kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Riko Kudo	5f5cda9fee	Yaml signing and verification (#4235 ) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-08-30 10:14:54 -07:00
Charles-Edouard Brétéché	888689df54	fix: update go-wildcard to v1.5.0 (#4444 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-29 17:10:01 +00:00
Prateek Pandey	34fe6c9058	bump cosign deps version to 1.11.1 (#4408 ) * bump cosign deps version to 1.11.1 to accommodate latest attestation verification fixes Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * bump github action go version to 1.18 Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-08-25 08:24:49 +00:00
dependabot[bot]	0bb575442d	chore(deps): bump github.com/sigstore/cosign from 1.10.0 to 1.10.1 (#4328 ) Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.10.0 to 1.10.1. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/cosign/compare/v1.10.0...v1.10.1) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-11 12:38:27 +08:00
Jim Bugwadia	943c3a1929	use failurePolicy to block or allow requests, on policy errors (#4183 ) * use failurePolicy to block or allow requests, on policy errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add warnings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle network errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix title conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix path in generated file Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fake metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for klog flag initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix spelling Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix flag init Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 20:24:02 +05:30
Guilhem Lettron	b03e461f25	feat: auto optimize GOMAXPROCS (#4277 ) Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>	2022-07-29 23:59:47 +08:00
Tathagata Paul	3e2894b6fa	feat: Opentelemetry support for metrics and traces (#3910 ) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-11 17:49:47 +00:00
Furkan Türkal	af3da5e19a	bump cosign to 1.9.1 to fix fulcio panic (#4117 ) Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-06-16 16:03:22 +00:00
Vyankatesh Kudtarkar	7245c92dcf	fix vulnerable (#4027 )	2022-05-26 04:19:00 +00:00
Vyankatesh Kudtarkar	bea0b794d5	add validation check to ensure the annotations quoted (#3976 )	2022-05-24 12:45:23 +00:00
Prateek Pandey	c79dc82eaa	fix: cleanup old dependencies from go.sum and go.mod (#3806 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-05-05 08:56:22 +00:00
Prateek Pandey	3e2c9b25c9	Bump cosign and sigstore version (#3771 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-05-02 20:20:08 +01:00
Shubham Gupta	3cbb8db72e	Update vulnerable dependencies (#3577 ) Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-04-14 20:39:55 +00:00
Anushka Mittal	1714a328b6	add-kms-libraries for cosign (#3603 ) * add-kms-libraries Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Shifted providers to cosign package Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-14 15:24:34 +00:00
Anushka Mittal	746d8efde9	Update to cosign 1.7.1 (#3587 ) Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-12 09:29:26 -07:00
shuting	d1bf3d4742	clean up dependencies (#3469 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-03-25 08:40:25 +00:00
Charles-Edouard Brétéché	9ac35f9698	chore: add more codegen target and verifications (#3393 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-16 15:01:35 +05:30
Christian Kotzbauer	851a81845c	Update cosign to v1.6.0 (#3341 ) Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> fix ecr-helper creation Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-03-11 11:25:10 -08:00
Prateek Pandey	66969d35ea	validate and block policy based on the matched kind cache (#3283 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-02-23 22:27:18 +05:30
Jim Bugwadia	14111aaa05	update dependencies (#3221 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-02-13 11:20:24 +00:00
Rob Best	851ebe3e65	Add cloud provider keychains to DefaultKeychain (#3116 ) Removes the need to specify an image pull secret to make use of cloud provider credentials. As I understand it, this should be fine outside of cloud provider contexts. As part of this, I've switched to using authn/kubernetes, which I believe is preferable to k8schain. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-28 11:33:27 -08:00
Jim Bugwadia	7cf1dd2b15	update cosign to 1.5.0 and fix issuer and subject for keyless (#3089 ) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-27 21:13:23 -08:00
