kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 07:26:55 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	4c740e6999	refactor: remove obsolete structs from CLI (#6802 ) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-04-12 20:51:03 +08:00
Charles-Edouard Brétéché	40ac8eb863	feat: add context/preconditions support to mutate existing (#6754 ) * refactor: engine handlers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add context/preconditions support to mutate existing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix and context kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * final fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-04-03 19:58:58 +00:00
shuting	389a64fe18	bump allowed PSA to 1.26 (#6762 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-04-03 12:50:11 +00:00
Charles-Edouard Brétéché	dc8a60a43e	feat: add operations support in match/exclude (#6658 ) * feat: add operations support in match/exclude Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * matching Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * operation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * make operation mandatory Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-03-29 04:22:21 +00:00
shuting	cb6fd07899	fix: handle upgrade for generateExisting policies (#6655 ) * add generateExistingOnPolicyUpdate as a potiner Signed-off-by: ShutingZhao <shuting@nirmata.com> * deny policy with generateExistingOnPolicyUpdate specified Signed-off-by: ShutingZhao <shuting@nirmata.com> * convert existing flag Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-03-23 16:36:51 +00:00
shuting	0b359d07db	rename GenerateExistingOnPolicyUpdate to GenerateExisting (#6321 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-03-03 09:34:55 +00:00
shuting	0c91e87bbb	fix: delete downstream for a generate rule removal, with data and sync (#6393 ) * remove policy handler for updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove policy update handler from the ur controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * rework cleanup downstream on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix downstream deletion on data rule removal Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for clusterpolicy Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix name assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * delete downstream when deletes the clone source Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-source Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-data-sync-modify-rule Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy assertions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix annotation missing names Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove dead code Signed-off-by: ShutingZhao <shuting@nirmata.com> * create unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * create more unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2023-03-01 03:48:18 +00:00
shuting	d5684f6794	add labels to downstream and source resources (#6322 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-02-22 10:49:09 +00:00
Jim Bugwadia	29997fe446	Notary v2 (#6011 ) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2023-02-20 16:26:10 +00:00
shuting	6ff2790957	add new fields to UR; add helpers (#6294 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-02-10 14:56:17 +00:00
Brian Dunnigan	d33e616d69	#6055 Add JMESPath support to imageExtractors (#6183 ) Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2023-02-08 11:54:59 +00:00
shuting	6b3be9ada1	feat: enable leader election for the background controller (#6237 ) * enable leader election for the background controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-02-07 14:44:51 +01:00
yinka	60cf8afff9	spec.background field implementation for PolicyExceptions (#6127 ) * spec.background field implementation for PolicyExceptions Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * generated files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add kuttl test Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * set background to false Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * checks for variables Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * check if aggregate is nil Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * reject variables in polex Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * update Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Update pkg/validation/exception/validate.go Signed-off-by: shuting <shutting06@gmail.com> * updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * change error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove file Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix lint error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> --------- Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2023-02-06 15:45:31 +00:00
Fish-pro	24742b42d4	Optimize the document for readability (#6175 ) Signed-off-by: Fish-pro <zechun.chen@daocloud.io>	2023-01-31 18:16:54 +08:00
fsl	b8ecab76be	fix: comment format (#6042 ) Signed-off-by: fengshunli <1171313930@qq.com> Signed-off-by: fengshunli <1171313930@qq.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-20 08:56:35 +00:00
Charles-Edouard Brétéché	ad4c4da690	feat: remove generate request CRD (#6043 ) * feat: remove generate request CRD Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-19 19:39:05 +08:00
Eileen	0a19556a79	feat: support select namespace by label (#4461 ) Signed-off-by: Eileen <eileenylj@gmail.com> Reconstruct ValidationFailureActionOverrides - Add `NamespaceSelector` - Generate relative manifests - Rewrite namespace matching logic in engineResponse - Add test cases for validatetionFailureActionOverrides - (WIP) Set Enforce as default	2023-01-18 10:21:34 +00:00
shuting	6ce8e16884	fix: update policy exception CRD description (#5948 ) * update exception crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api doc Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-01-09 15:40:59 +00:00
shuting	18455b4d21	feat: cleanup enhancements-1 (#5796 ) * update fields description Signed-off-by: ShutingZhao <shuting@nirmata.com> * update cleanup controller clusterrole name Signed-off-by: ShutingZhao <shuting@nirmata.com> * - add variables validations to support "request." and "images."; - update debug log level to 4 Signed-off-by: ShutingZhao <shuting@nirmata.com> * add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-01-04 09:03:56 +00:00
Charles-Edouard Brétéché	eabd7a238b	fix: default value for validationFailureAction (#5832 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-02 15:16:13 +00:00
shuting	c3ab0687bb	chore: update publicKey description (#5789 ) * update publicKey description Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api doc Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-12-27 14:19:26 +00:00
Jim Bugwadia	787a1dc40a	Service call (#5755 ) * fix digest and verify logic Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow attestations with no attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * require predicateType Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix typo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * updates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make service optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen-all Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add api token Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen again! Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix API call Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and formatting Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert changes to clientset & rename requestType Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-12-27 08:36:49 +00:00
