mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
3308 commits 15 branches 540 tags 276 MiB
Commit graph

188 commits

Author SHA1 Message Date
NoSkillGirl
60a5623b94 print metrics which matches policy name 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-21 20:35:51 +05:30
NoSkillGirl
cfa8ae0135 checking metrics in generate e2e 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-21 20:35:51 +05:30
NoSkillGirl
28b053e54e debuging metrics 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-21 20:35:51 +05:30
NoSkillGirl
fcb792964d calling metrics in generate e2e 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-21 20:35:51 +05:30
Vyankatesh Kudtarkar
8eb1d4c7fb
Update variable paths when auto generate the controller rules (#1914) 
* Fix Dev setup

* Update variable paths

* fix testcase issue

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-06-07 13:35:53 -07:00
Pooja Singh
e227636271
1947/e2e generate policy (#1951) 
* fixed generate flow

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added test for generate policy with clone

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small conflict fix

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* print logs for e2e

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* changing log level

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added wait while creating policy

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* remove log level from e2e

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added a clusterpolicy check while creating a namespaced resource in e2e tests

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated the github_action name for e2e tests

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* changing waiting time to 1 sec

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* remove log

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-07 12:36:00 -07:00
Pooja Singh
605d182ee3
e2e test cases for generate (#1835) 
* added sample test

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when creating the new namespace without the label, there should not have any generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when adding the matched label to the namespace, the target resource should be generated

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removing comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* trying to check updated network policy

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when synchronize flag is set to true in the policy, one cannot delete the generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* trying to check updated generate policy

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: change synchronize to false in the policy, the label in generated resource should be updated to policy.kyverno.io/synchronize: disable

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when changing the content in generate.data, the change should be synced to the generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: with synchronize==false, one should be able to delete the generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* handling error

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added retrying

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* minor e2e fixes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* e2e fixes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logs of mutate error

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* printing configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* printing configmap using BY

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removing print statements

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* print configmap name

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* printing complete configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-02 11:48:28 -07:00
Yashvardhan Kukreja
b0ef84c581 added e2e tests: ensuring the availability of kyverno's prometheus metrics-server 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:09:17 +05:30
shuting
adcb89a1b5
Update to use gvk to store OpenAPI schema (#1906) 
* bump swagger doc to 1.21.0

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* stores openapi schema by gvk

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix schema validation in CLI

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add missing resource lists

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add e2e tests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address review doc comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-13 12:03:13 -07:00
treydock
f956a3034f
Improved testing to allow 'skip' status and fail if tested results do not exist (#1881) 
* Improved testing to allow 'skip' status and fail if tested results do not exist

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Ensure exit 0 is seen as failure when should be failure

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-05-07 16:27:15 -07:00
Trey Dockendorf
db4fec0eeb Add additional e2e tests for 'kyverno test' 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-05-04 10:18:24 -04:00
Trey Dockendorf
cb364904b6 Improved error handling for test command 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-05-03 08:39:38 -04:00
Bricktop
64f49caa84
Add e2e test with nested jmesPath in context (#1786) 
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
 2021-04-26 14:02:52 -07:00
Bricktop
9a6f7043b0
Add e2e test for mutation (#1761) 
Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de>
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
 2021-04-08 16:14:08 -07:00
Vyankatesh Kudtarkar
04dc3ddfe3
Remove sample Dir and Remove testcases from test_runner (#1686) 
* remove sample Dir and remove testcases form test_runner

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* change git URL for test

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix fmt issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* remove unused policy and test yamls

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix yaml path issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-03-16 14:35:32 -07:00
Jim Bugwadia
e2f10c6f83 update validation logic 2020-12-23 15:10:07 -08:00
Jim Bugwadia
2613a6cce4
pkg/webhooks/server.go (#1372) 
* pkg/webhooks/server.go

* remove test for blocking deletes on generatated & synchronized resources

* remove test for blocking deletes on generatated & synchronized resources
 2020-12-08 19:09:59 -08:00
Jim Bugwadia
6afd2e6f3a
ignore non-policy files in CLI and improve validation messages (#1362) 
* improve validation message

