mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
4091 commits 15 branches 540 tags 276 MiB
Commit graph

4091 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kumar Mallikarjuna
e39489f838
SharedInformers for WebhookConfigurations (#3007) 
* SharedInformers for WebhookConfigurations

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Add GVK to typed resources

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Remove ToUnstructured()

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Remove default informers from Resource Cache

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Formatted files

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>
 2022-01-19 15:57:32 +00:00
Naman Lakhwani
73a02a5df3
fixing bildx version (#3023) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-01-19 22:14:48 +08:00
Sambhav Kothari
8ddfcacd79
Fix permissions for image publish workflows (#3021) 
All of the jobs in this workflow use the same set of permissions and this workflow is only run on pushes to master. Adding the appropriate permissions to read repository contents, publish packages and ID token for cosign.

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-19 11:39:51 +00:00
Abhinav Sinha
f0359f8272
Fixed error handling for negation anchors (#2986) 
* Fixed error handling for negation anchors

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-01-19 15:39:07 +05:30
Abhinav Sinha
b5341b685d
Support namespaceSelector with dynamic webhook enabled (#2953) 
* Support `namespaceSelector` with dynamic webhook enabled

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

* Implemented suggested changes

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

* Implemented suggest changes

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-19 07:59:08 +00:00
Vyankatesh Kudtarkar
e22e9499b6
CLI fix for foreach policies (#2997) 
* CLI fix for foreach policies

* add test-case for foreach container and initcontainer

* fix comments

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-18 23:38:49 +00:00
Naman Lakhwani
1580837526
refactoring github actions to remove duplication and enhancement for versioned sbom's (#2979) 
* initial commit

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* adding docker-buildx-builder to makefile

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* reverting git describe in makefile

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* uploading sbom for each kyverno image

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* small nits

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* scanning image before pushing and removed cosign.pub

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-01-18 15:07:59 -08:00
shuting
cde1d0f2b2
clean up managed resources when cannot find kyverno deployment (#3018) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
 2022-01-18 16:45:24 +00:00
Kumar Mallikarjuna
771d62b735
Added Kyverno specific SharedInformerFactory (#2987) 
* Added Kyverno specific SharedInformerFactory

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Replace ToUnstructured()

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Add GVK to returned resource

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-18 15:52:48 +00:00
Prateek Pandey
421e6d9622
fix(generate): use JSON patch for GenerateRequests status updates (#3000) 
Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-18 14:53:48 +00:00
shuting
b6447e0649
Remove resourceCache from engine (#3013) 
* update log messages

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove resourceCache from the background controller when:
- register resource scope
- list resources per namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - use client call for configmap lookup;
- remove resourceCache from policy controller, webhook server and generate controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-01-18 12:59:35 +00:00
Sambhav Kothari
8ea7a62cad
Add samj1912 to codeowners (#3015) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-18 12:11:15 +00:00
Marcus Noble
2526f2ab16
Added Mac ARM64 build to Krew config (#3002) 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2022-01-18 11:32:34 +00:00
Vyankatesh Kudtarkar
c2de92d8c6
Support mutation of variables in validate.deny (#2947) 
* Support mutation of variables in validate.deny

* remove comment

* fix e2e test
 2022-01-18 10:53:30 +00:00
Vyankatesh Kudtarkar
38c8dfd073
Add CODEOWNER (#3011) 
* Add CODEOWNER

* update codeowner  file

* update file
 2022-01-18 06:49:59 +00:00
Sambhav Kothari
f5e00ee034
Add a parse_yaml function (#2999) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-17 13:41:08 +00:00
shuting
de6c6f2199
cherry-pick #2980 (#3001) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-01-17 13:00:39 +00:00
Sambhav Kothari
1af9e48b0d
Add image data to validate image configs (#2946) 
* Add image data to validate image configs

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>

* Add tests for image context

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>

* Add e2e test cases for image size policy

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-17 04:06:44 +00:00
Sambhav Kothari
f42092208f
Fix variable substitution for foreach preconditions (#2993) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-16 05:33:34 +00:00
Roee Landesman
665d2022d8
add top level permissions to remaining github workflows (#2995) 
Signed-off-by: Roee Landesman <roee.landesman@gmail.com>
 2022-01-16 03:57:35 +00:00
Roee Landesman
3e524b5586
Add github token permissions to improve ossf scorecard (#2992) 
* Fix autogen issue with cronjob generator and foreach pod generator (#2989)

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* Add baseline read-all permissions

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* remove extra read-all

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* Add arm64 goarch to go releaser (#2991)

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-15 17:14:22 -08:00
Roee Landesman
4450edc7d3
Add arm64 goarch to go releaser (#2991) 
Signed-off-by: Roee Landesman <roee.landesman@gmail.com>
 2022-01-15 15:39:52 -08:00
Sambhav Kothari
0c11af2d9a
Fix autogen issue with cronjob generator and foreach pod generator (#2989) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-15 12:28:28 -08:00
Jim Bugwadia
1fec430249
handle CRDs with no props (#2975) 
* handle CRDs with no props

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-14 21:08:04 +01:00
Tathagata Paul
1f3e625b99
Renamed test.yaml to kyverno-test.yaml (#2898) 
Signed-off-by: 4molybdenum2 <tathagatapaul7@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-14 08:45:59 +00:00
Boojapho
c8e93356fe
chore: bump golang to 1.7.6 in dockerfiles (#2968) 
Signed-off-by: Michael McLeroy <michaelmcleroy@cloudfitsoftware.com>

