1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

5695 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
4cf5903545
fix: allow empty image (#6767)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 17:01:35 +00:00
Charles-Edouard Brétéché
89928e286a
chore: use Audit instead of audit in kuttl tests (#6770)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 16:27:21 +00:00
Pradeep Lakshmi Narasimha
cc9adc5cd8
Adding validation to reject audit mode policy creation/updation when mutateDigest is set to true (#6757)
* Adding validation to reject audit mode policy creation/updation when mutateDigest is set to true

Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>

* fix tests

Signed-off-by: realshuting <shutting06@gmail.com>

---------

Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>
Signed-off-by: realshuting <shutting06@gmail.com>
Co-authored-by: realshuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 15:52:32 +00:00
Charles-Edouard Brétéché
75280aad28
fix: quit when loosing leadership (#6718)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-04-03 15:17:44 +00:00
Charles-Edouard Brétéché
9ac141fcb9
fix: don't filter on group when service based apiservice discovery fails (#6766)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 14:44:01 +00:00
Charles-Edouard Brétéché
247af9d516
fix: missing image pull secrets in helm hooks (#6764)
* fix: missing image pull secrets in helm hooks

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* release notes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 14:09:56 +00:00
Charles-Edouard Brétéché
8f84d222ef
chore: use Enforce instead of enforce in kuttl tests (#6763)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 13:36:30 +00:00
shuting
389a64fe18
bump allowed PSA to 1.26 (#6762)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-04-03 12:50:11 +00:00
Ved Ratan
367156f60b
[Chore] Bump to Go 1.20 (#6683)
* changed go version 1.19->1.20

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* updated go version in actions

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* bumped golangci-lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix conflicts

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fixed some linter issues

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fixed some linter issues

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* possible fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* small fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
2023-04-03 11:40:47 +00:00
Liang Deng
0be5255be9
feat: lint Helm charts for Artifact Hub (#6758)
Signed-off-by: Liang Deng <283304489@qq.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 07:56:52 +00:00
Charles-Edouard Brétéché
b4a4e3a4f3
refactor: don't process context/preconditions in invokeHandler (#6751)
* refactor: engine handlers

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: don't process context/preconditions in invokeHandler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-03 12:57:48 +08:00
shuting
e75c766acd
add new test (#6752)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-31 13:56:32 +02:00
shuting
a243b405d2
add a kuttl test (#6622)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-31 12:27:25 +02:00
Charles-Edouard Brétéché
263fd8a7a8
refactor: introduce image mutation handler (#6735)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-31 06:41:48 +00:00
shuting
55d2eeaded
refactor - fire generate upon trigger deletion (#6736)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-31 06:08:14 +00:00
shuting
efe09b286e
fix source in events (#6739)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-31 07:34:31 +02:00
Charles-Edouard Brétéché
94f0829a37
fix: no skip result when no image match the rule (#6733)
* fix: no skip result when no image match the rule

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-30 15:31:11 +00:00
dependabot[bot]
c1973b2d1d
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#6729)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e38b1902ae...80e868c13c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-30 14:09:29 +00:00
Charles-Edouard Brétéché
eaaa8a0236
refactor: engine responses (#6738)
* refactor: engine responses

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-30 11:59:32 +00:00
shuting
af99bb1d0c
update install.yaml (#6737)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-30 11:09:40 +00:00
dependabot[bot]
0dbf900fe9
chore(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#6731)
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-30 10:25:21 +00:00
Charles-Edouard Brétéché
d0841e4918
refactor: introduce pss validation handler (#6724)
* refactor: remove rules pointer