Sambhav Kothari	2eb8f5f285	Fix memory leak when updating ggcr keychain (#3088 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-26 12:45:05 -08:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Mritunjay Kumar Sharma	cdedf11a1c	bumps k8s libraries for k8s v1.23 upgrade for kyverno (#3043 ) * bumps k8s libraries for k8s v1.23 upgrade for kyverno Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes kustomize version Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates golang to v1.17 to test fails Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates logr package to 1.2.2 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Fixed tests for `pkg/cosign` and `pkg/webhooks/generation` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * fix go-logr deps version issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> * fix kube-openapi commit hash Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-22 20:26:53 +08:00
Naman Lakhwani	898520b7cf	add `semver_compare` JMESPath function (#2846 ) * add semver_compare JMESPath function Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for semver_compare Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * enabling version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * removing unnecessary switch cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-21 08:12:35 -08:00
Danny Kulchinsky	f6982760fc	truncate custom jmespath function (#2836 ) * [feature] custom jmespath truncate function Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * formatting Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * simplify naming a bit Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 15:52:52 +08:00
Naman Lakhwani	edafffd2bd	added issuer check (#2804 ) * added issuer check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * switch to using SimpleContainerImage Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * added subject check and required test cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * small nits Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * correcting tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 19:46:22 +00:00
Kumar Mallikarjuna	a667a69812	JMESPath arithmetic function units (#2753 ) * MAS arithmetic functions Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Adding Divide() and Modulo() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Tidy go.mod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix lift issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set division scale to maximum of operands Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Precision for Add()/Subtract() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set duration precision Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added comment for duration diff calculation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-07 15:44:46 +00:00
Shubham Palriwala	ea3529f2d0	Trivy now scans local images (#2744 ) * fix: trivy now scans entire container Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 20:57:51 +08:00
Jim Bugwadia	189c6f8cda	fix dependabot issue and remove stale entries in go.mod (#2741 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:11:38 +08:00
shuting	0f0c070072	Fix memory issue - RCR conversion (#2678 )	2021-11-08 15:53:21 -08:00
Jim Bugwadia	50cb1859c3	add keyless verification (#2677 ) * add keyless verification Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter warning Signed-off-by: Jim Bugwadia <jim@nirmata.com> * wrap error with details Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-04 23:26:22 -07:00
Batuhan Apaydın	4eab46fb7d	feat: support other key methods (#2607 ) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 00:45:35 -07:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Jim Bugwadia	ef9e9ec9ac	add variable substitutoion for imageVerify and allow PEM in ConfigMaps Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-26 10:41:27 -07:00
Jim Bugwadia	e0b1f08a28	fix check for CREATE request (#2551 ) * fix check for CREATE request Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-18 09:34:07 -07:00
Jim Bugwadia	0dbe7ea675	start attestation support Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-01 11:10:36 -07:00
Shubham Palriwala	5b01dd53a7	remove minio/minio and update minio/pkg (#2440 ) Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-09-28 12:19:26 -07:00
Bricktop	4b71a031ab	Openapi validation should not fail if patchesJson6902 appends to list (#2340 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-09-16 12:40:56 -07:00