* improve error behaviors

* fix tests

* fix tests
 2020-12-07 11:26:04 -08:00
Shuting Zhao
b9fb926ddb fixes for golint ./... 2020-11-17 13:07:30 -08:00
Shuting Zhao
e985ee4031 correct misspelled words 2020-11-17 12:01:01 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Shuting Zhao
b8b1d81df0 handles array parsing in configmap value 2020-09-22 18:26:52 -07:00
Mohan B E
bd406f5bb8
added conversion of overlay to patch strategic merge (#1138) 
* added conversion of overlay to patch strategic merge and modified unittest for the same

* updated best practice policy
 2020-09-22 16:19:09 -07:00
Mohan B E
6e827f912f
Feature/e2e 575 (#1018) 
* added api templates

* E2E test for generate roles, rolebindings, clusterrole and clusterrolebindings

* table driven e2e tests

* table driven e2e tests and go fmt

* removed unwanted vars

* increased sleep time

* removed role generation clone

* increated sleep time

* added rolebinding clone and retry mechanism for get resources

* modified test for clone

* added namespace to role

* added namespace variable

* added git actions job

* changed build name

* removed docker login

* added role verbs

* removed github actions job and rbac file

* added clusterrole test with clone

* fixed travis issue
 2020-08-06 10:46:10 +05:30
Jim Bugwadia
838d02c475
Bugfix/659 support wildcards for namespaces (#871) 
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* remove policy store

Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.

We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.

* handle wildcard namespaces in background processing

* fix unit tests 1) remove platform dependent path usage 2) remove policy store

* add test case for mutate with wildcard namespaces
 2020-05-26 10:36:56 -07:00
Shuting Zhao
ea66d7a7b8 fix CI 2020-05-20 13:58:56 -07:00
shuting
5f20cdfb07
remove cpu limit in BP require_pod_requests_limits.yaml (#807) 
* remove cpu limit in BP require_pod_requests_limits.yaml

* update test
 2020-04-13 09:29:11 -07:00
shuting
a4a66a11cd
update test resource to a valid k8s obejct (#683) 2020-02-10 07:32:44 -08:00
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
Shivkumar Dudhani
af824f28b0
add annotation to ns (#621) 2020-01-13 17:43:13 -08:00
Shivkumar Dudhani
dabe592d46
fix the bugs and add pre-condition checks (#606) 
* fix the bugs and add pre-condition checks

* add precondition documentation
 2020-01-13 11:21:14 -08:00
shivkumar dudhani
eb34437f30 add annotation to variable 2020-01-11 11:14:47 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shuting Zhao
dd97cdd95f Merge commit '337e0f7d1d6985b5683ddb7b7a42df0ef8130708' into 544_documentation 2019-12-13 16:16:45 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
shivkumar dudhani
66e0181157 update tests 2019-12-10 10:26:04 -08:00
Shivkumar Dudhani
ffe3bdb677
remove newline from engine response strings (#537) 
* remove newline from engine response strings

* add scenario file updates

* cr: remove . in trailing msg string
 2019-12-04 18:04:42 -08:00
Shuting Zhao
51642cbcf3 skip process mutate patches if conditon tag is not present 2019-11-27 19:40:47 -08:00
Shuting Zhao
261560eafb mutate rule: do not ignore empty key in resource if overlay has nested anchor 2019-11-27 16:07:15 -08:00
shuting
ae53fa1bfc
Merge pull request #512 from nirmata/local_test 
Add generate rule for default limitrange
 2019-11-18 17:33:43 -08:00
shivkumar dudhani
830e66f80c update scenario file 2019-11-15 21:43:08 -08:00
Shuting Zhao
8343eaf0a8 add generate rule for default limitrange 2019-11-15 18:32:24 -08:00
Jim Bugwadia
eb24b7502b update policy name 2019-11-13 23:31:04 -08:00
Shuting Zhao
79a7bde4ab - fix test; - improve logging 2019-11-13 18:44:18 -08:00
Shuting Zhao
051eba058f update api in samples/ 2019-11-13 13:56:20 -08:00
Shuting Zhao
dcfe76acdc fix test 2019-11-13 00:44:07 -08:00
Shuting Zhao
45dc0bd358 Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 345_support_usergroup_info 
# Conflicts:
#	test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
 2019-11-13 00:31:07 -08:00
Shuting Zhao
fb2cc2db9c fix tests 2019-11-11 21:40:42 -08:00
Jim Bugwadia
87be5ca4b8 update policies and test cases 2019-11-11 17:55:54 -08:00