Charles-Edouard Brétéché
39b72eefb9
feat: add http clients tracing ( #5630 )
...
* feat: add http clients tracing
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* check we are in a span before creating one and and context to metrics recording calls
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-12-09 09:09:11 +00:00
dependabot[bot]
a88db42743
chore(deps): bump k8s.io/cli-runtime from 0.25.4 to 0.25.5 ( #5635 )
...
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime ) from 0.25.4 to 0.25.5.
- [Release notes](https://github.com/kubernetes/cli-runtime/releases )
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.25.4...v0.25.5 )
---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 08:56:21 +01:00
dependabot[bot]
2b2bd42c55
chore(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 ( #5618 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-08 15:45:31 +08:00
Charles-Edouard Brétéché
6cdc3f44cf
chore: bump a couple of deps ( #5611 )
...
* chore: bump a couple of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: bump a couple of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: bump a couple of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-12-07 13:37:30 +00:00
Charles-Edouard Brétéché
a459aab26b
chore: bump a couple of deps ( #5610 )
...
* chore: bump a couple of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* a couple more
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-12-07 11:33:33 +00:00
Charles-Edouard Brétéché
3e44569fe2
chore: bump a couple of deps ( #5593 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-12-07 06:39:27 +00:00
Charles-Edouard Brétéché
d19e870c17
refactor: update otlp packages ( #5367 )
...
* fix: panic when disable metrics is true
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* refactor: update otlp packages
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* update bunch of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* target infos
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
2022-12-06 15:41:00 +00:00
dependabot[bot]
3dce3fc7c7
chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc ( #5559 )
...
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go ) from 1.7.0 to 1.11.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.7.0...v1.11.1 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-12-05 19:23:07 +00:00
dependabot[bot]
205ef8f6a8
chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 ( #5574 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 15:57:54 +00:00
dependabot[bot]
3a8affab16
chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 ( #5560 )
...
Bumps [go.uber.org/zap](https://github.com/uber-go/zap ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/uber-go/zap/releases )
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/zap/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 12:09:49 +00:00
Charles-Edouard Brétéché
6fe8d773ee
chore: bump a few deps ( #5512 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-30 12:54:04 +00:00
Charles-Edouard Brétéché
c6faee2559
chore: bump a couple of deps ( #5503 )
...
* chore: bump a couple of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* sigstore
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-29 13:09:14 +00:00
Charles-Edouard Brétéché
900002fcf9
chore: bump a bunch of deps ( #5440 )
...
* chore: bump a bunch of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-23 14:03:16 +08:00
Charles-Edouard Brétéché
4b11292835
chore: bump sigstore deps ( #5376 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-11-21 21:48:34 +00:00
Nikhil Sharma
d44dc97990
feat: add cleanupPolicy validation code ( #5279 )
...
* validate the cleanupPolicy
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
* add validation for DELETE permission for cleanupPolicy
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
* add separate binary for cleanupPolicy
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
* fix linter issues
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-11-14 10:43:32 +01:00
Charles-Edouard Brétéché
6091af6fba
fix: wrong logger used ( #5311 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-11 12:16:27 +05:30
Batuhan Apaydın
cbbd8488c8
feat: oci pull/push support for policie(s) ( #5026 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-24 18:47:20 +00:00
shuting
5279958943
Remove old version of golang.org/x/sys ( #5125 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-10-24 09:11:19 +00:00
Charles-Edouard Brétéché
7ceea1a08f
chore: bump a few deps ( #4943 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-14 07:13:19 +00:00
Charles-Edouard Brétéché
cd5e0cfa74
chore: bump a couple of deps ( #4925 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 11:04:23 +02:00
Charles-Edouard Brétéché
ecb0ad32ec
chore: bump a couple of deps ( #4842 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-07 15:37:12 +05:30
Charles-Edouard Brétéché
7849fbbc8a
refactor: leader controllers management ( #4832 )
...
* refactor: leader controllers management
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rename
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix start
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove dead code
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-07 07:38:38 +00:00
yinka
266f2d397f
upgrade controller-runtime dependency ( #4829 )
...
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-06 11:07:37 +00:00
ShutingZhao
d3a18d0c83
Bump k8s libraries to v0.25.2
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-10-06 03:50:39 +08:00
Charles-Edouard Brétéché
f7dde0ab96
chore: use concurrent map v2 (generics) ( #4803 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-06 00:35:09 +08:00
Charles-Edouard Brétéché
83bd8bdbb5
chore: bump a couple of deps ( #4802 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-04 12:21:47 +05:30
Charles-Edouard Brétéché
5fef84afd1
chore: bump a few deps ( #4790 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-03 13:18:23 +00:00
Jim Bugwadia
081330d564
update cosign and k8s-manifest-sigstore ( #4781 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-10-03 14:46:20 +08:00
yinka
bb2e193d44
feat: allow users enable JSON logging with a --loggingFormat=json flag ( #4661 )
...
