kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
shuting	423afb57d8	skip validate rules if conditional anchor key doesn't exist in the resource (#4451 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-08-31 05:09:53 +00:00
Riko Kudo	5f5cda9fee	Yaml signing and verification (#4235 ) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-08-30 10:14:54 -07:00
Charles-Edouard Brétéché	fc1a4601a7	refactor: introduce wildcard utils package (#4406 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-25 05:23:01 +00:00
Charles-Edouard Brétéché	144985ee5a	chore: fix golangcilint timeout (#4388 ) * chore: fix golangcilint timeout Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix commit sha Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add .gitattributes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-24 21:08:24 +08:00
Charles-Edouard Brétéché	5cc97993dc	feat: add raw api call support (#3820 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-23 18:52:54 +02:00
Anutosh Bhat	d92e16526f	Added appropriate logging levels to log.Info() calls wherever necessary (#4341 ) * Added appropriate logging levels to log.Info() calls wherever necessary Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Changed logging levels to 2 Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-18 13:24:59 +00:00
vivek kumar sahu	17052436cb	Treat normal and precondition variable equally (#4217 ) * When the value of the variables not present will assigned as nil Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fixed failing test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * remove extra line Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-18 04:34:36 +00:00
Charles-Edouard Brétéché	186dde5589	fix: image verify logs (#4348 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-17 19:32:19 -07:00
Jim Bugwadia	22eb79a7f0	Fix PEM delimiter parse (#4331 ) * update log levels Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not generate policy reports for blocked images Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix PEM delimiter parsing and add test case Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-12 10:06:14 +00:00
vivek kumar sahu	c95bb74992	Context vars substitution in CLI (#4290 ) * context variables substitution will be independent of sequence Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-09 05:48:57 +00:00
Jim Bugwadia	943c3a1929	use failurePolicy to block or allow requests, on policy errors (#4183 ) * use failurePolicy to block or allow requests, on policy errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add warnings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle network errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix title conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix path in generated file Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fake metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for klog flag initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix spelling Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix flag init Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 20:24:02 +05:30
Jim Bugwadia	6fa8a97583	update log levels (#4286 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 10:57:25 +05:30
Jim Bugwadia	4aa0767728	add applyRules to control whether one or all rules are applied (#4196 ) * add ruleSelector Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix selector logic for skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generated paths Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add image variable to context when rule processing starts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update generate rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-29 15:02:26 +08:00
vivek kumar sahu	03cec01fb5	feature: added new type of event, PolicySkipped (#4251 ) * feature: added new type of event, PolicySkipped Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fix html docs Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-28 14:01:50 +08:00
vivek kumar sahu	f6c131cfcc	precondition failure will skip rule independent of audit or enforce mode (#4163 ) * precondition fails will skip rule independent of audit or enforce mode Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli-test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * small fix Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-14 09:35:27 +05:30
Andrew Bulford	11942560c3	fix: Stop incorrect any block condition logging (#4107 ) Previously the "no condition passed for 'any' block" would be logged for all `any` blocks because the log line always occurs, even if conditions are found. Co-authored-by: Samuel Torres <samuel.torres@form3.tech> Signed-off-by: Andrew Bulford <andrew.bulford@form3.tech> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-06-15 15:39:24 +00:00
Shubham Nazare	165c5d9fc3	feat: Extend CLI to cover generate policies (#3456 ) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-25 14:26:22 +00:00
Anton Popovichenko	afc9a56d33	Feature: Add support for allowing insecure registries. (#3983 ) Now you can work with self signed registries by updating your deployment with adding `--allowInsecureRegistry` to the `args` field. Signed-off-by: Anton Popovichenko <anton.popovichenko@mendix.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-25 11:03:36 +02:00
shuting	85b486eb27	Support `@` for mutate targets (#3998 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-05-24 17:49:36 +05:30
Jim Bugwadia	8fe9163f4e	fix attestation checks (#3999 ) * fix attestation checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * dos2unix Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-05-24 14:57:01 +08:00
Charles-Edouard Brétéché	1afda6a137	refactor: make registry client variables private (#3975 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-23 18:45:25 +05:30
Charles-Edouard Brétéché	840307fc69	chore: enable ifshort linter (#3945 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 18:55:13 +00:00
Charles-Edouard Brétéché	5243763674	chore: make dclient import aliases consistent (#3951 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 14:40:51 +00:00
Charles-Edouard Brétéché	5aaf2d8770	chore: make kyverno api import aliases consistent (#3939 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	c12f94d6d4	chore: enble gci linter (#3930 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-17 07:56:48 +02:00
Anurag	e8b1e1275a	fix: return type changed to bool in jpfCompare fn (#3924 ) * return type changed to bool in jpfCompare fn Signed-off-by: Anurag <contact.anurag7@gmail.com> * update functions.go Signed-off-by: Anurag <contact.anurag7@gmail.com> * updated the commit Signed-off-by: Anurag <contact.anurag7@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-16 21:11:43 +00:00
Charles-Edouard Brétéché	52cc493e57	chore: enable misspell linter (#3932 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 19:08:57 +05:30
Charles-Edouard Brétéché	d7a3ba596d	chore: enable errname linter (#3926 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 18:51:31 +08:00
Dhaval Shah	fce35b91d2	[Bugbash] Kceu22 bugbash/fix staticcheck warnings (#3917 ) * cleanup: error string formating Fixes Staticcheck ST1005 KubeCon EU 2022 BugBash Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: merge var declaration with assignment Fixes staticcheck S1021 Kubecon EU 2022 Bugbash Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup normalize yoda condition to simple compare fixes staticcheck ST1017 Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: remove extraneous err param on executeTest err is not used anywhere except to throw Fatal inside execureTest() fix staticcheck SA4009 Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * fix: match validation error message to actual errors Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: more of normalize validation error messages Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> * cleanup: additional error message formatting fixes Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-14 22:04:35 +01:00