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: introduce pss validation handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-30 09:51:16 +00:00
shuting
e2a8d9fa04
fix: event message for the image verify rule (#6734)
* debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-30 09:14:02 +00:00
dependabot[bot]
5155412089
chore(deps): bump go.uber.org/multierr from 1.10.0 to 1.11.0 (#6732)
Bumps [go.uber.org/multierr](https://github.com/uber-go/multierr) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/uber-go/multierr/releases)
- [Changelog](https://github.com/uber-go/multierr/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/multierr/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.uber.org/multierr
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-30 08:30:59 +00:00
dependabot[bot]
b3a68241d8
chore(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6 (#6730)
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.5 to 1.27.6.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.5...v1.27.6)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-30 07:47:13 +00:00
Charles-Edouard Brétéché
af526ff350
test: bgscan report with image verification rule passing (#6728)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 22:49:09 +00:00
Charles-Edouard Brétéché
749ea6dacf
chore: bump default k8s version to v1.26.2 (#6727)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 22:02:40 +00:00
Charles-Edouard Brétéché
d13751c8bf
fix: missing volume for sigstore in reports controller (#6726)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 16:55:46 -04:00
shuting
805f7b72a9
remove unused ctx (#6725)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-29 18:23:29 +00:00
Charles-Edouard Brétéché
43811733dc
refactor: remove rules pointer (#6722)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 17:44:09 +00:00
Vyom Yadav
c01b5cc381
fix: Don't check for subresource existence when it is the trigger. (#6544)
Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-03-29 15:54:42 +00:00
Charles-Edouard Brétéché
c7192912fa
refactor: add preconditions check to engine invokeHandler (#6721)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 13:33:02 +00:00
Charles-Edouard Brétéché
3e5cfe3ae4
test: add kuttl test for bad manifest signatures (#6719)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 12:09:22 +00:00
Charles-Edouard Brétéché
07dd0b0082
chore: update tools versions (#6720)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 19:24:37 +08:00
dependabot[bot]
bf6e326d5f
chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#6717)
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.5 to 0.14.6.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.5...v0.14.6)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 09:28:46 +00:00
Charles-Edouard Brétéché
7e8f72ccd3
fix: cap and validate webhook timeout (#6715)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 07:02:52 +00:00
Charles-Edouard Brétéché
dc8a60a43e
feat: add operations support in match/exclude (#6658)
* feat: add operations support in match/exclude

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* clean

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* matching

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* operation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* make operation mandatory

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-29 04:22:21 +00:00
Chip Zoller
12294dc47b
bump versions, license (#6714)
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-28 22:17:06 +00:00
Charles-Edouard Brétéché
74664d4280
chore: remove dead code (#6710)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-28 14:43:25 +00:00
Charles-Edouard Brétéché
f812335280
fix: allow overriding PDB api version (#6708)
* fix: allow overriding PDB api version

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* changelog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-28 14:09:47 +00:00
Charles-Edouard Brétéché
db29d8b2ba
fix: propagate error when parsing an image fails (#6706)
* fix: propagate error when parsing an image fails

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Apply suggestions from code review

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-28 13:36:07 +00:00
Charles-Edouard Brétéché
391f1ae487
fix: allow image to be not present (#6707)
* fix: allow image to be not present

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* log

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-28 13:02:29 +00:00
dependabot[bot]
70cd7124c9
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#6705)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](67a35a0858...04df1262e6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-28 08:23:52 +00:00
Charles-Edouard Brétéché
341ed36e54
refactor: make use of handlers in engine validation (#6704)
* refactor: make use of handlers in engine validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* polex

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-28 07:47:53 +02:00
Charles-Edouard Brétéché
54c5a4e127
test: add kuttl tests for manifests verification (#6701)
* test: add kuttl tests for manifests verification

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 12:19:19 -04:00
Charles-Edouard Brétéché
dbc442b9e1
refactor: introduce image validation handler (#6697)
* refactor: factorise rule handler invocation code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: introduce validation handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: introduce image validation handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 15:11:27 +00:00
Charles-Edouard Brétéché
d96499462e
chore: update argocd lab (#6698)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 22:35:46 +08:00
Charles-Edouard Brétéché
84d4bb4998
refactor: introduce validation handler (#6695)
* refactor: factorise rule handler invocation code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: introduce validation handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-03-27 13:53:42 +00:00
shuting
0c702f49b1
add mutate.targets validations (#6693)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 13:52:44 +00:00
shuting
e3902d117e
add mutate.targets validations (#6693)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-03-27 12:30:46 +00:00