kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 01:16:55 +00:00

Author	SHA1	Message	Date
Sachin	787d6de696	unnecessary use of fmt.Sprintf (#2531 ) Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>	2021-10-13 11:00:04 -07:00
Bricktop	3815b40c64	Fix various static checks related to condition handling (#2528 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-13 11:29:45 +02:00
Bricktop	2d0df77963	Format error messages correctly (#2519 ) * Format error messages correctly Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * No punctuation at the end or errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Replace loop with simple if Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Fix more errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-12 14:29:20 -07:00
Bricktop	fe0947dcb3	Add error handling where missing (#2516 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-11 14:57:43 -07:00
Sachin	e16d773957	Remove unused function (#2517 )	2021-10-11 12:46:28 -07:00
Bricktop	67a2466c32	Remove dead code in various packages (#2514 )	2021-10-11 12:44:43 -07:00
Jim Bugwadia	b9d4ee6876	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-06 18:31:20 -07:00
shuting	b10947b975	Dynamic webhooks (#2425 ) * support k8s 1.22, update admissionregistration.k8s.io/v1beta1 to admissionregistration.k8s.io/v1 Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add failurePolicy to policy spec; - fix typo Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add schema validation for failurePolicy; - add a printer column Signed-off-by: ShutingZhao <shutting06@gmail.com> * set default failure policy to fail if not defined Signed-off-by: ShutingZhao <shutting06@gmail.com> * resolve conflicts Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix missing type for printerColumn Signed-off-by: ShutingZhao <shutting06@gmail.com> * refactor policy controller Signed-off-by: ShutingZhao <shutting06@gmail.com> * add webhook config manager Signed-off-by: ShutingZhao <shutting06@gmail.com> * - build webhook objects per policy update; - add fail webhook to default webhook configurations Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix panic on policy update Signed-off-by: ShutingZhao <shutting06@gmail.com> * build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all Signed-off-by: ShutingZhao <shutting06@gmail.com> * - set default webhook configs rule to empty; - handle policy deletion Signed-off-by: ShutingZhao <shutting06@gmail.com> * reset webhook config if policies with a specific failurePolicy are cleaned up Signed-off-by: ShutingZhao <shutting06@gmail.com> * handle wildcard pocliy Signed-off-by: ShutingZhao <shutting06@gmail.com> * update default webhook timeout to 10s Signed-off-by: ShutingZhao <shutting06@gmail.com> * cleanups Signed-off-by: ShutingZhao <shutting06@gmail.com> * added webhook informer to re-create it immediately if missing Signed-off-by: ShutingZhao <shutting06@gmail.com> * update tag webhookTimeoutSeconds description Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix e2e tests Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix linter issue Signed-off-by: ShutingZhao <shutting06@gmail.com> * correct metric endpoint Signed-off-by: ShutingZhao <shutting06@gmail.com> * add pol.generate.kind to webhooks Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-05 00:15:09 -07:00
Jim Bugwadia	731ffde0e7	fix messages and tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-03 03:15:22 -07:00
Jim Bugwadia	1ebd2c99f2	add messages and set rule to skip when pattern does not match Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-30 23:34:04 -07:00
Jim Bugwadia	3957a1400e	fix deny check and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-27 23:40:05 -07:00
Jim Bugwadia	67660647d9	update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 18:30:53 -07:00
Jim Bugwadia	39061d91c4	implement validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-26 02:12:31 -07:00
Max Goncharenko	a0ff8bbd0b	Implement global anchor (#2311 ) * implement global anchor for patch strategic merge Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed unit tests for mutation global anchor Signed-off-by: Max Goncharenko <kacejot@fex.net> * added global anchor in validation Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix some global anchor issues found during testing Signed-off-by: Max Goncharenko <kacejot@fex.net> * run go tidy Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed some tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * finish implementing global anchor Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * WIP: lower global anchor strictness Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * Revert "WIP: lower global anchor strictness" This reverts commit `08e176a042`. Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * global anchor for mutation Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-13 08:59:28 -07:00
Max Goncharenko	7e258bf54b	add new test; remove unnecessary anchors (#2217 ) * add new test; remove unnecessary anchors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added several test to e2e Signed-off-by: Max Goncharenko <kacejot@fex.net> * remove unused variable Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added comment to expected result Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-09 08:55:20 -07:00
