mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity
1871 commits 15 branches 540 tags 276 MiB
Commit graph

311 commits

Author SHA1 Message Date
Shuting Zhao
162a9ee754 create namespace pv when validate policy fails 2019-11-12 16:14:47 -08:00
shivkumar dudhani
ccbb6e33a5 introduce policy violation generator 2019-11-12 14:41:29 -08:00
Shuting Zhao
2a14c1f5dc - add profiling; - fix CLI 2019-11-11 21:23:26 -08:00
Shuting Zhao
5a3ed62b13 Merge branch 'master' into 345_support_usergroup_info 
# Conflicts:
#	pkg/engine/validation_test.go
#	pkg/webhooks/annotations.go
#	pkg/webhooks/annotations_test.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-11 19:19:08 -08:00
Shuting Zhao
d26029d3be fix unit test 2019-11-11 19:08:46 -08:00
Shuting Zhao
6c8f4f90da fix patches annotation 2019-11-11 18:52:26 -08:00
Shuting Zhao
586b197b00 user sharedInformer for rolebindings and clusterrolebindings 2019-11-11 15:43:13 -08:00
Shuting Zhao
03e85c2266 make getRoleRef a separate package 2019-11-11 14:52:09 -08:00
shivkumar dudhani
f788f0e526 introduce policy store 2019-11-11 11:10:25 -08:00
Shuting Zhao
5b0a6d62a4 add unit test 2019-11-11 09:56:53 -08:00
shivkumar dudhani
f11a05a652 create event on webhook status update 2019-11-10 13:30:15 -08:00
Shuting Zhao
6048d59949 change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00
Shuting Zhao
0e9a952d64 get rbac info for an admission request 2019-11-08 18:56:24 -08:00
Shivkumar Dudhani
687c0c6470
Merge pull request #418 from nirmata/391_feature 
Check if mutating webhook admission control is enabled
 2019-11-08 12:55:28 -08:00
Shuting Zhao
e3c9282e6a fix edit failure blocked by annotation change 
- as we change the patches key in annotation to "policies.kyverno.io/patches" in commit bdb3f40f15
 2019-11-07 12:13:34 -08:00
Shuting Zhao
caf7abfecc Get policy list once in handleAdmissionRequest 2019-11-07 12:13:16 -08:00
Shuting Zhao
8496a483dc - remove resource info per rule; - add resource info in each failed admission request 2019-11-06 17:14:32 -08:00
shivkumar dudhani
7e7286a9c1 support string - numbers comparison, use validatepattern in generate for subset check 2019-10-31 13:29:03 -07:00
Shivkumar Dudhani
92c96aaf1f
Revert "use validatepattern in generate rule to check for subset existance" 2019-10-31 13:21:38 -07:00
shivkumar dudhani
61c1ea5a49 use validatepattern in generate rule to check for subset existance 2019-10-31 13:04:56 -07:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
shivkumar dudhani
c7787eff8d Merge branch 'master' of github.com:nirmata/kyverno into 391_feature 2019-10-29 12:01:15 -07:00
Shivkumar Dudhani
22e7ab1c49
Merge branch 'master' into 261_dynamic_config 2019-10-25 19:17:15 -05:00
shivkumar dudhani
56adc98b8c initial commit 2019-10-25 16:55:48 -05:00
Shuting Zhao
3a3efe00f1 - rename to managedResource; - refact code structure 2019-10-24 15:50:11 -07:00
Shuting Zhao
6e69c8b69b cleanup pv with dependant when blocked admission request pass 2019-10-23 23:18:58 -07:00
Shuting Zhao
e4791e5828 remove unused code 2019-10-21 15:55:20 -07:00
Shuting Zhao
f820cb4c83 implement #387 Generate clusterpolicyviolation when policy action set to "enforce" 2019-10-21 15:55:20 -07:00