* feat: add feature flag to disable background scan (#4638 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* allow users configure JSON logging with a --logging-format=json flag
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* Clean up changes
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* added kubeconfig and context flag to kyverno apply (#4524 )
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: publish sbom result to a different repositry from an image (#4665 )
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* Fix issue for wildcard versions (#4670 )
* Fix wildcard issue
Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com>
* Delete res.yaml
Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com>
Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: bump minimum go version (#4677 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: namespaced policy not validated in engine (#4653 )
* fix: namespaced policy not validated in engine
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix test
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: handle auth permission for cloneList validation (#4684 )
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: bump net standard lib (#4685 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* small fixes
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* add json logger
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix import
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix go mod
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix go mod
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: simplify go mod (#4692 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: jmespath random error handling (#4697 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* refactor: replace signal package by signal.NotifyContext (#4691 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: namespaced policy targets namespace validation and scoping them to the policy's namespace (#4671 )
Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: shutdown controllers workers gracefully (#4681 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: split webhook handlers per failure policy (#4650 )
* fix: split webhook handlers per failure policy
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix handlers
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* rolling update
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* better error message
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* refactor: use pod name as leader id (#4680 )
* refactor: use pod name as leader id
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix manifests
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* makefile
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* leader client
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: missing client wrapper (#4703 )
* fix: missing client wrapper
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* v1beta1
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* v1alpha2
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* policy report
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: refactor manifests related makefile targets (#4706 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* deps
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Sandesh More <34198712+sandeshlmore@users.noreply.github.com>
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
2022-09-29 07:49:29 +00:00
Prateek Pandey
01dbf7389d
fix: containerd dependency vulnerability ( #4629 )
...
upgrade the containerd indirect deps to
fixed version
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-09-29 05:40:55 +00:00
Charles-Edouard Brétéché
e0ab72bb9a
feat: reports v2 implementation ( #4608 )
...
This PR refactors the reports generation code.
It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds.
The new reports system is based on 4 controllers:
Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation
Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes
Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace)
Resources controller is responsible for watching reports that need background scan reports
I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong.
I also added a flag to split reports in chunks to avoid creating too large resources.
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché
7209445cd3
chore: simplify go mod ( #4692 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-26 18:25:03 +05:30
Charles-Edouard Brétéché
9e872305a2
fix: bump net standard lib ( #4685 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-09-26 08:22:29 +00:00
Prateek Pandey
1807bd9a6f
chore: bump cosign 1.12.0 to fix vulnerabilities ( #4631 )
...
bump the cosign version to fix vulnerabilities with
blob verification, CVE-2022-36056
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-09-16 07:48:22 -07:00
Charles-Edouard Brétéché
bc4bf5ee27
chore: switch to github.com/IGLOU-EU/go-wildcard ( #4563 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-09-10 17:30:13 +00:00
Anurag
560cec329e
add random filter ( #4527 )
...
* add random filter
Signed-off-by: Anurag <contact.anurag7@gmail.com>
* update go.mod file
Signed-off-by: Anurag <contact.anurag7@gmail.com>
* update go.sum
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Anurag <contact.anurag7@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2022-09-07 16:22:30 +00:00
Charles-Edouard Brétéché
fffd6aa9a0
chore: upgrade golang to 1.18 ( #4505 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-05 09:32:45 +05:30
ToLToL
1b9a2fca21
Extend Pod Security Admission ( #4364 )
...
* init commit for pss
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add test for Volume Type control
* add test for App Armor control except ExemptProfile. Fix PSS profile check in EvaluatePSS()
* remove unused code, still a JMESPATH problem with app armor ExemptProfile()
* test for Host Process / Host Namespaces controls
* test for Privileged containers controls
* test for HostPathVolume control
* test for HostPorts control
* test for HostPorts control
* test for SELinux control
* test for Proc mount type control
* Set to baseline
* test for Seccomp control
* test for Sysctl control
* test for Privilege escalation control
* test for Run as non root control
* test for Restricted Seccomp control
* Add problems to address
* add solutions to problems
* Add validate rule for PSA
* api.Version --> string. latest by default
* Exclude all values for a restrictedField
* add tests for kyverno engine
* code to be used to match kyverno rule's namespace
* Refacto pkg/pss
* fix multiple problems: not matching containers, add contains methods, select the right container when we have the same exclude.RestrictedField for multiple containers:
* EvaluatePod
* Use EvaluatePod in kyverno engine
* Set pod instead of container in context to use full Jmespath. e.g.: securityContext.capabilities.add --> spec.containers[*].securityContext.capabilities.add
* Check if PSSCheckResult matched at least one exclude value
* add tests for engine
* fix engine validation test
* config
* update go.mod and go.sum
* crds
* Check validate value: add PodSecurity
* exclude all restrictedFields when we only specify the controlName
* ExemptProfile(): check if exclud.RestrictedField matches at least one restrictedField.path
* handle containers, initContainers, ephemeralContainers when we only specify the controlName (all restrictedFields are excluded)
* refacto pks/pss/evaluate.go and add pkg/engine/validation_test.go
* add all controls with containers in restrictedFields as comments
* add tests for capabilities and privileged containers and fix some errors
* add tests for host ports control
* add tests for proc mount control
* add tests for privilege escalation control
* add tests for capabilities control
* remove comments
* new algo
* refacto algo, working. Add test for hostProcess control
* remove unused code
* fix getPodWithNotMatchingContainers(), add tests for host namespaces control
* refacto ExemptProfile()
* get values for a specific container. add test for SELinuxOptions control
* fix allowedValues for SELinuxOptions
* add tests for seccompProfile_baseline control
* refacto checkContainers(), add test for seccomp control
* add test for running as non root control
* add some tests for runAsUser control, have to update current PSA version
* add sysctls control
* add allowed values for restrictedVolumes control
* add some tests for appArmor, volume types controls
* add tests for volume types control
* add tests for hostPath volume control
* finish merge conflicts and add tests for runAsUser
* update charts and crds
* exclude.images optional
* change volume types control exclude values
* add appAmor control
* fix: did not match any exclude value for pod-level restrictedFields
* create autogen for validate.PodSecurity
* clean code, remove logs
* fix sonatype lift errors
* fix sonatype lift errors: duplication
* fix crash in pkg/policy/validate/ tests and unmarshall errors for pkg/engine tests
* beginning of autogen implement for validate.exclude
* Autogen for validation.PodSecurity
* working autogen with simple tests
* change validate.PodSecurity failure response format
* make codegen
* fix lint errors, remove debug prints
* fix tags
* fix tags
* fix crash when deleting pods matching validate.podSecurity rule. Only check validatePodSecurity() when it's not a delete request
* Changes requested
* Changes requested 2
* Changes requested 3
* Changes requested 4
* Changes requested and make codegen
* fix host namespaces control
* fix lint
* fix codegen error
* update docs/crd/v1/index.html
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix path
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update crd schema
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update charts/kyverno/templates/crds.yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2022-08-31 09:16:31 +00:00
Riko Kudo
5f5cda9fee
Yaml signing and verification ( #4235 )
...
