mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity
4091 commits 15 branches 540 tags 276 MiB
Commit graph

76 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
1fe203732f
refactor: separate json utils package (#3523) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 16:34:52 +00:00
Charles-Edouard Brétéché
6e813a6b9e
refactor: webhooks package (#3516) 
* refactor: use more policy interface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: migrate to policy interface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: webhooks package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 23:34:10 +08:00
Charles-Edouard Brétéché
9fc65fa5a7
refactor: use policy interface and introduce admission utils package (#3512) 
* refactor: use more policy interface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: migrate to policy interface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 20:25:54 +08:00
Charles-Edouard Brétéché
04740c52fa
refactor: use more policy interface (#3510) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 12:14:00 +05:30
Charles-Edouard Brétéché
20069c13c3
feat: stop mutating rules (#3410) 
* feat: stop adding autogen annotation

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: stop mutating rules

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: stop mutating rules

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: use toggle

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: review comments

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-28 22:01:27 +08:00
shuting
d1bf3d4742
clean up dependencies (#3469) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-03-25 08:40:25 +00:00
Charles-Edouard Brétéché
0c8e8c1212
feat: move GetRules() at the policy level (#3420) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-18 15:18:32 +00:00
Vyankatesh Kudtarkar
b3a53f0658
fix PodExecOptions issue (#3373) 
* fix PodExecOptions issue

* add note

* update comment
 2022-03-11 15:09:32 +05:30
Charles-Edouard Brétéché
ce5f648f30
refactor: introduce rules getters and setters (#3350) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
 2022-03-09 15:28:31 +00:00
Vyankatesh Kudtarkar
e8bf16a00b
Fix label mutation while updating the secret (#3273) 
* Fix label mutation while updating the secret

* Update util.go

* fix converter issue

* code indentation
 2022-02-22 19:49:03 +08:00
Abhinav Sinha
2cd988a153
Added validation for Condition Operators (#2864) 
* Added validation for Condition Operators

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

* Updated description of `Condition.Operator` with all current valid condition operators`

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

* Added `ConditionOperators` map and updated existing `ConditionOperator` type references

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>
 2021-12-28 15:12:31 +00:00
Jose Armesto
831a9826d1
Restructure project to follow standards (#2632) 
Signed-off-by: Jose Armesto <github@armesto.net>
 2021-10-29 18:13:20 +02:00
Marcus Noble
1966c82c6d
Fix various go lint issues (#2639) 
* Fix various go lint issues

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

* Fix if mistake

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

* Simplified returns

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2021-10-29 17:06:03 +02:00
Liu Shaohui
c90df17356
Fix: kyverno-pre panic when checking kubernetes version (#2614) 
Signed-off-by: Shaohui Liu <liushaohui@xiaomi.com>
 2021-10-28 23:04:03 -07:00
Bricktop
3f15ec5a1e
Remove dead code and unused variables (#2537) 
* Remove dead code and unused variables

Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>

* Remove unnecessary definitions

Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
 2021-10-13 22:45:23 +02:00
Vyankatesh Kudtarkar
05a0737184
Fix Autogen issue for any/all block and new rule foreach (#2471) 
* Fix Autogen issue for any/all block and Support gvk in match kind block

* remove log and fix test

* Fix issues

* Fix cronjob issue

* Fix autogen for Foreach

* Fix autogen for For each

* Fix for each issue

* adding missing assignements

* Update autogen for foreach rule
 2021-10-06 16:19:55 -07:00
NoSkillGirl
1bf48c54a8 improving if condition 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
vivek kumar sahu
ae6f6c327f Added Code to support the test command for mutate policy (#2279) 
* Added test-e2e-local in the Makefile
* Added a proper Indentation
* Added 3 more fields
* Added getPolicyResourceFullPath function
* Updating the patchedResource path to full path
* Converts Namespaced policy to ClusterPolicy
* Added GetPatchedResourceFromPath function
* Added GetPatchedResource function
* Checks for namespaced-policy from policy name provided bu user
* Generalizing resultKey for both validate and mutate. Also added kind field to this key
* Added Type field to PolicySpec
* To handle mutate case when resource and patchedResource are equal
* fetch patchResource from path provided by user and compare it with engine patchedResource
* generating result by comparing patchedResource
* Added kind to resultKey
* Handles namespaced policy results
* Skip is required
* Added []*response.EngineResponse return type in ApplyPolicyOnResource function
* namespaced policy only surpasses resources having same namespace as policy
* apply command will print the patchedResource whereas test will not
* passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case
* default namespace will printed in the output table if no namespace is being provided by the user
* Added e2e test for mutate policy and also examples for both type of policies
* Created a separate function to get resultKey
* Changes in the resultKey for validate case
* Added help description for test command in the cli
* fixes code for more test cases
* fixes code to support more cases and also added resources for e2e-test
* some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc.
* Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice.
* Added kind in the result section of test.yaml for all test-cases
* engineResponse will handle different types of response
* GetPatchedResource() uses GetResource function to fetch patched resource

