyankatesh Kudtarkar	56c90fd087	Support context variables when using foreach CLI (#3637 ) * Support context variables when using foreach CLI * add testcases	2022-04-25 16:36:31 +00:00
shuting	2a656f6de0	feat: mutate existing resources (#3669 ) * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix missing policy.kyverno.io/policy-name label (#3599) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor cli code from pkg to cmd (#3591) * refactor cli code from pkg to cmd Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes in imports Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed conflicts Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * moved non-commands to utils Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * add-kms-libraries for cosign (#3603) * add-kms-libraries Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Shifted providers to cosign package Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Update vulnerable dependencies (#3577) Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * updating version in Chart.yaml (#3618) * updatimg version in Chart.yaml Signed-off-by: Prateeknandle <prateeknandle@gmail.com> * changes from, make gen-helm Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Allow kyverno-policies to have preconditions defined (#3606) * Allow kyverno-policies to have preconditions defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix docs Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Image verify attestors (#3614) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Allow defining imagePullSecrets (#3633) * Allow defining imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use dict for imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Simplify how imagePullSecrets is defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix race condition in pCache (#3632) * fix race condition in pCache Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact: remove unused Run function from generate (#3638) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * Remove helm mode setting (#3628) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * refactor: image utils (#3630) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * -resolve lift comments; -fix informer sync issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact the update request cleanup controller Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - fix delete request for mutateExisting; - fix context variable substitution; - improve logging Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable events; - add last applied annotation Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate existing on policy creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * update autogen code Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * address list comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix "Implicit memory aliasing in for loop" Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove unused definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-25 12:20:40 +00:00
Jim Bugwadia	3b1a1acd9a	Image verify attestors (#3614 ) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-19 08:35:12 -07:00
Charles-Edouard Brétéché	3d554ce53b	refactor: engine context (#3563 ) Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-09 11:52:50 +00:00
Charles-Edouard Brétéché	c8275b7c00	refactor: make response type (RuleType) typed (#3556 ) * refactor: move common utils Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: make response type (RuleType) typed Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: merge Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-06 19:04:08 +00:00
Charles-Edouard Brétéché	29d7010e25	refactor: move common utils (#3553 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 13:02:43 +00:00
Abhi Kapoor	18d4dadab6	Do not generate preconditions not met warning for audit policies (#3487 ) * Do not generate preconditions not met warning for audit policies Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update PR template to reeference the closing keyword Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update pkg/engine/validation.go Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> * Update pkg/engine/validation.go Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 10:08:01 +00:00
Charles-Edouard Brétéché	cb6f55cdcd	refactor: use GetValidationFailureAction method (#3546 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-04 16:33:12 +00:00
Charles-Edouard Brétéché	83343697b9	refactor: make use of policy interface (#3499 ) - refactor: make use of policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-30 18:34:30 +05:30
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	0c8e8c1212	feat: move GetRules() at the policy level (#3420 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 15:18:32 +00:00
Charles-Edouard Brétéché	ce5f648f30	refactor: introduce rules getters and setters (#3350 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-09 15:28:31 +00:00
Charles-Edouard Brétéché	90d0badda4	fix: CRD generation (#3334 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-06 11:07:51 -08:00
Jim Bugwadia	421a81ce63	Fix old object validation check (#3248 ) * fix validation check on UPDATE Signed-off-by: Jim Bugwadia <jim@nirmata.com> * prevent policy bypass using preconditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * separate replace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add error handling Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:18:49 -08:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00
shuting	b6447e0649	Remove resourceCache from engine (#3013 ) * update log messages Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resourceCache from the background controller when: - register resource scope - list resources per namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * - use client call for configmap lookup; - remove resourceCache from policy controller, webhook server and generate controller Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-18 12:59:35 +00:00