* enable YAML verification using k8s-manifest-sigstore
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
comment out role and rolebinding for dryrun
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix log message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
change default value of dryrun option
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
support gpg signature
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* upgrade manifest sigstore version and support multi sigs
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix validate.manifest rule
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd and add small fix
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
set cosign experimental env when keyless verification
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* improve default ignoreFields
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* add unit-test for k8smanifest
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update install yaml
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version and support one or more signatures
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
add unit-test for k8smanifest multi-signature
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix manifest verify policy and move dryrun rbac to dryrun dir
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version and resolve conflict
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
enable YAML verification using k8s-manifest-sigstore
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
comment out role and rolebinding for dryrun
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
upgrade manifest sigstore version and support multi sigs
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix validate.manifest rule
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd and add small fix
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version and support one or more signatures
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy and move dryrun rbac to dryrun dir
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
add small fix
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* remove generic name
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix sonatype-lift issue and unit-test error
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix gofumpt error
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* update manifest rule to use attestor
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* remove unused value
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* resolve conflict
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix install.yaml
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix to set COSIGN_EXPERIMENTAL env variable when keyless verification
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix misspell
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* enable kyverno cli in validate.manifests rule (#3 )
* enable kyverno cli in validate.manifests rule
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version and improve error handling for better result output
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update crds and deepcopy
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update unit test
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* change to use spec.rules.exclude.subjects instead of skipUsers (#4 )
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix yaml signing sigstore (#5 )
* update k8s-manifest-sigstore version
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* add a comment for dryrun option field
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* enable to include ClusterPolicy/Policy in match resource
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix log style and env variable settings
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* simplify manifest verify func
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix func name
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix sonatype warning
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix default ignoreFields
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix yaml signing sigstore rbac (#6 )
* fix dryrun rbac to have minimal permissions
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix lint error
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix unit-test error
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix gofumpt error
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix log style
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* updated CRD documentation
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* resolve go.mod conflicts
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* updated helm stuff
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 10:14:54 -07:00
Charles-Edouard Brétéché
888689df54
fix: update go-wildcard to v1.5.0 ( #4444 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-08-29 17:10:01 +00:00
Prateek Pandey
34fe6c9058
bump cosign deps version to 1.11.1 ( #4408 )
...
* bump cosign deps version to 1.11.1
to accommodate latest attestation verification fixes
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* bump github action go version to 1.18
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-08-25 08:24:49 +00:00
dependabot[bot]
0bb575442d
chore(deps): bump github.com/sigstore/cosign from 1.10.0 to 1.10.1 ( #4328 )
...
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign ) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v1.10.0...v1.10.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-11 12:38:27 +08:00
Jim Bugwadia
943c3a1929
use failurePolicy to block or allow requests, on policy errors ( #4183 )
...
* use failurePolicy to block or allow requests, on policy errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add warnings
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* codegen
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle network errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix title conversion
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix path in generated file
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix fake metrics
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add check for klog flag initialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* check for flag reinitialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* check for flag reinitialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix spelling
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix flag init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-08-02 20:24:02 +05:30
Guilhem Lettron
b03e461f25
feat: auto optimize GOMAXPROCS ( #4277 )
...
Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>
2022-07-29 23:59:47 +08:00
Tathagata Paul
3e2894b6fa
feat: Opentelemetry support for metrics and traces ( #3910 )
...
