Marcel
2a2be0ae5a
Add nancy-ignore to make it pass with current dependencies ( #7590 )
...
Signed-off-by: Marcel Müller <marcel@giantswarm.io>
2023-06-19 17:30:23 +00:00
shuting
3786e49cad
reduce sleep duration for generate kuttl tests ( #7589 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-19 16:58:39 +00:00
Charles-Edouard Brétéché
6de0b8461f
fix: make configuring max procs not exit in case of error ( #7588 )
...
* fix: make configuring max procs not exit
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 16:27:00 +00:00
Charles-Edouard Brétéché
2d060fae36
fix: scorecard workflow ( #7587 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 15:47:58 +00:00
Chip Zoller
f6045d7035
Test policy library ( #7568 )
...
* first attempt at adding policy library to kuttl tests
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* fix checkout
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* use standard config
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* use config file in kyverno/policies
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* cd
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* fix run command
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* fix debug failure uses
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
---------
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 15:17:24 +00:00
Charles-Edouard Brétéché
b092d6286b
chore: fix token permissions ( #7585 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 14:25:27 +00:00
Andreas Brehmer
a1ae86cdbe
Add JMESPath function for dynamic object/array lookup ( #7136 )
...
* Fix JMESPath functions error message
JMESPath functions `parse_yaml`, `items` and `object_from_lists` use
wrong format string arguments for an error message and count the
argument from 0 instead of 1.
Fix the format string args and add 1 to the argument index.
Also improve the error message itself.
Signed-off-by: Andreas Brehmer <andreas.brehmer@sap.com>
* Add JMESPath function `lookup`
`lookup` allows for dynamic lookups of objects and arrays, i.e. where
the key/index to look up is determined during the JMESPath query and
thus cannot be injected upfront.
Signed-off-by: Andreas Brehmer <andreas.brehmer@sap.com>
---------
Signed-off-by: Andreas Brehmer <andreas.brehmer@sap.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 13:45:13 +00:00
Mariam Fahmy
44310b2e5a
fix: Result not correct when testing a mutate rule and foreach. ( #7396 )
...
* fix: Result not correct when testing a mutate rule and foreach
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: result not correct when testing a mutate rule and foreach
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* use comparison to detect skip vs pass
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 12:06:50 +00:00
Charles-Edouard Brétéché
bc35700e29
fix: validate subject kind ( #7582 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 10:56:50 +00:00
Charles-Edouard Brétéché
b4e863e075
chore: bump otel deps ( #7580 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 09:09:08 +00:00
Charles-Edouard Brétéché
8a62aaa6eb
fix: autogen not working correctly with cronjob conditions ( #7571 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 06:06:30 +00:00
Charles-Edouard Brétéché
a3bb168d9c
fix: couple of issues in policy interface ( #6772 )
...
* fix: couple of issues in policy interface
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-19 04:30:25 +00:00
Chip Zoller
85705a7fec
update ( #7573 )
...
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
2023-06-18 20:19:08 +00:00
Emmanuel Ferdman
94283672c8
fix: update typos in docs/dev/reports/README.md ( #7575 )
...
Signed-off-by: emmanuel-ferdman <35470921+emmanuel-ferdman@users.noreply.github.com>
2023-06-18 19:47:50 +00:00
Vishal Choudhary
cec6a8ab20
Helpers to providers ( #7572 )
...
* renamed helpers
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* related changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
2023-06-16 20:25:46 +00:00
Charles-Edouard Brétéché
b2707c0cd1
feat: make aggregated reports optional ( #7475 )
...
* feat: make aggregated reports optional
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* helm
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* changelog
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-16 15:19:22 +00:00
Charles-Edouard Brétéché
7ba136767a
fix: background image verification not working ( #7564 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-16 14:48:59 +00:00
Vishal Choudhary
43685aedc2
Enable flexible registry credential configurations ( #7114 )
...