Vyankatesh Kudtarkar	31928c9507	Fix subject match selector issue in cli (#3887 ) * Fix subject match selector issue in cli * remove space * code refactoring	2022-05-11 15:21:13 +00:00
Jim Bugwadia	0cd21ec0f3	skip var checks in attestations (#3876 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-05-11 09:31:48 +00:00
Charles-Edouard Brétéché	d8a4c709f8	chore: enable containedctx linter (#3873 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-11 07:42:11 +00:00
Tathagata Paul	3e826f109c	fix subjects in test cli (#3743 ) Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-11 04:21:00 +00:00
Charles-Edouard Brétéché	f508e9a0b8	chore: add unconvert linter (#3867 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 20:28:45 +01:00
Charles-Edouard Brétéché	97e5e64fd4	chore: enable whitespace linter (#3864 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-10 17:01:29 +00:00
Charles-Edouard Brétéché	d982ef77b3	chore: enable deadcode and unused linters (#3861 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 17:06:48 +02:00
Jim Bugwadia	bc07943c81	handle subresources (#3841 ) * handle subresources Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logger name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix webhook and logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-09 18:50:50 -07:00
Jim Bugwadia	69ac94b0ee	fix check and add logs (#3838 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-05-08 07:45:02 +00:00
Sambhav Kothari	2dc54e5c1b	Allow variables of any kind to be defined (#3828 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-05-07 20:30:11 +00:00
Afzal Ansari	3845225db1	refactor: imported pkg redeclared and a few other unused func (#3827 ) * Removes paths redeclared Signed-off-by: afzal442 <afzal442@gmail.com> * fixes v1 redeclared Signed-off-by: afzal442 <afzal442@gmail.com> * fixes mergeSucceededResults func never used Signed-off-by: afzal442 <afzal442@gmail.com> * fixes func unused Signed-off-by: afzal442 <afzal442@gmail.com> * refactors unused func Signed-off-by: afzal442 <afzal442@gmail.com> * refactors unused func Signed-off-by: afzal442 <afzal442@gmail.com> * refactors getNamespacesForRule unused Signed-off-by: afzal442 <afzal442@gmail.com> * refactors policyNamespace unused Signed-off-by: afzal442 <afzal442@gmail.com> * refactors replacing loop with ... Signed-off-by: afzal442 <afzal442@gmail.com> * refactors func buildPolicyLabel unused Signed-off-by: afzal442 <afzal442@gmail.com> * removes unused func Signed-off-by: afzal442 <afzal442@gmail.com> * removes unused comment Signed-off-by: afzal442 <afzal442@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-07 16:44:57 +00:00
Sambhav Kothari	c3604c1170	Add an object_from_lists function (#3824 )	2022-05-07 12:05:04 +00:00
Sambhav Kothari	876a216b5f	Improve logging and error handling in json context (#3825 )	2022-05-07 11:32:48 +00:00
shuting	b4f2b63f53	Load `mutate.targets` via dclient (#3797 ) * Load mutate.targets via dclient Signed-off-by: ShutingZhao <shuting@nirmata.com> * Do not fail on namespace cleanup for e2e generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix wildcard name listing for a certain namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * Rename onPolicyUpdate to mutateExistingOnPolicyUpdate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Enable "mutateExistingOnPolicyUpdate" on policy events Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-05-06 05:46:36 +00:00
Jim Bugwadia	db3502656d	Cert attestor (#3809 ) * add certificates attestor Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle duplicate images; use container name as key Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use OldObject for modify requests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use unique image names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com> * create a single annotation patch across rules and images Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and change annotation key name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * split certs from keys Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add Rekor and fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-05 21:57:20 -07:00
Jim Bugwadia	76608e315e	handle duplicate images; use container name as key (#3779 ) * handle duplicate images; use container name as key Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use OldObject for modify requests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use unique image names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com> * create a single annotation patch across rules and images Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and change annotation key name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-05 14:06:18 -07:00
Sambhav Kothari	6e48fdf4ce	Fix issue with image registry when decoding OCI descriptors with out of spec keys (#3799 )	2022-05-04 13:38:56 -04:00
gsweene2	af51ceb4ff	Add JMESPath Function `items` (#3777 ) Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-05-04 10:33:24 +00:00
Charles-Edouard Brétéché	f70ef051dc	refactor: move ImageExtractorConfigs in api package (#3781 )	2022-05-03 08:45:08 +00:00
Charles-Edouard Brétéché	c79223393b	refactor: dclient package (#3775 ) * refactor: replace clientset by inteface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: dclient package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché	a592dad2aa	refactor: cosign package logger (#3773 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-02 21:03:44 +01:00
Sambhav Kothari	0a5f004047	Allow non-object type elements for foreach rules (#3763 ) Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-02 16:39:37 +00:00
Sambhav Kothari	e1ee6e8cbd	Reduce log verbosity for image extractors (#3764 )	2022-05-02 15:04:19 +00:00
Jim Bugwadia	3cb620499e	Remove YAML multiline support in CM values (#3721 ) * remove YAML multiline support in CM values Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused code Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-02 08:57:35 +01:00
Jim Bugwadia	4f8eab76ce	cleanup event messages and sources (#3741 ) * cleanup events Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix sonatype issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-02 05:14:32 +00:00
Jim Bugwadia	0771ffd474	Add error handling and log for image extractor errors (#3724 ) Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-01 23:44:51 +00:00
Jim Bugwadia	ef71102b22	Fix verify all images (#3748 ) Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-01 23:02:49 +00:00
Charles-Edouard Brétéché	24ed931f42	refactor: remove some api unnecessary pointers (4) (#3713 ) * refactor: remove some api unnecessary pointers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (2) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (3) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (4) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-29 09:12:01 +02:00
Charles-Edouard Brétéché	b7f42a0d1f	refactor: remove some api unnecessary pointers (3) (#3707 ) * refactor: remove some api unnecessary pointers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (2) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (3) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-28 12:30:23 +00:00
Charles-Edouard Brétéché	75e300799a	fix: remove unused type TargetMutation (#3706 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-28 06:05:13 +00:00
Charles-Edouard Brétéché	cf86887d55	refactor: remove some api unnecessary pointers (#3704 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-28 12:41:10 +08:00
Jim Bugwadia	ab5171cee5	Verify digest (#3679 ) * add verifyDigest to check all tags are converted to digests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add required to check for image verification annotation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate CRD Signed-off-by: Jim Bugwadia <jim@nirmata.com> * adding imageverify true/false patch Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * patch addition logic Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * image verify CLI tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fixes and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix digest mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix policy cache Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-27 15:09:52 +00:00
