mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
6903 commits 15 branches 540 tags 276 MiB
Commit graph

6903 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
5826482f2a
chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#9360) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 12:37:00 +08:00
treydock
cde4ac7154
Add global nodeSelector (#9339) 
Allow a global node selector to apply to all pods in the kyverno Helm chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2024-01-05 23:28:16 +08:00
Chip Zoller
f98dcb46df
fix (#9348) 
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2024-01-05 13:24:04 +00:00
kanha gupta
f7a962fd11
support for SHA256 jmespath function (#9144) 
Signed-off-by: Kanha gupta <kanhag4163@gmail.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2024-01-05 10:44:26 +00:00
Vishal Choudhary
c2e388a71c
fix: update CLI to use store for fetching regclient (#9315) 
* fix: use docker keychain as default in 1.11

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: use store to get registry client

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: use kyverno as username

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: missed cli-test

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: changed location

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: undo test

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-01-05 06:26:25 +00:00
Mariam Fahmy
e1a26f8eed
fix PSA chainsaw tests (#9341) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2024-01-05 08:57:40 +08:00
shuting
025a477688
fix: non-trigger resources should be skipped for background policies regardless of skipBackgroundRequests settings (#9333) 
* fix skip checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: skip request for non-triggers

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: empty policy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-01-04 12:47:58 +02:00
dependabot[bot]
fb0eab660b
chore(deps): bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 (#9328) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](91713af97d...d43c1f16c0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-01-04 05:50:02 +00:00
Mariam Fahmy
f8c5571ddc
fix: remove the check of exclude in VAPs (#9331) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2024-01-03 17:37:30 +00:00
Mariam Fahmy
25a6cd97e0
fix a chainsaw test (#9332) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2024-01-03 19:22:16 +08:00
shuting
09bc8fec55
fix lib (#9326) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-01-03 07:24:04 +00:00
Khaled Emara
88798c3e39
feat: add new client for events (#9323) 
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
 2024-01-03 01:12:05 +00:00
dependabot[bot]
7c94783c6a
chore(deps): bump kyverno/action-install-chainsaw from 0.1.1 to 0.1.2 (#9307) 
Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/kyverno/action-install-chainsaw/releases)
- [Commits](d12e54dd35...56be3cb4ec)

---
updated-dependencies:
- dependency-name: kyverno/action-install-chainsaw
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-02 07:43:46 +00:00
dependabot[bot]
b573be7352
chore(deps): bump sigstore/scaffolding (#9321) 
Bumps [sigstore/scaffolding](https://github.com/sigstore/scaffolding) from bea34b6f64147aa09768cd9c4c5d17e71d9e144e to 8c2c43c352e9fe4b5bc0957548ef956306734292.
- [Release notes](https://github.com/sigstore/scaffolding/releases)
- [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md)
- [Commits](bea34b6f64...8c2c43c352)

---
updated-dependencies:
- dependency-name: sigstore/scaffolding
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-02 15:16:44 +08:00
Vishal Choudhary
4375ecd5d4
chore: add k8s 1.29 in custom-sigstore test (#9218) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-12-30 21:06:17 +00:00
Husni Alhamdani
1ed7bdbe5d
add Censhare to ADOPTERS.md (#9311) 
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
 2023-12-30 20:39:02 +00:00
Khaled Emara
3d985872df
Add Chainsaw Test for Conditional Anchor (#9295) 
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-12-28 12:15:06 +00:00
dependabot[bot]
22308afc54
chore(deps): bump github.com/prometheus/client_golang (#9298) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.18.0/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-28 10:51:10 +00:00
Khaled Emara
d5491746e7
fix(cli): handle excluded resources as pass (#9274) 
* fix(cli): handle excluded resources as pass

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* test: add cli test for exclude

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

---------

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
 2023-12-28 07:16:55 +00:00
hhsel
71739b85ee
fix: large table row ID number format in CLI (#9281) 
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-26 21:31:09 +00:00
Charles-Edouard Brétéché
0107c9af8a
fix: remove skip increment when resource not found in cli apply (#9282) 
* fix: remove skip increment when resource not found in cli apply

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-26 15:47:53 +00:00
Gurmannat Sohal
6902a2b092
Unit tests for Pod Security Admission Integrations (#8585) 
* feat: enable field-restricted exclusions using the psa

Signed-off-by: Liang Deng <283304489@qq.com>

* fix ci error

Signed-off-by: Liang Deng <283304489@qq.com>

* fix ci error

Signed-off-by: Liang Deng <283304489@qq.com>

* initial unit tests

* Add all remaining unit tests

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fine grain unit tests by adding fields and values

* add detailed pod level exclusion and related tests

* add tests for init & ephemeral containers

* add kuttl tests for the new advanced support

* add kuttl tests for the new advanced support

* add readme for kuttl tests

* add replacement in go.mod

* resolving CI errors

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix ci errors

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix ci errors

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* updating pod-security-admissio

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* resolving null pointer panic

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* resolved conformance error

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* chainsaw

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chainsaw

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* remove duplication

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix linting

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* remove over computation

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* added field checks, pss skip condition

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* correcting chainsaw tests

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* merge branch 'main' into unit-tests