* integrating opentelemetry
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* fix multiple imports
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* fixed cli help statement
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* added init file for metrics
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-07-11 17:49:47 +00:00
Furkan Türkal
af3da5e19a
bump cosign to 1.9.1 to fix fulcio panic ( #4117 )
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-06-16 16:03:22 +00:00
Vyankatesh Kudtarkar
7245c92dcf
fix vulnerable ( #4027 )
2022-05-26 04:19:00 +00:00
Vyankatesh Kudtarkar
bea0b794d5
add validation check to ensure the annotations quoted ( #3976 )
2022-05-24 12:45:23 +00:00
Prateek Pandey
c79dc82eaa
fix: cleanup old dependencies from go.sum and go.mod ( #3806 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-05 08:56:22 +00:00
Prateek Pandey
3e2c9b25c9
Bump cosign and sigstore version ( #3771 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-05-02 20:20:08 +01:00
Shubham Gupta
3cbb8db72e
Update vulnerable dependencies ( #3577 )
...
Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-04-14 20:39:55 +00:00
Anushka Mittal
1714a328b6
add-kms-libraries for cosign ( #3603 )
...
* add-kms-libraries
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
* Shifted providers to cosign package
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
2022-04-14 15:24:34 +00:00
Anushka Mittal
746d8efde9
Update to cosign 1.7.1 ( #3587 )
...
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
2022-04-12 09:29:26 -07:00
shuting
d1bf3d4742
clean up dependencies ( #3469 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-03-25 08:40:25 +00:00
Charles-Edouard Brétéché
9ac35f9698
chore: add more codegen target and verifications ( #3393 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
2022-03-16 15:01:35 +05:30
Christian Kotzbauer
851a81845c
Update cosign to v1.6.0 ( #3341 )
...
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
fix ecr-helper creation
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-03-11 11:25:10 -08:00
Prateek Pandey
66969d35ea
validate and block policy based on the matched kind cache ( #3283 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-02-23 22:27:18 +05:30
Jim Bugwadia
14111aaa05
update dependencies ( #3221 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-02-13 11:20:24 +00:00
Rob Best
851ebe3e65
Add cloud provider keychains to DefaultKeychain ( #3116 )
...
Removes the need to specify an image pull secret to make use of cloud
provider credentials. As I understand it, this should be fine outside of
cloud provider contexts.
As part of this, I've switched to using authn/kubernetes, which I believe
is preferable to k8schain.
Signed-off-by: Rob Best <robertbest89@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-01-28 11:33:27 -08:00
Jim Bugwadia
7cf1dd2b15
update cosign to 1.5.0 and fix issuer and subject for keyless ( #3089 )
...
* update cosign to 1.5.0 and add checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix subject and issuer checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-01-27 21:13:23 -08:00
Sambhav Kothari
2eb8f5f285
Fix memory leak when updating ggcr keychain ( #3088 )
...
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
2022-01-26 12:45:05 -08:00
Jim Bugwadia
bb06901119
fix mutate preprocessing for anchors ( #3052 )
...
* fix mutate preprocessing for anchors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2022-01-23 13:54:22 +00:00
Mritunjay Kumar Sharma
cdedf11a1c
bumps k8s libraries for k8s v1.23 upgrade for kyverno ( #3043 )
...
* bumps k8s libraries for k8s v1.23 upgrade for kyverno
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* fixes kustomize version
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* updates golang to v1.17 to test fails
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* updates logr package to 1.2.2
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* Fixed tests for `pkg/cosign` and `pkg/webhooks/generation`
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* fix go-logr deps version issue
Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>
* fix kube-openapi commit hash
Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: Abhinav Sinha <abhinav@nirmata.com>
Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>
2022-01-22 20:26:53 +08:00
Naman Lakhwani
898520b7cf
add semver_compare
JMESPath function ( #2846 )
...
* add semver_compare JMESPath function
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* adding tests for semver_compare
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* enabling version compaision via regular operators
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* adding tests for version compaision via regular operators
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* removing unnecessary switch cases
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2021-12-21 08:12:35 -08:00
Danny Kulchinsky
f6982760fc
truncate custom jmespath function ( #2836 )
...
* [feature] custom jmespath truncate function
Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>
* formatting
Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>
* simplify naming a bit
Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>
Co-authored-by: shuting <shutting06@gmail.com>
2021-12-17 15:52:52 +08:00
Naman Lakhwani
edafffd2bd
added issuer check ( #2804 )
...
* added issuer check
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* switch to using SimpleContainerImage
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* added subject check and required test cases
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* small nits
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
* correcting tests
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2021-12-10 19:46:22 +00:00
Kumar Mallikarjuna
a667a69812
JMESPath arithmetic function units ( #2753 )
...
* MAS arithmetic functions
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Adding Divide() and Modulo()
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Added tests
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Tidy go.mod
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Fix lift issues
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Set division scale to maximum of operands
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Precision for Add()/Subtract()
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Set duration precision
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
* Added comment for duration diff calculation
Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>
2021-12-07 15:44:46 +00:00
Shubham Palriwala
ea3529f2d0
Trivy now scans local images ( #2744 )
...
* fix: trivy now scans entire container
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>
* update github.com/docker/cli package for vulnerabilities
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix go.mod vulnerabilities
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2021-11-22 20:57:51 +08:00
Jim Bugwadia
189c6f8cda
fix dependabot issue and remove stale entries in go.mod ( #2741 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-11-19 16:11:38 +08:00
shuting
0f0c070072
Fix memory issue - RCR conversion ( #2678 )
2021-11-08 15:53:21 -08:00
Jim Bugwadia
50cb1859c3
add keyless verification ( #2677 )
...