Max Goncharenko	a0ff8bbd0b	Implement global anchor (#2311 ) * implement global anchor for patch strategic merge Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed unit tests for mutation global anchor Signed-off-by: Max Goncharenko <kacejot@fex.net> * added global anchor in validation Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix some global anchor issues found during testing Signed-off-by: Max Goncharenko <kacejot@fex.net> * run go tidy Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fixed some tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * finish implementing global anchor Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * WIP: lower global anchor strictness Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * Revert "WIP: lower global anchor strictness" This reverts commit `08e176a042`. Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * global anchor for mutation Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-13 08:59:28 -07:00
Yashvardhan Kukreja	5fcd9b83d9	added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-09-10 14:39:12 -07:00
Max Goncharenko	7e258bf54b	add new test; remove unnecessary anchors (#2217 ) * add new test; remove unnecessary anchors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added several test to e2e Signed-off-by: Max Goncharenko <kacejot@fex.net> * remove unused variable Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added comment to expected result Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-09-09 08:55:20 -07:00
Jim Bugwadia	511db4372b	update cosign (#2369 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-09-07 21:29:20 -07:00
Jim Bugwadia	8af814c7af	update cosign to v1.0.0 (#2221 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-08-02 13:51:36 -07:00
Jim Bugwadia	13caaed8b7	Feature/cosign (#2078 ) * add image verification * inline policy list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cosign version and dependencies updates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add registry initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate deep copy and other fixtures Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix deep copy issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * mutate images to add digest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add certificates to Kyverno container for HTTPS lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align flag syntax Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * patch image with digest and fix checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * hardcode image for demos Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add default registry (docker.io) before calling reference.Parse Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix definition Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix args Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run gofmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename for clarity Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix HasImageVerify check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle API conflict and retry Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reviewdog issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix make for unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve error message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix durations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle errors in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * print policy name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add retries and duration to error log Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix time check in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * round creation times in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix retry loop Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove timing check for policy creation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix e2e error - policy not found Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update string comparison method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Generate_Namespace_Label_Actions Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add debug info for e2e tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generate bug Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for update operations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase time for deleteing a resource Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Shuting Zhao <shutting06@gmail.com>	2021-07-09 18:01:46 -07:00
Max Goncharenko	6d0ad5598e	Jmespath notfound error (#1907 ) * return err, if variable path could not be resolved Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed {{@}} behavior Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix json merge logic Signed-off-by: Max Goncharenko <kacejot@fex.net> * add e2e tests for Flux use case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-07-01 22:56:50 -07:00
