kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00

Author	SHA1	Message	Date
Roee Landesman	665d2022d8	add top level permissions to remaining github workflows (#2995 ) Signed-off-by: Roee Landesman <roee.landesman@gmail.com>	2022-01-16 03:57:35 +00:00
Roee Landesman	3e524b5586	Add github token permissions to improve ossf scorecard (#2992 ) * Fix autogen issue with cronjob generator and foreach pod generator (#2989) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * Add baseline read-all permissions Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * remove extra read-all Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * Add arm64 goarch to go releaser (#2991) Signed-off-by: Roee Landesman <roee.landesman@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-15 17:14:22 -08:00
Roee Landesman	4450edc7d3	Add arm64 goarch to go releaser (#2991 ) Signed-off-by: Roee Landesman <roee.landesman@gmail.com>	2022-01-15 15:39:52 -08:00
Sambhav Kothari	0c11af2d9a	Fix autogen issue with cronjob generator and foreach pod generator (#2989 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-15 12:28:28 -08:00
Jim Bugwadia	1fec430249	handle CRDs with no props (#2975 ) * handle CRDs with no props Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-14 21:08:04 +01:00
Tathagata Paul	1f3e625b99	Renamed test.yaml to kyverno-test.yaml (#2898 ) Signed-off-by: 4molybdenum2 <tathagatapaul7@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-14 08:45:59 +00:00
Boojapho	c8e93356fe	chore: bump golang to 1.7.6 in dockerfiles (#2968 ) Signed-off-by: Michael McLeroy <michaelmcleroy@cloudfitsoftware.com> Co-authored-by: Michael McLeroy <michaelmcleroy@cloudfitsoftware.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-14 07:57:33 +00:00
Jim Bugwadia	116f36622b	move guidelines up (#2976 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-13 18:33:24 +08:00
Shubham Palriwala	1257388b97	feat: pin dependencies in gh actions (#2952 ) Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-13 05:23:05 +00:00
Jim Bugwadia	59d4cf8c0b	check for issuer and subject only when declared in policy. fix log levels (#2973 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-13 12:49:52 +08:00
Aarush Bhat	c202fb0f15	kyverno/test: print test summary of kyverno test results (#2944 ) Signed-off-by: sloorush <aarush.bhatt@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-12 18:52:22 +05:30
Sambhav Kothari	baf4fa335b	Remove spurious prints and fix line endings (#2963 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-11 14:15:26 +00:00
Kumar Mallikarjuna	037a320fba	Added TLS annotation check in the initContainer (#2956 ) * Added TLS annotation check in the initContainer Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Error checks Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor annotation addition code Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Strict error reporting Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Error handling for Secrets Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated error conditions Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update for nil error Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-11 08:47:24 +00:00
Sambhav Kothari	6b9798f76f	Add parse_json function the decode json strings (#2941 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-10 13:42:02 -08:00
Naman Lakhwani	8350aadc58	Fix: CI job to release images (#2929 ) * making required changes in images workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * making required changes in release workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-10 14:10:44 +00:00
Sambhav Kothari	9a9326928c	Fix the PR template checkboxes to render empty instead of brackets (#2942 ) The current PR template doesn't render the checkboxes by default as unticked and instead as square brackets. This change allows contributors to use the rendered UI to check boxes instead of manually fixing markdown. Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-09 12:02:57 -08:00
Kumar Mallikarjuna	9e16e763a0	ValidCert Secret Annotation Check (#2933 ) * Annotation check for Secrets Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Fix inconsistent errors Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Fix linting error Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-07 20:15:00 +00:00
Kumar Mallikarjuna	4410b6adc3	Fix condition for rolling update (#2930 )	2022-01-07 17:33:01 +00:00
Abhinav Sinha	7ceba594b2	Corrected the value of `INIT_CONFIG` env in deployment (#2927 ) Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-07 10:52:34 +00:00
Mritunjay Kumar Sharma	15495a472e	adds ephemeralContainers to the image variable (#2662 ) * adds ephemeralContainers to the image variable Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes unit tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-07 16:55:52 +08:00
Naman Lakhwani	68c8790139	adding permissions in jobs (#2924 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 19:35:45 +00:00
Naman Lakhwani	2f8bfc78b1	removing spaces (#2923 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 17:12:11 +00:00
Naman Lakhwani	760ec6830d	removing docker buildx (#2922 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 16:09:32 +00:00
Naman Lakhwani	cda6310249	fix in image workflow (#2921 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 22:48:20 +08:00
Kumar Mallikarjuna	214f338ec3	Fix TLS inconsitency in HA (#2910 ) * Fix TLS inconsitency in HA Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add error checks Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove rendundant err definitions Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Handle all Secret errors Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-06 09:11:16 +00:00
Frank Jogeleit	1208e51b68	Manage affinity with Helm values (#2900 ) Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-06 05:05:15 +00:00
Naman Lakhwani	f330886af7	fixing cosign command (#2915 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-05 13:02:17 -08:00
Anushka Mittal	e9826e103d	added check for any/all (#2907 ) * added check for any/all Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * minor corrections Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2022-01-05 17:08:24 +00:00
shuting	df105ff596	Improve endpoint check (#2902 ) * improve endpoint checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * update make target for the local build Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-05 07:47:42 +00:00
Kumar Mallikarjuna	3f61e2dd3a	Added report generation for verifyImage rules (#2782 ) * Add report generation for verifyImage rules Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add flag comment Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Mutation: handleDelete() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove redundant delete Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Test validation failure Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Validation force rules test Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Default validation behaviour Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Manual rules Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update Config Manager Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Move Delete check Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-05 07:07:44 +00:00