Max Goncharenko	4c7ca97eac	Patch strategic merge preprocessing: implement anchor handling (#2156 ) * finished walkMap Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added validation to the patchStrategicMerge Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * finished fixing tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed part of old tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * patchStrategicMerge anchor preprocessing is finished Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fix #1915 and #1896 Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fix lint errors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * removed debug logs Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added failing test Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * Fix unnecessary deletion Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-07-23 10:53:37 -07:00
Jim Bugwadia	13caaed8b7	Feature/cosign (#2078 ) * add image verification * inline policy list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cosign version and dependencies updates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add registry initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate deep copy and other fixtures Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix deep copy issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * mutate images to add digest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add certificates to Kyverno container for HTTPS lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align flag syntax Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * patch image with digest and fix checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * hardcode image for demos Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add default registry (docker.io) before calling reference.Parse Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix definition Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix args Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run gofmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename for clarity Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix HasImageVerify check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle API conflict and retry Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reviewdog issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix make for unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve error message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix durations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle errors in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * print policy name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add retries and duration to error log Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix time check in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * round creation times in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix retry loop Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove timing check for policy creation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix e2e error - policy not found Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update string comparison method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Generate_Namespace_Label_Actions Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add debug info for e2e tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generate bug Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for update operations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase time for deleteing a resource Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Shuting Zhao <shutting06@gmail.com>	2021-07-09 18:01:46 -07:00
Arsh Sharma	7e9be24d90	updating minio verison (#1956 )	2021-06-09 19:16:26 -07:00
Yashvardhan Kukreja	43a138a12b	feat: added kyverno_policy_rule_results_info metric Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-05-24 08:05:14 +05:30
Max Goncharenko	8050c4e77b	moved variable substitution to higher level to avoid unhandled cases (#1785 ) Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-04-13 11:44:43 -07:00
Jim Bugwadia	6dff9e0ab9	merge and resolve conflicts Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-03-25 16:43:12 -07:00
Max Goncharenko	24c4f06ecd	Fix #1506 ; Resolve path reference in entire rule instead of just pattern/overlay Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-03-16 13:45:40 +02:00
Max Goncharenko	db49046e26	fix #1465 : raise log level to error; add failed rules (#1709 ) Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-03-15 15:34:21 -07:00
shuting	70d90ffb06	- remove preProcessJSONPatches; - update local Dockerfile (#1703 ) Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-15 10:29:46 -07:00
Shuting Zhao	7795f335c8	fix negative index Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 18:36:13 -08:00
Shuting Zhao	517c60fadc	add unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 18:02:52 -08:00
