mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
2174 commits 15 branches 540 tags 276 MiB
Commit graph

224 commits

Author SHA1 Message Date
Shuting Zhao
e3123e96b6 Merge branch 'master' into add_testscenario 2020-01-08 16:48:15 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shuting Zhao
ecbbd04bc5 - remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00
Shuting Zhao
0c9053d50d register resource webhook in policy control loop 2020-01-02 20:25:30 -08:00
Shuting Zhao
956cb0559a - register resource webhook when policy controller starts; - add debug log 2020-01-02 19:12:45 -08:00
Shuting Zhao
d36934fe11 Merge commit '5b8ab3842b43a72cc675b93b8b72e290adfca1d2' into 518_pod_controller 
# Conflicts:
#	pkg/api/kyverno/v1/types.go
#	pkg/engine/mutation.go
#	pkg/engine/mutation_test.go
#	pkg/engine/validation.go
#	pkg/policy/existing.go
 2020-01-02 10:32:17 -08:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549) 
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
 2019-12-30 17:08:50 -08:00
Shuting Zhao
076196688e skip process existing pod if annotation present 2019-12-26 18:41:14 -08:00
Shuting Zhao
f0d943e970 Merge branch 'master' into 518_pod_controller 2019-12-26 15:35:23 -08:00
Shuting Zhao
54ecb7738a - insert annotation to podTemplate; - skip apply rule on pod if annotation exists 2019-12-26 15:34:19 -08:00
Shivkumar Dudhani
085856baa1
add event source and format event messages (#565) 2019-12-26 11:50:41 -08:00
shivkumar dudhani
38987d50c3 store context values as single JSON document using merge patches. 2019-12-17 16:06:13 -08:00
shivkumar dudhani
5659f2fbcf merge master 2019-12-12 18:44:52 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
shivkumar dudhani
a19785261d Merge branch '524_bug' into v1.1.0 2019-12-12 16:25:50 -08:00
shivkumar dudhani
b5de11fc0e refactor engine packages for validate & generate 2019-12-12 15:02:59 -08:00
Shuting Zhao
2c783cfe02 rename namespacedpolicyviolation: update code 2019-12-11 16:09:05 -08:00
Shuting Zhao
b2ad71cc5e remove channel, introduced a flag to indicate the webhook creation status 2019-12-05 15:49:02 -08:00
Shuting Zhao
183f844029 - move resourcewebhookregister to webhookconfig 2019-12-05 13:51:02 -08:00
Shuting Zhao
0f5cf40eda - holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient 2019-12-04 12:31:27 -08:00
shivkumar dudhani
0f6f3c1e02 missing update 2019-12-02 17:29:41 -08:00
shivkumar dudhani
0ea1d9986a cleanup resource & policy 2019-12-02 17:15:47 -08:00
shivkumar dudhani
e7607fae87 refactor cluster and oplicy violation cleanup 2019-11-27 11:23:29 -08:00
Shuting Zhao
f506789498 create resource mutating webhook after verifying webhook is active 2019-11-25 18:07:11 -08:00
shivkumar dudhani
89d0cc8799 Merge branch 'v1.1.0' into 504_bug 2019-11-19 10:12:09 -08:00
Shivkumar Dudhani
a81d5c9ae7
update event message (#515) 2019-11-18 17:13:48 -08:00
shivkumar dudhani
40b685c9db merge with v1.1.0 2019-11-18 11:48:36 -08:00
shivkumar dudhani
09cd524625 CR fixes 2019-11-18 11:12:36 -08:00
shivkumar dudhani