Shuting Zhao
32f94bca27 manage policy validation inside engine pkg 2019-10-18 17:45:24 -07:00
shivkumar dudhani
64eab3d1d6 initial commit 2019-10-18 17:38:46 -07:00
Shuting Zhao
7239b4d9b7 Merge commit '37c25daa17ad046f739e74d803cb78d887805bb4' into 346_validate_policy 
# Conflicts:
#	pkg/api/kyverno/v1alpha1/utils.go
 2019-10-18 10:09:44 -07:00
Shuting Zhao
bdb3f40f15 rename mutate annotation to "policies.kyverno.io/patches" 2019-10-11 17:59:50 -07:00
Shuting Zhao
137d596e11 rename EngineResponseNew to EngineResponse accordingly 2019-10-08 16:23:24 -07:00
shuting
5c38c28904
Merge pull request #369 from nirmata/368_bug 
update engineResponse Name
 2019-10-08 16:02:07 -07:00
Shuting Zhao
d7080c2d94 fix pr comment 2019-10-08 14:21:47 -07:00
shivkumar dudhani
70ff2fa177 update engineResponse Name 2019-10-08 10:57:24 -07:00
Shuting Zhao
2077409c85 fix 365 annotation_bug 2019-10-07 18:31:14 -07:00
Shuting Zhao
e20d86f45c remove duplicate code: hasMutate.. 2019-10-03 17:00:05 -07:00
Shuting Zhao
8a7250ffef refactor policy validation, moved to pkg/api/kyverno 2019-09-27 16:31:27 -07:00
Shuting Zhao
76ad9406b1 only allow one type of rule defined in a single rule 2019-09-26 18:02:24 -07:00
shuting
3d02f81434
Merge pull request #351 from nirmata/348_feature_wildcardsNamespaces 
support wild cards for namespaces in rule resource description
 2019-09-12 23:06:51 -07:00
shivkumar dudhani
44af35d6e4 support wild cards for namespaces in rule resource description 2019-09-12 17:11:55 -07:00
shivkumar dudhani
5dab189743 fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00
shivkumar dudhani
2669b0ae6b set default ValidationFailureAction to 'audit' 2019-09-06 10:18:45 -07:00
shivkumar dudhani
90a7282b97 remove log 2019-09-04 14:09:42 -07:00
Shivkumar Dudhani
b1e5f0a8c7
Merge branch 'master' into refactor_webhookconfigGeneration 2019-09-04 13:50:46 -07:00
Shivkumar Dudhani
bf35d711e6
Merge pull request #330 from nirmata/bug_exclude 
remove exlude kind checks
 2019-09-04 13:43:27 -07:00
shivkumar dudhani
c2e822c887 refactor webhook configuration 2019-09-04 13:43:12 -07:00
shivkumar dudhani
b66c1b7f0c remove exlude kind checks 2019-09-04 10:40:49 -07:00
shivkumar dudhani
b152cdd004 rule to show violation count 2019-09-03 18:31:57 -07:00
shivkumar dudhani
cd6b1d0990 aggregate rule status 2019-09-03 17:43:36 -07:00
shivkumar dudhani
6228b8343e refactor engine api 2019-09-03 15:48:13 -07:00
shuting
42f10af603
Merge pull request #325 from nirmata/281_rename_policy 
281 rename policy
 2019-09-03 15:21:52 -07:00
shivkumar dudhani
fa53519e2a change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00
Shuting Zhao
82273bf1cc Merge commit 'd12841898645ff05baa2340686821cc98eaefdea' into 293_remove_overall_mutation 
# Conflicts:
#	pkg/policy/apply.go
 2019-09-03 09:49:56 -07:00
shivkumar dudhani
d43b4d93c2 rebase with master 2019-08-30 01:08:54 -07:00
shivkumar dudhani
db3bcf3ca3 formatting error, fixes tests 2019-08-27 23:48:13 -07:00
shivkumar dudhani
8737ace7d7 handle http server close connection 2019-08-27 17:00:16 -07:00
shivkumar dudhani
