mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
Code Activity
5636 commits 14 branches 543 tags 268 MiB
Commit graph

46 commits

Author SHA1 Message Date
shuting
86fc31f63b
feat: add validations for generate immutable fields (#6328) 
* add validations for generate immutable fields

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0 (#6334)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Jmespath typo fix (#6342)

Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com>

* chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#6341)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#6348)

Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.0.5 to 2.1.0.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases)
- [Commits](bd2868d14a...b9ddf6a515)

---
updated-dependencies:
- dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1 (#6347)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.0 to 1.27.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.0...v1.27.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: dump admission response (#6349)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: use labels.Everything in userinfo clusterroles matching (#6351)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* update k8s.gcr.io to registry.k8s.io (#6340)

Signed-off-by: Rayan Das <rayandas91@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* Notary v2 (#6011)

* fix make debug-deploy

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* improve log messages

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initial update

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initial update

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update registry credentials handling order

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* comment out ACR helper - breaks anonymous image pull

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* merge main and refactor verifiers

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix opt init

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove local address

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update to NotaryV2 RC

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update deps

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* format imports

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove env and no-op statement

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix merge issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issue

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove unused field

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* renable ACR credential helper

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update .vscode/launch.json

Signed-off-by: shuting <shutting06@gmail.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>

* chore(deps): bump fluxcd/flux2 from 0.39.0 to 0.40.0 (#6362)

Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.39.0 to 0.40.0.
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](978cc0c5b8...2cac6ce281)

---
updated-dependencies:
- dependency-name: fluxcd/flux2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* oldObject translation solved in autogen (#6305)

* OldObject translation solved in autogen

Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com>

* CronJob fixed in autogen

Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com>

* tests added

Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com>

---------

Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: logger key value in wrong order (#6365)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: missing metrics for policies in audit mode (#6363)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump github.com/notaryproject/notation-go (#6361)

Bumps [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) from 1.0.0-rc.1 to 1.0.0-rc.3.
- [Release notes](https://github.com/notaryproject/notation-go/releases)
- [Commits](https://github.com/notaryproject/notation-go/compare/v1.0.0-rc.1...v1.0.0-rc.3)

---
updated-dependencies:
- dependency-name: github.com/notaryproject/notation-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: role matching from authentication infos (#6358)

* fix: role matching from authentication infos

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: delete certificate secret if type is not TLS (#6368)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: user/groups exclusions (#6357)

* refactor: user/groups exclusions

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* wildcard

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* add labels to downstream and source resources (#6322)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update generate validation checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Rayan Das <rayandas91@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Kumar <76171953+octonawish-akcodes@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Rayan Das <rayandas91@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2023-03-01 06:52:20 +00:00
Charles-Edouard Brétéché
ed5cf2cdde
refactor: remove PolicySpec from engine api (#6159) 
* refactor: introduce engine api package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* status

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: clean engine api package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: remove PolicySpec from engine api

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rm

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* constructor

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-02-10 08:11:21 +00:00
Charles-Edouard Brétéché
15cf69f737
refactor: improve engine logger management (#6280) 
* refactor: improve engine logger management

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-02-09 15:15:51 +00:00
Charles-Edouard Brétéché
7367397178
refactor: reduce store dependency in engine pkg (#6260) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-02-08 13:19:56 +00:00
Fish-pro
f93995e812
clean up the unnecessary package import rename found (#6167) 
Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
 2023-01-31 06:34:28 +00:00
Charles-Edouard Brétéché
2f487ffda0
fix: reduce dependency from engine to cli (#6134) 
* fix: remove dependency from engine to cli

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-01-30 15:30:47 +00:00
Charles-Edouard Brétéché
fb94f6ea75
refactor: introduce engine api package (#6154) 
* refactor: introduce engine api package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* status