Sambhav Kothari	25badfe4fb	Fix regression in wildcard matches in In/AnyIn operators (#3686 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-26 18:03:05 +00:00
Vyankatesh Kudtarkar	79be6379b2	fix test cli CI failures from main (#3682 )	2022-04-26 20:00:46 +08:00
Vyankatesh Kudtarkar	56c90fd087	Support context variables when using foreach CLI (#3637 ) * Support context variables when using foreach CLI * add testcases	2022-04-25 16:36:31 +00:00
shuting	2a656f6de0	feat: mutate existing resources (#3669 ) * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix missing policy.kyverno.io/policy-name label (#3599) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor cli code from pkg to cmd (#3591) * refactor cli code from pkg to cmd Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes in imports Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed conflicts Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * moved non-commands to utils Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * add-kms-libraries for cosign (#3603) * add-kms-libraries Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Shifted providers to cosign package Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Update vulnerable dependencies (#3577) Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * updating version in Chart.yaml (#3618) * updatimg version in Chart.yaml Signed-off-by: Prateeknandle <prateeknandle@gmail.com> * changes from, make gen-helm Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Allow kyverno-policies to have preconditions defined (#3606) * Allow kyverno-policies to have preconditions defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix docs Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Image verify attestors (#3614) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Allow defining imagePullSecrets (#3633) * Allow defining imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use dict for imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Simplify how imagePullSecrets is defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix race condition in pCache (#3632) * fix race condition in pCache Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact: remove unused Run function from generate (#3638) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * Remove helm mode setting (#3628) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * refactor: image utils (#3630) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * -resolve lift comments; -fix informer sync issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact the update request cleanup controller Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - fix delete request for mutateExisting; - fix context variable substitution; - improve logging Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable events; - add last applied annotation Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate existing on policy creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * update autogen code Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * address list comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix "Implicit memory aliasing in for loop" Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove unused definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-25 12:20:40 +00:00
Charles-Edouard Brétéché	cbf93ff004	fix: pass logger by value (#3666 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-04-25 11:51:49 +00:00
Sambhav Kothari	44b5bf0b57	Allow definition of inline variables in context (#3658 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-04-25 19:06:07 +08:00
Naman Lakhwani	9f3fc941ef	[imageVerify]: adding `digestMutate` to simplify tag-to-digest mutation (#3531 ) * added digestMutate Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * rebase Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * setting always to true Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * small nit Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * make codegen Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * crds & failing rule if mutation fails Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * adding new func to fetch digest and changing naming to mutateDigest Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * small nits Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * generating crds Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * minor nit Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * correcting error format Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-04-22 01:08:49 -07:00
Jim Bugwadia	9fde4fd6a1	Multiple keys (#3636 ) * fix autogen check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow multiple keys and fix root/intermediate certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make issuer/subject optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * enable CTLog options Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix split Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename CTLog -> Rekor Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * api/kyverno/v1/image_verification_test.go Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-22 07:10:02 +00:00
Charles-Edouard Brétéché	2e1a87d149	refactor: image utils (#3630 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-20 15:01:02 +00:00
Jim Bugwadia	3b1a1acd9a	Image verify attestors (#3614 ) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-19 08:35:12 -07:00
Sambhav Kothari	ec4e4ba452	Add support for custom image extractors (#3596 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-04-14 09:08:30 -07:00
Mritunjay Kumar Sharma	b815caef5d	refactor cli code from pkg to cmd (#3591 ) * refactor cli code from pkg to cmd Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes in imports Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed conflicts Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * moved non-commands to utils Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-14 12:20:18 +00:00
Jim Bugwadia	0f186afb3e	update imageVerify schema (#3574 ) * update imageVerify schema Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change nested/recursive types to apiextv1.JSON Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix message Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-11 16:47:27 +01:00
Sambhav Kothari	6f7bd7451b	Refactor image extraction to allow extracting custom resources (#3572 ) * refactor: image extraction Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Refactor image extraction to allow extracting custom resources Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-11 09:30:38 +00:00
Soumya Singh	84aa2e3fbb	Add returnType for regexMatch in kyverno jp output (#3575 ) Signed-off-by: tend2infinity <somu12.ss@gmail.coom> Co-authored-by: tend2infinity <somu12.ss@gmail.coom>	2022-04-11 08:34:14 +01:00
Charles-Edouard Brétéché	3d554ce53b	refactor: engine context (#3563 ) Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-09 11:52:50 +00:00
Charles-Edouard Brétéché	06c2b2bb79	refactor: switch to admission v1 (#3526 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-06 20:43:07 +00:00
Charles-Edouard Brétéché	c8275b7c00	refactor: make response type (RuleType) typed (#3556 ) * refactor: move common utils Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: make response type (RuleType) typed Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: merge Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-06 19:04:08 +00:00
Charles-Edouard Brétéché	975f6ba7c8	test: pass lock by value (#3481 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-04-05 15:52:13 +00:00
Charles-Edouard Brétéché	29d7010e25	refactor: move common utils (#3553 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 13:02:43 +00:00
Charles-Edouard Brétéché	bd953cf4fa	fix: checkEngineResponse in webhooks (#3551 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 10:41:08 +00:00
