kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
shuting	86fc31f63b	feat: add validations for generate immutable fields (#6328 ) * add validations for generate immutable fields Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0 (#6334) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Jmespath typo fix (#6342) Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> * chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#6341) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#6348) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.0.5 to 2.1.0. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](`bd2868d14a...b9ddf6a515`) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1 (#6347) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.0 to 1.27.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.0...v1.27.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: dump admission response (#6349) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: use labels.Everything in userinfo clusterroles matching (#6351) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update k8s.gcr.io to registry.k8s.io (#6340) Signed-off-by: Rayan Das <rayandas91@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Notary v2 (#6011) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> * chore(deps): bump fluxcd/flux2 from 0.39.0 to 0.40.0 (#6362) Bumps [fluxcd/flux2](https://github.com/fluxcd/flux2) from 0.39.0 to 0.40.0. - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](`978cc0c5b8...2cac6ce281`) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * oldObject translation solved in autogen (#6305) * OldObject translation solved in autogen Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> * CronJob fixed in autogen Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> * tests added Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> --------- Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: logger key value in wrong order (#6365) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: missing metrics for policies in audit mode (#6363) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/notaryproject/notation-go (#6361) Bumps [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) from 1.0.0-rc.1 to 1.0.0-rc.3. - [Release notes](https://github.com/notaryproject/notation-go/releases) - [Commits](https://github.com/notaryproject/notation-go/compare/v1.0.0-rc.1...v1.0.0-rc.3) --- updated-dependencies: - dependency-name: github.com/notaryproject/notation-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: role matching from authentication infos (#6358) * fix: role matching from authentication infos Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: delete certificate secret if type is not TLS (#6368) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: user/groups exclusions (#6357) * refactor: user/groups exclusions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * wildcard Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add labels to downstream and source resources (#6322) Signed-off-by: ShutingZhao <shuting@nirmata.com> * update generate validation checks Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Abhishek Kumar <abhishek22512@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Rayan Das <rayandas91@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Abhishek Kumar <76171953+octonawish-akcodes@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Rayan Das <rayandas91@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-03-01 06:52:20 +00:00
shuting	dc8874fea7	add label keys (#6291 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-02-10 14:26:51 +01:00
Brian Dunnigan	d33e616d69	#6055 Add JMESPath support to imageExtractors (#6183 ) Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2023-02-08 11:54:59 +00:00
Fish-pro	fdfdcc058f	Remove dependency on github.com/pkg/errors (#6165 ) Signed-off-by: Fish-pro <zechun.chen@daocloud.io>	2023-02-01 14:38:04 +08:00
Zadkiel Aharonian	17b7bcb4ec	fix: allow root context configmap variable references (#6120 ) Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr> Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr> Signed-off-by: GitHub <noreply@github.com>	2023-01-26 16:04:26 +01:00
Vyom Yadav	c0875f16e6	fix: Configure webhook to add ephemeralcontainers for policies matching on Pod (#5886 ) Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-01-06 13:40:35 +00:00
shuting	18455b4d21	feat: cleanup enhancements-1 (#5796 ) * update fields description Signed-off-by: ShutingZhao <shuting@nirmata.com> * update cleanup controller clusterrole name Signed-off-by: ShutingZhao <shuting@nirmata.com> * - add variables validations to support "request." and "images."; - update debug log level to 4 Signed-off-by: ShutingZhao <shuting@nirmata.com> * add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-01-04 09:03:56 +00:00
Charles-Edouard Brétéché	baacf60156	refactor: move utils into sub packages (#5828 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-03 09:33:09 +00:00
Njegos Railic	c429f845dd	Adding support for overriding the default registry (#4715 ) Signed-off-by: Njegos Railic <railic.njegos@gmail.com> Signed-off-by: Njegos Railic <railic.njegos@gmail.com>	2023-01-02 17:14:40 +00:00
Charles-Edouard Brétéché	94abfaf13e	refactor: move util funcs in sub packages (#5754 ) * refactor: move util func in sub packages Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update pkg/utils/kube/crd.go Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-12-22 06:39:54 +00:00
Charles-Edouard Brétéché	3975323362	chore: bump deps including k8s ones (#5751 ) * chore: bump deps including k8s ones Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-21 22:33:51 +00:00
Santosh Kaluskar	646064f3f5	Allows {{image}} var to be used in policies (#5122 ) Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com> Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-12-21 07:37:29 +00:00
Vyom Yadav	99d988e98c	feat: add support for subresources to validating and mutating policies (#4916 ) * feat: add support for subresources to validating and mutating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add CLI test cases with subresources for validating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Fix existing e2e tests for validating policies and remove tests migrated to kuttl Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for mutating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policy by-pass by manipulating preconditions Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>	2022-12-10 00:45:23 +08:00
