Mariam Fahmy
4c950dcb32
feat: use v1 of ValidatingAdmissionPolicies ( #12050 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-31 14:21:43 +00:00
abhashsolanki18
5c9adf9fb5
fix: error handling and reduce log clutter ( #11979 )
...
* fix: error handling and reduce log clutter
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed lint test
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
---------
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
2025-01-30 09:47:09 +00:00
Mariam Fahmy
77a7e5193a
feat: add MAP's mutation logic for the CLI ( #11946 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-17 15:16:34 +00:00
Mariam Fahmy
a72868bd6f
chore: move CEL package to admissionpolicy package ( #11931 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 13:04:18 +00:00
Ammar Yasser
739e6a21c4
Mutate existing CLI support ( #11453 )
...
* feat: Add flags for target resources and add fake client initialization
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Add fake discovery client and cluster bool in the policy processor
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Use the full mutation engine policy response in the engine response
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Extract mutated targets from the policy responses and print them out
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Add TargetResources field in the cli test schema
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Generate CLI crds
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: modify checkResult to take an arbitrary actual resource and resource name
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: change getAndCompareResource to take a resource name and cascade it to GetResourceFromPath
Signed-off-by: aerosouund <aerosound161@gmail.com>
* test: Create a simple test to test mutate existing in the CLI
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Allow GetResourceFromPath to select a resource with a name from a multi resource yaml
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Modify the runTest command to return the TestResponse type
- Create a fake client, load the target resources in it and use it in the PolicyProcessor.
- Create the TestResponse which contains Trigger and Target fields, each is a map of gvk/name to the responses corresponding to that resource.
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Rewrite output.go to use the TestResponse type
- Check for both target and trigger
- Create logic for appending the resource array in case no resources are passed
- Move row creation logic into a separate method to avoid code duplication
- Extract the proper target resource based on rule type
- Create a function to extract mutated target from the engine response
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Move tests to the correct folder
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Use apiVersion/Kind/Name as the key in the test responses
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Use the apiVersion/Kind/name key schema in checking results and fix invalid resource name checking for generate policies
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Use better variable names for rows
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Account for Generate resources being an array
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Use generated resource name in checking the results and printing output
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Uncomment checks printing
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Remove bug in engine response creation
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Move the generate logic into an else block
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Fix namespace fetching bug in cel validator
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Use pointer to int in the test counter
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Remove redundant method
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Skip resources not being found in the manifests
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Create another field in the engine to denote if this is a cluster engine or an offline engine
Simply checking for the client being nil is no longer enough because for cli operations the client will be a fake client
A pointer to bool is chosen because callers who don't necessarily know what to pass should be able to pass nil
Signed-off-by: ammar <ammar.yasser@vodafone.com>
* fix: Add extra argument in fake client initiation
Signed-off-by: ammar <ammar.yasser@vodafone.com>
* fix: add extra argument in fuzz test
Signed-off-by: ammar <ammar.yasser@vodafone.com>
* fix: Add extra arg
Signed-off-by: ammar <ammar.yasser@vodafone.com>
* fix: Handle resources specified as ns/name as this schema will be deprecated in favor of apiVersion/Kind/Name
Signed-off-by: ammar <ammar.yasser@vodafone.com>
* fix: Fix linter complaints
Signed-off-by: ammar <ammar.yasser@vodafone.com>
* fix: Use comma separation as array separators as kubernetes names don't support commas
To avoid undefined array length on splitting on /
using commas will result in a fixed length since all resources will have an apiVersion, kind, namespace and name
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Change resource array type to an array of any instead of array of string
To support the use of a string or a TestResourceSpec
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Expect the resource array to be an array of string or array of TestResourceSpec
Assert that an array element is either of these types and match the resources in both cases according to the element type
Expect that the key in responses is now separated by commas instead of slashes
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Expect that the resource array is now of type array of any and modify tests that use it
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Skip response check if the policy name isnt whats in the result
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Match the name if its specified as ns/name
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Fix linter complaint
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Run codegen
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Create CLI CRDs
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Run codegen
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Fix linter complaints
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Cleanup invalid code used in FixTest to adapt it to the schema changes
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Check if resource is nil before extracting
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: use the loadResources method to open targets in a directory
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Account for target resources with the same name but different namespaces
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Add CLI test for mutate existing with the same name
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Infer resource name and namespace from the actual resource and account for resources with the same name and namespace but different kinds
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: remove extra line
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Add printing mutate existing resources to the output or to a file
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Minor fixes
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: fix linter complaint
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: codegen
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Revert result back to error
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Use io discard to not print resources in the test command
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Update vague comments and remove outdated ones
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Integrate mutate existing changes with diff generation
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Move resource key generation into a function
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Add a mutate existing test that fails
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: fix linter complaint
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Remove redundant comment
Signed-off-by: aerosouund <aerosound161@gmail.com>
* refactor: Fix array of any assignment in cli test
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Dont check duplicate strings for field that is an array of any
Signed-off-by: aerosouund <aerosound161@gmail.com>
* bug: Fix appending to the wrong array
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: run fix tests
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Run fix tests
Signed-off-by: aerosouund <aerosound161@gmail.com>
---------
Signed-off-by: aerosouund <aerosound161@gmail.com>
Signed-off-by: ammar <ammar.yasser@vodafone.com>
Signed-off-by: Ammar Yasser <aerosound161@gmail.com>
Co-authored-by: ammar <ammar.yasser@vodafone.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-12-19 07:42:54 +00:00
Liang Deng
e9704e7d8f
fix: exemption error caused by convertChecks function ( #11780 )
...
