shuting
1f4575678c
Fix labels with invalid charrs ( #4034 ) ( #4035 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-05-30 05:46:03 +00:00
shuting
845a83d3e2
Cherry-pick #4022 ( #4033 )
...
* Cherry-pick #4022
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Remove unused file
2022-05-30 09:26:03 +05:30
Charles-Edouard Brétéché
f2c8096d5f
Cherry pick #4007 #4008 ( #4020 )
...
* fix: remove update ur status in generator (#4008 )
* fix: stop mutating cached resource in ur controller (#4003 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit dac733755b2e91d233c0#4007
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-25 08:15:59 +00:00
Charles-Edouard Brétéché
56d32e93e7
fix: stop mutation policies when autogen internals is enabled (#4004,#4009,#3996) ( #4016 )
...
* fix: stop mutation policies when autogen internals is enabled (#4004 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit c9f8a68d8a#4009 )
* fix: stop mutating cached resource in ur controller (#4003 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit dac733755b3a3556919f#3996 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit 1712dfa947
2022-05-25 12:14:40 +08:00
Jim Bugwadia
eaa629714e
cherry-pick fix attestation checks https://github.com/kyverno/kyverno/pull/3999 ( #4015 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-24 16:25:26 +00:00
Charles-Edouard Brétéché
d55f2c34a2
refactor: add policy event listener in ur controller ( #4012 ) ( #4014 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit cd1fa030ee
2022-05-24 16:01:11 +00:00
shuting
93c69780bb
Support @ for mutate targets ( #3998 ) ( #4010 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-05-24 13:05:50 +00:00
Prateek Pandey
07e1afaa61
fix: stop mutating cached resource in ur controller ( #4003 ) ( #4006 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-24 16:09:51 +05:30
Charles-Edouard Brétéché
78e7c5dc18
fix: move ur controller filtering in reconciler ( #3964 ) ( #3994 )
...
* refactor: use BackgroundProcessingEnabled method
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: webhooks metrics reporting
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: metrics package
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: move ur controller filtering in reconciler (#3964 )
* fix: move ur controller filtering in reconciler
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: mark ur retry on conflict
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: test data
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: add filter back in update ur handler
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: added some logs about attempts and increased backoff
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: reconciliation logic
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: Test_Generate_Synchronize_Flag
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: small nits
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit 1936d86623
2022-05-23 23:53:49 +08:00
Prateek Pandey
8dbadbc96b
fix: release ur when handler pod is gone ( #3993 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-23 14:23:10 +00:00
Prateek Pandey
97b874897b
fix: mark ur retry on conflict ( #3961 ) ( #3963 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-18 07:20:07 +00:00
Prateek Pandey
3f47ab6a5d
Cherry pick #3953 #3955 ( #3960 )
...
* Cleanup URs on trigger deletion (#3955 )
* Clean URs on trigger deletion
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Make kyverno api import aliases consistent
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Fix gofumpt error
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Remove unused code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
* fix panic issue for ur (#3953 )
* fix the import
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-18 11:45:29 +08:00
Prateek Pandey
7d66968d7f
fix: handle UR delete once trigger namespace deleted ( #3934 ) ( #3938 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-17 15:41:42 +08:00
Prateek Pandey
000c90d424
fix: use patch to update handler status in UR ( #3927 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-17 12:59:11 +08:00
shuting
e779cb866a
Cleanup the UR for mutate policies once it's completed ( #3923 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-05-16 04:45:44 +00:00
Jim Bugwadia
f05d86d375
cherry-pick #3893 ( #3895 )
2022-05-12 04:16:15 +00:00
Vyankatesh Kudtarkar
a0eadad77b
Fix subject match selector issue in cli ( #3887 ) ( #3892 )
...
Signed-off-by: Vyankatesh vyankateshkd@gmail.com
2022-05-11 16:36:42 +00:00
Prateek Pandey
44be131ed0
skip var checks in attestations ( #3876 ) ( #3885 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-11 09:57:00 +00:00
shuting
0e6bf44b0f
Handle errors properly for mutate and generate on existing resources ( #3863 ) ( #3866 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-10 23:08:50 +05:30
Prateek Pandey
eb25d6dc6f
refactor: remove unused functions ( #3844 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-10 18:13:25 +08:00
Vyankatesh Kudtarkar
737d3bdd36
handle subresources ( #3841 ) ( #3848 )
...
* handle subresources
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix logger name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix webhook and logs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-05-10 12:34:17 +08:00
Prateek Pandey
8b6d3d1f6a
feat: trigger generate on existing matched resource ( #3819 )
...
* feat: trigger generate on existing matched resource
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* refactor the triggers and fix review comments
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* add trigger for other matching kinds
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* implement match exclude using dynamic client
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* refactor generate trigger
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* increase sleep timeout
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* optimize unstructured list
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* fix review comments
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* log refactor and clean debug comments
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-09 07:13:11 +00:00
Charles-Edouard Brétéché
bbe65959bc
refactor: webhook config package (part 2) ( #3833 )
...
* refactor: webhookconfig package (part 1)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: webhook config package (part 2)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-08 14:14:31 +02:00
Charles-Edouard Brétéché
af56adb0a6
refactor: webhookconfig package (part 1) ( #3831 )
...
* refactor: webhookconfig package (part 1)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: sonatype issue
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-08 12:47:49 +01:00
Jim Bugwadia
69ac94b0ee
fix check and add logs ( #3838 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-08 07:45:02 +00:00
Sambhav Kothari
2dc54e5c1b
Allow variables of any kind to be defined ( #3828 )
...
Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>
2022-05-07 20:30:11 +00:00
Charles-Edouard Brétéché
306b22a5db
fix: policy deletion in webhookconfig ( #3832 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-07 21:09:19 +01:00
Afzal Ansari
3845225db1
refactor: imported pkg redeclared and a few other unused func ( #3827 )
...