Pooja Singh	cd9e596e7e	[Improvement] Kyverno should not delete downstream resources when a generate policy using the clone behavior has synchronize: true (#1880 ) * debuging issue Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * issue fixed Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * remove policy name in source resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed deletion of GR on source updation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function in common Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added generated resource list to the log Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * small improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-06-30 12:00:02 -07:00
Valentin Velkov	63f4c9a884	Configurable success events on policies & resources. Generating failure events on policies by default. (#1939 ) * Remove unused event.Reason const Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate failure events on policies Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate success events on policy Signed-off-by: Velkov <valentin.velkov@sap.com> * Introduce 'generateSuccessEvents' flag Signed-off-by: Velkov <valentin.velkov@sap.com> * Unit tests & chart fix Signed-off-by: Velkov <valentin.velkov@sap.com>	2021-06-29 14:43:11 -07:00
NoSkillGirl	09b1592f11	added loop for namespace Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-06-15 18:14:51 +05:30
shuting	6f07ea407f	Customize namespaceSelector of Webhookconfigurations (#2003 ) * customize namespaceSelector of webhook configurations from configMap Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update webhook configurations base on UPDATEs of Kyverno ConfigMap Signed-off-by: Shuting Zhao <shutting06@gmail.com> * register webhook configurations with the namespaceSelector from ConfigMap Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address golint comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * validate webhooks config format Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix NotDefined scenario Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-14 13:01:40 -07:00
Arsh Sharma	7e9be24d90	updating minio verison (#1956 )	2021-06-09 19:16:26 -07:00
shuting	e9a972a362	feat: HA (#1931 ) * Fix Dev setup * webhook monitor - start webhook monitor in main process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leaderelection Signed-off-by: Jim Bugwadia <jim@nirmata.com> * - add isLeader; - update to use configmap lock Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add initialization method - add methods to get attributes Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove newContext in runLeaderElection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to GenerateController Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add leader election to generate cleanup controller Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Gracefully drain request * HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920) * enable leader election for webhook register Signed-off-by: Shuting Zhao <shutting06@gmail.com> * extract certManager to its own process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * leader election for cert manager Signed-off-by: Shuting Zhao <shutting06@gmail.com> * certManager - init certs by the leader Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy report controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * rebuild leader election config Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start informers in leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start policy informers in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * enable leader election in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * move eventHandler to the leader election start method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add clusterrole leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixed generate flow (#1936) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * - init separate kubeclient for leaderelection - fix webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup Kyverno managed resources on stopLeading Signed-off-by: Shuting Zhao <shutting06@gmail.com> * tag v1.4.0-beta1 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix cleanup process on Kyverno stops Signed-off-by: Shuting Zhao <shutting06@gmail.com> * bump kind to 0.11.0, k8s v1.21 (#1980) Co-authored-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>	2021-06-08 12:37:19 -07:00
Yashvardhan Kukreja	bb80e1b641	added: initial prometheus client setup Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-05-16 13:06:14 +05:30
Pooja Singh	4296e69225	updating synchronize lable in generated resource (#1860 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-05-06 13:11:10 -07:00
NoSkillGirl	4cfc21779c	added policy validation according to api server Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-04-21 10:28:11 +05:30