Jim Bugwadia	a9fef256c7	updates for foreach and mutate (#2891 ) * updates for foreach and mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow tests to pass on Windows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add elementIndex variable Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix jsonResult usage Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add mutate validation and fix error in validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not skip validation for all array entries when one is skipped Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add foreach tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused declarations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert namespaceWithLabelYaml Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate of element list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update api/kyverno/v1/policy_types.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/custom-functions/policy.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/foreach/policies.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * accept review comments and format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add comments to strategicMergePatch buffer Signed-off-by: Jim Bugwadia <jim@nirmata.com> * load context and evaluate preconditions foreach element Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test for foreach mutate context and precondition * precondition testcase * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Steven E. Harris <seh@panix.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-05 09:36:33 +08:00
shuting	2c9319ea87	don't generate policy report on managed pod/job (#2889 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-30 00:34:43 +08:00
Jim Bugwadia	e701b7aceb	re-apply policies to managed pods (#2648 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-01 11:08:24 -07:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Marcus Noble	1966c82c6d	Fix various go lint issues (#2639 ) * Fix various go lint issues Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix if mistake Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Simplified returns Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 17:06:03 +02:00
Vyankatesh Kudtarkar	27cac66b87	fix comment	2021-10-19 22:08:55 +05:30
Vyankatesh Kudtarkar	b31b343910	Fix foreach issue	2021-10-19 15:34:53 +05:30
Jim Bugwadia	e0b1f08a28	fix check for CREATE request (#2551 ) * fix check for CREATE request Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-18 09:34:07 -07:00
Vyankatesh Kudtarkar	2798287497	support list foreach (#2522 ) * support list foreach * fix testcase for each * fix mutate issue * Fix mutate patch issue * fix yaml * fix e2e test foreach validate list * code indentation * fix comments * delete unwanted files	2021-10-14 00:20:52 -07:00
Jim Bugwadia	b9d4ee6876	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 18:31:20 -07:00
NoSkillGirl	0614c2db1f	fixed rule pointer Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-10-05 12:39:58 +05:30
NoSkillGirl	5ca33ce902	Merge branch 'main' of github.com:kyverno/kyverno into feat/support_mutate_in_cli	2021-10-05 12:23:34 +05:30
vivek kumar sahu	ae6f6c327f	Added Code to support the test command for mutate policy (#2279 ) * Added test-e2e-local in the Makefile * Added a proper Indentation * Added 3 more fields * Added getPolicyResourceFullPath function * Updating the patchedResource path to full path * Converts Namespaced policy to ClusterPolicy * Added GetPatchedResourceFromPath function * Added GetPatchedResource function * Checks for namespaced-policy from policy name provided bu user * Generalizing resultKey for both validate and mutate. Also added kind field to this key * Added Type field to PolicySpec * To handle mutate case when resource and patchedResource are equal * fetch patchResource from path provided by user and compare it with engine patchedResource * generating result by comparing patchedResource * Added kind to resultKey * Handles namespaced policy results * Skip is required * Added []response.EngineResponse return type in ApplyPolicyOnResource function namespaced policy only surpasses resources having same namespace as policy * apply command will print the patchedResource whereas test will not * passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case * default namespace will printed in the output table if no namespace is being provided by the user * Added e2e test for mutate policy and also examples for both type of policies * Created a separate function to get resultKey * Changes in the resultKey for validate case * Added help description for test command in the cli * fixes code for more test cases * fixes code to support more cases and also added resources for e2e-test * some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc. * Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice. * Added kind in the result section of test.yaml for all test-cases * engineResponse will handle different types of response * GetPatchedResource() uses GetResource function to fetch patched resource Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-10-05 11:11:54 +05:30
Jim Bugwadia	6cf9fdd502	fix compile errors Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 23:23:45 -07:00
Jim Bugwadia	ee6aafa7bb	fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 23:07:40 -07:00
Jim Bugwadia	731ffde0e7	fix messages and tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 03:15:22 -07:00
Jim Bugwadia	89d1e4afab	format Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 16:57:40 -07:00
Jim Bugwadia	e0e6074afc	add validation; add 'element' to context Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 16:53:02 -07:00
Jim Bugwadia	1ebd2c99f2	add messages and set rule to skip when pattern does not match Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-30 23:34:04 -07:00
Jim Bugwadia	3957a1400e	fix deny check and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-27 23:40:05 -07:00
Jim Bugwadia	a905a61581	fix deny rules Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-27 14:28:55 -07:00

1 2 3 4 5

226 commits