470862a7b1 endpoint for policy mutation + refactor + graceful shutdown 2019-08-27 16:44:10 -07:00
shivkumar dudhani
bfb16b0c11 create policy mutating webhook config resouce + refactoring 2019-08-27 14:52:56 -07:00
shivkumar dudhani
116203282d fix patches 2019-08-26 16:10:19 -07:00
shivkumar dudhani
5b80da32ba replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00
shivkumar dudhani
b062d70e29 initial redesign 2019-08-23 18:34:23 -07:00
Shuting Zhao
c48b72ff2f add detailed info in overall mutation failure 2019-08-23 14:42:07 -07:00
Shuting Zhao
6f875bbac2 update document 2019-08-21 18:47:49 -07:00
Shuting Zhao
31566844bb Merge commit '5672c4d67c479aecadffd9d367661493b42d5015' into 285_allow_OR_across_overlay_patterns 
# Conflicts:
#	pkg/webhooks/policyvalidation.go
 2019-08-21 17:25:01 -07:00
shivkumar dudhani
fdfa074954 return on delete request 2019-08-21 16:42:42 -07:00
Shuting Zhao
ead99660f0 Merge commit '042bc645497ce6713bfca286f8bacd73ef7387b6' into 285_allow_OR_across_overlay_patterns 
# Conflicts:
#	pkg/engine/validation.go
 2019-08-21 14:13:22 -07:00
Shuting Zhao
42b55ab9e0 add check for validate rule 2019-08-21 14:06:06 -07:00
Shuting Zhao
97335270cd add anyPattern in validate rule 2019-08-21 12:38:15 -07:00
shivkumar dudhani
042bc64549 fix test build errors + skip testrunner 2019-08-21 12:03:53 -07:00
shivkumar dudhani
d8c315e339 fix import cylce after merge + seperate webhookconfig client 2019-08-21 01:07:32 -07:00
Shivkumar Dudhani
77735a4256
Merge branch 'feature_redesign' into policy_status 2019-08-21 00:23:14 -07:00
Shuting Zhao
124b105736 add anyPattern in crd definition 2019-08-20 18:01:43 -07:00
Shuting Zhao
dcc851dee2 fix pr comments 2019-08-20 17:01:47 -07:00
shivkumar dudhani
dc47132ade update policy status 2019-08-20 16:40:20 -07:00
shivkumar dudhani
e507fb6422 recieve stats + update violation status move to aggregator 2019-08-20 12:51:25 -07:00
Shuting Zhao
0157d80b2c add check for registerinig webhookconfiguration in policy controller 2019-08-19 19:26:51 -07:00
shivkumar dudhani
606c519789 clean up 2019-08-19 17:17:52 -07:00
Shuting Zhao
a83e5c1d05 Merge commit '2192703df1bb26cb8b30a1aece6f9afeed09b214' into 254_dynamic_webhook_configurations 
# Conflicts:
#	pkg/engine/generation.go
#	pkg/engine/overlay.go
#	pkg/engine/utils.go
#	pkg/engine/utils_test.go
#	pkg/gencontroller/controller.go
#	pkg/gencontroller/generation.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
 2019-08-19 16:44:38 -07:00
Shuting Zhao
4c34ff7a37 Change of annotation purpose #262 2019-08-19 16:10:10 -07:00
Shivkumar Dudhani
c2503e4482
Merge pull request #287 from nirmata/cleanup 
Cleanup
 2019-08-19 09:58:50 -07:00
shivkumar dudhani
6580e0e73a remove temp clientNew 2019-08-17 09:58:14 -07:00
shivkumar dudhani
44db8b064e resource description: support list of namespaces 2019-08-17 09:45:57 -07:00
Shuting Zhao
a110efb96c Merge branch 'policyViolation' into 254_dynamic_webhook_configurations 
