kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Jim Bugwadia	5b5a85c16a	change RuleStatus values to lowercase Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-30 00:04:13 -07:00
Jim Bugwadia	67660647d9	update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 18:30:53 -07:00
Max Goncharenko	a0ff8bbd0b	Implement global anchor (#2311 ) * implement global anchor for patch strategic merge Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed unit tests for mutation global anchor Signed-off-by: Max Goncharenko <kacejot@fex.net> * added global anchor in validation Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix some global anchor issues found during testing Signed-off-by: Max Goncharenko <kacejot@fex.net> * run go tidy Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed some tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * finish implementing global anchor Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * WIP: lower global anchor strictness Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * Revert "WIP: lower global anchor strictness" This reverts commit `08e176a042`. Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * global anchor for mutation Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-13 08:59:28 -07:00
Valentin Velkov	63f4c9a884	Configurable success events on policies & resources. Generating failure events on policies by default. (#1939 ) * Remove unused event.Reason const Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate failure events on policies Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate success events on policy Signed-off-by: Velkov <valentin.velkov@sap.com> * Introduce 'generateSuccessEvents' flag Signed-off-by: Velkov <valentin.velkov@sap.com> * Unit tests & chart fix Signed-off-by: Velkov <valentin.velkov@sap.com>	2021-06-29 14:43:11 -07:00
Vyankatesh Kudtarkar	04dc3ddfe3	Remove sample Dir and Remove testcases from test_runner (#1686 ) * remove sample Dir and remove testcases form test_runner Signed-off-by: vyankatesh <vyankatesh@neualto.com> * change git URL for test Signed-off-by: vyankatesh <vyankatesh@neualto.com> * fix fmt issue Signed-off-by: vyankatesh <vyankatesh@neualto.com> * remove unused policy and test yamls Signed-off-by: vyankatesh <vyankatesh@neualto.com> * fix yaml path issue Signed-off-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankatesh@neualto.com>	2021-03-16 14:35:32 -07:00
Jim Bugwadia	e2f10c6f83	update validation logic	2020-12-23 15:10:07 -08:00
Jim Bugwadia	6afd2e6f3a	ignore non-policy files in CLI and improve validation messages (#1362 ) * improve validation message * improve error behaviors * fix tests * fix tests	2020-12-07 11:26:04 -08:00
Shuting Zhao	e985ee4031	correct misspelled words	2020-11-17 12:01:01 -08:00
Mohan B E	bd406f5bb8	added conversion of overlay to patch strategic merge (#1138 ) * added conversion of overlay to patch strategic merge and modified unittest for the same * updated best practice policy	2020-09-22 16:19:09 -07:00
Jim Bugwadia	838d02c475	Bugfix/659 support wildcards for namespaces (#871 ) * - support wildcards for namespaces * do not annotate resource, unless policy is an autogen policy * close HTTP body * improve messages * remove policy store Policy store was not fully implemented and simply provided a way to list all polices and get a policy by name, which can be done via standard client-go interfaces. We need to revisit and design a better PolicyStore that provides fast lookups for matching policies based on names, namespaces, etc. * handle wildcard namespaces in background processing * fix unit tests 1) remove platform dependent path usage 2) remove policy store * add test case for mutate with wildcard namespaces	2020-05-26 10:36:56 -07:00
Shuting Zhao	ea66d7a7b8	fix CI	2020-05-20 13:58:56 -07:00