Abhi Kapoor	18d4dadab6	Do not generate preconditions not met warning for audit policies (#3487 ) * Do not generate preconditions not met warning for audit policies Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update PR template to reeference the closing keyword Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update pkg/engine/validation.go Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> * Update pkg/engine/validation.go Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 10:08:01 +00:00
Charles-Edouard Brétéché	a93ac45586	refactor: move some helpers in utils package (#3539 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-04 18:58:22 +00:00
Charles-Edouard Brétéché	cb6f55cdcd	refactor: use GetValidationFailureAction method (#3546 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-04 16:33:12 +00:00
silenceper	d97258654f	fix wildcards in value arrays (#3486 ) Signed-off-by: silenceper <silenceper@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-01 10:42:07 +00:00
Charles-Edouard Brétéché	663ad49dca	refactor: add a json patch util and use it in autogen package (#3524 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-01 13:26:47 +08:00
Charles-Edouard Brétéché	9fc65fa5a7	refactor: use policy interface and introduce admission utils package (#3512 ) * refactor: use more policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: migrate to policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-31 20:25:54 +08:00
Charles-Edouard Brétéché	83343697b9	refactor: make use of policy interface (#3499 ) - refactor: make use of policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-30 18:34:30 +05:30
Prateek Pandey	bdb675b9c0	feat: generate support for namespace policy (#3472 ) * feat: generate support for namespace policy Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * use policy spec instead Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the changes Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add synced flag for Namespace policies Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-03-29 13:04:33 +00:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Vyankatesh Kudtarkar	58b1fd6210	fix ordering of mutate element (#3468 ) Co-authored-by: shuting <shuting@nirmata.com>	2022-03-25 15:15:31 +00:00
shuting	d1bf3d4742	clean up dependencies (#3469 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-03-25 08:40:25 +00:00
Charles-Edouard Brétéché	f34d3c342d	refactor: add ValidationFailureAction to the api (#3451 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-03-23 08:59:41 +00:00
Vyankatesh Kudtarkar	e268be9e88	support for deprecated API's (#3439 ) * support for deprecated API's * add testcase * update condition * fix logic	2022-03-22 18:25:35 +00:00
Charles-Edouard Brétéché	11bbb4f83e	refactor: replace ExcludeResources by MatchResources (#3444 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-22 14:24:40 +00:00
Charles-Edouard Brétéché	0c8e8c1212	feat: move GetRules() at the policy level (#3420 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 15:18:32 +00:00
Charles-Edouard Brétéché	865eef248d	feat: stop adding autogen annotation (#3379 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 11:30:49 +00:00
Christian Kotzbauer	860253d6aa	[ImageVerify] Verify additional certificate-extensions (#3404 ) * feat: add additionalExtensions to keyless imageVerify Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * feat: regenerate code Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>	2022-03-17 08:42:12 +00:00
Sambhav Kothari	6498425937	Add a registry flag to allow direct access to container registries in the CLI (#3396 ) * Add a registry flag to allow direct access to container registries in the CLI Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-03-16 09:56:47 +05:30
Charles-Edouard Brétéché	ce5f648f30	refactor: introduce rules getters and setters (#3350 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-09 15:28:31 +00:00
Charles-Edouard Brétéché	ea977b259c	refactor: move controller autogen annotation in api package (#3364 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refator: move controller autogen annotation in api package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-09 21:48:04 +08:00
Charles-Edouard Brétéché	90d0badda4	fix: CRD generation (#3334 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-06 11:07:51 -08:00
Vyankatesh Kudtarkar	0a5aad39cf	Fix foreach validations precondition issue (#3228 ) * fix foreach validations precondition issue * added test-cases	2022-02-18 09:11:41 +00:00
Jim Bugwadia	421a81ce63	Fix old object validation check (#3248 ) * fix validation check on UPDATE Signed-off-by: Jim Bugwadia <jim@nirmata.com> * prevent policy bypass using preconditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * separate replace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add error handling Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:18:49 -08:00
Tathagata Paul	b91ff5a7f2	Bug fix: negation of string kernel version caused Cluster Policy to fail (#3229 ) * fixed bug where negation of kernel version caused cpolr to fail Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * small fix in function validateString Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Added necessary tests Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Added one more test Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Add more tests and added a policy to the test folder Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added policy for test cli Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:33:30 +05:30
Mritunjay Kumar Sharma	5a541567de	Fix image parsing for image referenced as digests (#3196 ) * fixes image break with sha256 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes priority to digest Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-15 08:35:53 +00:00
Jim Bugwadia	bd1a145678	Fix keyless attest (#3219 ) * allow root cert for keyless attestations checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add logs and improve var names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle err in sig loading Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-13 20:35:11 -08:00
Sambhav Kothari	4445780c7c	Add a kyverno jp command to test jmespath expressions (#3169 ) * Add a kyverno jp command to test jmespath expressions Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Auto-generate custom function docs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-04 05:23:12 +00:00
Prateek Pandey	286b0427d0	fix filtered and sort patches index (#3146 ) added missing start index value for the patches slice Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-02-01 13:16:08 -08:00
Abhinav Sinha	25641abeb9	Fix kyverno panic with `PodSpec.containers` JSON merge patch w/o image (#3143 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-01 10:01:46 +05:30
Abhinav Sinha	7a55d26d89	Fixed kyverno panic at JMESPath zero division (#3137 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:45:20 +00:00
Sambhav Kothari	2b1e7189b1	Fix variable substitution when curly braces are used in jmespath (#3133 ) * Fix variable substitution when inline jmespath objects are defined Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add additional test cases which use brackets Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:11:19 +00:00
Sambhav Kothari	a1daf167e7	Fix parsing of resources in preconditions (#3108 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-31 08:18:31 -08:00
Jim Bugwadia	7cf1dd2b15	update cosign to 1.5.0 and fix issuer and subject for keyless (#3089 ) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-27 21:13:23 -08:00
Sambhav Kothari	2eb8f5f285	Fix memory leak when updating ggcr keychain (#3088 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-26 12:45:05 -08:00
Jim Bugwadia	06e93fec46	apply patches cumulatively (#3083 ) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-25 09:00:18 +00:00
shuting	e5e64f86cf	fix mutating ownerReferenecs (#3061 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-24 05:20:27 +00:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00
Kumar Mallikarjuna	4124e0f682	Update division for same units (#3038 ) Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 11:06:08 +00:00