# Conflicts:
#	main.go
#	pkg/annotations/annotations.go
#	pkg/annotations/controller.go
#	pkg/controller/controller.go
#	pkg/controller/controller_test.go
#	pkg/engine/engine.go
#	pkg/engine/generation.go
#	pkg/engine/mutation.go
#	pkg/engine/validation.go
#	pkg/event/controller.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/policyvalidation.go
#	pkg/webhooks/report.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-08-14 19:00:37 -07:00
shivkumar dudhani
63a5337c9b generation test 2019-08-14 18:40:33 -07:00
Shuting Zhao
6b1b6dddfa combine policy engine returns into single struct 2019-08-14 15:18:46 -07:00
Shuting Zhao
e87c72291f - Patch resource between every rule application - move mutation & validation to mutate webhook 2019-08-14 11:51:01 -07:00
shivkumar dudhani
aed0ed0dc1 clean up 2019-08-14 10:01:47 -07:00
shivkumar dudhani
c04a935300 existing resource reporting 2019-08-13 13:15:04 -07:00
shivkumar dudhani
e7b538be79 add process existing for mutation & validation + come cleanup 2019-08-13 11:32:12 -07:00
shivkumar dudhani
9af6bf9003 update testing v1 2019-08-12 10:02:07 -07:00
shivkumar dudhani
a5e1b43eb7 policy violation support (incomplete) 2019-08-09 20:08:22 -07:00
shivkumar dudhani
2cdeac5988 start creation policy violation 2019-08-09 19:12:50 -07:00
shivkumar dudhani
e5b4e5a116 generate events for resource & policy 2019-08-09 17:28:49 -07:00
shivkumar dudhani
1e621146be test policy engine on admission requests 2019-08-09 16:55:43 -07:00
shivkumar dudhani
135f241a4a event generator cleanup 2019-08-09 13:41:56 -07:00
shivkumar dudhani
373d9a45ad clean up mutation 2019-08-09 12:59:37 -07:00
Shuting Zhao
462231c09d Merge commit 'a4e484b8d5003019c7f1b57af73422f418f01e81' into 254_dynamic_webhook_configurations 2019-08-08 15:28:59 -07:00
Shuting Zhao
05f26335f7 structure code to be reusable 2019-08-08 15:10:10 -07:00
Shuting Zhao
a8acc9eb5a implement deletion logic 2019-08-08 13:09:40 -07:00
Shivkumar Dudhani
f9ad672027
Merge branch 'master' into 120_policy_performance 2019-08-07 18:57:00 -07:00
Shuting Zhao
6c12a76ab2 register webhookconfigurations when policy first applied 2019-08-07 18:01:28 -07:00
shivkumar dudhani
d16e398d38 fixes bug_267 2019-08-07 17:06:36 -07:00
Shuting Zhao
a4217de1a2 expose webhook timeout configuration 2019-08-07 12:32:44 -07:00
Shuting Zhao
1ddae23056 decrease webhook time to 2s 2019-08-07 11:29:19 -07:00
Shuting Zhao
4ef50c66ea - add resource namespace in event info - improve event text 2019-08-06 11:30:44 -07:00
Shuting Zhao
80d1d926ca add profiling flags 2019-08-02 11:18:02 -07:00
shuting
4d684fca51
Merge pull request #249 from nirmata/filter_resources 
Filter resources
 2019-07-31 18:04:44 -07:00
shivkumar dudhani
afe54e2953 rebase with master 2019-07-31 17:43:46 -07:00
Shuting Zhao
256240dc46 Merge commit 'c1916a8bfc5b35499638428fbcda12ca42babdc3' into 196_anchor_selection_on_peer 2019-07-26 13:47:23 -07:00
shivkumar dudhani
14bc6859f6 annotations json path update 2019-07-24 14:25:28 -04:00
shivkumar dudhani
94a6f1a71a match % exclude resources 2019-07-23 23:34:03 -04:00
Shuting Zhao
7d2abc5df3 Merge branch 'master' into 196_anchor_selection_on_peer 2019-07-23 17:55:24 -07:00
Shuting Zhao
6d49a728a1 - update install_debug.yaml - add debug log 2019-07-23 17:54:31 -07:00
shivkumar dudhani
b839d4f134 change flag field 2019-07-23 18:29:44 -04:00