Shuting Zhao	c4ebef7b0d	- support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902 - upgrade to evanphx/json-patch/v5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 15:25:07 -08:00
Shuting Zhao	492d0e8009	remove kustomize patchesJSON6902 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 15:25:07 -08:00
shuting	267be0815f	Bug fixes - policy validation, auto-generated rules, apiCall support in mutate and generate (#1629 ) * Fix invalid policy reports generated for blocked resource Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix 1464 - copy context and preconditions to auto-gen rules Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix 1628 - add policy validations Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix 1593 - support apiCall in mutate and generate Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-22 12:08:26 -08:00
shuting	3bc386955e	Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478 ) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-19 11:08:06 -08:00
shuting	27e2b9abd5	Fix mutation panic (#1462 ) * fix #1454 * - add unit tests; - rename method	2021-01-08 16:45:39 -08:00
shuting	52d091c5a3	Improve / clean up code (#1444 ) * Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages	2021-01-06 16:32:02 -08:00
shuting	2fc3b3b998	Fixes 1410 strategic merge patch (#1414 ) * fixes #1410 * fix unit test * re-initialize worker immediately on failure	2020-12-23 17:48:00 -08:00
shuting	e868dbfeb9	Fix 1287 - failed to update annotation through mutate policy (#1289 ) * fix 1287 * update mutate log	2020-11-24 10:11:05 -08:00
Shuting Zhao	b9fb926ddb	fixes for golint ./...	2020-11-17 13:07:30 -08:00
Shuting Zhao	e985ee4031	correct misspelled words	2020-11-17 12:01:01 -08:00
Shuting Zhao	cdc5190c56	update nirmata/kyverno to kyverno/kyverno	2020-10-07 11:12:31 -07:00
Shuting Zhao	b8b1d81df0	handles array parsing in configmap value	2020-09-22 18:26:52 -07:00
Mohan B E	bd406f5bb8	added conversion of overlay to patch strategic merge (#1138 ) * added conversion of overlay to patch strategic merge and modified unittest for the same * updated best practice policy	2020-09-22 16:19:09 -07:00
Mohan B E	51ac382c6c	Feature/configmaps var 724 (#1118 ) * added configmap data substitution for foreground mutate and validate * added configmap data substitution for foreground mutate and validate fmt * added configmap lookup for background * added comments to resource cache * added configmap data lookup in preConditions * added parse strings in In operator and configmap lookup docs * added configmap lookup docs * modified configmap lookup docs	2020-09-22 14:11:49 -07:00
Mohan B E	a1081c8f82	fixed policy validationa and patch strategic merge bug (#1136 )	2020-09-18 12:18:13 -07:00
Mohan B E	95542908eb	fixed additional anchor bug in patch strategic merge (#1114 )	2020-09-14 10:25:00 -07:00
shuting	931d7cd47c	Set mutating webhhok reinvocationPolicy to IfNeeded (#1097 ) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded	2020-09-03 08:54:37 -07:00
Mohan B E	3690bf5fff	conditional anchor preprocessing for patch strategic merge (#1090 ) * conditional anchor preprocessing for patch strategic merge * modified sequence pre processing and added unit test * merged master * go fmt * corrected mistake and added error handling to policy validate	2020-09-01 09:12:05 -07:00
Mohan B E	a827f88dc7	resolved conditional anchor issue and added validation to pattern labels (#1060 ) * resolved conditional anchor issue and added validation to pattern labels * restored IsConditionAnchor * added annotation and anypattern validation * added conditional anchor key checker * reverted docs * fixed tests * modified validation * modified validate condition check	2020-08-28 18:22:22 -07:00
shuting	39de46fe39	983 kustomize support (#1026 ) * prototype - strategic merge patch * add end to end test * add engine strategic merge patch support * set webhook reinvocationPolicy to IfNeeded * refactor engine mutate code * support JMESPath in strategic merge patch * implement patchesJson6902 * update doc * resolve pr comments	2020-08-05 09:11:23 -07:00
shuting	87fa77fbcc	965 add validate audit handler (#967 ) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments	2020-07-09 11:48:34 -07:00
Jim Bugwadia	c962971372	Update mutate overlay to handle keys with slashes for labels (like annotations). Added debug V4 logs for mutate flows. (#972 )	2020-07-04 19:32:11 -07:00
Jim Bugwadia	912bc3ccc4	- fix panic in log and improve CLI error reporting	2020-06-12 18:23:59 -07:00
Jim Bugwadia	838d02c475	Bugfix/659 support wildcards for namespaces (#871 ) * - support wildcards for namespaces * do not annotate resource, unless policy is an autogen policy * close HTTP body * improve messages * remove policy store Policy store was not fully implemented and simply provided a way to list all polices and get a policy by name, which can be done via standard client-go interfaces. We need to revisit and design a better PolicyStore that provides fast lookups for matching policies based on names, namespaces, etc. * handle wildcard namespaces in background processing * fix unit tests 1) remove platform dependent path usage 2) remove policy store * add test case for mutate with wildcard namespaces	2020-05-26 10:36:56 -07:00

1 2

71 commits