* types added
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added secret fetching and client creation
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* codegen
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* validate target resource scope & namespace settings (#7098 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: mutation code (#7095 )
* fix: mutation code
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* lazy loading of context vars (#7071 )
* lazy loading of context vars
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* gofumpt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add kuttl tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* moved to policy context
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed errors
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* RegistryClientLoader
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* [Feature] Add kuttl tests with policy exceptions disabled (#7117 )
* added tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* removed redundant code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* typo fix and README changes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Conditions message (#7113 )
* add message to conditions
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* extend tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123 )
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](21991cec25...555a30da26
)
---
updated-dependencies:
- dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121 )
Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize ) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/kyaml
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102 )
Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go ) from 2.0.2 to 2.1.0.
- [Release notes](https://github.com/oras-project/oras-go/releases )
- [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0 )
---
updated-dependencies:
- dependency-name: oras.land/oras-go/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* add condition msg to v2beta1 (#7126 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: print container flags and their values (#7127 )
* add condition msg to v2beta1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* print flags settings
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* remove the container flag genWorker from the admission controller (#7132 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103 )
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.54.0 to 1.55.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* remove the duplicate entry (#7125 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120 )
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* update background scan logging messages (#7142 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Update chart with v2 to v3 migration guidance. (#7144 )
* add Saxo Bank and Velux as adopters
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* update chart README and validations
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* add Controller Internals info (#7147 )
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656 )
* feat: add policy reporter to the dev lab
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* refactor: remove obsolete structs from CLI
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* more
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* Supporting ValidatingAdmissionPolicy in kyverno apply
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* chore: bump k8s from v0.26.3 to v0.27.0-rc.0
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Support validating admission policy in kyverno apply
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Support validating admission policy in kyverno test
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* refactoring
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Adding kyverno apply tests for validating admission policy
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* running codegen-all
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Adding IsVap field in TestResults
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* chore: bump k8s from v0.27.0-rc.0 to v0.27.1
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Fix vap in engine response
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.3 to 0.13.4 (#7150 )
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize ) from 0.13.3 to 0.13.4.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.3...api/v0.13.4 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#7149 )
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Added `omit-events` flag to allow disabling of event emission (#7010 )
* added comma seperated flag
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* reason added in logs
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added requested changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* kuttl test init
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated behavior
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed flawed behavior
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated test location and added readme
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated step
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* omit events
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: let reports controller quit when loosing the lead (#7153 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump slsa-framework/slsa-github-generator (#7160 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore: bump otel deps (#7152 )
* chore: bump otel deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 (#7172 )
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/docker/distribution (#7171 )
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#7177 )
Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr ) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/zapr/releases )
- [Commits](https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4 )
---
updated-dependencies:
- dependency-name: github.com/go-logr/zapr
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Add refactor note (#7169 )
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed typo in the v2 to v3 helm migration guide (#7163 )
* fixed typo in the v2 to v3 helm migration guide
Signed-off-by: Richard Parke <richardparke15@gmail.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Richard Parke <richardparke15@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/distribution/distribution (#7178 )
Bumps [github.com/distribution/distribution](https://github.com/distribution/distribution ) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/distribution/distribution/releases )
- [Commits](https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2 )
---
updated-dependencies:
- dependency-name: github.com/distribution/distribution
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* tweaks (#7166 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add logging feature to helm chart (#7181 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* refactor: hide json context from caller (#7139 )
* refactor: hide json context from caller
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* unit tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add omit-events feature in helm chart (#7185 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: preconditions in mutate existing rules (#7183 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: use structured jsonpatch instead of byte arrays (#7186 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added secret lister
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* changes from review
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added rclientloader to policy context
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* refactor changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* NIT
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added RegistryClientLoaderNewOrDie to policy context
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* CI fixes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: panic for policy variable validation (#7079 )
* fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* check errors