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-01-30 11:41:09 +00:00
Vyom Yadav
12f05defb8
fix: Add group to subresources declaration in value.yaml file for CLI (#5881) 
Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
 2023-01-05 08:43:54 +00:00
Charles-Edouard Brétéché
23fef004bb
chore: move ConvertToUnstructured from engine utils to kube utils (#5847) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-01-03 12:02:15 +00:00
cleverhu
0edff469ba
fix cli output adjustments (#5787) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
 2022-12-27 14:46:01 +00:00
Marc Brugger
a80ee683c1
fix: allow policies from stdin in apply again (#5668) 
Signed-off-by: bakito <github@bakito.ch>

Signed-off-by: bakito <github@bakito.ch>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-12-16 13:50:15 +00:00
Jim Bugwadia
9d3b176def
Nested foreach (#5589) 
* updated foreach logic and added tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* uncomment tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix vars and unit tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix vars and unit tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix some tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix more tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* format

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make codegen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* linter

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* cleanup

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issue

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert local launch

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* propagate context

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* uncomment tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix propagation of registry client

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-12-12 15:20:20 +00:00
Vyom Yadav
99d988e98c
feat: add support for subresources to validating and mutating policies (#4916) 
* feat: add support for subresources to validating and mutating policies

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add CLI test cases with subresources for validating policies

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Fix existing e2e tests for validating policies and remove tests migrated to kuttl

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add kuttl e2e tests for validating policies with subresources

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add kuttl e2e tests for mutating policies with subresources

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add kuttl e2e tests for validating policy by-pass by manipulating preconditions

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
 2022-12-10 00:45:23 +08:00
Steven Lahouchuc
022243a0fd
adding --warn-exit-code flag (#5577) 
* adding --warn-exit-code flag

Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>

* tweaking flag to int

Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>

* Update cmd/cli/kubectl-kyverno/apply/apply_command.go

No shorthand needed - IntVar is a better choice

Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>

* Update cmd/cli/kubectl-kyverno/apply/apply_command.go

prevent a hard exit if 0

Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>

* making struct field private

Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>

Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-12-05 18:15:22 +00:00
Charles-Edouard Brétéché
6893842226
refactor: cli test command (#5550) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-12-03 19:56:09 +01:00
vivek kumar sahu
82e1fd417d
To support gitURLs for "apply" command (#4502) 
* apply cmd support gitURL

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* Added e2e test cases

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* fix e2e test case

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* added functions to make it simple

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* fixed tests

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* added more e2e test

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* typo mistake

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* removed uncovert linters

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* renamed variables, functions

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* test: to check urls are git source or not.

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* remove misleading message

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-12-02 14:33:04 +00:00
Charles-Edouard Brétéché
2178b9fe77
refactor: dynamic client use instrumented clients (#5436) 
* refactor: improve instrumented clients creation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: instrumented clients code part 3

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: dynamic client

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-22 13:37:27 +00:00
Steven Lahouchuc
1960ced030
adding --audit-warn flag (#5321) 
Signed-off-by: Steven Lahouchuc <stelah1423@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-11-21 14:21:32 +00:00
Charles-Edouard Brétéché
9f6b0e8017
refactor: remove policyreport package (#5174) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-02 09:06:44 +00:00
Charles-Edouard Brétéché
e4bf66e756
feat: remove policy mutation for auto-gen rules (#5123) 
* feat: remove policy mutation code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* changelog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-10-25 23:43:46 +00:00
Sandesh More
fa178ebd82
added apiCalls support in kyverno-apply command (#4938) 
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
 2022-10-19 16:39:15 +00:00
Charles-Edouard Brétéché
b3021f5a57
refactor: openapi controller part 2 (#4910) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-10-12 22:24:16 +05:30
Charles-Edouard Brétéché
de67a507cd
refactor: openapi controller part 1 (#4901) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-10-12 11:38:48 +00:00
Charles-Edouard Brétéché
c42851a37a
refactor: use context in dynamic client instead of chan (#4756) 
* refactor: use context in dynamic client instead of chan

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-30 10:12:21 +02:00
Charles-Edouard Brétéché
e0ab72bb9a
feat: reports v2 implementation (#4608) 
This PR refactors the reports generation code.
It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds.