* add keyless verification
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* run make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter warning
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* wrap error with details
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-11-04 23:26:22 -07:00
Batuhan Apaydın
4eab46fb7d
feat: support other key methods ( #2607 )
...
* feat: support other key methods
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com>
Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com>
* feat: support fetch attestations from repository
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
* fix: parameter type
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
* fix error check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com>
Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2021-11-03 00:45:35 -07:00
Jose Armesto
831a9826d1
Restructure project to follow standards ( #2632 )
...
Signed-off-by: Jose Armesto <github@armesto.net>
2021-10-29 18:13:20 +02:00
Jim Bugwadia
ef9e9ec9ac
add variable substitutoion for imageVerify and allow PEM in ConfigMaps
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-10-26 10:41:27 -07:00
Jim Bugwadia
e0b1f08a28
fix check for CREATE request ( #2551 )
...
* fix check for CREATE request
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-10-18 09:34:07 -07:00
Jim Bugwadia
0dbe7ea675
start attestation support
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-10-01 11:10:36 -07:00
Shubham Palriwala
5b01dd53a7
remove minio/minio and update minio/pkg ( #2440 )
...
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>
2021-09-28 12:19:26 -07:00
Bricktop
4b71a031ab
Openapi validation should not fail if patchesJson6902 appends to list ( #2340 )
...
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-09-16 12:40:56 -07:00
Max Goncharenko
a0ff8bbd0b
Implement global anchor ( #2311 )
...
* implement global anchor for patch strategic merge
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* fixed unit tests for mutation global anchor
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* added global anchor in validation
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* fix some global anchor issues found during testing
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* run go tidy
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* fixed tests
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* fixed some tests
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* finish implementing global anchor
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* WIP: lower global anchor strictness
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* Revert "WIP: lower global anchor strictness"
This reverts commit 08e176a042
.
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* global anchor for mutation
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-09-13 08:59:28 -07:00
Yashvardhan Kukreja
5fcd9b83d9
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics ( #2288 )
...
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
2021-09-10 14:39:12 -07:00
Max Goncharenko
7e258bf54b
add new test; remove unnecessary anchors ( #2217 )
...
* add new test; remove unnecessary anchors
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* added several test to e2e
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* remove unused variable
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* added comment to expected result
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-09-09 08:55:20 -07:00
Jim Bugwadia
511db4372b
update cosign ( #2369 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-09-07 21:29:20 -07:00
Jim Bugwadia
8af814c7af
update cosign to v1.0.0 ( #2221 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-08-02 13:51:36 -07:00
Jim Bugwadia
13caaed8b7
Feature/cosign ( #2078 )
...
* add image verification
* inline policy list
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* cosign version and dependencies updates
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add registry initialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add build tag to exclude k8schain for cloud providers
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add build tag to exclude k8schain for cloud providers
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* generate deep copy and other fixtures
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix deep copy issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* mutate images to add digest
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add certificates to Kyverno container for HTTPS lookups
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align flag syntax
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update docs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update dependencies
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update dependencies
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* patch image with digest and fix checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* hardcode image for demos
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add default registry (docker.io) before calling reference.Parse
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix definition
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* increase webhook timeout
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix args
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* run gofmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* rename for clarity
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix HasImageVerify check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align make test commands
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align make test commands
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align make test commands
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter error
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle API conflict and retry
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix reviewdog issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix make for unit tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* improve error message
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix durations
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle errors in tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* print policy name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add retries and duration to error log
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix time check in tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* round creation times in test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix retry loop
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove timing check for policy creation
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix e2e error - policy not found
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* update string comparison method
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix test Generate_Namespace_Label_Actions
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add debug info for e2e tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix error
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix generate bug
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add check for update operations
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* increase time for deleteing a resource
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Shuting Zhao <shutting06@gmail.com>
2021-07-09 18:01:46 -07:00
Max Goncharenko
6d0ad5598e
Jmespath notfound error ( #1907 )
...
* return err, if variable path could not be resolved
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* fixed {{@}} behavior
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* fix json merge logic
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* add e2e tests for Flux use case
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-07-01 22:56:50 -07:00
Pooja Singh
cd9e596e7e
[Improvement] Kyverno should not delete downstream resources when a generate policy using the clone behavior has synchronize: true ( #1880 )
...
* debuging issue
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* issue fixed
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* remove policy name in source resource
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* fixed deletion of GR on source updation
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* added function in common
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* removing comments
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* added generated resource list to the log
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* small improvement
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-30 12:00:02 -07:00
Valentin Velkov
63f4c9a884
Configurable success events on policies & resources. Generating failure events on policies by default. ( #1939 )
...
* Remove unused event.Reason const
Signed-off-by: Velkov <valentin.velkov@sap.com>
* Generate failure events on policies
Signed-off-by: Velkov <valentin.velkov@sap.com>
* Generate success events on policy
Signed-off-by: Velkov <valentin.velkov@sap.com>
* Introduce 'generateSuccessEvents' flag
Signed-off-by: Velkov <valentin.velkov@sap.com>
* Unit tests & chart fix
Signed-off-by: Velkov <valentin.velkov@sap.com>
2021-06-29 14:43:11 -07:00
NoSkillGirl
09b1592f11
added loop for namespace
...
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-15 18:14:51 +05:30
shuting
6f07ea407f
Customize namespaceSelector of Webhookconfigurations ( #2003 )
...