Abhinav Sinha	f0359f8272	Fixed error handling for negation anchors (#2986 ) * Fixed error handling for negation anchors Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-19 15:39:07 +05:30
Vyankatesh Kudtarkar	e22e9499b6	CLI fix for foreach policies (#2997 ) * CLI fix for foreach policies * add test-case for foreach container and initcontainer * fix comments Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-18 23:38:49 +00:00
shuting	b6447e0649	Remove resourceCache from engine (#3013 ) * update log messages Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resourceCache from the background controller when: - register resource scope - list resources per namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * - use client call for configmap lookup; - remove resourceCache from policy controller, webhook server and generate controller Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-18 12:59:35 +00:00
Sambhav Kothari	f5e00ee034	Add a parse_yaml function (#2999 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-17 13:41:08 +00:00
Sambhav Kothari	1af9e48b0d	Add image data to validate image configs (#2946 ) * Add image data to validate image configs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add tests for image context Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add e2e test cases for image size policy Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-17 04:06:44 +00:00
Sambhav Kothari	f42092208f	Fix variable substitution for foreach preconditions (#2993 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-16 05:33:34 +00:00
Sambhav Kothari	baf4fa335b	Remove spurious prints and fix line endings (#2963 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-11 14:15:26 +00:00
Sambhav Kothari	6b9798f76f	Add parse_json function the decode json strings (#2941 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-10 13:42:02 -08:00
Mritunjay Kumar Sharma	15495a472e	adds ephemeralContainers to the image variable (#2662 ) * adds ephemeralContainers to the image variable Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes unit tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-07 16:55:52 +08:00
Jim Bugwadia	a9fef256c7	updates for foreach and mutate (#2891 ) * updates for foreach and mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow tests to pass on Windows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add elementIndex variable Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix jsonResult usage Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add mutate validation and fix error in validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not skip validation for all array entries when one is skipped Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add foreach tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused declarations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert namespaceWithLabelYaml Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate of element list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update api/kyverno/v1/policy_types.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/custom-functions/policy.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/foreach/policies.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * accept review comments and format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add comments to strategicMergePatch buffer Signed-off-by: Jim Bugwadia <jim@nirmata.com> * load context and evaluate preconditions foreach element Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test for foreach mutate context and precondition * precondition testcase * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Steven E. Harris <seh@panix.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-05 09:36:33 +08:00
Anushka Mittal	3089edafa4	Extend new operators (#2788 ) * extending new operators Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Changes in file names Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * tests added Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * removed print statements Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Changes to reduce code redundancy Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Minor corrections in anyin and allin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added correction for anynotin and allnotin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2022-01-04 17:37:00 +00:00
shuting	2c9319ea87	don't generate policy report on managed pod/job (#2889 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-30 00:34:43 +08:00
Anushka Mittal	a9fd8b86fd	Rules length check (#2884 ) * len check Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * explicitly adding RuleStatusSkip Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added log message Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-28 16:37:41 +00:00
Abhinav Sinha	2cd988a153	Added validation for Condition Operators (#2864 ) * Added validation for Condition Operators Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * Updated description of `Condition.Operator` with all current valid condition operators` Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * Added `ConditionOperators` map and updated existing `ConditionOperator` type references Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>	2021-12-28 15:12:31 +00:00
Vyankatesh Kudtarkar	2be70a5074	Fix foreach precondition isssue (#2871 )	2021-12-22 22:20:40 +08:00
Naman Lakhwani	898520b7cf	add `semver_compare` JMESPath function (#2846 ) * add semver_compare JMESPath function Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for semver_compare Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * enabling version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * removing unnecessary switch cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-21 08:12:35 -08:00
Vyankatesh Kudtarkar	6a942683b0	Fix foreach jmespath issue (#2867 )	2021-12-21 20:55:27 +08:00
Danny Kulchinsky	ff99d92f80	jmespath truncate - handle negative input value (#2856 ) Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>	2021-12-20 06:50:46 +00:00
Kushal Beniwal	b961bb479e	Fix typos (#2860 ) * fix typo in README Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in CODE_OF_CONDUCT Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in CONTRIBUTING Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in comment Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in comment Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com>	2021-12-18 20:03:16 +00:00
Danny Kulchinsky	f6982760fc	truncate custom jmespath function (#2836 ) * [feature] custom jmespath truncate function Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * formatting Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * simplify naming a bit Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 15:52:52 +08:00
Naman Lakhwani	59a460b31e	adding support for Cosign key-value annotations (#2824 ) * adding annotation check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * updating manifests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * changing map val type to string form interface{} Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * passing args to opts Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-16 06:19:44 +00:00
Danny__Wei	8da64cb5cf	fix: add Windows testcases for path_canonicalize (#2803 ) Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-08 15:14:49 +00:00
Kumar Mallikarjuna	a667a69812	JMESPath arithmetic function units (#2753 ) * MAS arithmetic functions Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Adding Divide() and Modulo() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Tidy go.mod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix lift issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set division scale to maximum of operands Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Precision for Add()/Subtract() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set duration precision Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added comment for duration diff calculation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-07 15:44:46 +00:00