shuting	5f20cdfb07	remove cpu limit in BP require_pod_requests_limits.yaml (#807 ) * remove cpu limit in BP require_pod_requests_limits.yaml * update test	2020-04-13 09:29:11 -07:00
Shivkumar Dudhani	8c1d79ab28	linter suggestions (#655 ) * cleanup phase 1 * linter fixes phase 2	2020-01-24 12:05:53 -08:00
shivkumar dudhani	10fc1b47ba	Merge branch 'master' into v1.1.0	2019-12-12 16:54:42 -08:00
Shivkumar Dudhani	ffe3bdb677	remove newline from engine response strings (#537 ) * remove newline from engine response strings * add scenario file updates * cr: remove . in trailing msg string	2019-12-04 18:04:42 -08:00
Shuting Zhao	51642cbcf3	skip process mutate patches if conditon tag is not present	2019-11-27 19:40:47 -08:00
Shuting Zhao	261560eafb	mutate rule: do not ignore empty key in resource if overlay has nested anchor	2019-11-27 16:07:15 -08:00
shuting	ae53fa1bfc	Merge pull request #512 from nirmata/local_test Add generate rule for default limitrange	2019-11-18 17:33:43 -08:00
shivkumar dudhani	830e66f80c	update scenario file	2019-11-15 21:43:08 -08:00
Shuting Zhao	8343eaf0a8	add generate rule for default limitrange	2019-11-15 18:32:24 -08:00
Jim Bugwadia	eb24b7502b	update policy name	2019-11-13 23:31:04 -08:00
Shuting Zhao	79a7bde4ab	- fix test; - improve logging	2019-11-13 18:44:18 -08:00
Shuting Zhao	dcfe76acdc	fix test	2019-11-13 00:44:07 -08:00
Shuting Zhao	45dc0bd358	Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 345_support_usergroup_info # Conflicts: # test/scenarios/samples/best_practices/add_safe_to_evict2.yaml	2019-11-13 00:31:07 -08:00
Shuting Zhao	fb2cc2db9c	fix tests	2019-11-11 21:40:42 -08:00
Jim Bugwadia	87be5ca4b8	update policies and test cases	2019-11-11 17:55:54 -08:00
Jim Bugwadia	3ffb0cfa39	add disallow_sysctl and move policies	2019-11-11 17:17:09 -08:00
Jim Bugwadia	05503e4fd1	update other policies	2019-11-11 14:09:07 -08:00
Jim Bugwadia	dd4d091c23	update restrict_automount_sa_token	2019-11-10 21:57:20 -08:00
Jim Bugwadia	5b2fd96131	update LimitNodePort	2019-11-10 21:34:22 -08:00
Jim Bugwadia	5e8b6c4183	update add_networkPolicy	2019-11-10 21:27:50 -08:00
Jim Bugwadia	244909ebb3	update require_probes	2019-11-10 21:18:17 -08:00
Jim Bugwadia	c1be682a93	update require_pod_requests_limits	2019-11-10 21:06:49 -08:00
Jim Bugwadia	f668113904	update add_ns_quota	2019-11-10 20:58:57 -08:00
Jim Bugwadia	a6d5fb6e30	update restrict_image_registries	2019-11-10 18:13:01 -08:00
Jim Bugwadia	f31abbffab	update disallow_latest_tag	2019-11-10 17:54:38 -08:00
Jim Bugwadia	7f54e8e2e3	Merge branch '451_fix_disallow_host_net_port' into 452_make_sample_policy_rule_names_consistent # Conflicts: # samples/best_practices/disallow_host_network_hostport.yaml # test/scenarios/samples/best_practices/disallow_host_network_port.yaml	2019-11-10 17:35:43 -08:00
Jim Bugwadia	20736e5e81	update disallow_default_namespace and disallow_host_network_port and disallow_host_pid_ipc	2019-11-10 15:50:18 -08:00
Jim Bugwadia	170e2a5179	update disallow_docker_sock_mount and disallow_host_network_port	2019-11-10 12:53:48 -08:00
Jim Bugwadia	fd1a26db29	update DisallowBindMounts	2019-11-09 16:33:19 -08:00
Jim Bugwadia	fae8ac0325	update RequireReadOnlyRootFS	2019-11-09 16:18:33 -08:00
Jim Bugwadia	121b81a83b	update disallow new capabilities	2019-11-09 16:07:16 -08:00
Jim Bugwadia	cba79c69a2	update disallow_priviledged	2019-11-08 20:04:42 -08:00
Jim Bugwadia	5ce8fd7a9a	update disallow_root_user	2019-11-08 19:25:43 -08:00
Jim Bugwadia	6baa678e27	rename add_safe_to_evict	2019-11-08 19:02:49 -08:00
Jim Bugwadia	a0d3f728da	fix disallow_host_network_hostport policy	2019-11-08 18:26:58 -08:00
Jim Bugwadia	ab2e671df5	update test scenario and change rule to audit mode	2019-11-07 19:28:48 -08:00
Jim Bugwadia	4aac8f43a9	fix test	2019-11-07 19:19:33 -08:00
Shuting Zhao	ec331b8d17	remove resource info in the validation error	2019-11-07 12:30:58 -08:00
Shuting Zhao	59fb1c90cd	fix test	2019-11-07 12:13:35 -08:00

1 2 3

136 commits