Signed-off-by: Liang Deng <ytdengliang@gmail.com>
2024-12-18 13:46:18 +00:00
Vishal Choudhary
174534b518
fix: properly verify precondition in old object validation ( #11644 )
...
* fix: properly verify precondition in old object validation
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: assert bug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: properly update the values
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-12-04 06:32:12 +00:00
Ammar Yasser
d61f87e0f9
Context vars with labelselector ( #11608 )
...
* refactor: Treat all of the target spec as a single object while replacing variables
Serialize it into a map string interface then back to a target seletor before returning
Signed-off-by: aerosouund <aerosound161@gmail.com>
* test: Add scenario for variables in the label selector test
Signed-off-by: aerosouund <aerosound161@gmail.com>
* Fix: Capitalize error message
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Ammar Yasser <aerosound161@gmail.com>
* Fix: Adjust error message specification to mention target rather than selector
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Ammar Yasser <aerosound161@gmail.com>
* fix: Pass the target selector only during variable replacement
Signed-off-by: aerosouund <aerosound161@gmail.com>
---------
Signed-off-by: aerosouund <aerosound161@gmail.com>
Signed-off-by: Ammar Yasser <aerosound161@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-11-20 10:36:55 +00:00
Vishal Choudhary
bf83f37984
fix: add a check for nil rule response ( #11591 )
2024-11-14 15:13:23 +00:00
shuting
a26f588b86
fix: panic for nil rule response when processing old object ( #11550 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-11-07 09:48:33 +00:00
Vishal Choudhary
b35aaab898
fix: match failure action case insensitively for validating old object ( #11486 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-11-07 00:10:56 +08:00
Vishal Choudhary
4e3f297da2
fix: update match logic for old object validation ( #11427 )
...
* fix: update match logic for old object validation
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: failing test due to user info
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: debug logs
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-10-21 14:10:06 +00:00
Ammar Yasser
9a8e35d787
Selector with mutate target ( #11208 )
...
* feature: Add LabelSelector as a field of resource spec to allow fetching by labels
Signed-off-by: aerosouund <aerosound161@gmail.com>
* chore: Generate CRDs
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Add the capability to fetch with label selector
- Add the label selector as a parameter to GetResources of the engine api client and the dclient.
- Use the label selector with list options in the dclient.
- convert a metav1.LabelSelector to a labels.Selector before fetching to be able to convert it to a string to be used with ListOptions.
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Pass label selector to the GetResources method
Signed-off-by: aerosouund <aerosound161@gmail.com>
* feat: Return the resource selector when resolving spec
Signed-off-by: aerosouund <aerosound161@gmail.com>
* fix: Instantiate the fake client schema using the passed gvrToListKind map and by inferring schema from passed resources
All tests that use List will fail because the fake client doesn't infer the schema from the passed resources.
gvrToListKind can't be fully deprecated as some parts of kyverno use the fake client without passing resources to it (resource generation). And so both approaches have to be supported.
References:
- https://github.com/kubernetes/client-go/issues/983
- 46c1ad3baa
2024-10-16 11:17:08 +00:00
Mariam Fahmy
8eb081475e
fix: skip processing the oldObject for audit policies ( #10233 )
...
* fix: skip processing the oldObject for audit policies
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify error and skip messages
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify the log level
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-09-20 12:28:18 +00:00
Charles-Edouard Brétéché
b5e1c97913
feat: use pointer in rule (exclude field) ( #11050 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 11:14:49 +00:00
Vishal Choudhary
1ef9b876e1
fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy ( #10033 )
...