shuting
ba7ae52a90
Merge pull request #227 from nirmata/226_bug 
hack to ignore selfLink generation
 2019-07-23 11:02:22 -07:00
shivkumar dudhani
8a24798ca0 hack to ignore selfLink generation 2019-07-23 13:24:21 -04:00
shivkumar dudhani
4e40a49133 comments 2019-07-23 00:55:45 -04:00
shivkumar dudhani
63ef0f8fe4 cleanup 2019-07-23 00:38:04 -04:00
shivkumar dudhani
a7aab6fdc6 annotatiosn and name key change 2019-07-23 00:10:18 -04:00
shivkumar dudhani
d5979e8387 comment debug logs 2019-07-22 20:39:41 -04:00
shivkumar dudhani
2554919dc3 fallback if status not found 2019-07-22 20:10:06 -04:00
shivkumar dudhani
658fd18a95 set kind, reset seflink,annotations,resourceVersion, generation & observerd generation before comparions for annotation changes 2019-07-22 18:50:09 -04:00
Shuting Zhao
e0b06f8a8b - add debug log - tested fix 2019-07-21 14:13:00 -07:00
shivkumar dudhani
06691dfa2a testing 2019-07-20 23:58:46 -07:00
shivkumar dudhani
99782e4d95 pull 2019-07-19 20:32:57 -07:00
shivkumar dudhani
3cb978c16f clean up + fix bugs 2019-07-19 20:30:55 -07:00
Shuting Zhao
9fd59297f8 remove rule name in failure even info 2019-07-19 17:52:24 -07:00
shivkumar dudhani
9f157544c9 cleanUp 2019-07-19 15:10:40 -07:00
shivkumar dudhani
d68c4ea033 check for annotattions for resource updates only 2019-07-19 13:53:36 -07:00
shivkumar dudhani
9fcb4b7b10 bypass annotation additions 2019-07-19 12:47:20 -07:00
shivkumar dudhani
f9b5ac9a27 flag, violations 2019-07-18 10:22:20 -07:00
shivkumar dudhani
129ced1b2a annotations creation,update & removal 2019-07-17 23:13:28 -07:00
shivkumar dudhani
e5f208e303 annotation generation from policy controller 2019-07-17 17:53:13 -07:00
shivkumar dudhani
bd9e8585c7 annotations v1 2019-07-17 15:04:02 -07:00
shivkumar dudhani
a36ed10425 change flag & corrections 2019-07-16 15:53:14 -07:00
shivkumar dudhani
68a48373ae add delete op to webhook & violation removal 2019-07-15 20:16:06 -07:00
shivkumar dudhani
f47910da53 update flag & support ValidationFailureAction flag 2019-07-15 19:14:42 -07:00
shivkumar dudhani
68a6751990 restructure webhooks pkg 2019-07-15 16:07:56 -07:00
shivkumar dudhani
abfe176bac add helper functions 2019-07-15 15:55:53 -07:00
shivkumar dudhani
a5817f5863 violation clean up 2019-07-15 14:49:22 -07:00
shivkumar dudhani
29a89d20ad violation cleanup for existing resources 2019-07-15 11:29:58 -07:00
Shuting Zhao
e820a80c5b add events for generation 2019-07-08 16:53:34 -07:00
shuting
db28e0fb63
Merge pull request #210 from nirmata/157_bug 
resource patched after every rule + rm PatchBytes
 2019-07-08 10:47:55 -07:00
shuting
23a6c40328
Merge pull request #209 from nirmata/202_refactor_generate 
202 refactor generate
 2019-07-08 10:46:38 -07:00
shivkumar dudhani
0ee748a95f resource patched after every rule + rm PatchBytes 2019-07-05 15:20:43 -07:00
shivkumar dudhani
0f925dc282 remove references to old generate flow 2019-07-05 11:33:12 -07:00
Shuting Zhao
d8da84a5b5 added trace in debug mode on issue faile to register webhookConfigurations 2019-07-03 14:09:52 -07:00
Shuting Zhao
3a92bde097 move commonly used code to pkg/utils 2019-07-03 11:52:10 -07:00