The new reports system is based on 4 controllers:

Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation
Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes
Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace)
Resources controller is responsible for watching reports that need background scan reports
I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong.

I also added a flag to split reports in chunks to avoid creating too large resources.

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-09-28 17:15:16 +05:30
Sandesh More
01b1ece704
added kubeconfig and context flag to kyverno apply (#4524) 
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
 2022-09-20 19:05:18 +05:30
shuting
3bf3dcc1af
Add the metric "kyverno_client_queries_total" (#4359) 
* Add metric "kyverno_kube_client_queries_total"

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* publish metric for missing queries

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Refactor the way Kyverno registers QPS metric

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Move clientsets to a dedicated folder

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Wrap Kyverno client and policyreport client to register client query metric

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address linter comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address linter comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Switch to use wrapper clients

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-08-31 11:33:47 +05:30
Anurag
0e25017ff8
update apply help message (#4344) 
Signed-off-by: Anurag <81210977+kranurag7@users.noreply.github.com>

Signed-off-by: Anurag <81210977+kranurag7@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-08-18 06:52:30 +00:00
Guilhem Lettron
96999f8995
fix: use only 1 kubernetes client (#4256) 
Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-07-25 13:49:51 +08:00
Anutosh Bhat
81c699b4a5
Removed confusing output message for the apply and replaced no of policies by no of policy rules count in the output message (#4229) 
Signed-off-by: anutosh491 <andersonbhat491@gmail.com>
 2022-07-19 16:28:09 +05:30
Vyankatesh Kudtarkar
612b7fdff2
fix kyverno cli policy-report typo (#4224) 
- fix kyverno cli policy report typo 
- add shorthand for policy-report flag

Signed-off-by: Vyankatesh vyankateshkd@gmail.com
 2022-07-18 07:12:19 +00:00
Vyankatesh Kudtarkar
e71493e5cc
Make method public (#4207) 
* npmctl chnages

* revert commit

* remove comment
 2022-07-13 13:37:51 -07:00
Shubham Nazare
165c5d9fc3
feat: Extend CLI to cover generate policies (#3456) 
- Change in namespace for test-generate example
- Change cloneResource to cloneSourceResource
- Add support for namespaced Policy and fix log messages
- Add test-generate in Makefile and an example of namespaced Policy
- Fix namespaced policy issue and add comments
- Refactor according to new generate controller
- Add json tag to GeneratedResource field of RuleResponse struct

Signed-off-by: Shubham Nazare <shubham4443@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-25 14:26:22 +00:00
Charles-Edouard Brétéché
5243763674
chore: make dclient import aliases consistent (#3951) 
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make dclient api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 14:40:51 +00:00
Charles-Edouard Brétéché
5aaf2d8770
chore: make kyverno api import aliases consistent (#3939) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché
0099ef54ad
chore: enable gofmt and gofumpt linters (#3931) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 06:19:03 +00:00
Vyankatesh Kudtarkar
31928c9507
Fix subject match selector issue in cli (#3887) 
* Fix subject match selector issue in cli

* remove space

* code refactoring
 2022-05-11 15:21:13 +00:00
Charles-Edouard Brétéché
97e5e64fd4
chore: enable whitespace linter (#3864) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-10 17:01:29 +00:00
Charles-Edouard Brétéché
cea7a7e11e
fix: golangci-lint warnings in cmd (#3843) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-09 16:55:35 +00:00
Afzal Ansari
3845225db1
refactor: imported pkg redeclared and a few other unused func (#3827) 
* Removes paths redeclared

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes v1 redeclared

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes mergeSucceededResults func never used

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes func unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors getNamespacesForRule unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors policyNamespace unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors replacing loop with ...