Co-authored-by: Michael McLeroy <michaelmcleroy@cloudfitsoftware.com>
Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-14 07:57:33 +00:00
Jim Bugwadia
116f36622b
move guidelines up (#2976) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-13 18:33:24 +08:00
Shubham Palriwala
1257388b97
feat: pin dependencies in gh actions (#2952) 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-13 05:23:05 +00:00
Jim Bugwadia
59d4cf8c0b
check for issuer and subject only when declared in policy. fix log levels (#2973) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-13 12:49:52 +08:00
Aarush Bhat
c202fb0f15
kyverno/test: print test summary of kyverno test results (#2944) 
Signed-off-by: sloorush <aarush.bhatt@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-01-12 18:52:22 +05:30
Sambhav Kothari
baf4fa335b
Remove spurious prints and fix line endings (#2963) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-11 14:15:26 +00:00
Kumar Mallikarjuna
037a320fba
Added TLS annotation check in the initContainer (#2956) 
* Added TLS annotation check in the initContainer

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Error checks

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Refactor annotation addition code

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Strict error reporting

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Error handling for Secrets

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Updated error conditions

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Update for nil error

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>
 2022-01-11 08:47:24 +00:00
Sambhav Kothari
6b9798f76f
Add parse_json function the decode json strings (#2941) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-10 13:42:02 -08:00
Naman Lakhwani
8350aadc58
Fix: CI job to release images (#2929) 
* making required changes in images workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* making required changes in release workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-10 14:10:44 +00:00
Sambhav Kothari
9a9326928c
Fix the PR template checkboxes to render empty instead of brackets (#2942) 
The current PR template doesn't render the checkboxes by default as unticked and instead as square brackets. This change
allows contributors to use the rendered UI to check boxes instead of manually fixing markdown.

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-09 12:02:57 -08:00
Kumar Mallikarjuna
9e16e763a0
ValidCert Secret Annotation Check (#2933) 
* Annotation check for Secrets

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Fix inconsistent errors

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Fix linting error

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>
 2022-01-07 20:15:00 +00:00
Kumar Mallikarjuna
4410b6adc3
Fix condition for rolling update (#2930) 2022-01-07 17:33:01 +00:00
Abhinav Sinha
7ceba594b2
Corrected the value of INIT_CONFIG env in deployment (#2927) 
Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-07 10:52:34 +00:00
Mritunjay Kumar Sharma
15495a472e
adds ephemeralContainers to the image variable (#2662) 
* adds ephemeralContainers to the image variable

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes unit tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-07 16:55:52 +08:00
Naman Lakhwani
68c8790139
adding permissions in jobs (#2924) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 19:35:45 +00:00
Naman Lakhwani
2f8bfc78b1
removing spaces (#2923) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 17:12:11 +00:00
Naman Lakhwani
760ec6830d
removing docker buildx (#2922) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 16:09:32 +00:00
Naman Lakhwani
cda6310249
fix in image workflow (#2921) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 22:48:20 +08:00
Kumar Mallikarjuna
214f338ec3
Fix TLS inconsitency in HA (#2910) 
* Fix TLS inconsitency in HA

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Add error checks

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Remove rendundant err definitions

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Handle all Secret errors

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>
 2022-01-06 09:11:16 +00:00
Frank Jogeleit
1208e51b68
Manage affinity with Helm values (#2900) 
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-06 05:05:15 +00:00
Naman Lakhwani
f330886af7
fixing cosign command (#2915) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-05 13:02:17 -08:00
Anushka Mittal
e9826e103d
added check for any/all (#2907) 
* added check for any/all

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* minor corrections

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2022-01-05 17:08:24 +00:00
shuting
df105ff596
Improve endpoint check (#2902) 
* improve endpoint checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update make target for the local build

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove debug log

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-01-05 07:47:42 +00:00
Kumar Mallikarjuna
3f61e2dd3a
Added report generation for verifyImage rules (#2782) 
* Add report generation for verifyImage rules

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Add flag comment

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Mutation: handleDelete()

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Remove redundant delete

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Test validation failure

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Validation force rules test

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Default validation behaviour

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Manual rules

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Update Config Manager

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Move Delete check

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-05 07:07:44 +00:00
Jim Bugwadia
a9fef256c7
updates for foreach and mutate (#2891) 
* updates for foreach and mutate

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* allow tests to pass on Windows

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter check

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add elementIndex variable

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix jsonResult usage

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add mutate validation and fix error in validate.foreach

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* format

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update message

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* do not skip validation for all array entries when one is skipped

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add foreach tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix format errors

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove unused declarations

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert namespaceWithLabelYaml

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix mutate of element list

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update CRDs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update api/kyverno/v1/policy_types.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/forceMutate.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/forceMutate.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/forceMutate.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/mutation.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/mutation.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/mutation.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/validate/validate.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update pkg/engine/validate/validate.go

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update test/cli/test/custom-functions/policy.yaml

Co-authored-by: Steven E. Harris <seh@panix.com>

* Update test/cli/test/foreach/policies.yaml

Co-authored-by: Steven E. Harris <seh@panix.com>

* accept review comments and format

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add comments to strategicMergePatch buffer

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* load context and evaluate preconditions foreach element

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add test for foreach mutate context and precondition

* precondition testcase

* address review comments

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update message

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* format

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Steven E. Harris <seh@panix.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-01-05 09:36:33 +08:00