3c3931b67b wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00
shivkumar dudhani
57e8e2a395 Revert "wait for cache to sync and cleanup" 
This reverts commit 9c3b32b903.
 2019-11-15 15:57:18 -08:00
shivkumar dudhani
9c3b32b903 wait for cache to sync and cleanup 2019-11-15 15:53:22 -08:00
shivkumar dudhani
a315c22e2f refer informer cache in policy controller for mutatingwebhookconfigs 2019-11-15 14:01:40 -08:00
shivkumar dudhani
f97406698d remove namespace from resource spec 2019-11-15 12:03:58 -08:00
Shuting Zhao
22162b28f2 handle namespaced/cluster violation cleanup separately 2019-11-14 13:06:56 -08:00
Shuting Zhao
c140f660f6 fix pv cleanup #496 2019-11-14 12:01:41 -08:00
shuting
ded0183aa2
Merge pull request #478 from nirmata/472_update_apiversion 
472 update apiversion
 2019-11-13 15:19:27 -08:00
Shivkumar Dudhani
23ba517fef
add patched resource + correct register handlers (#482) 2019-11-13 15:16:46 -08:00
Shuting Zhao
b67577994a update apiversion to v1 in code 2019-11-13 13:41:08 -08:00
Shivkumar Dudhani
7a12e12cb5
skip validation if the resource updates dont violate policy rules (#477) 2019-11-13 13:13:07 -08:00
Shuting Zhao
9e0f39efcf remove GetOwners() 2019-11-13 12:34:55 -08:00
Shuting Zhao
fc35a52ad8 Merge branch 'master' into 455_namespace_pv 
# Conflicts:
#	definitions/install_debug.yaml
#	main.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-13 11:46:46 -08:00
Shuting Zhao
e36ba36e9f - resolve comments - remove unused code 2019-11-13 10:17:03 -08:00
Shuting Zhao
01b915de8d remove unused function 2019-11-13 00:27:44 -08:00
Shuting Zhao
196c7b36b0 update pv labels if it changes 2019-11-13 00:03:01 -08:00
Shuting Zhao
55b0bf0d3a add event handler for NamespacedPolicyViolation 2019-11-12 23:43:29 -08:00
Shuting Zhao
bdcb2eac6a claim namespaced policy violations 2019-11-12 23:19:38 -08:00
Shuting Zhao
5be2cea536 create namespace pv when validate policy fails 2019-11-12 19:15:20 -08:00
Shuting Zhao
b811bb269e rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 19:12:36 -08:00
Shuting Zhao
2893cc3f7d create namespace pv when validate policy fails 2019-11-12 19:02:31 -08:00
Shuting Zhao
e7ec93a5ba rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 19:02:31 -08:00
shivkumar dudhani
1049e3fe81 pass dynamic client 2019-11-12 18:25:50 -08:00
shivkumar dudhani
d8bf7fa284 clean up fixes 2019-11-12 16:49:05 -08:00
shivkumar dudhani
f271af95cc use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00
shivkumar dudhani
ccbb6e33a5 introduce policy violation generator 2019-11-12 14:41:29 -08:00
Shuting Zhao
5a3ed62b13 Merge branch 'master' into 345_support_usergroup_info 
# Conflicts:
#	pkg/engine/validation_test.go
#	pkg/webhooks/annotations.go
#	pkg/webhooks/annotations_test.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-11 19:19:08 -08:00
Shuting Zhao
02fd1227be reverse listResource interface 2019-11-11 16:10:55 -08:00
shivkumar dudhani
f788f0e526 introduce policy store 2019-11-11 11:10:25 -08:00
Shivkumar Dudhani
1613434c46
458 cleanup (#464) 
* cleanup of policy violation on policy spec changes + refactoring

