Mike Bryant
91021b65b6
fix: Delete downstream objects on precondition fail ( #7496 )
...
* fix: Delete downstream objects on precondition fail
When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition.
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* add debug command
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* sync trigger updates to downstream
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix bgscan fetching trigger
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: Move rbac change into tests for better isolation
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* fix unit test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-15 11:32:19 -04:00
dependabot[bot]
8e86ad3bcf
chore(deps): bump k8s.io/apiserver from 0.27.2 to 0.27.3 ( #7541 )
...
Bumps [k8s.io/apiserver](https://github.com/kubernetes/apiserver ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/apiserver/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/apiserver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 15:17:09 +00:00
dependabot[bot]
c5c6c97965
chore(deps): bump k8s.io/pod-security-admission from 0.27.2 to 0.27.3 ( #7539 )
...
Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/pod-security-admission
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 10:14:42 +00:00
siddharth
a89860e8ab
fix: update kyverno admission-controller role to have delete verb for… ( #7527 )
...
* fix: update kyverno admission-controller role to have delete verb for secret
Kyverno stopped working due to the following error:
```
tls "msg"="failed to delete CA secret" "error"="secrets \"kyverno-svc.kyverno.svc.kyverno-tls-ca\" is forbidden: User \"system:serviceaccount:kyverno:kyverno-admission-controller\
```
I'm still not sure why it tries to delete the secret.
Signed-off-by: siddharth <sedflix@gmail.com>
* add codegen-manifest-all
---------
Signed-off-by: siddharth <sedflix@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-15 09:39:52 +00:00
dependabot[bot]
9dd7e46d8a
chore(deps): bump k8s.io/kube-aggregator from 0.27.2 to 0.27.3 ( #7542 )
...
Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator ) from 0.27.2 to 0.27.3.
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.2...v0.27.3 )
---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 16:26:27 +08:00
Charles-Edouard Brétéché
6f040af4d0
refactor: cut dependency between image verifier and registry client ( #7536 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 16:19:38 +00:00
Lion916
ee1e7a7add
fix: add type conversion error judgment to avoid program panic ( #6526 )
...
fix: add type conversion error judgment to avoid program panic
Signed-off-by: wangshuai <wangshuai31@xiaomi.com>
Co-authored-by: wangshuai <wangshuai31@xiaomi.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
2023-06-14 14:24:45 +00:00
shuting
d3db3bc342
refactor: generate reconciliation on policy updates ( #7531 )
...
* generate rule type validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* generate rule type validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add the kuttl test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* rever validation checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* refactor
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-14 13:52:27 +00:00
Mariam Fahmy
a9cd47e0eb
feat: add API server priority and fairness configuration for kyverno ( #7468 )
...
* feat: add API server priority and fairness configuration for kyverno
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: move priority level config specification to values.yaml
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* feat: support all versions of flowcontrol resources
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: use namespaces instead of clusterscope in rules for the namespaced resources
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
---------
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
2023-06-14 15:19:36 +02:00
itsCheithanya
692d419aa4
Updated the message to the level4log and removed err that originated from ApplyBackgroundChecks. ( #7528 )
...
* updated the message to the level4log and removed err that originated from ApplyBackgroundChecks
Signed-off-by: Cheithanya <cheithanya2002@gmail.com>
* Update pkg/policy/policy_controller.go
Signed-off-by: shuting <shutting06@gmail.com>
---------
Signed-off-by: Cheithanya <cheithanya2002@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
2023-06-14 12:36:26 +00:00
dependabot[bot]
1c7d62f9a1
chore(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 ( #7526 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 11:55:00 +00:00
Charles-Edouard Brétéché
a727ffca42
refactor: introduce engine image data client interface ( #7529 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 10:06:52 +00:00
Mike Bryant
93bbc57c7a
fix: Remove ownerReferences when cloning across Namespaces ( #7517 )
...
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-13 15:35:10 +00:00
Charles-Edouard Brétéché
71ff19476d
fix: log level initialisation ( #7515 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 22:23:53 +08:00
Charles-Edouard Brétéché
644ed25fd0
fix: misleading error message in deny conditions ( #7503 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 12:51:08 +00:00
shuting
9ce83958c3
add debug env BACKGROUND_SCAN_INTERVAL ( #7504 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-13 12:21:40 +00:00
dependabot[bot]
8e5e2634fa
chore(deps): bump golang.org/x/text from 0.9.0 to 0.10.0 ( #7512 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 10:55:55 +00:00
shuting
5ce80c4e68
fix: target scope validation for the generate rule ( #7479 )
...
* fix target scope validation for generate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-13 10:26:56 +00:00
shuting
5fa6e1fa48
fix: cloneList sync behavior ( #7466 )
...
