kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Vishal Choudhary	1f4181645b	fix: allow changes to preexisting resource in violation of a policy in Enforce (#9027 ) * fix: allow changes to preexisting resource in violation of a policy in Enforce Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: missing error check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * nit: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update old policy context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: preconditions always retured true internal.CheckPreconditions always returned true when v.anyAllConditions, it should be populated with rule.RawAnyAllConditions when newValidator() is used to create a validator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: fix chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nit Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * debug Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add namespace Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test for bad to good conversion Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test step Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-12 09:17:53 +00:00
Jim Bugwadia	46f02a8ba7	optimize JSON context processing using in-memory maps (#8322 ) * optimize JSON context processing using in memory maps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate resource diff Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * copy resource, as it can be modified Signed-off-by: Jim Bugwadia <jim@nirmata.com> * clear prior resource to prevent mutating original Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter fix Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix ImageInfo to unstructured conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix custom image extractors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not update mutated resource in JSON context Signed-off-by: Jim Bugwadia <jim@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-04 07:35:36 +00:00
Jim Bugwadia	296578a456	create interpreter once and reuse across searches (#8299 ) * create interpreter once and reuse across searches Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * refactor(jmespath): reuse fCall instead of intr Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * refactor(jmespath): use new api Use the new JMESPath API to decouple Interpreter from FunctionCaller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore: bump go-jmespath Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(jmespath): test case using older API Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Khaled Emara <KhaledEmaraDev@gmail.com>	2023-11-30 16:59:11 +01:00
Vishal Choudhary	72524c792c	fix: update KeysAreMissing() to ignore negations in resource (#8953 ) * fix: update KeysAreMissing() to ignore negations in resource KeysAreMissing() checks if a key is missing in a resource, since a negation should not be present in the resource, it should not count as a missing key Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pod is supposed to fail Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-11-22 09:06:40 +00:00
Vishal Choudhary	5fe16cd487	feat: add checks for max response size in API Call (#8957 ) * feat: add checks for max response size in API Call GET request Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: added changes suggested by jim Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-11-21 10:01:51 +00:00
UgOrange	0079ca1e39	feat: Add external_url_check custom JMESPath function (#8614 ) Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com> Signed-off-by: UgOrange <lichanghao.orange@bytedance.com>	2023-11-21 04:17:26 +00:00
Romuald	139551b7ac	fix: use ungreedy pattern to process all variables (#8311 ) * use ungreedy pattern to process all variables Signed-off-by: Romuald du Song <rdusong@chapsvision.com> * use different strategy for regexp to remove the use of ungreedy flag Signed-off-by: Romuald du Song <rdusong@chapsvision.com> --------- Signed-off-by: Romuald du Song <rdusong@chapsvision.com>	2023-11-14 13:23:28 +00:00
Mariam Fahmy	c0e0cea9f4	feat: compute policy exceptions as a part of the rule execution (#8713 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-11-13 15:43:25 +00:00
Mariam Fahmy	31858abb0b	fix: use validate.message in case there is no message associated with the CEL expression (#8883 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-13 14:53:24 +00:00
AdamKorcz	4da963367d	Close reponse right after succesful request (#8894 ) Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-11-13 13:41:32 +00:00
Jim Bugwadia	c1015bf619	Reduce deps (#8654 ) * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove cosign dependency from API package Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update UserAgent Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-09 13:04:24 +00:00
Anushka Mittal	f3c03f5257	Changes to correctly run delete operation in kyverno11beta4 (#8786 ) * Changes to correctly run delete operation in kyverno11beta4 Co-authored-by: Anushka Mittal <anushka@nirmata.com> Co-authored-by: Julian-Chu <yulang.chu@gmail.com> Signed-off-by: Anushka Mittal <anushka@nirmata.com> * Update test/cli/test/deny-pod-deletion/deny-pod-deletion.yaml Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> * Update test/cli/test/deny-pod-deletion/deny-pod-deletion.yaml Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> * Add README.md for new test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct policy.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add new lines in test files Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct kyverno-test file Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct values.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct test files Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add new test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> --------- Signed-off-by: Anushka Mittal <anushka@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Signed-off-by: Anushka Mittal <138426011+anushkamittal2001@users.noreply.github.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-02 08:25:46 -04:00
Mariam Fahmy	e175998dd2	fix: generate events for scanning VAPs in reports controller (#8783 )	2023-10-31 13:53:28 +00:00
Charles-Edouard Brétéché	c96199dee1	chore: move utils/wildcard in ext (#8772 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-10-29 23:59:53 +00:00