* Removes paths redeclared
Signed-off-by: afzal442 <afzal442@gmail.com>
* fixes v1 redeclared
Signed-off-by: afzal442 <afzal442@gmail.com>
* fixes mergeSucceededResults func never used
Signed-off-by: afzal442 <afzal442@gmail.com>
* fixes func unused
Signed-off-by: afzal442 <afzal442@gmail.com>
* refactors unused func
Signed-off-by: afzal442 <afzal442@gmail.com>
* refactors unused func
Signed-off-by: afzal442 <afzal442@gmail.com>
* refactors getNamespacesForRule unused
Signed-off-by: afzal442 <afzal442@gmail.com>
* refactors policyNamespace unused
Signed-off-by: afzal442 <afzal442@gmail.com>
* refactors replacing loop with ...
Signed-off-by: afzal442 <afzal442@gmail.com>
* refactors func buildPolicyLabel unused
Signed-off-by: afzal442 <afzal442@gmail.com>
* removes unused func
Signed-off-by: afzal442 <afzal442@gmail.com>
* removes unused comment
Signed-off-by: afzal442 <afzal442@gmail.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
2022-05-07 16:44:57 +00:00
Moritz Johner
4d2ec26c90
CLI should respect scored annotation for warnings ( #3821 )
...
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
2022-05-07 13:33:50 +00:00
Sambhav Kothari
c3604c1170
Add an object_from_lists function ( #3824 )
2022-05-07 12:05:04 +00:00
Sambhav Kothari
876a216b5f
Improve logging and error handling in json context ( #3825 )
2022-05-07 11:32:48 +00:00
Sambhav Kothari
e55bf0bf6f
Relax JMESPath variable validation ( #3826 )
2022-05-07 16:40:53 +05:30
shuting
b4f2b63f53
Load mutate.targets via dclient ( #3797 )
...
* Load mutate.targets via dclient
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Do not fail on namespace cleanup for e2e generate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Fix wildcard name listing for a certain namespace
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Rename onPolicyUpdate to mutateExistingOnPolicyUpdate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Enable "mutateExistingOnPolicyUpdate" on policy events
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-05-06 05:46:36 +00:00
Jim Bugwadia
db3502656d
Cert attestor ( #3809 )
...
* add certificates attestor
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle duplicate images; use container name as key
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* use OldObject for modify requests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* use unique image names
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* merge main
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* create a single annotation patch across rules and images
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt and change annotation key name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* split certs from keys
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add Rekor and fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-05 21:57:20 -07:00
Jim Bugwadia
76608e315e
handle duplicate images; use container name as key ( #3779 )
...
* handle duplicate images; use container name as key
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* use OldObject for modify requests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* use unique image names
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* merge main
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* create a single annotation patch across rules and images
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt and change annotation key name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
2022-05-05 14:06:18 -07:00
Charles-Edouard Brétéché
5d2e2faf72
fix: autogen rules in status ( #3728 )
...
* refactor: autogen package logger
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix: add rules to status only when necessary
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-05-05 15:11:26 +00:00
Prateek Pandey
2af9046e13
refact: disable leader for update request controller ( #3807 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-05 14:19:19 +00:00
Charles-Edouard Brétéché
25c2bf0e1f
fix: remove k8s apiserver from self-generated cert ( #3803 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-05-05 13:26:55 +00:00
Vyankatesh Kudtarkar
13d8a96f92
Policy Validation check for onPolicyUpdate flag ( #3814 )
...
* policy validation check for OnPolicyUpdate flag
* add validation check for onupdatepolicy flag
2022-05-05 21:04:49 +08:00
shuting
8a9a98d8b5
Add handler to UR.status ( #3791 )
...
* - Add "handler" to "ur.status"
- Mark / Unmark handler upon UR reconciliation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Add field onPolicyUpdate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Update API docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Add delay in generate e2e tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Remove duplicate logic for cleaning up the cloned resource
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-05-05 16:26:27 +05:30
Charles-Edouard Brétéché
4d08354498
fix: remove kubeconfig ( #3802 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
2022-05-05 10:12:43 +00:00
Charles-Edouard Brétéché
9a1a82e3b5
feat: parse all root CA certs ( #3808 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-05 09:31:22 +01:00
Sambhav Kothari
6e48fdf4ce
Fix issue with image registry when decoding OCI descriptors with out of spec keys ( #3799 )
2022-05-04 13:38:56 -04:00
Charles-Edouard Brétéché
bb6e9a1ada
refactor: move config controller in controllers package ( #3790 )
...
* refactor: use typed informers and add tombstone support to webhookconfig
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: remove unstructured usage from webhookconfig
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: cert manager controller
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* refactor: move config controller in controllers package
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-04 16:05:03 +00:00
Charles-Edouard Brétéché
0a783bdc7d
chore: remove useless util NewKubeClient ( #3795 )
2022-05-04 13:14:17 +01:00
Charles-Edouard Brétéché
db735f2165
fix: pod stay in terminating when scaling to 0 ( #3793 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-04 10:57:56 +00:00
gsweene2
af51ceb4ff
Add JMESPath Function items ( #3777 )
...
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
2022-05-04 10:33:24 +00:00
Frank Jogeleit
43fc77c71f
Add rule to PolicyViolation event messages ( #3787 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-05-03 18:35:42 +00:00
Charles-Edouard Brétéché
2b6549fd5b
chore: remove config flags ( #3786 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-03 17:52:10 +00:00
Charles-Edouard Brétéché
32789d1c0d
fix: add missing tombstone calls ( #3784 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-05-03 16:58:20 +00:00