Joel Kamp	081dd97cc3	fix: update registry credentials on verify (#2798 ) Signed-off-by: Joel Kamp <joel.kamp@invitae.com>	2021-12-06 16:08:16 -08:00
Danny__Wei	beeec06c7f	Add `path_canonicalize` custom JMESPath function (#2787 ) * Add path_canonicalize custom JMESPath function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * Add CLI test for the custom path_canonicalize function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * remove the extra parameter Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com>	2021-12-06 12:10:34 +01:00
Sebastian Widmer	4c251bcffd	Add `pattern_match` custom JMESPath function analogous to `regex_match` (#2717 ) * Add `pattern_match` custom JMESPath function analogous to `regex_match` Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Add CLI test for the custom `pattern_match` function Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-11-30 00:13:07 +08:00
Jim Bugwadia	3c9430d2fc	handle missing predicate type (#2743 ) * handle missing predicate type Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 10:49:21 -08:00
Kumar Mallikarjuna	7f95bee23c	Added time_since() custom JMESPath function (#2680 ) * Added time_since() custom JMESPath function Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove time.Layout (not supported in Go 1.16) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Modify time_since() for 3 arguments Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add tests for functions_test.go Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Timestamp literals and tabulated tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove layout map and default to RFC3339 Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-11-17 21:17:17 +01:00
Anushka Mittal	94395ac243	Wildcard values (#2692 ) * wildcard-support Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Added unit tests Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * improvements in anyin and allin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-15 15:02:46 +01:00
Anushka Mittal	497514fd94	Fixes in new operators (#2704 ) * fixes in operators to in many-to-one comparison Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrected allnotin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * correction for duplicates Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-12 11:15:16 +01:00
Jim Bugwadia	50cb1859c3	add keyless verification (#2677 ) * add keyless verification Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter warning Signed-off-by: Jim Bugwadia <jim@nirmata.com> * wrap error with details Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-04 23:26:22 -07:00
Jim Bugwadia	5c16ee738a	redo variable validation (#2647 ) * redo variable validation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle quotes for JMESPath - escaping Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 11:16:55 -07:00
Batuhan Apaydın	4eab46fb7d	feat: support other key methods (#2607 ) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 00:45:35 -07:00
Jim Bugwadia	e701b7aceb	re-apply policies to managed pods (#2648 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-01 11:08:24 -07:00
Bricktop	f42144b929	Improve consistency in jmesPath functions test file (#2640 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-29 14:45:03 -07:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Marcus Noble	1966c82c6d	Fix various go lint issues (#2639 ) * Fix various go lint issues Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix if mistake Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Simplified returns Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 17:06:03 +02:00
Lukasz Jakimczuk	40b579ccd7	Improving readability (#2638 ) Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io>	2021-10-29 14:48:22 +02:00
Marcus Noble	373420aa6d	Fix go vet errors (#2637 ) Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 14:09:11 +02:00
Lukasz Jakimczuk	ca975b8e99	Range Operators (#2622 ) Range operator: first iteration Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Changing hyphen to colon Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Accounting for negative numbers Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * View on the second version Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Adding tests to the operator Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Renoving negative support Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Adding comment Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Signing Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Going for the regexp version of operator Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Adding negative range operator Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io>	2021-10-29 13:48:23 +02:00
Marcus Noble	a923dce631	Cleanup imports (#2635 ) Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 12:24:26 +02:00
Marcus Noble	604c0408c6	Refactored operator tests to use test cases (#2620 ) Identified several situations where operators didn't return the expected result (mainly around different types) so fixed those to make all tests cases pass. Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 10:54:51 +02:00
Kumar Mallikarjuna	f74f7c841a	Change split return from []string to []interface{} (#2604 ) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-10-28 22:56:18 -07:00
Sunghoon Kang	e401d57b35	Check client if nil before loading resource list (#2562 ) Unlike loading resource, current implementation doesn't check if client is nil or not when loading resource list. This commit checks if client is nil or not before loading resource list. Signed-off-by: Sunghoon Kang <hoon@linecorp.com>	2021-10-26 17:30:19 -07:00
Anushka Mittal	08a3087100	New operators (#2543 ) * added anyin operator Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * allin, anynotin, allnotin added Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added operator handler info Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * fixes typos and variable names Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * reusing code from in.go in new operators Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Added more test cases for new operators Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * updated openapiv3schema Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * matching logic Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added deprecated tag for In and NotIn Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-10-26 17:29:42 -07:00
Jim Bugwadia	a9b96ff882	fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-26 13:25:41 -07:00
Jim Bugwadia	85c346c0a6	skip var substitution in attestations Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-26 13:22:00 -07:00
Jim Bugwadia	836d88191d	make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-26 10:49:51 -07:00
Jim Bugwadia	ef9e9ec9ac	add variable substitutoion for imageVerify and allow PEM in ConfigMaps Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-26 10:41:27 -07:00
Marcus Noble	913bbd567a	Handle durations with standard comparison operators (#2569 ) * Handle durations with standard comparison operators Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix error strings Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Added CLI tests for duration operations Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Added tests with different units Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-22 12:41:25 -07:00
Kumar Mallikarjuna	085e46f7c4	Merge pull request #2560 from AverageMarcus/compare_quantities Added support for comparing resource quantities	2021-10-21 12:17:08 +05:30
Kumar Mallikarjuna	b1c40e172d	Escape variables (#2563 ) * Escape variables Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Escape variables test - nested Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fixed missing changes Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-10-20 17:10:24 -07:00
Vyankatesh Kudtarkar	27cac66b87	fix comment	2021-10-19 22:08:55 +05:30
