kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 23:46:56 +00:00

Author	SHA1	Message	Date
Sambhav Kothari	147fc6db56	Shallow clone git repositories for kyverno test command Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-23 23:12:34 +08:00
Vyankatesh Kudtarkar	e8bf16a00b	Fix label mutation while updating the secret (#3273 ) * Fix label mutation while updating the secret * Update util.go * fix converter issue * code indentation	2022-02-22 19:49:03 +08:00
Afzal Ansari	9f8d2aef8e	Added `kyverno test` subcommand for test manifest file (#3264 ) * Adds `kyverno test` subcommand for test manifest file Signed-off-by: afzal442 <afzal442@gmail.com> Adds sub cmd Signed-off-by: afzal442 <afzal442@gmail.com> Adds usage Signed-off-by: afzal442 <afzal442@gmail.com> * Refactors the help command Signed-off-by: afzal442 <afzal442@gmail.com> Refactors help cmd Signed-off-by: afzal442 <afzal442@gmail.com> * Modifies manifest desc and removes the unused test manifest Signed-off-by: afzal442 <afzal442@gmail.com> Adds changes Signed-off-by: afzal442 <afzal442@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-02-21 05:23:29 +00:00
Vyankatesh Kudtarkar	04e5f50cde	fix mutate wildcard issue (#3193 ) Co-authored-by: shuting <shuting@nirmata.com>	2022-02-18 10:32:10 +00:00
Vyankatesh Kudtarkar	0a5aad39cf	Fix foreach validations precondition issue (#3228 ) * fix foreach validations precondition issue * added test-cases	2022-02-18 09:11:41 +00:00
shuting	a30493e550	Fix policy report OwnerReference (#3249 ) * add namespaces/finalizers to clusterrole kyverno:generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * set policy report's owner to Kyverno namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove BlockOwnerDeletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove namespaces/finalizers permission Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-18 00:50:18 -08:00
Jim Bugwadia	421a81ce63	Fix old object validation check (#3248 ) * fix validation check on UPDATE Signed-off-by: Jim Bugwadia <jim@nirmata.com> * prevent policy bypass using preconditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * separate replace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add error handling Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:18:49 -08:00
Tathagata Paul	b91ff5a7f2	Bug fix: negation of string kernel version caused Cluster Policy to fail (#3229 ) * fixed bug where negation of kernel version caused cpolr to fail Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * small fix in function validateString Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Added necessary tests Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Added one more test Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Add more tests and added a policy to the test folder Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added policy for test cli Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:33:30 +05:30
shuting	2eefe3a544	Skip updating webhook configs if namespaceSelector is nil (#3237 ) * skip updating webhook configs if namespaceSelector is nil Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comment for mutating webhook Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logs Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-16 17:07:09 +05:30
Mritunjay Kumar Sharma	5a541567de	Fix image parsing for image referenced as digests (#3196 ) * fixes image break with sha256 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes priority to digest Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-15 08:35:53 +00:00
Jim Bugwadia	bd1a145678	Fix keyless attest (#3219 ) * allow root cert for keyless attestations checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add logs and improve var names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle err in sig loading Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-13 20:35:11 -08:00
vivek kumar sahu	0293368504	fixing bug to handle two different types of rules (#2954 ) * fixing bug for the info variable Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-02-09 10:33:54 +00:00
Ramanand Thakur	7f1530c66e	Indentation fix (#3179 ) Removed unnecessary indentation on line 107 to avoid confusion.	2022-02-08 01:00:01 +08:00
Sambhav Kothari	4445780c7c	Add a kyverno jp command to test jmespath expressions (#3169 ) * Add a kyverno jp command to test jmespath expressions Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Auto-generate custom function docs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-04 05:23:12 +00:00
Vyankatesh Kudtarkar	373f421b07	Fix panic for provides a set to the key of a precondition and deny condition (#3162 )	2022-02-03 14:46:58 +00:00
Abhinav Sinha	ed3811ea5a	Bump up verbosity for `patched resource mismatch` (#3127 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-03 11:24:00 +00:00
Prateek Pandey	286b0427d0	fix filtered and sort patches index (#3146 ) added missing start index value for the patches slice Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-02-01 13:16:08 -08:00
Abhinav Sinha	25641abeb9	Fix kyverno panic with `PodSpec.containers` JSON merge patch w/o image (#3143 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-01 10:01:46 +05:30
Sambhav Kothari	98284114f5	Relax rule context validation to follow JMESPath grammar (#3129 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 18:23:59 +00:00
Abhinav Sinha	7a55d26d89	Fixed kyverno panic at JMESPath zero division (#3137 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:45:20 +00:00
Sambhav Kothari	2b1e7189b1	Fix variable substitution when curly braces are used in jmespath (#3133 ) * Fix variable substitution when inline jmespath objects are defined Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add additional test cases which use brackets Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:11:19 +00:00
Sambhav Kothari	a1daf167e7	Fix parsing of resources in preconditions (#3108 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-31 08:18:31 -08:00
Rob Best	851ebe3e65	Add cloud provider keychains to DefaultKeychain (#3116 ) Removes the need to specify an image pull secret to make use of cloud provider credentials. As I understand it, this should be fine outside of cloud provider contexts. As part of this, I've switched to using authn/kubernetes, which I believe is preferable to k8schain. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-28 11:33:27 -08:00
Naman Lakhwani	d3dd7a7b45	fixing and adding tests (#3112 ) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-01-27 22:50:29 -08:00
Jim Bugwadia	7cf1dd2b15	update cosign to 1.5.0 and fix issuer and subject for keyless (#3089 ) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-27 21:13:23 -08:00