* remove unused code

* remove duplicate types

* cleanup references

* fix info log and clean code

* code clean

* remove dead code
 2019-11-08 20:45:26 -08:00
Shuting Zhao
6048d59949 change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00
Shuting Zhao
3f59b4cf10 change client.ListResource to take listOptions 2019-11-08 18:54:43 -08:00
shivkumar dudhani
a1d7f984db remove comments 2019-10-28 15:23:52 -05:00
Shivkumar Dudhani
22e7ab1c49
Merge branch 'master' into 261_dynamic_config 2019-10-25 19:17:15 -05:00
Shuting Zhao
3a3efe00f1 - rename to managedResource; - refact code structure 2019-10-24 15:50:11 -07:00
Shuting Zhao
6e69c8b69b cleanup pv with dependant when blocked admission request pass 2019-10-23 23:18:58 -07:00
Shuting Zhao
1db901cca6 add comment 2019-10-23 09:58:42 -07:00
Shuting Zhao
f820cb4c83 implement #387 Generate clusterpolicyviolation when policy action set to "enforce" 2019-10-21 15:55:20 -07:00
shivkumar dudhani
64eab3d1d6 initial commit 2019-10-18 17:38:46 -07:00
Shuting Zhao
7239b4d9b7 Merge commit '37c25daa17ad046f739e74d803cb78d887805bb4' into 346_validate_policy 
# Conflicts:
#	pkg/api/kyverno/v1alpha1/utils.go
 2019-10-18 10:09:44 -07:00
shivkumar dudhani
5d228d9586 fix error param 2019-10-15 11:30:06 -07:00
shivkumar dudhani
1a7b92f001 delete PV if the P it refers to is state 2019-10-15 11:07:22 -07:00
shivkumar dudhani
70ff2fa177 update engineResponse Name 2019-10-08 10:57:24 -07:00
Shuting Zhao
e20d86f45c remove duplicate code: hasMutate.. 2019-10-03 17:00:05 -07:00
Shuting Zhao
5e0415911a add best-practice: policy_validate_disallow_default_serviceaccount 2019-09-16 14:16:54 -07:00
shuting
3d02f81434
Merge pull request #351 from nirmata/348_feature_wildcardsNamespaces 
support wild cards for namespaces in rule resource description
 2019-09-12 23:06:51 -07:00
shivkumar dudhani
44af35d6e4 support wild cards for namespaces in rule resource description 2019-09-12 17:11:55 -07:00
shivkumar dudhani
5dab189743 fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00
shivkumar dudhani
7a43bed8e4 remove commented code + fix log param 2019-09-04 14:06:06 -07:00
Shivkumar Dudhani
b1e5f0a8c7
Merge branch 'master' into refactor_webhookconfigGeneration 2019-09-04 13:50:46 -07:00
shivkumar dudhani
c2e822c887 refactor webhook configuration 2019-09-04 13:43:12 -07:00
Shivkumar Dudhani
94bf186f30
Merge pull request #328 from nirmata/bug_exclude 
check the exclude conditions with AND
 2019-09-04 10:02:57 -07:00
shivkumar dudhani
dee4eef44a check the exclude conditions with AND 2019-09-03 19:31:42 -07:00
shivkumar dudhani
b152cdd004 rule to show violation count 2019-09-03 18:31:57 -07:00
shivkumar dudhani
9d81e61002 ignore stats if no rule is applied 2019-09-03 18:18:21 -07:00
shivkumar dudhani
cd6b1d0990 aggregate rule status 2019-09-03 17:43:36 -07:00
shivkumar dudhani
6228b8343e refactor engine api 2019-09-03 15:48:13 -07:00
shivkumar dudhani
fa53519e2a change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00
shivkumar dudhani
d43b4d93c2 rebase with master 2019-08-30 01:08:54 -07:00
shivkumar dudhani
bfb16b0c11 create policy mutating webhook config resouce + refactoring 2019-08-27 14:52:56 -07:00
shivkumar dudhani
116203282d fix patches 2019-08-26 16:10:19 -07:00
shivkumar dudhani
5b80da32ba replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00
shivkumar dudhani
b062d70e29 initial redesign 2019-08-23 18:34:23 -07:00
shivkumar dudhani
57f770241e remove commented code 2019-08-21 14:18:36 -07:00