Rakshit Gondwal	b574802c12	feat: support conditions in PolicyException (#8577 ) * feat: support conditions in PolicyException Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix matchesException func Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add codegen-all files Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove variable validation from PolicyException Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add kuttl tests Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove ValidateVariables() from tests Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix errors Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove check-variables kuttl test Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add sleep step to kuttl Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> * miinor fix Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> * add readme for kuttl test Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> --------- Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-10-24 10:45:52 +00:00
Mariam Fahmy	c5dbb572c2	remove duplicated log messages (#8673 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-10-17 16:08:44 +00:00
Vishal Choudhary	5882ed32a3	refactor: common remote authenticator for notary and cosign (#8494 ) * refactor: common remote authenticator for notary and cosign Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: add user agent Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: move getGCRRemoteOption out of BuildGCRRemoteOption Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-10-09 09:07:00 +00:00
Mariam Fahmy	cd986849d5	fix: use v2beta1 of policy exceptions (#8587 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-10-09 15:27:25 +08:00
AdamKorcz	080a96fed4	Refactor fuzzing utils and add 3 fuzzers (#8555 ) * Refactor fuzzing utils and add 3 fuzzers Signed-off-by: AdamKorcz <adam@adalogics.com> * Fix lint issues Signed-off-by: AdamKorcz <adam@adalogics.com> * use latest go-jmespath Signed-off-by: AdamKorcz <adam@adalogics.com> * Check layer size (#8552) * fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check fetched layer size Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check sig layer size Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: AdamKorcz <adam@adalogics.com> * fix lint issues Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-10-05 16:33:26 +00:00
Mariam Fahmy	eedc993ed9	fix: apply exceptions after executing the policy itself (#8544 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-09-27 14:52:39 +00:00
Charles-Edouard Brétéché	61aa713d27	fix: image cache panic and cleanup (#8512 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-22 10:40:16 +00:00
Vishal Choudhary	e6bebeae9b	feat: improve assertion and error messages (#8489 )	2023-09-21 12:39:54 +00:00
Vishal Choudhary	fd01e50280	fix: image verify cache test (#8462 ) * fix: image verify cache test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: print err message Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: clear mock Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: defer clear mock Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-20 14:03:58 +02:00
Charles-Edouard Brétéché	fb90d0935d	fix: use go 1.21 new packages (#8452 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-19 12:06:53 +00:00
Jim Bugwadia	fb12f7330b	skip other checks if operations do not match (#8324 ) * skip other checks if operations do not match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * copy resource/rule as match seems to mutate for wildcard checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix deepcopy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-19 08:01:49 +00:00
Vishal Choudhary	6a62613d5b	feat: add CTLogs verification to cosign (#8130 ) * feat: add TUF and CTlogs to types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add tuf init and custom ctlogs to cosign verify Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update tests with new types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: reduce description size Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ctlogs negative test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add validate for ignoresct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update codegen files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove TUF changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-09-14 04:18:44 +00:00
Chandan-DK	fc7eb295ef	test: add tests for isAnyNotIn function and lazy evaluate it (#7972 ) * Lazy evaluate isAnyNotIn function Signed-off-by: Chandan-DK <chandandk468@gmail.com> * Add unit tests Signed-off-by: Chandan-DK <chandandk468@gmail.com> * add empty string test and rephrase a test name Signed-off-by: Chandan-DK <chandandk468@gmail.com> --------- Signed-off-by: Chandan-DK <chandandk468@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-09-11 16:10:49 +00:00
Charles-Edouard Brétéché	30598c64d8	fix: TODOs in cli (#8333 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-11 15:24:10 +00:00
Vishal Choudhary	aeabe7048d	feat: update condition in image verify cache tests (#8318 ) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-09-11 14:22:10 +00:00
Charles-Edouard Brétéché	5beaec677f	fix: cache invalidation in FindResources (#8316 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-08 15:51:25 +02:00
Vishal Choudhary	274e93199b	feat: update ivcache Set() to use Wait() (#8286 ) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-09-06 13:31:18 +00:00
AdamKorcz	34bfb57c08	[Bug] Fix nil-dereference in pss validation (#8271 ) Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-09-05 18:45:07 +00:00
Mariam Fahmy	8732183cc6	feat: generate backgroundscan reports for validating admission policies (#8135 ) * feat: generate backgroundscan reports for validating admission policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: skip validate check images if errors are encourted when validating the resource Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-09-05 11:42:17 +00:00
Mariam Fahmy	b495c6d112	feat: support authorizer variable in CEL expressions (#8024 ) * feat: support authorizer variable in CEL expressions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add the auth reason Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add kuttl tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix kuttl test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: add helpers Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-09-05 10:16:50 +00:00