Sambhav Kothari	7e5bf4083e	Fix the kyverno default keychain value to be the ggcr default keychain (#3096 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-27 14:38:08 +08:00
Sambhav Kothari	2eb8f5f285	Fix memory leak when updating ggcr keychain (#3088 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-26 12:45:05 -08:00
Jim Bugwadia	06e93fec46	apply patches cumulatively (#3083 ) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-25 09:00:18 +00:00
treydock	cd4650eb5a	Fix CLI test/apply when any/all use namespaceSelector (#3050 ) * Fix CLI test/apply when any/all use namespaceSelector Fixes #3047 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * gofmt fix Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-25 08:06:17 +00:00
shuting	e5e64f86cf	fix mutating ownerReferenecs (#3061 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-24 05:20:27 +00:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Mritunjay Kumar Sharma	cdedf11a1c	bumps k8s libraries for k8s v1.23 upgrade for kyverno (#3043 ) * bumps k8s libraries for k8s v1.23 upgrade for kyverno Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes kustomize version Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates golang to v1.17 to test fails Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates logr package to 1.2.2 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Fixed tests for `pkg/cosign` and `pkg/webhooks/generation` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * fix go-logr deps version issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> * fix kube-openapi commit hash Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-22 20:26:53 +08:00
shuting	ae4ff4f6b9	Fix dynamic webhook for namespace policies (#3044 ) * fix dynamic webhook for namespace policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * improve policy listing to reduce duplicate processing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logger Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-22 07:55:14 +00:00
shuting	2eb9660aee	Reduce throttling requests for Kyverno resources (#3042 ) * remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com> * use typed client for report/rcr operations Signed-off-by: ShutingZhao <shuting@nirmata.com> * clarify naming patterns for Kyverno ClusterRoles/ClusterRoleBindings (#3029) * clarify naming patterns for Kyverno ClusterRoles/ClusterRoleBindings (#3032) * fix comment * fix comment Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-22 05:36:42 +00:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00
Kumar Mallikarjuna	4124e0f682	Update division for same units (#3038 ) Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 11:06:08 +00:00
shuting	376a8d3b22	Reduce throttling requests for Kyverno managed resources (#3016 ) * remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-21 18:36:05 +08:00
Anushka Mittal	df4d7ae26c	Broken exclude any all (#2990 ) * added check for any/all Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * minor corrections Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrected return check for rbac info Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added cli test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-20 08:29:16 +00:00
Liu Shaohui	25722366f0	Fix: namespace quota policy failed to be applied for two resources named ResourceQuota with different APIVersions (#2612 ) Signed-off-by: Shaohui Liu <liushaohui@xiaomi.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-20 12:48:52 +05:30
Kumar Mallikarjuna	e4e15322d1	Disable autogen for policies without Pod (#2737 ) * Disable autogen for policies without Pod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix autogen check Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix failing test Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix webhook tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove redundant checks Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Check autogen for exclude block Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-19 17:42:31 +00:00
Prateek Pandey	c30dfe70a5	fix deployment replica type conversion and refactor webhook logs (#3022 ) - add level in info webhook configuration update success logs - fix deployment replica count conversion issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-19 17:14:33 +00:00
shuting	ad56087b91	list resources once per policy in the background reconcilliation (#3026 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-19 16:42:01 +00:00
Kumar Mallikarjuna	e39489f838	SharedInformers for WebhookConfigurations (#3007 ) * SharedInformers for WebhookConfigurations Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to typed resources Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove default informers from Resource Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Formatted files Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-19 15:57:32 +00:00
Abhinav Sinha	f0359f8272	Fixed error handling for negation anchors (#2986 ) * Fixed error handling for negation anchors Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-19 15:39:07 +05:30
Abhinav Sinha	b5341b685d	Support `namespaceSelector` with dynamic webhook enabled (#2953 ) * Support `namespaceSelector` with dynamic webhook enabled Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Implemented suggested changes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Implemented suggest changes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-19 07:59:08 +00:00
Vyankatesh Kudtarkar	e22e9499b6	CLI fix for foreach policies (#2997 ) * CLI fix for foreach policies * add test-case for foreach container and initcontainer * fix comments Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-18 23:38:49 +00:00
shuting	cde1d0f2b2	clean up managed resources when cannot find kyverno deployment (#3018 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-01-18 16:45:24 +00:00
Kumar Mallikarjuna	771d62b735	Added Kyverno specific SharedInformerFactory (#2987 ) * Added Kyverno specific SharedInformerFactory Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to returned resource Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-18 15:52:48 +00:00
Prateek Pandey	421e6d9622	fix(generate): use JSON patch for GenerateRequests status updates (#3000 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-18 14:53:48 +00:00
shuting	b6447e0649	Remove resourceCache from engine (#3013 ) * update log messages Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resourceCache from the background controller when: - register resource scope - list resources per namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * - use client call for configmap lookup; - remove resourceCache from policy controller, webhook server and generate controller Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-18 12:59:35 +00:00

1 2 3 4 5 ...

2263 commits