Marcus Noble	509f561d67	Added support for comparing resource quantities Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-19 15:22:26 +01:00
Vyankatesh Kudtarkar	b31b343910	Fix foreach issue	2021-10-19 15:34:53 +05:30
Jim Bugwadia	e3fe8e0cc1	fix mutate handling of skipped rules (#2557 )	2021-10-18 15:42:34 -07:00
Jim Bugwadia	e0b1f08a28	fix check for CREATE request (#2551 ) * fix check for CREATE request Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-18 09:34:07 -07:00
Marcus Noble	d69b81e03e	added base64 jmespath functions (#2542 ) * added base64 jmespath functions Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * added base64_decode test to emulate working with secret Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Update regex to allow number in func name Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Added CLI tests for preconditions and custom funcs Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> Co-authored-by: AverageMarcus <git@marcusnoble.co.uk> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-10-14 11:46:06 -07:00
Kumar Mallikarjuna	d0a36b6dcc	element variable lifecycle (#2535 ) * Foreach element with background false Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Tests for foreach element Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update Test_Validation_invalid_backgroundPolicy Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * CLI: Print invalid policies Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove redundant Sprintf() calls Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Updated tests for foreach list Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-10-14 10:14:11 -07:00
Vyankatesh Kudtarkar	2798287497	support list foreach (#2522 ) * support list foreach * fix testcase for each * fix mutate issue * Fix mutate patch issue * fix yaml * fix e2e test foreach validate list * code indentation * fix comments * delete unwanted files	2021-10-14 00:20:52 -07:00
Vyankatesh Kudtarkar	2089767c85	wildcard support (#2485 ) * wildcard support * remove console * fix issue * fix deny condition * fix comments * fix regex issue * remove UserInfo	2021-10-14 00:15:32 -07:00
Bricktop	d62234d776	Fix remaining static check findings (#2541 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-13 16:00:41 -07:00
Bricktop	3f15ec5a1e	Remove dead code and unused variables (#2537 ) * Remove dead code and unused variables Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove unnecessary definitions Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-13 22:45:23 +02:00
Sachin	0d402ec09c	Implicit memory aliasing in for loop. (#2530 ) Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>	2021-10-13 11:03:25 -07:00
Sachin	787d6de696	unnecessary use of fmt.Sprintf (#2531 ) Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>	2021-10-13 11:00:04 -07:00
Bricktop	3815b40c64	Fix various static checks related to condition handling (#2528 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-13 11:29:45 +02:00
Bricktop	2d0df77963	Format error messages correctly (#2519 ) * Format error messages correctly Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * No punctuation at the end or errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Replace loop with simple if Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Fix more errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-12 14:29:20 -07:00
Bricktop	fe0947dcb3	Add error handling where missing (#2516 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-11 14:57:43 -07:00
Bricktop	23864d89c8	Ensure make invocations pass linter (#2518 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-11 14:43:09 -07:00
Sachin	e16d773957	Remove unused function (#2517 )	2021-10-11 12:46:28 -07:00
Bricktop	67a2466c32	Remove dead code in various packages (#2514 )	2021-10-11 12:44:43 -07:00
Jim Bugwadia	1c0a303106	fix merge error Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 22:48:56 -07:00
Jim Bugwadia	7c761b4bc9	Merge branch 'main' into feature/foreach_mutate	2021-10-06 22:45:03 -07:00
Jim Bugwadia	4c63442028	separate MutateResourceWithImageInfo from buildContext and add comments Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 22:19:47 -07:00
Jim Bugwadia	683543d8e2	fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 22:05:28 -07:00
Jim Bugwadia	fa1816d605	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 21:50:26 -07:00
Jim Bugwadia	b9d4ee6876	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 18:31:20 -07:00
Jim Bugwadia	676bd5f4be	fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 11:18:36 -07:00
Jim Bugwadia	0bb35aa302	merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 10:51:43 -07:00
Anushka Mittal	7963263776	Adding log statements in context.go (#2483 ) * adding logs in context.go Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * minor modifications Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-10-06 10:29:28 -07:00
Jim Bugwadia	619ee6ac61	fix loop Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 09:55:23 -07:00
Jim Bugwadia	90edc69dcf	merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-05 22:42:42 -07:00
Pooja Singh	ca62172b6f	Merge pull request #2462 from NoSkillGirl/feat/support_mutate_in_cli Kyverno CLI \| Support mutate policies for `test` command	2021-10-05 21:27:31 +05:30
shuting	b10947b975	Dynamic webhooks (#2425 ) * support k8s 1.22, update admissionregistration.k8s.io/v1beta1 to admissionregistration.k8s.io/v1 Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add failurePolicy to policy spec; - fix typo Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add schema validation for failurePolicy; - add a printer column Signed-off-by: ShutingZhao <shutting06@gmail.com> * set default failure policy to fail if not defined Signed-off-by: ShutingZhao <shutting06@gmail.com> * resolve conflicts Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix missing type for printerColumn Signed-off-by: ShutingZhao <shutting06@gmail.com> * refactor policy controller Signed-off-by: ShutingZhao <shutting06@gmail.com> * add webhook config manager Signed-off-by: ShutingZhao <shutting06@gmail.com> * - build webhook objects per policy update; - add fail webhook to default webhook configurations Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix panic on policy update Signed-off-by: ShutingZhao <shutting06@gmail.com> * build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all Signed-off-by: ShutingZhao <shutting06@gmail.com> * - set default webhook configs rule to empty; - handle policy deletion Signed-off-by: ShutingZhao <shutting06@gmail.com> * reset webhook config if policies with a specific failurePolicy are cleaned up Signed-off-by: ShutingZhao <shutting06@gmail.com> * handle wildcard pocliy Signed-off-by: ShutingZhao <shutting06@gmail.com> * update default webhook timeout to 10s Signed-off-by: ShutingZhao <shutting06@gmail.com> * cleanups Signed-off-by: ShutingZhao <shutting06@gmail.com> * added webhook informer to re-create it immediately if missing Signed-off-by: ShutingZhao <shutting06@gmail.com> * update tag webhookTimeoutSeconds description Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix e2e tests Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix linter issue Signed-off-by: ShutingZhao <shutting06@gmail.com> * correct metric endpoint Signed-off-by: ShutingZhao <shutting06@gmail.com> * add pol.generate.kind to webhooks Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-05 00:15:09 -07:00
NoSkillGirl	0614c2db1f	fixed rule pointer Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-10-05 12:39:58 +05:30
NoSkillGirl	5ca33ce902	Merge branch 'main' of github.com:kyverno/kyverno into feat/support_mutate_in_cli	2021-10-05 12:23:34 +05:30