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2021-10-05 11:11:54 +05:30
Arsh Sharma
7e9be24d90
updating minio verison (#1956) 2021-06-09 19:16:26 -07:00
Pooja Singh
d3e4fede02
Fix for commented yaml files in Kyverno CLI (#1849) 
* fix for commented policy yaml file

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fix for commented resource yaml file

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-04-29 10:41:15 -07:00
Yashvardhan Kukreja
69c3418ca9
added: a pre-flight validation check for ensuring that only 'any'/'all' fields are present under conditions (#1791) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-04-16 17:23:01 -07:00
Shuting Zhao
741f230272 add unit tests 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-05 14:41:30 -07:00
Shuting Zhao
4b8b8cbfa6 remove namespace field on kind Namespace 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-05 13:05:47 -07:00
shuting
9a99cc3a33
fix Namespace scope (#1718) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-17 10:28:44 -07:00
Yashvardhan Kukreja
10c714d5ba
feat: [preconditions, conditions] added backwards-compatible support for logical operators (#1604) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 20:31:06 -08:00
Shuting Zhao
17c72c1578 substitute variables in context.configMap 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 16:27:20 -08:00
Jim Bugwadia
05da4190f8
handle discovery errors for metrics API group (#1494) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-01-24 11:34:02 -08:00
shuting
5f70f5feec
fixes #1399 (#1400) 2020-12-15 15:21:39 -08:00
Jim Bugwadia
6afd2e6f3a
ignore non-policy files in CLI and improve validation messages (#1362) 
* improve validation message

* improve error behaviors

* fix tests

* fix tests
 2020-12-07 11:26:04 -08:00
Jim Bugwadia
a64915128b Revert "ignore non-policy files while loading" 
This reverts commit c766512485.
 2020-12-06 11:12:54 -08:00
Jim Bugwadia
c766512485 ignore non-policy files while loading 2020-12-06 10:57:20 -08:00
shuting
630a9cc94c
Fix Kyverno crash when CRD is not installed (#1353) 
* ignore Kyverno CRDs existence check when server is not available

* clean up cluster / reportChangeRequest

* resolve PR comments
 2020-12-03 19:19:36 -08:00
shuting
2ec5a0fa42
1319 fix throttling (#1348) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

* improve naming

* add temp logs for troubleshooting

* cleanup logs

* apply generate policy to old & new resource in webhook

* cleanup log messages

* cleanup log messages

* cleanup log messages

* fix clean up of policy report in init container

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-12-01 12:30:08 -08:00
NoSkillGirl
5794889752 Merge branch 'main' into policyreport_cli 2020-11-18 14:43:30 +05:30
Shuting Zhao
b9fb926ddb fixes for golint ./... 2020-11-17 13:07:30 -08:00
NoSkillGirl
ca31568e2d fixed comments 2020-11-11 11:57:23 +05:30
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
NoSkillGirl
94babfe4bd policy support added 2020-11-04 14:03:39 +05:30
Shuting Zhao
a1eda94a80 Merge branch 'main' into policyreport 
# Conflicts:
#	pkg/utils/util.go
 2020-11-03 16:43:00 -08:00
Jim Bugwadia
48b98bd17b
allow text after patch versions (#1230) 2020-11-02 22:14:36 -08:00
Shuting Zhao
2abfff1f06 remove violation CRD from manifest 2020-11-02 17:08:35 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Pooja Singh
ccdcb6ae89
Feature/read from stdin validate (#1171) 
* temp

* added pipe logic for validate

* fixed test cases - policy mutation
 2020-10-06 17:50:53 -07:00
shuting
e0f617b383
810 support cronJob for auto-gen (#1089) 
* add watch policy to clusterrole kyverno:customresources

* - improve auto-gen policy application logic - remove unused code

* move method to common util

* auto-gen rule for cronJob

* update doc

* set CronJob as default auto-gen pod controller

* - update doc; - fix test

* remove unused code
 2020-09-01 09:11:20 -07:00
NoSkillGirl
b61412ca7a minor validation changes 2020-08-31 18:18:10 +05:30
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30
Shuting Zhao
34d05c58c2 PR fixes 2020-05-19 13:04:06 -07:00
Shuting Zhao
962b8f9865 Fix bug 2020-05-18 18:30:39 -07:00
Shuting Zhao
416f5ecc00 Merge branch 'master' into 744_deny_requests 
# Conflicts:
#	pkg/utils/util.go
#	pkg/webhooks/server.go
 2020-05-18 18:05:22 -07:00
Yuvraj
277402ba4c
Feature - Add checks for k8s version when Kyverno starts (#831) 
* Added k8s version check for mutating and validating'

* version check adde

* middelware added

* formate

* Added timeout flag value to webhook server timeout middelware and refactore kubernetes version check

* Fixed test cases

* Removed log

* Update kubernetes version check

* Added check for mutate and validate

* Skip Validation in handleValidateAdmissionRequest if kubernetes version is below 1.14

* Update return object AdmissionResponse

* fixed condition for skiping mutation

* Handle condition for skip feature in case of kubernetes version 1.14.2
 2020-05-18 17:00:52 -07:00