gcp-cherry-pick-bot[bot]
7ee6137a73
feat: use pointer in rule (exclude field) ( #11050 ) ( #11071 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 11:50:49 +00:00
Vishal Choudhary
1ef9b876e1
fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy ( #10033 )
...
* feat: allow changes to preexisting resources that violate a validate foreach, cel or pss policy
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: do old object verification as create operation
this fixes the case where we are checking request.operation in a deny condition
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update the json context in set operation
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: typo
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update error message
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: add match and exclude check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: match exclude in if
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add option to disable validation of old object
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update readme
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: conflicts
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: ci
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: nil ptr error
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: old obj verification in assert
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: codegen
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw test for assert
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: cleanup
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: pss
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: common functions for allow existing violations
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: types
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: typos
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: pss old resource
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: chainsaw test for PSS
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: use old objects
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: more merge changes
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: e2e matrxix
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: refactor and dont return error when old obj validation fails
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: return resp when not matched
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: add logs and return skip when old object validation fails
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update validate_resource.go
Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update validate_pss.go
Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update validate_assert.go
Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2024-09-06 06:42:56 +00:00
D N Siva Sathyaseelan
0ee73430de
feat:Add support for condition validation across multiple image verification attestations or context entry ( #9960 )
...
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* validate block added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* Name feild is added in Attestation struct
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added imageInfo in policy context
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added response from FetchAttestations to contex entry
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate logic
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* condition for name collision in Attestation array is added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* ValidateVariable is applied in validate
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* change in regex, logic, conformance test, unit test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some change in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* context entries are added as variables
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical implementations
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Validate and multiple Image verification is working
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* moved validate to verify
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate in verifyimage in v2 policies
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* validate is moved to verifyAttestation
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* removed loadcontext
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Added getRawResp to fing report in statemants
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in ivm
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* changes in verify in imageverifer
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test for trivy and vex
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added Validate in ImageVerification
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
* added imageInfo in policy context
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added response from FetchAttestations to contex entry
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate logic
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* condition for name collision in Attestation array is added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added multiple image verification test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* ValidateVariable is applied in validate
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* change in regex, logic, conformance test, unit test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some change in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* context entries are added as variables
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some logical implementations
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Validate and multiple Image verification is working
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* moved validate to verify
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in conformance test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Some changes in imageverifier
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* unit test added
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* lint fixes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* added validate in verifyimage in v2 policies
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* validate is moved to verifyAttestation
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* removed loadcontext
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* enhanced tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* Added getRawResp to fing report in statemants
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* aome changes in unit tests
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* helm test fix
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* some changes in ivm
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* changes in verify in imageverifer
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* test
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* codegen applied
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* codegen resolved
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
---------
Signed-off-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
Signed-off-by: D N Siva Sathyaseelan <95441117+sivasathyaseeelan@users.noreply.github.com>
Co-authored-by: sivasathyaseeelan <dnsiva.sathyseelan.chy21@iitbhu.ac.in>
2024-09-05 10:33:37 +00:00
Vishal Choudhary
95f54a1cb6
feat: enable custom data in policy reports using properties ( #10933 )
...
* feat: enable custom data in policy reports using properties
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: dont throw error in variable substitution for properties
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-09-03 17:36:07 +00:00
Mariam Fahmy
bde90340a6
chore: remove v1alpha1 of VAPs and use v1beta1 ( #10955 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-29 15:31:25 +00:00
Mariam Fahmy
2140a0239b
chore: rename validationFailureAction to failureAction under the rule ( #10893 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-08-27 20:07:57 +00:00
Khaled Emara
65a43d2059
feat(mutate): minimize unmarshals ( #10702 )
...
* feat(mutate): minimize unmarshals
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(mutate): test type assertion
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(codegen): remove unused import
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-08-09 11:12:20 +00:00
Mariam Fahmy
c796bb765c
fix: return policies with either audit or enforce rules from the cache ( #10667 )
...
* fix: return policies with either audit or enforce rules from the cache
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: introduce validationFailureAction under verifyImage rules
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 18:24:28 +00:00
Khaled Emara
c0cf6c5bf1
feat(json): unmarshal at decode time ( #10700 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-05 15:46:50 +03:00
Charles-Edouard Brétéché
fc694bc24c
feat: add kyverno json support to validation rule ( #10763 )
...
* feat: add kyverno json support to validation rule
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v2beta1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* validation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* engine handler
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* context functions
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* better bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-08-02 08:24:30 +00:00
Khaled Emara
d173752041
feat(json): unmarshal once per policy ( #10701 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-30 10:52:41 +00:00
Mariam Fahmy
716611b7ea
fix: return all the exceptions that match the incoming resource ( #10722 )
...
* fix: return all the exceptions that match the incoming resource
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify log messages
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 17:36:19 +00:00
Mariam Fahmy
ad6ee93e3b
fix: CEL policies aren't applied to deleted resources ( #10611 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-04 22:16:36 +05:30
Mariam Fahmy
68df5af40e
fix rule type for mutate and generate rules ( #10554 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-28 16:40:56 +00:00
Mariam Fahmy
94d9bbe73f
chore: use v2 clients for policy exceptions ( #10530 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-24 16:36:55 +00:00
shuting
5260b4f7bc
chore: bump k8s libs to 0.30 ( #10285 )
...