Max Goncharenko	6a0305674a	JMESPath custom functions (#1772 ) * JMESPath: Support regex expressions Signed-off-by: Max Goncharenko <kacejot@fex.net> * JMESPath: Add string functions Signed-off-by: Max Goncharenko <kacejot@fex.net> * Removed {{$}} variable handling logic Signed-off-by: Max Goncharenko <kacejot@fex.net> * Name all functions in snake case; Update error message; Fix {{@}} behavior Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-04-16 16:17:00 -07:00
shuting	c08843ef77	Add Images info to variables context (#1725 ) * - remove supportMutateValidate; - refactor new context in the webhook Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add ImageInfo to variables context Signed-off-by: Shuting Zhao <shutting06@gmail.com> * revert unexpected changes Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-23 10:34:03 -07:00
Raj Babu Das	08643773c3	removing go.sum from github workflow and adding unused pkg check (#1698 ) Signed-off-by: rajdas98 <mail.rajdas@gmail.com>	2021-03-11 10:14:46 -08:00
Shuting Zhao	c4ebef7b0d	- support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902 - upgrade to evanphx/json-patch/v5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 15:25:07 -08:00
shuting	2f2d6c2e38	Upgrade client libraries to 0.20.2 (#1547 ) * upgrade clients to 0.20.2 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove debug log Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix e2e test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 20:26:56 -08:00
shuting	bd44dbff41	Reduce RCR Throttling (#1545 ) * buffer report change requests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix clusterReportChangeRequest Signed-off-by: Shuting Zhao <shutting06@gmail.com> * further reduce RCRs in background scan Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 19:46:50 -08:00
Shuting Zhao	f95771a3b8	add dependency to go.sum	2021-01-08 18:47:28 -08:00
Shuting Zhao	3adfdc24af	fix release failure	2021-01-08 18:25:38 -08:00
shuting	35aa3149c8	Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441 )	2021-01-04 23:17:17 -08:00
NoSkillGirl	c66e2a7058	adding label to clone source	2020-12-29 18:04:20 +05:30
shuting	2fc3b3b998	Fixes 1410 strategic merge patch (#1414 ) * fixes #1410 * fix unit test * re-initialize worker immediately on failure	2020-12-23 17:48:00 -08:00
Jim Bugwadia	6afd2e6f3a	ignore non-policy files in CLI and improve validation messages (#1362 ) * improve validation message * improve error behaviors * fix tests * fix tests	2020-12-07 11:26:04 -08:00
Jim Bugwadia	f3b644f624	handle anchors in keys	2020-12-04 15:59:15 -08:00
Jim Bugwadia	2aeb5aa982	validate conditiona.operator as enum	2020-11-29 00:37:36 -08:00
Jim Bugwadia	54f816c246	trim variable for context lookups	2020-11-24 17:48:54 -08:00
shuting	e868dbfeb9	Fix 1287 - failed to update annotation through mutate policy (#1289 ) * fix 1287 * update mutate log	2020-11-24 10:11:05 -08:00
Shuting Zhao	168bb21093	add optional tag to gr.status	2020-11-18 15:07:12 -08:00
NoSkillGirl	9a9cd55b7b	SanitizedError fix	2020-11-18 15:02:14 +05:30
NoSkillGirl	5794889752	Merge branch 'main' into policyreport_cli	2020-11-18 14:43:30 +05:30
Shuting Zhao	b9fb926ddb	fixes for golint ./...	2020-11-17 13:07:30 -08:00
Shuting Zhao	e985ee4031	correct misspelled words	2020-11-17 12:01:01 -08:00
Jim Bugwadia	74b656768e	1251 fix generate panic (#1252 ) * improve error message * fix panic and add error logs * update log levels and messages * fix tests	2020-11-12 16:44:57 -08:00
NoSkillGirl	7fbe422ef6	corrected merge code	2020-11-10 16:31:39 +05:30
NoSkillGirl	acc34fbf0a	Merge commit	2020-11-10 10:49:29 +05:30
shuting	5e07ecc5f3	Add Policy Report (#1229 ) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2020-11-09 11:26:12 -08:00
NoSkillGirl	e11efa4e7a	added policy report example	2020-11-04 14:03:40 +05:30
NoSkillGirl	f2c01d7f76	fixed no-kind-pod error	2020-11-04 14:03:38 +05:30
NoSkillGirl	80aa6eb9f5	added policyreport to cli	2020-11-04 14:03:38 +05:30
Shuting Zhao	85c6c3d36f	clean up policy violation CRD	2020-11-02 16:59:16 -08:00
Shuting Zhao	63a8d89c8d	- update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report	2020-10-27 18:28:30 -07:00
Shuting Zhao	c906baa1a7	- update policy report types; - upgrade k8s library; - update code gen	2020-10-15 17:54:58 -07:00
Shuting Zhao	6b5e935e49	Merge branch 'feature/reports-cli' of https://github.com/evalsocket/kyverno into policyreport # Conflicts: # Makefile # cmd/kyverno/main.go # go.mod # go.sum # pkg/client/clientset/versioned/clientset.go # pkg/client/clientset/versioned/fake/clientset_generated.go # pkg/client/clientset/versioned/fake/register.go # pkg/client/clientset/versioned/scheme/register.go # pkg/client/informers/externalversions/factory.go # pkg/client/informers/externalversions/generic.go # pkg/client/listers/kyverno/v1/expansion_generated.go # pkg/policy/common.go # pkg/policy/controller.go # pkg/policy/existing.go # pkg/policyviolation/builder.go # pkg/policyviolation/generator.go # pkg/webhooks/server.go # pkg/webhooks/validate_audit.go # pkg/webhooks/validation.go	2020-10-12 18:30:37 -07:00