Charles-Edouard Brétéché	c51bc5beb8	docs: improve cli commands docs (#8259 ) * chore: improve cli commands docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * experimental Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * oci Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * oci Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * jp Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * apply Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * create Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-05 05:14:28 +03:00
Vishal Choudhary	b2515154f3	fix: return error in LoadMatching (#8234 ) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-04 22:42:27 +00:00
Vishal Choudhary	2f6ff9902e	fix test flake: update assertion in image verify cache test (#8248 ) Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-04 13:07:53 +00:00
Charles-Edouard Brétéché	1ccd838124	fix: logger calls (#8211 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-01 12:32:13 +00:00
Charles-Edouard Brétéché	33d5c81a7d	refactor: introduce report utils package and use it in cli apply (#8203 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-01 09:20:39 +00:00
Mariam Fahmy	c583b64120	feat: generate validating admission policies and their bindings from Kyverno policies (#7840 ) * feat: generate validating admission policies and their bindings from Kyverno policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add generate VAPs feature flag Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use container flags instead of feature flags Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: limit VAP generation to cluster policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add policy checks for generating VAPs Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: rename package Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: translate match/exclude resources in Kyverno policies to their alternatives in validating admission policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add vap info in kyverno policy status Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: delete the translation of Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add kuttl tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add generateValidatingAdmissionPolicy feature flag in the helm chart Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: update codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add validating admission policy kuttl tests in the workflow Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: check K8s server version Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: remove the kind config of VAPs Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-08-31 10:25:21 +00:00
Amit kumar	6d8ae16afa	added verify image ristretto cache implementation (#7969 ) * updated flags Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added bufferSize Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * made cache as private member Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added logger.withValues Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added verify image cache Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added cache tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed lint issue Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added chaged policy test Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * cache time should be entered in minutes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed client.go logs and added in imageVerifier Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added level to the logs Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added notary image cache verification Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * replace intVar by flag.DurationVar() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed lock from cache clinet Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated cosign tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added execution latencies comparision Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added assert.Error() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error assertion util Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added error log Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * Update pkg/engine/internal/imageverifier.go Signed-off-by: shuting <shutting06@gmail.com> * lint fixes Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed logs from unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ristretto_cache impl Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed cache.wait() Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added asssertions in tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflicts Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * lint fix Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * renamed variabls Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-08-30 07:26:40 +00:00
Vishal Choudhary	62634af6aa	feat: migrate ignoreSCT from rekor to ctlog (#8166 ) * feat: migrate ignoreSCT from rekor to ctlog Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: update tests for new crd Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-08-30 08:39:49 +02:00
Mariam Fahmy	94aa1f18c6	feat: support namespaced parameter resources for CEL expressions in Kyverno policies (#8084 ) * feat: support namespaced parameter resources for CEL expressions in Kyverno policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix kuttl test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-08-28 14:43:09 +00:00
Mariam Fahmy	072ebeacdb	refactor: create cel package for compiling expressions (#8108 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-08-24 14:06:37 +00:00
Mariam Fahmy	10172ae8e0	feat: support variables for CEL in Kyverno policies (#8103 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-08-24 10:00:27 +00:00
AdamKorcz	da3531a0c0	chore: add mocks to mutate fuzzer (#8102 ) Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-08-23 21:45:01 +00:00
Mariam Fahmy	333845677a	fix: check if client is set in CEL validations (#8099 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-08-23 17:22:37 +02:00
Mariam Fahmy	e1783e7375	refactor CEL validation in Kyverno policies (#8098 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-08-23 13:28:40 +00:00
AdamKorcz	af33cd98c8	chore: improve performance of engine fuzzers (#8090 ) Signed-off-by: AdamKorcz <adam@adalogics.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-08-22 22:35:06 +00:00
Mariam Fahmy	96adc301e5	feat: support namespaceObject variable in CEL expressions (#8071 ) * feat: support namespaceObject variable in CEL expressions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix a bug Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-08-21 08:04:59 +00:00

1 2 3 4 5 ...

1221 commits