* chore: bump k8s libs to 0.30
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update crds
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump kubectl-validate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix linter
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump k8s
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix sum
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: indent
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump deps
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-04 15:09:44 +08:00
Vishal Choudhary
47adea6f1c
feat: add support for background scanning of existing resource in image verification ( #10287 )
...
* feat: add support for background scanning of existing resource in image verification
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: change rule response type to image verify
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: fix nilptr reference
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-05-24 09:41:04 +00:00
Mariam Fahmy
57b2c5fe4f
fix: add a copy method to the policy context ( #10236 )
...
* fix: add a copy method to the policy context
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: add a CLI test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: remove mutate changes
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-21 15:29:09 +00:00
shuting
fb9c66f455
feat(perf): add new linter prealloc to enforce slice declarations best practice ( #10250 )
...
* feat(perf): add new linter prealloc to enforce slice declarations best practice
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix(linter): prealloac slices
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-05-20 14:46:35 +05:30
Vishal Choudhary
3af0e461f0
fix: deepcopy patched resource in foreach mutate ( #10252 )
...
* fix: deepcopy patched resource to avoid indirect reversal of its elements
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy elements while reversing
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy resources inside foreach
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-05-20 14:45:21 +08:00
Mariam Fahmy
798950f72c
fix: return skip when celPreconditions/matchConditions aren't met ( #9940 )
...
* fix: return skip when cel preconditions aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: return skip when matchConditions in VAPs aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-22 13:49:25 +00:00
Mariam Fahmy
ea64529e63
fix: evaluate namespaceObject for Kyverno policies in the CLI ( #9977 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-19 10:55:41 +00:00
Charles-Edouard Brétéché
76bd67739a
fix: polex mem footprint ( #9954 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-03-28 09:31:40 +00:00
Vishal Choudhary
f2833861f8
fix: properly update policy context after preexisting resource in violation check ( #9893 )
...
* fix: properly update policy context after preexisting resource in violation check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: remove all copy function usages
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: nit
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* refactor context resource swap
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: test:
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: logger panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: copy cover policycontext
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2024-03-13 16:24:53 +00:00
Jim Bugwadia
5e69204c99
add unit test ( #9894 )
...
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert change
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-03-13 17:09:30 +08:00
Jim Bugwadia
befcd73ea1
add control names and images to PSS results ( #9869 )
...
* add control names and images to PSS results
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tets
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update chainsaw tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-03-11 09:32:05 +00:00
mohamedasifs123
d566e9886c
Fix :variables are not getting processed in validation message for "anyPattern" ( #9713 )
...
* Update validate_resource.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create pod.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create policy.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update validate_resource.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create README.md
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
---------
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
2024-02-21 07:20:43 +00:00
Charles-Edouard Brétéché
a1cb4f1c30
fix: remove deprecated imageSignatureRepository flag ( #9698 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-08 12:10:29 +00:00
shuting
5f0d53fe34
feat: apply .matchConditions when generating reports ( #9599 )
...
* enable matchconditions for reports
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issues
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: move files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-02-02 08:32:28 +00:00
Charles-Edouard Brétéché
747bc017e5
fix: follow up for #9534 ( #9543 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 08:54:58 +00:00
mohamedasifs123
e3274386e7
Update validate_resource.go ( #9534 )
...
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
2024-01-28 20:41:42 +00:00
Mariam Fahmy
f01f0d6dc4
feat: support podSecurity exclusion in exceptions ( #9343 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-26 18:43:07 +00:00
Vishal Choudhary
87c7ce254a
feat: add skipImageReferences in verify images ( #8633 )
...
* feat: add skipImageReferences in verify images
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw-test.yaml
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: typo in assert
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-23 12:27:39 +00:00
Gurmannat Sohal
6902a2b092
Unit tests for Pod Security Admission Integrations ( #8585 )
...
* feat: enable field-restricted exclusions using the psa
Signed-off-by: Liang Deng <283304489@qq.com>
* fix ci error
Signed-off-by: Liang Deng <283304489@qq.com>
* fix ci error
Signed-off-by: Liang Deng <283304489@qq.com>
* initial unit tests
* Add all remaining unit tests
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fine grain unit tests by adding fields and values
* add detailed pod level exclusion and related tests
* add tests for init & ephemeral containers
* add kuttl tests for the new advanced support
* add kuttl tests for the new advanced support
* add readme for kuttl tests
* add replacement in go.mod
* resolving CI errors
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix ci errors
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix ci errors
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* updating pod-security-admissio
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* resolving null pointer panic
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* resolved conformance error
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* chainsaw
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chainsaw
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* remove duplication
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix linting
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* remove over computation
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* added field checks, pss skip condition
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* correcting chainsaw tests
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* merge branch 'main' into unit-tests
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
* fix builds
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Liang Deng <283304489@qq.com>
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Liang Deng <283304489@qq.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-12-26 22:28:08 +08:00
Mariam Fahmy
b61a1f3d18
fix: set v2beta1 of exceptions the storage version ( #9254 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-12-22 10:13:58 +00:00
Mariam Fahmy
8e0a7aa204
feat: promote policy exceptions to v2 ( #9208 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-12-19 10:43:39 +00:00
Vishal Choudhary
1f4181645b
fix: allow changes to preexisting resource in violation of a policy in Enforce ( #9027 )
...