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors func buildPolicyLabel unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* removes unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* removes unused comment

Signed-off-by: afzal442 <afzal442@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-07 16:44:57 +00:00
Moritz Johner
4d2ec26c90
CLI should respect scored annotation for warnings (#3821) 
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
 2022-05-07 13:33:50 +00:00
Charles-Edouard Brétéché
52d1b642d6
refactor: dclient package logger (#3778) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 08:24:30 +00:00
Charles-Edouard Brétéché
c79223393b
refactor: dclient package (#3775) 
* refactor: replace clientset by inteface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: dclient package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché
68c35b2f2e
refactor: remove some api unnecessary pointers (2) (#3705) 
* refactor: remove some api unnecessary pointers

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (2)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-28 17:11:14 +08:00
shuting
2a656f6de0
feat: mutate existing resources (#3669) 
* feat: mutate existing, replace GR by UR in webhook server (#3601)

* add attributes for post mutation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR informer to webhook server

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - replace gr with ur in the webhook server; - create ur for mutateExsiting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace gr by ur across entire packages

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add YAMLs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs & fix unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR deletion handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add api docs for v1beta1

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix clientset method

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix v1beta1 client registration

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: mutate existing - generates UR for admission requests (#3623)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace with UR in policy controller generate rules (#3635)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* - enable mutate engine to process mutateExisting rules; - add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* implemented ur background reconciliation for mutateExisting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix webhook update error

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* temporary comment out new unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: mutate existing, replace GR by UR in webhook server (#3601)

* add attributes for post mutation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR informer to webhook server

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - replace gr with ur in the webhook server; - create ur for mutateExsiting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace gr by ur across entire packages

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix missing policy.kyverno.io/policy-name label (#3599)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* refactor cli code from pkg to cmd (#3591)

* refactor cli code from pkg to cmd

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes in imports

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixed conflicts

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* moved non-commands to utils

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

* add YAMLs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs & fix unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR deletion handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add api docs for v1beta1

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix clientset method

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add-kms-libraries for cosign (#3603)

* add-kms-libraries

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* Shifted providers to cosign package

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add support for custom image extractors (#3596)

Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>

* Update vulnerable dependencies (#3577)

Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix v1beta1 client registration

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: mutate existing - generates UR for admission requests (#3623)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* updating version in Chart.yaml (#3618)

* updatimg version in Chart.yaml

Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

* changes from, make gen-helm

Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Allow kyverno-policies to have preconditions defined (#3606)

* Allow kyverno-policies to have preconditions defined

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix docs

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace with UR in policy controller generate rules (#3635)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - enable mutate engine to process mutateExisting rules; - add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* implemented ur background reconciliation for mutateExisting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix webhook update error

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* temporary comment out new unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Image verify attestors (#3614)

* fix logs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix logs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* support multiple attestors

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* rm CLI tests (not currently supported)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* apply attestor repo

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix entryError assignment

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* format

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add intermediary certs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Allow defining imagePullSecrets (#3633)

* Allow defining imagePullSecrets

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Use dict for imagePullSecrets

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Simplify how imagePullSecrets is defined

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Fix race condition in pCache (#3632)

* fix race condition in pCache

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* refact: remove unused Run function from generate (#3638)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* Remove helm mode setting (#3628)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* refactor: image utils (#3630)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* -resolve lift comments; -fix informer sync issue

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* refact the update request cleanup controller

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* - fix delete request for mutateExisting; - fix context variable substitution; - improve logging

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - enable events; - add last applied annotation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* enable mutate existing on policy creation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update autogen code

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* merge main

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address list comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix "Implicit memory aliasing in for loop"

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove unused definitions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-25 12:20:40 +00:00
Mritunjay Kumar Sharma
b815caef5d
refactor cli code from pkg to cmd (#3591) 
* refactor cli code from pkg to cmd

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes in imports

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixed conflicts

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* moved non-commands to utils

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-04-14 12:20:18 +00:00