vivek kumar sahu	ae6f6c327f	Added Code to support the test command for mutate policy (#2279 ) * Added test-e2e-local in the Makefile * Added a proper Indentation * Added 3 more fields * Added getPolicyResourceFullPath function * Updating the patchedResource path to full path * Converts Namespaced policy to ClusterPolicy * Added GetPatchedResourceFromPath function * Added GetPatchedResource function * Checks for namespaced-policy from policy name provided bu user * Generalizing resultKey for both validate and mutate. Also added kind field to this key * Added Type field to PolicySpec * To handle mutate case when resource and patchedResource are equal * fetch patchResource from path provided by user and compare it with engine patchedResource * generating result by comparing patchedResource * Added kind to resultKey * Handles namespaced policy results * Skip is required * Added []response.EngineResponse return type in ApplyPolicyOnResource function namespaced policy only surpasses resources having same namespace as policy * apply command will print the patchedResource whereas test will not * passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case * default namespace will printed in the output table if no namespace is being provided by the user * Added e2e test for mutate policy and also examples for both type of policies * Created a separate function to get resultKey * Changes in the resultKey for validate case * Added help description for test command in the cli * fixes code for more test cases * fixes code to support more cases and also added resources for e2e-test * some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc. * Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice. * Added kind in the result section of test.yaml for all test-cases * engineResponse will handle different types of response * GetPatchedResource() uses GetResource function to fetch patched resource Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-10-05 11:11:54 +05:30
Jim Bugwadia	6cf9fdd502	fix compile errors Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 23:23:45 -07:00
Jim Bugwadia	ee6aafa7bb	fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 23:07:40 -07:00
Jim Bugwadia	77ae92e784	improve messages Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 03:28:58 -07:00
Jim Bugwadia	731ffde0e7	fix messages and tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 03:15:22 -07:00
Jim Bugwadia	8b7d404ea2	generate CRDs and validate handling of skip/error Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 18:29:25 -07:00
Jim Bugwadia	89d1e4afab	format Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 16:57:40 -07:00
Jim Bugwadia	e0e6074afc	add validation; add 'element' to context Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 16:53:02 -07:00
Jim Bugwadia	f015c16f08	fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 14:24:23 -07:00
Jim Bugwadia	2bd5bca721	merge foreach and add attestation checks Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 14:24:06 -07:00
Jim Bugwadia	249c0f62f8	support attestations Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-02 01:19:47 -07:00
Jim Bugwadia	0dbe7ea675	start attestation support Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-01 11:10:36 -07:00
Jim Bugwadia	1ebd2c99f2	add messages and set rule to skip when pattern does not match Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-30 23:34:04 -07:00
Jim Bugwadia	6ae3063038	merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-30 11:53:33 -07:00
Jim Bugwadia	5b5a85c16a	change RuleStatus values to lowercase Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-30 00:04:13 -07:00
Pooja Singh	22789443a8	Merge pull request #2420 from NoSkillGirl/debug_2406_flacky_unit_test Fix for flaky unit test	2021-09-29 17:02:54 +05:30
NoSkillGirl	9513cca68f	removing commented test case Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-29 11:02:07 +05:30
NoSkillGirl	ff540bfb06	removing print statement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-29 10:59:54 +05:30
Shubham Palriwala	5b01dd53a7	remove minio/minio and update minio/pkg (#2440 ) Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-09-28 12:19:26 -07:00
NoSkillGirl	83a815d7cf	added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-28 20:17:03 +05:30
Jim Bugwadia	3957a1400e	fix deny check and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-27 23:40:05 -07:00
Jim Bugwadia	a905a61581	fix deny rules Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-27 14:28:55 -07:00
Kumar Mallikarjuna	6a81bb7cc3	Escape references (#2433 ) * Escape references Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Additional tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-09-27 11:44:56 -07:00
Jim Bugwadia	536b64bed1	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 21:15:13 -07:00
Jim Bugwadia	67660647d9	update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 18:30:53 -07:00
Jim Bugwadia	6c5fb08e45	merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 02:20:29 -07:00
Jim Bugwadia	39061d91c4	implement validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 02:12:31 -07:00
NoSkillGirl	f9c789967c	added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-23 15:01:34 +05:30
Kumar Mallikarjuna	0616429267	JMESPath: Arithmetic Operators (#2416 ) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-09-22 14:40:45 -07:00
NoSkillGirl	799ae0f80d	added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-22 14:33:59 +05:30
NoSkillGirl	d6e977a34d	updated logic for key in resources Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-22 01:51:57 +05:30
NoSkillGirl	aba3bad8fc	adding logic for checking key in resources Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-21 20:15:09 +05:30
NoSkillGirl	4a5d4a2bac	debugging Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-21 12:12:34 +05:30
Jim Bugwadia	23af42dc92	allow alternate image repositories (#2393 ) * allow alternate image repositories Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate CRD YAMLs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-16 16:11:38 -07:00
Max Goncharenko	a0ff8bbd0b	Implement global anchor (#2311 ) * implement global anchor for patch strategic merge Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed unit tests for mutation global anchor Signed-off-by: Max Goncharenko <kacejot@fex.net> * added global anchor in validation Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix some global anchor issues found during testing Signed-off-by: Max Goncharenko <kacejot@fex.net> * run go tidy Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed some tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * finish implementing global anchor Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * WIP: lower global anchor strictness Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * Revert "WIP: lower global anchor strictness" This reverts commit `08e176a042`. Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * global anchor for mutation Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-13 08:59:28 -07:00
Kumar Mallikarjuna	f6933bb439	Block scalars for value files (#2380 ) * Block scalars for value files Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Handle non-block values Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Unit tests for block scalars Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-09-13 16:33:30 +05:30
Max Goncharenko	c2e298a1f6	Substitute vars in map keys (#2344 ) * substitute vars in map keys Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * add test for 2316 issue case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-10 14:08:47 -07:00
Max Goncharenko	7e258bf54b	add new test; remove unnecessary anchors (#2217 ) * add new test; remove unnecessary anchors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added several test to e2e Signed-off-by: Max Goncharenko <kacejot@fex.net> * remove unused variable Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added comment to expected result Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-09 08:55:20 -07:00
Vyankatesh Kudtarkar	39ce730814	Merge branch 'main' into GVK_Format	2021-09-09 09:00:37 +05:30
Max Goncharenko	2a375fa1b5	Remove contains function (#2346 ) * remove contains function Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added test for contains issue case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-08 12:33:41 -07:00
Vyankatesh Kudtarkar	28cceb9229	add unit test cases	2021-09-03 10:42:43 +05:30
Vyankatesh Kudtarkar	601fb711e5	fix unit test issue	2021-09-03 10:32:09 +05:30

... 3 4 5 6 7 ...

1093 commits