* fix: allow changes to preexisting resource in violation of a policy in Enforce
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: missing error check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* nit: cleanup
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update old policy context
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: preconditions always retured true
internal.CheckPreconditions always returned true when v.anyAllConditions, it should be populated with rule.RawAnyAllConditions when newValidator() is used to create a validator
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: fix chainsaw test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: nit
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* debug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: update test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: add namespace
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add test for bad to good conversion
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add test step
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-12-12 09:17:53 +00:00
Jim Bugwadia
46f02a8ba7
optimize JSON context processing using in-memory maps ( #8322 )
...
* optimize JSON context processing using in memory maps
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix excessive logs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix mutate resource diff
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* uncomment tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* copy resource, as it can be modified
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* clear prior resource to prevent mutating original
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* linter fix
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix ImageInfo to unstructured conversion
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix custom image extractors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* do not update mutated resource in JSON context
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* address review comments
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-12-04 07:35:36 +00:00
Mariam Fahmy
c0e0cea9f4
feat: compute policy exceptions as a part of the rule execution ( #8713 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-11-13 15:43:25 +00:00
Mariam Fahmy
31858abb0b
fix: use validate.message in case there is no message associated with the CEL expression ( #8883 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-11-13 14:53:24 +00:00
Charles-Edouard Brétéché
c96199dee1
chore: move utils/wildcard in ext ( #8772 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-10-29 23:59:53 +00:00
Charles-Edouard Brétéché
5beaec677f
fix: cache invalidation in FindResources ( #8316 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-09-08 15:51:25 +02:00
AdamKorcz
34bfb57c08
[Bug] Fix nil-dereference in pss validation ( #8271 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-09-05 18:45:07 +00:00
Mariam Fahmy
b495c6d112
feat: support authorizer variable in CEL expressions ( #8024 )
...
* feat: support authorizer variable in CEL expressions
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add the auth reason
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add kuttl tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint issue
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix kuttl test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: add helpers
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-09-05 10:16:50 +00:00
Mariam Fahmy
c583b64120
feat: generate validating admission policies and their bindings from Kyverno policies ( #7840 )
...
* feat: generate validating admission policies and their bindings from Kyverno policies
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add generate VAPs feature flag
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: use container flags instead of feature flags
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: limit VAP generation to cluster policies
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add policy checks for generating VAPs
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: rename package
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: translate match/exclude resources in Kyverno policies to their alternatives in validating admission policies
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add vap info in kyverno policy status
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: delete the translation of
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add kuttl tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add generateValidatingAdmissionPolicy feature flag in the helm chart
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: update codegen
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add validating admission policy kuttl tests in the workflow
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: check K8s server version
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint issue
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: remove the kind config of VAPs
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-31 10:25:21 +00:00
Amit kumar
6d8ae16afa
added verify image ristretto cache implementation ( #7969 )
...
* updated flags
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added ristretto_cache impl
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added bufferSize
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* small nits
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* made cache as private member
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* made cache as private member
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added logger.withValues
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added verify image cache
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* small nits
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added cache tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* fixed lint issue
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added chaged policy test
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* cache time should be entered in minutes
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed cache.wait()
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* small nits
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed client.go logs and added in imageVerifier
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added level to the logs
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added notary image cache verification
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* replace intVar by flag.DurationVar()
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed lock from cache clinet
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* updated cosign tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added execution latencies comparision
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added assert.Error()
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added error assertion util
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added error log
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* Update pkg/engine/internal/imageverifier.go
Signed-off-by: shuting <shutting06@gmail.com>
* lint fixes
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed logs from unit tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added ristretto_cache impl
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed cache.wait()
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* small nits
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added asssertions in tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* fixed conflicts
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* lint fix
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* renamed variabls
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
---------
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-08-30 07:26:40 +00:00
Mariam Fahmy
94aa1f18c6
feat: support namespaced parameter resources for CEL expressions in Kyverno policies ( #8084 )
...
* feat: support namespaced parameter resources for CEL expressions in Kyverno policies
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint issue
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix kuttl test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-28 14:43:09 +00:00
Mariam Fahmy
072ebeacdb
refactor: create cel package for compiling expressions ( #8108 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-24 14:06:37 +00:00
Mariam Fahmy
10172ae8e0
feat: support variables for CEL in Kyverno policies ( #8103 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-08-24 10:00:27 +00:00
Mariam Fahmy
333845677a
fix: check if client is set in CEL validations ( #8099 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-08-23 17:22:37 +02:00