* customize namespaceSelector of webhook configurations from configMap
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* update webhook configurations base on UPDATEs of Kyverno ConfigMap
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* register webhook configurations with the namespaceSelector from ConfigMap
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* address golint comment
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* validate webhooks config format
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix NotDefined scenario
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-06-14 13:01:40 -07:00
Arsh Sharma
7e9be24d90
updating minio verison ( #1956 )
2021-06-09 19:16:26 -07:00
shuting
e9a972a362
feat: HA ( #1931 )
...
* Fix Dev setup
* webhook monitor - start webhook monitor in main process
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add leaderelection
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* - add isLeader; - update to use configmap lock
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* - add initialization method - add methods to get attributes
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* address comments
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* remove newContext in runLeaderElection
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add leader election to GenerateController
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* skip processing for non-leaders
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* skip processing for non-leaders
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add leader election to generate cleanup controller
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Gracefully drain request
* HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920 )
* enable leader election for webhook register
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* extract certManager to its own process
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* leader election for cert manager
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* certManager - init certs by the leader
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add leader election to webhook monitor
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* update log message
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add leader election to policy controller
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add leader election to policy report controller
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* rebuild leader election config
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* start informers in leaderelection
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* start policy informers in main
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* enable leader election in main
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* move eventHandler to the leader election start method
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* address reviewdog comments
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add clusterrole leaderelection
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fixed generate flow (#1936 )
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
* - init separate kubeclient for leaderelection - fix webhook monitor
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* address reviewdog comments
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* cleanup Kyverno managed resources on stopLeading
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* tag v1.4.0-beta1
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix cleanup process on Kyverno stops
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* bump kind to 0.11.0, k8s v1.21 (#1980 )
Co-authored-by: vyankatesh <vyankatesh@neualto.com>
Co-authored-by: vyankatesh <vyankateshkd@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
2021-06-08 12:37:19 -07:00
Yashvardhan Kukreja
bb80e1b641
added: initial prometheus client setup
...
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
2021-05-16 13:06:14 +05:30
Pooja Singh
4296e69225
updating synchronize lable in generated resource ( #1860 )
...
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-05-06 13:11:10 -07:00
NoSkillGirl
4cfc21779c
added policy validation according to api server
...
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-21 10:28:11 +05:30
Max Goncharenko
6a0305674a
JMESPath custom functions ( #1772 )
...
* JMESPath: Support regex expressions
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* JMESPath: Add string functions
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* Removed {{$}} variable handling logic
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* Name all functions in snake case; Update error message; Fix {{@}} behavior
Signed-off-by: Max Goncharenko <kacejot@fex.net>
2021-04-16 16:17:00 -07:00
shuting
c08843ef77
Add Images info to variables context ( #1725 )
...
* - remove supportMutateValidate; - refactor new context in the webhook
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add ImageInfo to variables context
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* revert unexpected changes
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-03-23 10:34:03 -07:00
Raj Babu Das
08643773c3
removing go.sum from github workflow and adding unused pkg check ( #1698 )
...
Signed-off-by: rajdas98 <mail.rajdas@gmail.com>
2021-03-11 10:14:46 -08:00
Shuting Zhao
c4ebef7b0d
- support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902
...
- upgrade to evanphx/json-patch/v5
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-02-25 15:25:07 -08:00
shuting
2f2d6c2e38
Upgrade client libraries to 0.20.2 ( #1547 )
...
* upgrade clients to 0.20.2
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* remove debug log
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix unit tests
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix e2e test
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-02-07 20:26:56 -08:00
shuting
bd44dbff41
Reduce RCR Throttling ( #1545 )
...
* buffer report change requests
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix clusterReportChangeRequest
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* further reduce RCRs in background scan
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-02-07 19:46:50 -08:00
Shuting Zhao
f95771a3b8
add dependency to go.sum
2021-01-08 18:47:28 -08:00
Shuting Zhao
3adfdc24af
fix release failure
2021-01-08 18:25:38 -08:00
shuting
35aa3149c8
Remove lock embedded in CRD controller, use concurrent map to store shcemas ( #1441 )
2021-01-04 23:17:17 -08:00
NoSkillGirl
c66e2a7058
adding label to clone source
2020-12-29 18:04:20 +05:30
shuting
2fc3b3b998
Fixes 1410 strategic merge patch ( #1414 )
...
* fixes #1410
* fix unit test
* re-initialize worker immediately on failure
2020-12-23 17:48:00 -08:00
Jim Bugwadia
6afd2e6f3a
ignore non-policy files in CLI and improve validation messages ( #1362 )
...
* improve validation message
* improve error behaviors
* fix tests
* fix tests
2020-12-07 11:26:04 -08:00
Jim Bugwadia
f3b644f624
handle anchors in keys
2020-12-04 15:59:15 -08:00
Jim Bugwadia
2aeb5aa982
validate conditiona.operator as enum
2020-11-29 00:37:36 -08:00
Jim Bugwadia
54f816c246
trim variable for context lookups
2020-11-24 17:48:54 -08:00
shuting
e868dbfeb9
Fix 1287 - failed to update annotation through mutate policy ( #1289 )
...