* feat: allow changes to preexisting resources that violate a validate foreach, cel or pss policy
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: do old object verification as create operation
this fixes the case where we are checking request.operation in a deny condition
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update the json context in set operation
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: typo
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update error message
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: add match and exclude check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: match exclude in if
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add option to disable validation of old object
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update readme
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: conflicts
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: ci
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: nil ptr error
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: old obj verification in assert
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: codegen
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw test for assert
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: cleanup
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: pss
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: common functions for allow existing violations
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: types
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: typos
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: pss old resource
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw test for PSS
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: use old objects
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: more merge changes
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: e2e matrxix
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: refactor and dont return error when old obj validation fails
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: return resp when not matched
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: add logs and return skip when old object validation fails
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update validate_resource.go
Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update validate_pss.go
Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update validate_assert.go
Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2024-09-06 06:42:56 +00:00
D N Siva Sathyaseelan
0ee73430de
feat:Add support for condition validation across multiple image verification attestations or context entry ( #9960 )
...
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* validate block added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* Name feild is added in Attestation struct
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added imageInfo in policy context
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added response from FetchAttestations to contex entry
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate logic
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* condition for name collision in Attestation array is added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* ValidateVariable is applied in validate
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* change in regex, logic, conformance test, unit test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some change in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* context entries are added as variables
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical implementations
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Validate and multiple Image verification is working
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* moved validate to verify
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate in verifyimage in v2 policies
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* validate is moved to verifyAttestation
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* removed loadcontext
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Added getRawResp to fing report in statemants
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in ivm
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* changes in verify in imageverifer
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test for trivy and vex
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added imageInfo in policy context
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added response from FetchAttestations to contex entry
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate logic
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* condition for name collision in Attestation array is added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* ValidateVariable is applied in validate
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* change in regex, logic, conformance test, unit test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some change in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* context entries are added as variables
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical implementations
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Validate and multiple Image verification is working
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* moved validate to verify
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate in verifyimage in v2 policies
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* validate is moved to verifyAttestation
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* removed loadcontext
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Added getRawResp to fing report in statemants
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* helm test fix
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in ivm
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* changes in verify in imageverifer
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* codegen applied
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* codegen resolved
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
---------
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
Signed-off-by: D N Siva Sathyaseelan <95441117+sivasathyaseeelan@users.noreply.github.com>
Co-authored-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
2024-09-05 10:33:37 +00:00
Vishal Choudhary
95f54a1cb6
feat: enable custom data in policy reports using properties ( #10933 )
...
* feat: enable custom data in policy reports using properties
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: dont throw error in variable substitution for properties
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-09-03 17:36:07 +00:00
Mariam Fahmy
bde90340a6
chore: remove v1alpha1 of VAPs and use v1beta1 ( #10955 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-29 15:31:25 +00:00
Mariam Fahmy
2140a0239b
chore: rename validationFailureAction to failureAction under the rule ( #10893 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-08-27 20:07:57 +00:00
Khaled Emara
65a43d2059
feat(mutate): minimize unmarshals ( #10702 )
...
* feat(mutate): minimize unmarshals
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(mutate): test type assertion
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(codegen): remove unused import
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-08-09 11:12:20 +00:00
Mariam Fahmy
c796bb765c
fix: return policies with either audit or enforce rules from the cache ( #10667 )
...
* fix: return policies with either audit or enforce rules from the cache
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: introduce validationFailureAction under verifyImage rules
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 18:24:28 +00:00
Khaled Emara
c0cf6c5bf1
feat(json): unmarshal at decode time ( #10700 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-05 15:46:50 +03:00
Charles-Edouard Brétéché
fc694bc24c
feat: add kyverno json support to validation rule ( #10763 )
...
* feat: add kyverno json support to validation rule
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v2beta1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* validation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* engine handler
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* context functions
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* better bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-08-02 08:24:30 +00:00
Khaled Emara
d173752041
feat(json): unmarshal once per policy ( #10701 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-30 10:52:41 +00:00
Mariam Fahmy
716611b7ea
fix: return all the exceptions that match the incoming resource ( #10722 )
...
* fix: return all the exceptions that match the incoming resource
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify log messages
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 17:36:19 +00:00
Mariam Fahmy
ad6ee93e3b
fix: CEL policies aren't applied to deleted resources ( #10611 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-04 22:16:36 +05:30
Mariam Fahmy
68df5af40e
fix rule type for mutate and generate rules ( #10554 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-28 16:40:56 +00:00
Mariam Fahmy
94d9bbe73f
chore: use v2 clients for policy exceptions ( #10530 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-24 16:36:55 +00:00
shuting
5260b4f7bc
chore: bump k8s libs to 0.30 ( #10285 )
...
* chore: bump k8s libs to 0.30
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update crds
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump kubectl-validate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix linter
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump k8s
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix sum
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: indent
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump deps
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-04 15:09:44 +08:00
Vishal Choudhary
47adea6f1c
feat: add support for background scanning of existing resource in image verification ( #10287 )
...
* feat: add support for background scanning of existing resource in image verification
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: change rule response type to image verify
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: fix nilptr reference
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-05-24 09:41:04 +00:00
Mariam Fahmy
57b2c5fe4f
fix: add a copy method to the policy context ( #10236 )
...
