* updates for foreach and mutate
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* allow tests to pass on Windows
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add elementIndex variable
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix jsonResult usage
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add mutate validation and fix error in validate.foreach
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update message
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* do not skip validation for all array entries when one is skipped
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add foreach tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix format errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove unused declarations
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert namespaceWithLabelYaml
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix mutate of element list
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update CRDs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update api/kyverno/v1/policy_types.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/forceMutate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/forceMutate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/forceMutate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/mutation.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/mutation.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/mutation.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/validate/validate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/validate/validate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update test/cli/test/custom-functions/policy.yaml
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update test/cli/test/foreach/policies.yaml
Co-authored-by: Steven E. Harris <seh@panix.com>
* accept review comments and format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add comments to strategicMergePatch buffer
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* load context and evaluate preconditions foreach element
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test for foreach mutate context and precondition
* precondition testcase
* address review comments
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update message
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Steven E. Harris <seh@panix.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
* add wildcard support for match label selector
* fix comment
* update cluster role label
* fix comment
* fix comment
* add support for key label selector
* update method name
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
* add keyless verification
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* run make fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter warning
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* wrap error with details
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Format error messages correctly
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
* No punctuation at the end or errors
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
* Replace loop with simple if
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
* Fix more errors
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
* intial commit
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* update types
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* updated all type
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* extract to single struct
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* updated match resource description function
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* minor test working
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* match resources test is working
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* exclude resources test is working
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* changed double negetive in logic
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* yamls updated and added validation and cache loops
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* match exclude working but need to fix matchExcludeConflict function
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* restored doMatchAndExcludeConflict function
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* rewrote the matchExcludeConflictFunction
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* finalizing completed till utils_test.go
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* ready for review complete
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* update yamls
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* one more merge conflict solved
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* regenerates YAMLs
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* possible fix for failing tests
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* removed duplicate any/all logic and added a test, (rest refacotring is in progress)
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* cache test is working
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* improved cache test and it is working
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* added check for mutate and generate policies too
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* cleaned doesResourceMatchConditionBlock logic but validation still has code from attempt to combine the all block
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* reverted validate.go to older logic
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* removed commented code
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* removed extra comments
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
* add image verification
* inline policy list
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* cosign version and dependencies updates
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add registry initialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add build tag to exclude k8schain for cloud providers
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add build tag to exclude k8schain for cloud providers
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* generate deep copy and other fixtures
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix deep copy issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* mutate images to add digest
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add certificates to Kyverno container for HTTPS lookups
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align flag syntax
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update docs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update dependencies
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update dependencies
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* patch image with digest and fix checks
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* hardcode image for demos
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add default registry (docker.io) before calling reference.Parse
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix definition
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* increase webhook timeout
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix args
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* run gofmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* rename for clarity
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix HasImageVerify check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align make test commands
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align make test commands
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* align make test commands
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter error
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle API conflict and retry
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix reviewdog issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix make for unit tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* improve error message
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix durations
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle errors in tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* print policy name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add retries and duration to error log
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix time check in tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* round creation times in test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix retry loop
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove timing check for policy creation
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix e2e error - policy not found
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* update string comparison method
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix test Generate_Namespace_Label_Actions
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* add debug info for e2e tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix error
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix generate bug
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add check for update operations
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* increase time for deleteing a resource
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Shuting Zhao <shutting06@gmail.com>
* forbid variables in match/exclude/patchesJson6902.path sections
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* fix e2e test
Signed-off-by: Max Goncharenko <kacejot@fex.net>
* edits related to the PR comments
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
* initial commit for api server lookups
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* initial commit for API server lookups
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495)
* Dockerfile refactored
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* Adding non-root commands to docker images and enhanced the dockerfiles
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* changing base image to scratch
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* Minor typo fix
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* changing dockerfiles to use /etc/passwd to use non-root user'
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* minor typo
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* minor typo
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert cli image name (#1507)
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Refactor resourceCache; Reduce throttling requests (background controller) (#1500)
* skip sending API request for filtered resource
* fix PR comment
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fixes https://github.com/kyverno/kyverno/issues/1490
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix bug - namespace is not returned properly
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* reduce throttling - list resource using lister
* refactor resource cache
* fix test
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix label selector
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix build failure
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix merge issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add nil check for API client
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
* Remove lock embedded in CRD controller, use concurrent map to store shcemas
* delete rcr info from data store
* skip policy validation on status update
* - remove status check in policy mutation; - fix test
* Remove fqdncn flag
* add flag profiling port
* skip policy mutation & validation on status update
* sync policy status every minute
* update log messages