* fix 1287
* update mutate log
2020-11-24 10:11:05 -08:00
Shuting Zhao
168bb21093
add optional tag to gr.status
2020-11-18 15:07:12 -08:00
NoSkillGirl
9a9cd55b7b
SanitizedError fix
2020-11-18 15:02:14 +05:30
NoSkillGirl
5794889752
Merge branch 'main' into policyreport_cli
2020-11-18 14:43:30 +05:30
Shuting Zhao
b9fb926ddb
fixes for golint ./...
2020-11-17 13:07:30 -08:00
Shuting Zhao
e985ee4031
correct misspelled words
2020-11-17 12:01:01 -08:00
Jim Bugwadia
74b656768e
1251 fix generate panic ( #1252 )
...
* improve error message
* fix panic and add error logs
* update log levels and messages
* fix tests
2020-11-12 16:44:57 -08:00
NoSkillGirl
7fbe422ef6
corrected merge code
2020-11-10 16:31:39 +05:30
NoSkillGirl
acc34fbf0a
Merge commit
2020-11-10 10:49:29 +05:30
shuting
5e07ecc5f3
Add Policy Report ( #1229 )
...
* add report in cli
* policy report crd added
* policy report added
* configmap added
* added jobs
* added jobs
* bug fixed
* added logic for cli
* common function added
* sub command added for policy report
* subcommand added for report
* common package changed
* configmap added
* added logic for kyverno cli
* added logic for jobs
* added logic for jobs
* added logic for jobs
* added logic for cli
* buf fix
* cli changes
* count bug fix
* docs added for command
* go fmt
* refactor codebase
* remove policy controller for policyreport
* policy report removed
* bug fixes
* bug fixes
* added job trigger if needed
* job deletation logic added
* build failed fix
* fixed e2e test
* remove hard coded variables
* packages adde
* improvment added in jobs sheduler
* policy report yaml added
* cronjob added
* small fixes
* remove background sync
* documentation added for report command
* remove extra log
* small improvement
* tested policy report
* revert hardcoded changes
* changes for demo
* demo changes
* resource aggrigation added
* More changes
* More changes
* - resolve PR comments; - refactor jobs controller
* set rbac for jobs
* add clean up in job controller
* add short names
* remove application scope for policyreport
* move job controller to policyreport
* add report logic in command apply
* - update policy report types; - upgrade k8s library; - update code gen
* temporarily comment out code to pass CI build
* generate / update policyreport to cluster
* add unit test for CLI report
* add test for apply - generate policy report
* fix unit test
* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest
* remove dependency
* add reportRequest / clusterReportRequest
* clean up policy report
* generate report request
* update crd clusterReportRequest
* - update json tag of report summary; - update definition manifests; - fix dclient creation
* aggregate reportRequest into policy report
* fix unit tests
* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report
* remove
* generate reportRequest in kyverno namespace
* update resource filter in helm chart
* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest
* generate policy report in background scan
* skip generating report change request if there's entry results
* fix results entry removal when policy / rule gets deleted
* rename apiversion from policy.kubernetes.io to policy.k8s.io
* update summary.* to lower case
* move reportChangeRequest to kyverno.io/v1alpha1
* remove policy report flag
* fix report update
* clean up policy violation CRD
* remove violation CRD from manifest
* clean up policy violation code - remove pvGenerator
* change severity fields to lower case
* update import library
* set report category
Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-11-09 11:26:12 -08:00
NoSkillGirl
e11efa4e7a
added policy report example
2020-11-04 14:03:40 +05:30
NoSkillGirl
f2c01d7f76
fixed no-kind-pod error
2020-11-04 14:03:38 +05:30
NoSkillGirl
80aa6eb9f5
added policyreport to cli
2020-11-04 14:03:38 +05:30
Shuting Zhao
85c6c3d36f
clean up policy violation CRD
2020-11-02 16:59:16 -08:00
Shuting Zhao
63a8d89c8d
- update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report
2020-10-27 18:28:30 -07:00
Shuting Zhao
c906baa1a7
- update policy report types; - upgrade k8s library; - update code gen
2020-10-15 17:54:58 -07:00
Shuting Zhao
6b5e935e49
Merge branch 'feature/reports-cli' of https://github.com/evalsocket/kyverno into policyreport
...
# Conflicts:
# Makefile
# cmd/kyverno/main.go
# go.mod
# go.sum
# pkg/client/clientset/versioned/clientset.go
# pkg/client/clientset/versioned/fake/clientset_generated.go
# pkg/client/clientset/versioned/fake/register.go
# pkg/client/clientset/versioned/scheme/register.go
# pkg/client/informers/externalversions/factory.go
# pkg/client/informers/externalversions/generic.go
# pkg/client/listers/kyverno/v1/expansion_generated.go
# pkg/policy/common.go
# pkg/policy/controller.go
# pkg/policy/existing.go
# pkg/policyviolation/builder.go
# pkg/policyviolation/generator.go
# pkg/webhooks/server.go
# pkg/webhooks/validate_audit.go
# pkg/webhooks/validation.go
2020-10-12 18:30:37 -07:00
Mohan B E
51ac382c6c
Feature/configmaps var 724 ( #1118 )
...