Jim Bugwadia	14d82cbf6d	Require predicate type (#5713 ) * fix digest and verify logic Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow attestations with no attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * require predicateType Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix typo Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-12-19 10:15:07 +00:00
Charles-Edouard Brétéché	fdce9d92dc	chore: rename exclude into match in policy exception (#5681 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-13 16:18:27 -08:00
Eileen	3eede76fc4	feat: Introduce PolicyException CRD (#5662 ) * feat: Introduce PolicyException CRD Signed-off-by: Eileen Yu <eileenylj@gmail.com> * Apply suggestions from code review Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Eileen Yu <eileenylj@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-13 11:02:54 -08:00
Jim Bugwadia	9d3b176def	Nested foreach (#5589 ) * updated foreach logic and added tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix some tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix more tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert local launch Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix propagation of registry client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-12-12 15:20:20 +00:00
Jim Bugwadia	1efa8b110a	Add api docs (#5605 ) * add doc Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add doc Signed-off-by: Jim Bugwadia <jim@nirmata.com> * updates from review Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-12-09 03:32:57 +00:00
Charles-Edouard Brétéché	87ce4b85de	feat: introduce v2alpha1 (#5625 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-08 11:45:47 +00:00
Charles-Edouard Brétéché	f5adb50f8f	feat: implement cleanup policy matching (#5614 ) * chore: bump a couple of deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: implement cleanup policy matching Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delete Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * check namespace Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * ns labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * review Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-08 11:31:28 +01:00
yinka	839cdf14d9	add logging guideline (#5406 ) Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com>	2022-12-06 17:25:40 +00:00
shuting	ef06833613	feat: support attestations with multiple signatures (#5409 ) * add new attribute ".verifyImages.attestations.attestors" Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update CRDs Signed-off-by: ShutingZhao <shuting@nirmata.com> * support multiple subjects for attestations Signed-off-by: ShutingZhao <shuting@nirmata.com> * - fix entries check; - refactors code Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * - allow both attestors and attestations; - make attestations.attestor optional Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the invalid test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix empty attestor Signed-off-by: ShutingZhao <shuting@nirmata.com> * add cleanup steps Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update api/kyverno/v1/image_verification_types.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-12-01 22:09:44 +00:00
Charles-Edouard Brétéché	3d7e0e7f47	docs: add controllers README (#5434 ) docs: add controllers README Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-11-23 19:48:02 +00:00
Charles-Edouard Brétéché	83a68c6707	docs: add reports troubleshooting tips (#5448 ) * docs: add reports troubleshooting tips Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix typos Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-23 10:04:33 +00:00
Nikhil Sharma	d44dc97990	feat: add cleanupPolicy validation code (#5279 ) * validate the cleanupPolicy Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * add validation for DELETE permission for cleanupPolicy Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * add separate binary for cleanupPolicy Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * fix linter issues Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-11-14 10:43:32 +01:00
Nikhil Sharma	6d801b26db	feat: create cleanup new CRDs (#5233 ) * create new cleanup CRDs Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * fix package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-08 08:42:35 +00:00
Pratik Shah	6cdbd55f93	Fixed description for secret name (#5228 ) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>	2022-11-07 10:59:16 +05:30
shuting	3fc157717a	feat: support disabling schema validation on the patched resource (#5197 ) * Support disable schema validation on the patched resource Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api doc Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-11-03 08:12:44 +00:00
Pratik Shah	2c4a2dab7e	Fixed issue-5102: Show rule count and type in output (#5106 ) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io>	2022-10-27 10:05:32 +00:00
Charles-Edouard Brétéché	092f83493d	chore: remove old docs (#5130 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-25 08:51:18 +00:00
XDRAGON2002	a3c129f469	[Feature] create command line option to set failurePolicy globally (#4991 ) * add forceFailurePolicyIgnore flag Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * cleanup code Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * add logging Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * resolve merge conflicts Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * fix codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-21 18:13:36 +00:00
Charles-Edouard Brétéché	af787b9fe6	docs: separate dev and user docs (#5114 ) * docs: separate dev and user docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-21 14:51:15 +00:00
Pratik Shah	caab013a86	Fixed issue-4530: Added separate attestor type for secrets and KMS (#4733 ) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>	2022-10-14 09:40:46 +00:00
Pratik Shah	8a0083105d	Added support to specify key signature algorithm in verifyImages (#4855 ) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io>	2022-10-14 05:39:57 +00:00
shuting	4d90b7b561	Update PSa images dsecription (#4840 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-10-07 08:09:31 +00:00
Charles-Edouard Brétéché	c28c0f2f42	docs: add policy cache controller docs (#4714 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-09-28 13:08:26 +00:00
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30
shuting	34c6920129	Support PSa integration by `controlName` only (#4710 ) * Remove "restrictedField" and "values" from podSecurity.exclude Signed-off-by: ShutingZhao <shuting@nirmata.com> * Remove commented code Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add unit tests for restricted_runAsNonRoot Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add baseline unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add unit tests for restricted controls Signed-off-by: ShutingZhao <shuting@nirmata.com> * Removes PSa tests at the engine level Signed-off-by: ShutingZhao <shuting@nirmata.com> * - Update API docs; - Add unit tests for wildcard images Signed-off-by: ShutingZhao <shuting@nirmata.com> * Remove autogen conversion for PSa policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * copy pod with DeepCopy() Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-28 10:03:53 +00:00
Charles-Edouard Brétéché	47b3704848	fix: missing elements in v2beta1 api (#4654 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-19 09:55:04 +00:00
Charles-Edouard Brétéché	634dff5639	feat: introduce RCR interface (#4642 ) * feat: introduce RCR interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix codegen Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-19 08:42:11 +00:00
Charles-Edouard Brétéché	dfb566a458	fix: typo (#4582 ) * fix: typo Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: typo Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-10 16:11:38 +00:00

1 2

96 commits