Jim Bugwadia	a9fef256c7	updates for foreach and mutate (#2891 ) * updates for foreach and mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow tests to pass on Windows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add elementIndex variable Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix jsonResult usage Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add mutate validation and fix error in validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not skip validation for all array entries when one is skipped Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add foreach tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused declarations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert namespaceWithLabelYaml Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate of element list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update api/kyverno/v1/policy_types.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/custom-functions/policy.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/foreach/policies.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * accept review comments and format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add comments to strategicMergePatch buffer Signed-off-by: Jim Bugwadia <jim@nirmata.com> * load context and evaluate preconditions foreach element Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test for foreach mutate context and precondition * precondition testcase * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Steven E. Harris <seh@panix.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-05 09:36:33 +08:00
Anushka Mittal	3089edafa4	Extend new operators (#2788 ) * extending new operators Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Changes in file names Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * tests added Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * removed print statements Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Changes to reduce code redundancy Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Minor corrections in anyin and allin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added correction for anynotin and allnotin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2022-01-04 17:37:00 +00:00
Naman Lakhwani	d126280184	keyless signing kyverno images with digest (#2896 ) * signing with digest Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * keyless signing Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding annotations Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * keyless image signing with digest in release workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-04 08:08:28 -08:00
Anita-ihuman	3f2caccab5	Updated the list of adopters (#2828 ) * improved the contributing guidelines. Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * added more adopters and the success stories Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * updating maintainers.md file Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>	2022-01-04 01:56:50 +00:00
shuting	045a58e2ef	Don't create ReportChangeRequest on managed pods/jobs deletion (#2890 ) * don't generate policy report on managed pod/job Signed-off-by: ShutingZhao <shuting@nirmata.com> * - don't generate rcr for managed pods/jobs; - add debug info Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-03 15:43:38 +00:00
shuting	9631d1d196	fix buildversion for local build (#2887 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-03 20:40:55 +05:30
shuting	2c9319ea87	don't generate policy report on managed pod/job (#2889 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-30 00:34:43 +08:00
Anushka Mittal	a9fd8b86fd	Rules length check (#2884 ) * len check Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * explicitly adding RuleStatusSkip Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added log message Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-28 16:37:41 +00:00
Abhinav Sinha	2cd988a153	Added validation for Condition Operators (#2864 ) * Added validation for Condition Operators Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * Updated description of `Condition.Operator` with all current valid condition operators` Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * Added `ConditionOperators` map and updated existing `ConditionOperator` type references Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>	2021-12-28 15:12:31 +00:00
Prateek Pandey	f6e40b5dd1	feat(validation): support for ephemeral containers (#2875 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-28 14:22:52 +00:00
Vyankatesh Kudtarkar	0a92a2fed8	2460: Add wildcard support for match label selector (#2832 ) * add wildcard support for match label selector * fix comment * update cluster role label * fix comment * fix comment * add support for key label selector * update method name Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-27 22:59:38 -08:00
Jim Bugwadia	48f2105c51	fix report permissions (#2874 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-24 11:55:47 +08:00
Vyankatesh Kudtarkar	2be70a5074	Fix foreach precondition isssue (#2871 )	2021-12-22 22:20:40 +08:00
Naman Lakhwani	898520b7cf	add `semver_compare` JMESPath function (#2846 ) * add semver_compare JMESPath function Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for semver_compare Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * enabling version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * removing unnecessary switch cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-21 08:12:35 -08:00
Vyankatesh Kudtarkar	6a942683b0	Fix foreach jmespath issue (#2867 )	2021-12-21 20:55:27 +08:00
Franz Nemeth	a371dfbaa6	remove app.kubernetes.io/managed-by label from crds (#2852 ) * remove app.kubernetes.io/managed-by label from crds Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net> * removed app.kubernetes.io/manged-by from config/bundle/labels.yaml Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net> * removed internal.config.kubernetes.io/index in crds.yaml Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net>	2021-12-21 07:43:44 +00:00
shuting	4a027f3bd7	Increase Kyverno memory request and limit (#2862 ) * bump memory request and limit Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove quotes Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-20 23:11:28 -08:00
Franz Nemeth	db030f918d	added priorityClassName to helm values.yaml (#2855 ) Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-21 05:43:23 +00:00
Danny Kulchinsky	ff99d92f80	jmespath truncate - handle negative input value (#2856 ) Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>	2021-12-20 06:50:46 +00:00
Abhinav Sinha	2076f07b9f	added support for --git-branch flag and directory in git path for kyverno test cmd (#2763 ) * added support for --git-branch flag and directory in git path for kyverno test cmd Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added cli tests Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * replaced hard-coded Makefile test-cmd branch names with var GIT_BRANCH Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * moved `test-cmd` job from Makefile to github workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added `release*` branch to `e2e` workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-20 14:09:53 +08:00

1 2 3 4 5 ...

3872 commits