Mohan B E	51ac382c6c	Feature/configmaps var 724 (#1118 ) * added configmap data substitution for foreground mutate and validate * added configmap data substitution for foreground mutate and validate fmt * added configmap lookup for background * added comments to resource cache * added configmap data lookup in preConditions * added parse strings in In operator and configmap lookup docs * added configmap lookup docs * modified configmap lookup docs	2020-09-22 14:11:49 -07:00
evalsocket	573496f318	policy report yaml added	2020-09-15 08:07:01 -07:00
shuting	931d7cd47c	Set mutating webhhok reinvocationPolicy to IfNeeded (#1097 ) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded	2020-09-03 08:54:37 -07:00
Mohan B E	3690bf5fff	conditional anchor preprocessing for patch strategic merge (#1090 ) * conditional anchor preprocessing for patch strategic merge * modified sequence pre processing and added unit test * merged master * go fmt * corrected mistake and added error handling to policy validate	2020-09-01 09:12:05 -07:00
Mohan B E	f60deecdce	Feature/namespaced policy 280 (#1058 ) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole	2020-08-19 09:07:23 -07:00
Jim Bugwadia	fc6da9c9e6	improve CLI validation reports	2020-08-18 21:03:00 -07:00
Pooja Singh	5a68653749	Supporting annotations in match/exclude (#1045 ) * Supporting annotations in match/exclude filters * updated readme * small fix	2020-08-17 17:12:27 -07:00
Mohan B E	a14828246d	Feature/api version 852 (#1028 ) * apiVersion support for generate * added apiVersion to crds	2020-08-07 09:47:33 +05:30
shuting	39de46fe39	983 kustomize support (#1026 ) * prototype - strategic merge patch * add end to end test * add engine strategic merge patch support * set webhook reinvocationPolicy to IfNeeded * refactor engine mutate code * support JMESPath in strategic merge patch * implement patchesJson6902 * update doc * resolve pr comments	2020-08-05 09:11:23 -07:00
Mohan BE	3e1cef790a	added field type specification to types	2020-07-21 11:33:51 +05:30
Mohan BE	9451f79ee5	added api docs generator	2020-07-20 20:05:06 +05:30
NoSkillGirl	f0fab9499e	temp	2020-07-11 17:56:14 +05:30
shuting	87fa77fbcc	965 add validate audit handler (#967 ) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments	2020-07-09 11:48:34 -07:00
NoSkillGirl	2fde3146e8	added more validation for policies	2020-07-07 17:08:57 +05:30
Jim Bugwadia	65193feccb	update logging, naming, and event retry (#959 ) * update logging and naming * check per policy patch count	2020-06-30 11:53:27 -07:00
NoSkillGirl	b589169b5e	Added in-notin operator	2020-06-26 12:48:45 +05:30
Yuvraj	c0326ce3f1	conflict resolve	2020-06-25 12:05:42 -07:00
Yuvraj	ab328b59d3	go mod updated	2020-06-25 12:00:35 -07:00
Shuting Zhao	a1d7816c10	fix violation updates when there's no change	2020-06-01 19:37:48 -07:00
Jim Bugwadia	838d02c475	Bugfix/659 support wildcards for namespaces (#871 ) * - support wildcards for namespaces * do not annotate resource, unless policy is an autogen policy * close HTTP body * improve messages * remove policy store Policy store was not fully implemented and simply provided a way to list all polices and get a policy by name, which can be done via standard client-go interfaces. We need to revisit and design a better PolicyStore that provides fast lookups for matching policies based on names, namespaces, etc. * handle wildcard namespaces in background processing * fix unit tests 1) remove platform dependent path usage 2) remove policy store * add test case for mutate with wildcard namespaces	2020-05-26 10:36:56 -07:00
Jim Bugwadia	304c75403e	- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs	2020-05-17 14:37:05 -07:00
shravan	0932e9a147	664 tested prototype	2020-04-27 18:38:03 +05:30
shravan	793321e410	754 missing changes for prev commit	2020-03-28 16:50:56 +05:30
shravan	9ce0102db9	754 missing changes from previous commit	2020-03-28 16:47:42 +05:30
shravan	91223deae2	754 resolved merge conflicts	2020-03-28 16:43:19 +05:30
shravan	b5af456f64	Revert "754 merge conflicts" This reverts commit `39f75db435`.	2020-03-28 16:36:19 +05:30
shravan	39f75db435	754 merge conflicts	2020-03-28 16:30:18 +05:30
shravan	5cb134214b	536 importing go acc before ci/cd	2020-01-29 14:23:59 +05:30
shravan	a4e06a6ba1	536 fixing compilation issues	2020-01-26 19:42:09 +05:30
shravan	5a63b85368	536 conforming to plugin author guidelines	2020-01-26 19:21:58 +05:30
shravan	4bd678e301	added go modules and removed vendor file	2020-01-14 10:07:21 +05:30

1 2 3 4 5

219 commits