* fix flaky tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#7463 )
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f4ef78c080...465a07811f#7462 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix cloneList sync behavior
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* skip creating duplicate URs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* renam
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 09:12:13 +00:00
dependabot[bot]
575cc7066a
chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 ( #7511 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](5f1fec7010...639cd343e1
2023-06-13 08:29:47 +00:00
dependabot[bot]
0af0944f87
chore(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 ( #7510 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](f82d6c1c34...336e29918d
2023-06-13 08:00:25 +00:00
Charles-Edouard Brétéché
b6209da108
fix: use RawClient in context loader ( #7499 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 16:03:17 +00:00
Charles-Edouard Brétéché
1401bcf2fb
feat: use context for toggles management ( #7501 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 17:36:12 +02:00
Marc Brugger
3d5ed2b4e5
fix: log kind/namespace/name in scan errors ( #7498 )
...
Signed-off-by: bakito <github@bakito.ch>
2023-06-12 16:17:15 +02:00
dependabot[bot]
92989dcf94
chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 ( #7495 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.13.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...cdcdbb5797
2023-06-12 12:36:19 +00:00
dependabot[bot]
43d9f64d94
chore(deps): bump aquasecurity/trivy-action from 0.11.0 to 0.11.2 ( #7494 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.11.0 to 0.11.2.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](b43daad0c3...41f05d9ecf
2023-06-12 09:08:28 +00:00
dependabot[bot]
5f73d2b796
chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 ( #7493 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 08:11:03 +00:00
Charles-Edouard Brétéché
9387d20443
fix: propagate context when listing resources ( #7487 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-11 13:57:21 +02:00
Charles-Edouard Brétéché
42657f672f
refactor: introduce abstract client interface in engine ( #7377 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-10 09:20:34 +00:00
Charles-Edouard Brétéché
123ba5f9d8
feat: sign released artifacts ( #7478 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-09 16:05:45 +00:00
shuting
37dfdaeeab
fix ( #7473 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-09 08:51:42 +00:00
Charles-Edouard Brétéché
dc97a4386b
fix: image pull secrets in admission controller ( #7474 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-09 16:20:19 +08:00
Charles-Edouard Brétéché
271a568693
feat: obey the order field in patchStrategicMerge method ( #7336 )
...
* feat: obey the order field in patchStrategicMerge method
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* default
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 17:54:55 +00:00
Charles-Edouard Brétéché
60fd1ccda9
fix: add missing webhook timeouts ( #7435 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 11:00:59 +00:00
Charles-Edouard Brétéché
3d5341949b
feat: switch json patch lib for real ( #7452 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 10:23:20 +00:00
Charles-Edouard Brétéché
d4a6d4fc8e
fix: rule name not required in the crd schema ( #7464 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 09:54:58 +00:00
dependabot[bot]
baa05b704f
chore(deps): bump slsa-framework/slsa-github-generator ( #7462 )
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-08 08:23:12 +00:00
dependabot[bot]
4bfe5e3e8d
chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 ( #7463 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f4ef78c080...465a07811f
2023-06-08 07:31:25 +00:00
shuting
9a12f09648
fix flaky tests ( #7460 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-08 07:55:26 +02:00
Charles-Edouard Brétéché
ea98b08951
fix: autogen not generating the correct kind ( #7455 )
...
* fix: autogen not generating the correct kind
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* add kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 20:32:35 +02:00
shuting
0c3351887a
fix: the same source cannot be used for multiple targets with a generate clone rule ( #7436 )
...
* add source labels to targets
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* handle multiple triggers/targets for the same clone source
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add source labels to targets
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove unused code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* rename the test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* split apiversion label into version and group
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-07 13:50:47 +00:00
Charles-Edouard Brétéché
f20c0ed417
chore: add buffer unit tests ( #7453 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 13:48:50 +02:00
Charles-Edouard Brétéché
1d2b50bc03
chore: add engine api stats unit tests ( #7451 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 10:11:46 +00:00
Charles-Edouard Brétéché
a345e15511
refactor: remove json patches from engine response ( #7449 )
...
* refactor: remove json patches from engine response
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove filtering
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 17:45:11 +08:00
Frank Jogeleit
5c3da75306
chore: remove unused deperected patches from RuleResponse ( #7450 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
2023-06-07 09:10:57 +00:00
dependabot[bot]
e358bf3867
chore(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8 ( #7448 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-07 07:39:55 +00:00
Charles-Edouard Brétéché
b6795239ba
refactor: remove json patches from mutation tests ( #7447 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 13:35:58 +08:00
Charles-Edouard Brétéché
945cb1a809
chore: remove last-applied-patches annotation ( #7438 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 04:51:02 +00:00
Charles-Edouard Brétéché
6e462446b8
refactor: remove json patches from rule response in tests ( #7443 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 17:52:26 +00:00
Fabian Sabau
9f76a65eb1
fixed typo in admission controller chart template ( #7440 )
...
* fix: typo in admission controller chart template
Signed-off-by: Fabian-Daniel Sabau <fabian-daniel.sabau@1und1.de>
* generate manifests
Signed-off-by: Fabian-Daniel Sabau <fabian-daniel.sabau@1und1.de>
---------
Signed-off-by: Fabian-Daniel Sabau <fabian-daniel.sabau@1und1.de>
Co-authored-by: Fabian-Daniel Sabau <fabian-daniel.sabau@1und1.de>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 16:52:20 +00:00
