mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
1612 commits 17 branches 550 tags 289 MiB
Commit graph

64 commits

Author SHA1 Message Date
Shuting Zhao
f78ca61859 generate violation in mutation when substitute path not present 2020-01-09 12:24:37 -08:00
Shuting Zhao
472fa29fce move mutation to subpackage pkg/engine/mutate 2020-01-07 17:06:17 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
Shuting Zhao
08491df046 Merge commit 'ffd2179b0332738a088b362e94147a981f0d02ed' into 600_bug 
# Conflicts:
#	pkg/webhooks/mutation.go
 2020-01-07 14:17:25 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shuting Zhao
c97b3ce5b0 fetch annotation from resource annotation map 2020-01-06 19:24:24 -08:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549) 
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
 2019-12-30 17:08:50 -08:00
Shuting Zhao
a1ce6e4297 fix annotation patch in mutate rule 2019-11-13 17:56:56 -08:00
shuting
ded0183aa2
Merge pull request #478 from nirmata/472_update_apiversion 
472 update apiversion
 2019-11-13 15:19:27 -08:00
Shuting Zhao
b67577994a update apiversion to v1 in code 2019-11-13 13:41:08 -08:00
Shivkumar Dudhani
765a17df03
423 policy store (#471) 
* fix log format

* update test
 2019-11-13 13:21:00 -08:00
Shivkumar Dudhani
7a12e12cb5
skip validation if the resource updates dont violate policy rules (#477) 2019-11-13 13:13:07 -08:00
Shuting Zhao
81ac13cb05 lookup policies from policy store in webhook 2019-11-13 12:15:51 -08:00
Shuting Zhao
fc35a52ad8 Merge branch 'master' into 455_namespace_pv 
# Conflicts:
#	definitions/install_debug.yaml
#	main.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-13 11:46:46 -08:00
shivkumar dudhani
ccbb6e33a5 introduce policy violation generator 2019-11-12 14:41:29 -08:00
Shuting Zhao
6c8f4f90da fix patches annotation 2019-11-11 18:52:26 -08:00
Shuting Zhao
6048d59949 change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00
Shuting Zhao
caf7abfecc Get policy list once in handleAdmissionRequest 2019-11-07 12:13:16 -08:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
Shuting Zhao
6e69c8b69b cleanup pv with dependant when blocked admission request pass 2019-10-23 23:18:58 -07:00
shuting
5c38c28904
Merge pull request #369 from nirmata/368_bug 
update engineResponse Name
 2019-10-08 16:02:07 -07:00
shivkumar dudhani
70ff2fa177 update engineResponse Name 2019-10-08 10:57:24 -07:00
Shuting Zhao
2077409c85 fix 365 annotation_bug 2019-10-07 18:31:14 -07:00
shivkumar dudhani
44af35d6e4 support wild cards for namespaces in rule resource description 2019-09-12 17:11:55 -07:00
shivkumar dudhani
b152cdd004 rule to show violation count 2019-09-03 18:31:57 -07:00
shivkumar dudhani
cd6b1d0990 aggregate rule status 2019-09-03 17:43:36 -07:00
shivkumar dudhani
6228b8343e refactor engine api 2019-09-03 15:48:13 -07:00
shivkumar dudhani
116203282d fix patches 2019-08-26 16:10:19 -07:00
shivkumar dudhani
5b80da32ba replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00
shivkumar dudhani
b062d70e29 initial redesign 2019-08-23 18:34:23 -07:00
shivkumar dudhani
dc47132ade update policy status 2019-08-20 16:40:20 -07:00
shivkumar dudhani
e507fb6422 recieve stats + update violation status move to aggregator 2019-08-20 12:51:25 -07:00
Shuting Zhao
a83e5c1d05 Merge commit '2192703df1bb26cb8b30a1aece6f9afeed09b214' into 254_dynamic_webhook_configurations 
# Conflicts:
#	pkg/engine/generation.go
#	pkg/engine/overlay.go
#	pkg/engine/utils.go
#	pkg/engine/utils_test.go
#	pkg/gencontroller/controller.go
#	pkg/gencontroller/generation.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
 2019-08-19 16:44:38 -07:00
Shuting Zhao
4c34ff7a37 Change of annotation purpose #262 2019-08-19 16:10:10 -07:00
shivkumar dudhani
44db8b064e resource description: support list of namespaces 2019-08-17 09:45:57 -07:00
Shuting Zhao
a110efb96c Merge branch 'policyViolation' into 254_dynamic_webhook_configurations 
# Conflicts:
#	main.go
#	pkg/annotations/annotations.go
#	pkg/annotations/controller.go
#	pkg/controller/controller.go
#	pkg/controller/controller_test.go
#	pkg/engine/engine.go
#	pkg/engine/generation.go
#	pkg/engine/mutation.go
#	pkg/engine/validation.go
#	pkg/event/controller.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/policyvalidation.go
#	pkg/webhooks/report.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-08-14 19:00:37 -07:00
shivkumar dudhani
63a5337c9b generation test 2019-08-14 18:40:33 -07:00
Shuting Zhao
6b1b6dddfa combine policy engine returns into single struct 2019-08-14 15:18:46 -07:00
Shuting Zhao
e87c72291f - Patch resource between every rule application - move mutation & validation to mutate webhook 2019-08-14 11:51:01 -07:00
shivkumar dudhani
aed0ed0dc1 clean up 2019-08-14 10:01:47 -07:00
shivkumar dudhani
e7b538be79 add process existing for mutation & validation + come cleanup 2019-08-13 11:32:12 -07:00
shivkumar dudhani
2cdeac5988 start creation policy violation 2019-08-09 19:12:50 -07:00
shivkumar dudhani
e5b4e5a116 generate events for resource & policy 2019-08-09 17:28:49 -07:00
shivkumar dudhani
1e621146be test policy engine on admission requests 2019-08-09 16:55:43 -07:00
shivkumar dudhani
135f241a4a event generator cleanup 2019-08-09 13:41:56 -07:00
shivkumar dudhani
373d9a45ad clean up mutation 2019-08-09 12:59:37 -07:00
Shuting Zhao
256240dc46 Merge commit 'c1916a8bfc5b35499638428fbcda12ca42babdc3' into 196_anchor_selection_on_peer 2019-07-26 13:47:23 -07:00
shivkumar dudhani
14bc6859f6 annotations json path update 2019-07-24 14:25:28 -04:00
Shuting Zhao
7d2abc5df3 Merge branch 'master' into 196_anchor_selection_on_peer 2019-07-23 17:55:24 -07:00
Shuting Zhao
6d49a728a1 - update install_debug.yaml - add debug log 2019-07-23 17:54:31 -07:00