* added configmap data substitution for foreground mutate and validate
* added configmap data substitution for foreground mutate and validate fmt
* added configmap lookup for background
* added comments to resource cache
* added configmap data lookup in preConditions
* added parse strings in In operator and configmap lookup docs
* added configmap lookup docs
* modified configmap lookup docs
2020-09-22 14:11:49 -07:00
evalsocket
573496f318
policy report yaml added
2020-09-15 08:07:01 -07:00
shuting
931d7cd47c
Set mutating webhhok reinvocationPolicy to IfNeeded ( #1097 )
...
* add watch policy to clusterrole kyverno:customresources
* fix build
* fix nil pointer
* skip json patches if the mutation is re-invoked
* set resource mutating webhook invocation policy to IfNeeded
2020-09-03 08:54:37 -07:00
Mohan B E
3690bf5fff
conditional anchor preprocessing for patch strategic merge ( #1090 )
...
* conditional anchor preprocessing for patch strategic merge
* modified sequence pre processing and added unit test
* merged master
* go fmt
* corrected mistake and added error handling to policy validate
2020-09-01 09:12:05 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 ( #1058 )
...
* namespaced policy crd and cache
* modified main.go
* removed kyverno
* implemented policy violation generator for namespaced policy on audit
* modified cache
* added validation for cluster resource types
* install.yaml
* install.yaml
* removed namespaces from crd and refactored code
* modified NamespacePolicy to Policy
* added ClusterRole aggregate for policies
* modified clusterrole
2020-08-19 09:07:23 -07:00
Jim Bugwadia
fc6da9c9e6
improve CLI validation reports
2020-08-18 21:03:00 -07:00
Pooja Singh
5a68653749
Supporting annotations in match/exclude ( #1045 )
...
* Supporting annotations in match/exclude filters
* updated readme
* small fix
2020-08-17 17:12:27 -07:00
Mohan B E
a14828246d
Feature/api version 852 ( #1028 )
...
* apiVersion support for generate
* added apiVersion to crds
2020-08-07 09:47:33 +05:30
shuting
39de46fe39
983 kustomize support ( #1026 )
...
* prototype - strategic merge patch
* add end to end test
* add engine strategic merge patch support
* set webhook reinvocationPolicy to IfNeeded
* refactor engine mutate code
* support JMESPath in strategic merge patch
* implement patchesJson6902
* update doc
* resolve pr comments
2020-08-05 09:11:23 -07:00
Mohan BE
3e1cef790a
added field type specification to types
2020-07-21 11:33:51 +05:30
Mohan BE
9451f79ee5
added api docs generator
2020-07-20 20:05:06 +05:30
NoSkillGirl
f0fab9499e
temp
2020-07-11 17:56:14 +05:30
shuting
87fa77fbcc
965 add validate audit handler ( #967 )
...
* store policy names cache to reduce lookup time
* add validate audit handler
* fix #958 , remove auto-gen annotation on Pod
* formatting code
* update processTime to readable format
* #586 , add back unit test
* update logging info
* remove unused interface
* handle generate policy in a single thread in weboook
* resolve pr comments
2020-07-09 11:48:34 -07:00
NoSkillGirl
2fde3146e8
added more validation for policies
2020-07-07 17:08:57 +05:30
Jim Bugwadia
65193feccb
update logging, naming, and event retry ( #959 )
...
* update logging and naming
* check per policy patch count
2020-06-30 11:53:27 -07:00
NoSkillGirl
b589169b5e
Added in-notin operator
2020-06-26 12:48:45 +05:30
Yuvraj
c0326ce3f1
conflict resolve
2020-06-25 12:05:42 -07:00
Yuvraj
ab328b59d3
go mod updated
2020-06-25 12:00:35 -07:00
Shuting Zhao
a1d7816c10
fix violation updates when there's no change
2020-06-01 19:37:48 -07:00
Jim Bugwadia
838d02c475
Bugfix/659 support wildcards for namespaces ( #871 )
...
* - support wildcards for namespaces
* do not annotate resource, unless policy is an autogen policy
* close HTTP body
* improve messages
* remove policy store
Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.
We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.
* handle wildcard namespaces in background processing
* fix unit tests 1) remove platform dependent path usage 2) remove policy store
* add test case for mutate with wildcard namespaces
2020-05-26 10:36:56 -07:00
Jim Bugwadia
304c75403e
- skip resource schema validation when no mutate rules are applied
...
- cleanup webhook registration logic and logs
2020-05-17 14:37:05 -07:00
shravan
0932e9a147
664 tested prototype
2020-04-27 18:38:03 +05:30
shravan
793321e410
754 missing changes for prev commit
2020-03-28 16:50:56 +05:30
shravan
9ce0102db9
754 missing changes from previous commit
2020-03-28 16:47:42 +05:30
shravan
91223deae2
754 resolved merge conflicts
2020-03-28 16:43:19 +05:30
shravan
b5af456f64
Revert "754 merge conflicts"
...
This reverts commit 39f75db435
.
2020-03-28 16:36:19 +05:30
shravan
39f75db435
754 merge conflicts
2020-03-28 16:30:18 +05:30
shravan
5cb134214b
536 importing go acc before ci/cd
2020-01-29 14:23:59 +05:30
shravan
a4e06a6ba1
536 fixing compilation issues
2020-01-26 19:42:09 +05:30
shravan
5a63b85368
536 conforming to plugin author guidelines
2020-01-26 19:21:58 +05:30
shravan
4bd678e301
added go modules and removed vendor file
2020-01-14 10:07:21 +05:30