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: remove policy-reporter from dev lab (#7196 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: cleanup controller metrics name (#7198 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: http request metrics (#7197 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* remove unused code (#7203 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* handle Deny rules where conditions eval to true (#7204 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* [Bug] Enforce message wrong (#7208 )
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fixed tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: panic in reports controller (#7220 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: mutate existing auth check (#7219 )
* fix auth check when using variables in ns
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: do not exclude kube-system service accounts by default (#7225 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* docs: add reports system design doc (#6949 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227 )
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228 )
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232 )
Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/pod-security-admission
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: match logic misbehave (#7218 )
* add rule name in ur for mutate existing
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix match logic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix the match logic to only apply to the new object, unless it's a delete request
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240 )
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241 )
Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242 )
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver ) from 0.27.1 to 0.27.2.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases )
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* passing rclientloader directly
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* lazy evaluate vars in conditions (#7238 )
* lazy evaluate vars in conditions
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove unnecessary conversion
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml
Signed-off-by: shuting <shutting06@gmail.com>
* Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md
Signed-off-by: shuting <shutting06@gmail.com>
* added error check in test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* quote image in error (#7259 )
Signed-off-by: bakito <github@bakito.ch>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: auto update webhooks not configuring fail endpoint (#7261 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix latest version check (#7263 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270 )
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases )
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md )
- [Commits](7319e4733e...58d5258088
)
---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272 )
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime ) from 0.14.6 to 0.15.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add yaml util to check empty document (#7276 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* NIT
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Azure to ACR
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go mod fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* codegen
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* NIT
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* adding kuttl test
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* use pointer
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fixes
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* cleanup
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* global client
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* cleanup
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* added kubeclient
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added nil kubeclient check
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* context
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* factory
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* more fixes
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* secrets lister
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* flags
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix cli
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* factories
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Richard Parke <richardparke15@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: bakito <github@bakito.ch>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com>
Co-authored-by: rparke <50015370+rparke@users.noreply.github.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-16 13:37:08 +00:00
dependabot[bot]
6939716675
chore(deps): bump github.com/prometheus/client_golang ( #7555 )
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.15.1 to 1.16.0.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-16 12:19:03 +00:00
Andreas Brehmer
0344f52d6f
Fix: Error cause is missing ( #7563 )
...
Include the message of an error happening during mutation of elements of
a `foreach` loop.
Signed-off-by: Andreas Brehmer <andreas.brehmer@sap.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-16 13:39:29 +02:00
Furkan Türkal
a21c5fb347
fix: cache regex globally ( #7546 )
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Emin <emin.aktas@trendyol.com>
2023-06-16 10:07:15 +00:00
dependabot[bot]
9811417022
chore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 ( #7556 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.55.0 to 1.56.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.55.0...v1.56.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-16 09:27:19 +00:00
dependabot[bot]
043d2bb7f3
chore(deps): bump k8s.io/cli-runtime from 0.27.2 to 0.27.3 ( #7553 )
...
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-16 08:46:43 +00:00
Charles-Edouard Brétéché
8b8311bcca
fix: recursive lazy loading ( #7552 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-16 07:29:49 +00:00
dependabot[bot]
76a91b281b
chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.2 to 0.27.3 ( #7538 )
...
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver ) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases )
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-16 05:01:58 +00:00
Mike Bryant
91021b65b6
fix: Delete downstream objects on precondition fail ( #7496 )
...
* fix: Delete downstream objects on precondition fail
When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition.
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* add debug command
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* sync trigger updates to downstream
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix bgscan fetching trigger
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: Move rbac change into tests for better isolation
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* fix unit test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-15 11:32:19 -04:00
dependabot[bot]
8e86ad3bcf
chore(deps): bump k8s.io/apiserver from 0.27.2 to 0.27.3 ( #7541 )
...
Bumps [k8s.io/apiserver](https://github.com/kubernetes/apiserver ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/apiserver/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/apiserver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 15:17:09 +00:00
dependabot[bot]
c5c6c97965
chore(deps): bump k8s.io/pod-security-admission from 0.27.2 to 0.27.3 ( #7539 )
...
Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/pod-security-admission
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 10:14:42 +00:00
siddharth
a89860e8ab
fix: update kyverno admission-controller role to have delete verb for… ( #7527 )
...
* fix: update kyverno admission-controller role to have delete verb for secret
Kyverno stopped working due to the following error:
```
tls "msg"="failed to delete CA secret" "error"="secrets \"kyverno-svc.kyverno.svc.kyverno-tls-ca\" is forbidden: User \"system:serviceaccount:kyverno:kyverno-admission-controller\
```
I'm still not sure why it tries to delete the secret.
Signed-off-by: siddharth <sedflix@gmail.com>
* add codegen-manifest-all
---------
Signed-off-by: siddharth <sedflix@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-15 09:39:52 +00:00
dependabot[bot]
9dd7e46d8a
chore(deps): bump k8s.io/kube-aggregator from 0.27.2 to 0.27.3 ( #7542 )
...
Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 16:26:27 +08:00
Charles-Edouard Brétéché
6f040af4d0
refactor: cut dependency between image verifier and registry client ( #7536 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 16:19:38 +00:00
Lion916
ee1e7a7add
fix: add type conversion error judgment to avoid program panic ( #6526 )
...
fix: add type conversion error judgment to avoid program panic
Signed-off-by: wangshuai <wangshuai31@xiaomi.com>
Co-authored-by: wangshuai <wangshuai31@xiaomi.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
2023-06-14 14:24:45 +00:00
shuting
d3db3bc342
refactor: generate reconciliation on policy updates ( #7531 )
...
* generate rule type validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* generate rule type validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add the kuttl test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* rever validation checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* refactor
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-14 13:52:27 +00:00
Mariam Fahmy
a9cd47e0eb
feat: add API server priority and fairness configuration for kyverno ( #7468 )
...
* feat: add API server priority and fairness configuration for kyverno
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: move priority level config specification to values.yaml
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* feat: support all versions of flowcontrol resources
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: use namespaces instead of clusterscope in rules for the namespaced resources
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
---------
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
2023-06-14 15:19:36 +02:00
itsCheithanya
692d419aa4
Updated the message to the level4log and removed err that originated from ApplyBackgroundChecks. ( #7528 )
...
* updated the message to the level4log and removed err that originated from ApplyBackgroundChecks
Signed-off-by: Cheithanya <cheithanya2002@gmail.com>
* Update pkg/policy/policy_controller.go
Signed-off-by: shuting <shutting06@gmail.com>
---------
Signed-off-by: Cheithanya <cheithanya2002@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
2023-06-14 12:36:26 +00:00
dependabot[bot]
1c7d62f9a1
chore(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 ( #7526 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 11:55:00 +00:00
Charles-Edouard Brétéché
a727ffca42
refactor: introduce engine image data client interface ( #7529 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 10:06:52 +00:00
Mike Bryant
93bbc57c7a
fix: Remove ownerReferences when cloning across Namespaces ( #7517 )
...
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-13 15:35:10 +00:00
Charles-Edouard Brétéché
71ff19476d
fix: log level initialisation ( #7515 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 22:23:53 +08:00
Charles-Edouard Brétéché
644ed25fd0
fix: misleading error message in deny conditions ( #7503 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 12:51:08 +00:00
shuting
9ce83958c3
add debug env BACKGROUND_SCAN_INTERVAL ( #7504 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-13 12:21:40 +00:00
dependabot[bot]
8e5e2634fa
chore(deps): bump golang.org/x/text from 0.9.0 to 0.10.0 ( #7512 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 10:55:55 +00:00
shuting
5ce80c4e68
fix: target scope validation for the generate rule ( #7479 )
...
* fix target scope validation for generate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-13 10:26:56 +00:00
shuting
5fa6e1fa48
fix: cloneList sync behavior ( #7466 )
...
* fix flaky tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#7463 )
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f4ef78c080...465a07811f
)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump slsa-framework/slsa-github-generator (#7462 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix cloneList sync behavior
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* skip creating duplicate URs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* renam
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 09:12:13 +00:00
dependabot[bot]
575cc7066a
chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 ( #7511 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](5f1fec7010...639cd343e1
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 08:29:47 +00:00
dependabot[bot]
0af0944f87
chore(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 ( #7510 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](f82d6c1c34...336e29918d
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 08:00:25 +00:00
Charles-Edouard Brétéché
b6209da108
fix: use RawClient in context loader ( #7499 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 16:03:17 +00:00
Charles-Edouard Brétéché
1401bcf2fb
feat: use context for toggles management ( #7501 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 17:36:12 +02:00
Marc Brugger
3d5ed2b4e5
fix: log kind/namespace/name in scan errors ( #7498 )
...
Signed-off-by: bakito <github@bakito.ch>
2023-06-12 16:17:15 +02:00
dependabot[bot]
92989dcf94
chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 ( #7495 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.13.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...cdcdbb5797
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 12:36:19 +00:00