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix builds

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: Liang Deng <283304489@qq.com>
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Liang Deng <283304489@qq.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-26 22:28:08 +08:00
Mariam Fahmy
4fff841cdc
fix: remove policy informer from vap controller (#9279) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-26 11:45:26 +00:00
Charles-Edouard Brétéché
1ef82ab530
feat: stop serving v2alpha1 cleanup policies (#9270) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-25 20:42:19 +00:00
Frank Wittig
2a9262c325
Add imagePullSecrets to post-upgrade job (#9264) 
Signed-off-by: Frank Wittig <frank@e5k.de>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-12-24 12:42:48 -05:00
Mariam Fahmy
5f09fa810c
chore: introduce v2 for updaterequests (#9267) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-23 00:09:02 +00:00
treydock
8308a6c69c
Support setting global extraEnvVars (#9269) 
Fixes #9243

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2023-12-22 22:07:11 +00:00
Charles-Edouard Brétéché
2b5aef75f1
feat: add cleanup policies v2 (#9261) 
* feat: add cleanup policies v2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-22 20:43:27 +02:00
Vishal Choudhary
ce00df13fa
fix: use http.MaxBytesReader instead of content length for API Calls (#9265) 
* fix: use http.MaxBytesReader instead of content length for API Calls

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add unit tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: added test for chunked transfer

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-12-22 17:05:52 +00:00
Mariam Fahmy
6bffca067a
chore: introduce v2 for internal reports resources (#9262) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-22 14:09:00 +00:00
shuting
67b96a7cf2
refactor: mutate checks (#9255) 
* refactor

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-12-22 15:07:17 +02:00
Charles-Edouard Brétéché
b790fc4ced
chore: bump a couple of deps (#9260) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-22 11:55:15 +00:00
Shubham Singh
6aaa06702f
bug: making images consistent with image (#9147) 
* adding `ReferenceWithTag` and `GetReferenceWithTag` + Populating them

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>

* Adding tests for the same

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>

* `ReferenceWithTag()` -> `ReferenceWithTag`

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>

* `Strings()` -> `ReferenceWithTag`

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>

* added `ReferenceWithTag` to image_test

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>

* sorting out linter

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>

---------

Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-12-22 11:15:50 +00:00
Charles-Edouard Brétéché
b54e6230c5
refactor: events controller (#9236) 
* refactor: make events controller shutdown graceful

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* drain

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: events controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* exception

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove queue

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-12-22 11:47:22 +01:00
Mariam Fahmy
b61a1f3d18
fix: set v2beta1 of exceptions the storage version (#9254) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-12-22 10:13:58 +00:00
Vishal Choudhary
ca31df9025
chore: bump k8s from 0.29.0-alpha.3 to stable (#9253) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-12-22 09:27:03 +00:00
hub_Prateek
f344bcf9a7
Fixed error log (#9232) 
* Fixed error log

Signed-off-by: hub-Prateek <prateeksaxena462003@gmail.com>

* Removed the event

Signed-off-by: hub-Prateek <prateeksaxena462003@gmail.com>

---------

Signed-off-by: hub-Prateek <prateeksaxena462003@gmail.com>
 2023-12-22 07:32:08 +00:00
Mariam Fahmy
af0ff92ca3
fix: remove unused file in a test (#9240) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-21 11:49:57 +00:00
Mariam Fahmy
154b34407b
fix launch.json (#9239) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-21 10:53:16 +00:00
Honnix
47cafaabd3
Support more signature algorithms (#9102) 
* Support more signature algorithms

Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com>

* Fix codegen

Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com>

* Fail loudly for unsupported algorithm

Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com>

* Fix codegen

Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com>

* Fix more

Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com>

---------

Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-12-21 13:27:33 +05:30
dependabot[bot]
9507a65219
chore(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.16.0 (#9224) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.13.1 to 0.16.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.13.1...91713af97dc80187565512baba96e4364e983601)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-20 19:59:00 +00:00
shuting
85e0d9b836
fix mutate existing force reconciliation (#9230) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-12-20 16:29:37 +00:00
Vishal Choudhary
2b745163ba
fix: add support for fips endpoints in AWS authentication (#9233) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-12-20 15:29:00 +00:00
Charles-Edouard Brétéché
d1138764f5
feat: add deprecation warnings in the CLI (#9222) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-20 12:45:26 +00:00
Charles-Edouard Brétéché
438a53cb3d
feat: enable kubectl-validate by default in cli (#9220) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-20 08:37:26 +00:00
dependabot[bot]
8858d4fd48
chore(deps): bump fluxcd/flux2 from 2.2.1 to 2.2.2 (#9225) 
Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](9b3958825a...5c5c15ea21)

---
updated-dependencies:
- dependency-name: fluxcd/flux2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-20 07:54:28 +00:00
raffis
cdd5d4fd22
fix(kubectl-kyverno): apply registry auth (#9151) 
* fix(kubectl-kyverno): apply registry auth

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-19 21:33:05 +00:00
Mariam Fahmy
fe8f8faa8b
fix: add chainsaw test for mutate existing (#9210) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-19 18:15:34 +00:00
Mariam Fahmy
d5e5219601
chore: remove v2alpha1 version of policy exceptions (#9211) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-12-19 16:27:08 +00:00
Charles-Edouard Brétéché
c335670065
chore: add missing context unit test (#9213) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-12-19 15:54:48 +00:00