shivkumar dudhani
d8c315e339 fix import cylce after merge + seperate webhookconfig client 2019-08-21 01:07:32 -07:00
Shivkumar Dudhani
77735a4256
Merge branch 'feature_redesign' into policy_status 2019-08-21 00:23:14 -07:00
shivkumar dudhani
292a644bf8 generate stats for generate rules 2019-08-20 17:35:40 -07:00
Shuting Zhao
dcc851dee2 fix pr comments 2019-08-20 17:01:47 -07:00
shivkumar dudhani
4f309480af report stats from existing resources 2019-08-20 16:57:19 -07:00
shivkumar dudhani
dc47132ade update policy status 2019-08-20 16:40:20 -07:00
shivkumar dudhani
3f876e6f46 update status v1 2019-08-20 15:13:52 -07:00
shivkumar dudhani
bcad9ada2d introduce locking for policy status updates 2019-08-20 13:35:03 -07:00
shivkumar dudhani
e507fb6422 recieve stats + update violation status move to aggregator 2019-08-20 12:51:25 -07:00
Shuting Zhao
54fc55f47a add debug log 2019-08-20 10:08:00 -07:00
Shuting Zhao
0157d80b2c add check for registerinig webhookconfiguration in policy controller 2019-08-19 19:26:51 -07:00
shivkumar dudhani
61d7ea276a rebase 2019-08-19 17:26:52 -07:00
Shuting Zhao
a83e5c1d05 Merge commit '2192703df1bb26cb8b30a1aece6f9afeed09b214' into 254_dynamic_webhook_configurations 
# Conflicts:
#	pkg/engine/generation.go
#	pkg/engine/overlay.go
#	pkg/engine/utils.go
#	pkg/engine/utils_test.go
#	pkg/gencontroller/controller.go
#	pkg/gencontroller/generation.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
 2019-08-19 16:44:38 -07:00
shivkumar dudhani
8b1066be29 initial commit 2019-08-19 16:40:10 -07:00
shivkumar dudhani
9cfdf45bbc fixes 2019-08-19 11:52:48 -07:00
Shivkumar Dudhani
c2503e4482
Merge pull request #287 from nirmata/cleanup 
Cleanup
 2019-08-19 09:58:50 -07:00
shivkumar dudhani
6580e0e73a remove temp clientNew 2019-08-17 09:58:14 -07:00
shivkumar dudhani
44db8b064e resource description: support list of namespaces 2019-08-17 09:45:57 -07:00
Shuting Zhao
a110efb96c Merge branch 'policyViolation' into 254_dynamic_webhook_configurations 
# Conflicts:
#	main.go
#	pkg/annotations/annotations.go
#	pkg/annotations/controller.go
#	pkg/controller/controller.go
#	pkg/controller/controller_test.go
#	pkg/engine/engine.go
#	pkg/engine/generation.go
#	pkg/engine/mutation.go
#	pkg/engine/validation.go
#	pkg/event/controller.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/policyvalidation.go
#	pkg/webhooks/report.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-08-14 19:00:37 -07:00
shivkumar dudhani
63a5337c9b generation test 2019-08-14 18:40:33 -07:00
shivkumar dudhani
05e1f128c7 namespace controller redesign 2019-08-14 14:56:53 -07:00
shivkumar dudhani
aed0ed0dc1 clean up 2019-08-14 10:01:47 -07:00
shivkumar dudhani
d8c6dc3bc6 construct policy Info 2019-08-13 17:24:05 -07:00
shivkumar dudhani
c04a935300 existing resource reporting 2019-08-13 13:15:04 -07:00
shivkumar dudhani
e7b538be79 add process existing for mutation & validation + come cleanup 2019-08-13 11:32:12 -07:00
shivkumar dudhani
4bf3043a18 check cache drop for process existing 2019-08-13 10:03:00 -07:00
shivkumar dudhani
cc368b6182 existing resource processing v1 2019-08-13 09:37:02 -07:00
shivkumar dudhani
a5e1b43eb7 policy violation support (incomplete) 2019-08-09 20:08:22 -07:00
shivkumar dudhani
c8179a182d controller for policyviolation 2019-08-08 13:59:50 -07:00
shivkumar dudhani
9a8d9b316f sync Status in Policy 2019-08-08 02:32:53 -07:00
shivkumar dudhani
3dda879e51 policyviolation, policy controller reconciliation 2019-08-07 16:14:33 -07:00