shuting
c0ab93b95b
fix: autogen status for ivpol ( #12431 )
...
* feat: enable mutating webhook for ivpol
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: add objects to payload
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add chainsaw test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add update codegen
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: propagate policy response to admission reponse
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: ivpol autogen meta
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-18 10:40:21 +00:00
shuting
5c5a5fc0b0
feat: reconcile ivpol.status ( #12392 )
...
* feat: update ivpol.status api
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: reconcile ivpol.status
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issues
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: autogen fields replacement
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: update ivpol autogen rules
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: invoke ivpol webhook handler
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
2025-03-15 05:29:19 +05:30
Vishal Choudhary
c47b48bda6
feat: autogenerate image verification policies for pod controllers ( #12290 )
...
* feat: autogen for image verification
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-03-04 21:30:23 +00:00
Vishal Choudhary
00f3e2f775
feat: add evaluation config to image verification policies ( #12279 )
...
* feat: add evaluation config to image verification policies
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: ci
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-03-03 21:27:07 +05:30
shuting
f2f724469d
chore: remove mutatingpolicies ( #12261 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-28 14:22:09 +00:00
Mariam Fahmy
2ea7e7ce76
feat: add new field to control VAP generation per policy ( #12242 )
...
* feat: add new field to control VAP generation per policy
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: remove 1.28 and 1.29 from tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-28 13:35:13 +00:00
Vishal Choudhary
7439fcc733
feat(test): image verification on any payload ( #12266 )
2025-02-28 09:09:25 +00:00
shuting
26a6b37265
feat: add evaluation mode to api ( #12262 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-27 16:31:10 +05:30
Charles-Edouard Brétéché
ebaad6fbb1
feat: improve validating policy api ( #12243 )
...
* feat: improve validating policy api
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-02-26 15:18:12 +00:00
Mariam Fahmy
75a10ac550
feat: introduce generic exception interface ( #12244 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-25 16:11:19 +00:00
Charles-Edouard Brétéché
9d56f5f2b5
feat: stop reusing admissionregistrationv1.ValidatingAdmissionPolicySpec ( #12246 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-02-25 14:48:47 +00:00
Mariam Fahmy
6359fd4a1a
feat: generate VAPs from VPs ( #12222 )
...
* feat: generate VAPs from VPs
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix codegen
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-25 20:27:29 +08:00
shuting
2326a4e393
feat: add mpol.spec.admission and mpol.spec.background ( #12218 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-21 17:48:22 +00:00
Vishal Choudhary
221c559247
feat: cosign verifier for new image verifier crd ( #12196 )
...
* feat: cosign verifier for new image verifier crd
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#12170 )
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore ) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* feat: add MutatingPolicies CRD (#12150 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* README: fix markdown syntax (#12176 )
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.1 to 0.20.2 (#12180 )
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.20.1...v0.20.2 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: cel policies nits (#12184 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* use serviceAccountName instead of deprecated serviceAccount (#12158 )
Signed-off-by: Francesco Ilario <filario@redhat.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#12179 )
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore ) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#12178 )
Bumps [github.com/awslabs/amazon-ecr-credential-helper/ecr-login](https://github.com/awslabs/amazon-ecr-credential-helper ) from 0.0.0-20241227172826-c97b94eac159 to 0.9.1.
- [Release notes](https://github.com/awslabs/amazon-ecr-credential-helper/releases )
- [Changelog](https://github.com/awslabs/amazon-ecr-credential-helper/blob/main/CHANGELOG.md )
- [Commits](https://github.com/awslabs/amazon-ecr-credential-helper/commits/v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/awslabs/amazon-ecr-credential-helper/ecr-login
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add notary verifier with tsa support (#12160 )
* feat: add notary repository
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add notary verifier
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: more tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: more tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: ci
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: update types
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix: codegen (#12195 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat(gctx): add jmespath caching through projections (#11833 )
feat(gctx): move ready check to runtime
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix: publish codecov reports (#12197 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: format conformance.yaml workflow file (#12194 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: add result count for VPs in the CLI (#12193 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: implement functions
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Francesco Ilario <filario@redhat.com>
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Koichi Shiraishi <zchee.io@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Francesco Ilario <filario@redhat.com>
Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>
2025-02-21 09:03:53 +08:00
Mariam Fahmy
2c7dd2fd59
feat: add MutatingPolicies CRD ( #12150 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-17 12:02:04 +00:00
shuting
9aebe10d15
refactor: status manager ( #12173 )
...
* chore: move webhook status reconciler
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: status removal
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-14 15:22:25 +00:00
Frank Jogeleit
05f9bb4506
feat: configure admission and background flag for ValidatingPolicies ( #12153 )
2025-02-13 17:24:45 +00:00
Vishal Choudhary
ae9e68e052
feat: add types for image verification attestors ( #12080 )
...
* feat: add types for image verification attestors
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: codegen
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-02-13 13:47:51 +00:00
Mariam Fahmy
7d5750a717
chore: move celexceptions to the new group ( #12143 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-11 19:05:22 +02:00