* fix: add a copy method to the policy context
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: add a CLI test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: remove mutate changes
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-21 15:29:09 +00:00
shuting
fb9c66f455
feat(perf): add new linter prealloc to enforce slice declarations best practice ( #10250 )
...
* feat(perf): add new linter prealloc to enforce slice declarations best practice
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix(linter): prealloac slices
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-05-20 14:46:35 +05:30
Vishal Choudhary
3af0e461f0
fix: deepcopy patched resource in foreach mutate ( #10252 )
...
* fix: deepcopy patched resource to avoid indirect reversal of its elements
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy elements while reversing
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy resources inside foreach
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-05-20 14:45:21 +08:00
Mariam Fahmy
798950f72c
fix: return skip when celPreconditions/matchConditions aren't met ( #9940 )
...
* fix: return skip when cel preconditions aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: return skip when matchConditions in VAPs aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-22 13:49:25 +00:00
Mariam Fahmy
ea64529e63
fix: evaluate namespaceObject for Kyverno policies in the CLI ( #9977 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-19 10:55:41 +00:00
Charles-Edouard Brétéché
76bd67739a
fix: polex mem footprint ( #9954 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-03-28 09:31:40 +00:00
Vishal Choudhary
f2833861f8
fix: properly update policy context after preexisting resource in violation check ( #9893 )
...
* fix: properly update policy context after preexisting resource in violation check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: remove all copy function usages
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: nit
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* refactor context resource swap
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: test:
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: logger panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: copy cover policycontext
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2024-03-13 16:24:53 +00:00
Jim Bugwadia
5e69204c99
add unit test ( #9894 )
...
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert change
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-03-13 17:09:30 +08:00
Jim Bugwadia
befcd73ea1
add control names and images to PSS results ( #9869 )
...
* add control names and images to PSS results
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tets
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update chainsaw tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-03-11 09:32:05 +00:00
mohamedasifs123
d566e9886c
Fix :variables are not getting processed in validation message for "anyPattern" ( #9713 )
...
* Update validate_resource.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create pod.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create policy.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update validate_resource.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create README.md
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
---------
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
2024-02-21 07:20:43 +00:00
Charles-Edouard Brétéché
a1cb4f1c30
fix: remove deprecated imageSignatureRepository flag ( #9698 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-08 12:10:29 +00:00
shuting
5f0d53fe34
feat: apply .matchConditions when generating reports ( #9599 )
...
* enable matchconditions for reports
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issues
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: move files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-02-02 08:32:28 +00:00
Charles-Edouard Brétéché
747bc017e5
fix: follow up for #9534 ( #9543 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 08:54:58 +00:00
mohamedasifs123
e3274386e7
Update validate_resource.go ( #9534 )
...
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
2024-01-28 20:41:42 +00:00
Mariam Fahmy
f01f0d6dc4
feat: support podSecurity exclusion in exceptions ( #9343 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-26 18:43:07 +00:00
Vishal Choudhary
87c7ce254a
feat: add skipImageReferences in verify images ( #8633 )
...
* feat: add skipImageReferences in verify images
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw-test.yaml
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: typo in assert
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-23 12:27:39 +00:00
Gurmannat Sohal
6902a2b092
Unit tests for Pod Security Admission Integrations ( #8585 )
...
* feat: enable field-restricted exclusions using the psa
Signed-off-by: Liang Deng <283304489@qq.com>
* fix ci error
Signed-off-by: Liang Deng <283304489@qq.com>
* fix ci error
Signed-off-by: Liang Deng <283304489@qq.com>
* initial unit tests
* Add all remaining unit tests
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fine grain unit tests by adding fields and values
* add detailed pod level exclusion and related tests
* add tests for init & ephemeral containers
* add kuttl tests for the new advanced support
* add kuttl tests for the new advanced support
* add readme for kuttl tests
* add replacement in go.mod
* resolving CI errors
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix ci errors
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix ci errors
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* updating pod-security-admissio
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* resolving null pointer panic
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* resolved conformance error
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* chainsaw
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chainsaw
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* remove duplication
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix linting
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* remove over computation
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* added field checks, pss skip condition
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* correcting chainsaw tests
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* merge branch 'main' into unit-tests
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix builds
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Liang Deng <283304489@qq.com>
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Liang Deng <283304489@qq.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-12-26 22:28:08 +08:00
Mariam Fahmy
b61a1f3d18
fix: set v2beta1 of exceptions the storage version ( #9254 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-12-22 10:13:58 +00:00
Mariam Fahmy
8e0a7aa204
feat: promote policy exceptions to v2 ( #9208 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-12-19 10:43:39 +00:00