Charles-Edouard Brétéché	c3be9e36a5	feat: propagate context to dynamic client (#5495 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-29 13:59:40 +00:00
Charles-Edouard Brétéché	6f1bd5fff2	chore: replace utils.ContainsString with builtin slices.Contains (#5496 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-29 08:04:49 +00:00
Prateek Pandey	42221a93e4	fix: add clone check before validating namespace policy (#5459 ) fix: add clone check before validate clone namespace - fix data policy validation - add kuttl tests to validate the behaviour Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-11-25 12:49:22 +05:30
Pratik Shah	dccb1f692a	Fixed issue-3709: Image verify rule gives error for non-existing configmap (#5272 ) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io>	2022-11-18 08:27:34 +00:00
Vyankatesh Kudtarkar	83a84c9d47	[Bug]: Fix wildcard any/all issue (#5387 ) * Fix wildcard for any/all match/excude kinds * remove non required test * add kuttl test * Revert "add kuttl test" This reverts commit `d2245bc248`. * add kuttl test * fix test	2022-11-17 14:07:03 +00:00
shuting	b1367fd497	fix the entry length validation for the verify image rule (#5384 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-11-17 17:25:02 +05:30
Prateek Pandey	c0f479add9	fix: add validation for generate namespace policy (#5346 ) * fix: add validation for generate namespace policy - generate of cluster scope resource not allowed - Only allowed to generate resource in policy namespace Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add unit tests to validate the behaviour Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix error logs Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-17 07:43:51 +00:00
Prateek Pandey	2b4ff1ef6d	fix: synchronize source resource update to clone list resource (#5317 ) * fix: synchronize source resource update to clone list target resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add kuttl test to verify the clone list synchronized behavior Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor functions parameters Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix the kuttl test description and behavior README Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * Use entire content to compare Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-11-11 19:30:54 +00:00
Charles-Edouard Brétéché	6091af6fba	fix: wrong logger used (#5311 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-11 12:16:27 +05:30
Charles-Edouard Brétéché	564c92d4bf	fix: add warning when using deprecated validation failure action (#5219 ) * fix: add warning when using deprecated validation failure action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-07 22:16:53 +00:00
Vyankatesh Kudtarkar	a6e866fe1f	Fix Keda policy installation issue (#5239 )	2022-11-07 18:54:44 +05:30
Charles-Edouard Brétéché	f52da91b72	fix: early return in policy validation (#5200 ) * fix: early return in policy validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-03 09:05:23 +00:00
Charles-Edouard Brétéché	d2658a1bc8	refactor: support Audit and Enforce validation failure actions (#5152 ) * feat: remove policy mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: support Audit and Enforce failure actions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * typo Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update changelog Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-11-01 09:56:52 +00:00
Charles-Edouard Brétéché	ad2cbd3b33	feat: add simple conformance tests (#5073 ) * feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-20 12:17:33 +00:00
Shivansh Yadav	becf73227b	validate patchJSON6902 (#4469 ) * validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * test: validateJSON6902 tests Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * test: validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> Signed-off-by: Shivansh Yadav <yadavshivansh@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-17 15:25:03 +00:00
Charles-Edouard Brétéché	cb0410dcf1	fix: policy not denied when kinds set is empty (#5016 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-17 14:10:42 +00:00
Pratik Shah	8a0083105d	Added support to specify key signature algorithm in verifyImages (#4855 ) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io>	2022-10-14 05:39:57 +00:00
Charles-Edouard Brétéché	b3021f5a57	refactor: openapi controller part 2 (#4910 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-12 22:24:16 +05:30
Charles-Edouard Brétéché	de67a507cd	refactor: openapi controller part 1 (#4901 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-12 11:38:48 +00:00
ansalamdaniel	27de93a3d2	fix: add policy validation for ValidationFailureActionOverride field (#4784 ) Signed-off-by: ansalamdaniel <ansalam.daniel@infracloud.io>	2022-10-06 06:16:12 +00:00
Charles-Edouard Brétéché	7213abec36	fix: remove reference to controller runtime log (#4779 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-03 12:55:39 +02:00
Charles-Edouard Brétéché	9aca37fe9f	refactor: use context in openapi controller (#4760 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-09-30 11:56:47 +00:00
Vyankatesh Kudtarkar	c7bcd5fadf	Fix multiple crd slowness issue (#4275 ) Signed-off-by: Vyankatesh vyankateshkd@gmail.com * fix multiple crd issue	2022-09-12 16:14:28 +08:00
Charles-Edouard Brétéché	1e25bfd16f	feat: remove context api call constraints (#4389 ) * feat: add raw api call support Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: remove context api call constraints Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 08:30:04 +00:00
shuting	3bf3dcc1af	Add the metric "kyverno_client_queries_total" (#4359 ) * Add metric "kyverno_kube_client_queries_total" Signed-off-by: ShutingZhao <shuting@nirmata.com> * publish metric for missing queries Signed-off-by: ShutingZhao <shuting@nirmata.com> * Refactor the way Kyverno registers QPS metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * Move clientsets to a dedicated folder Signed-off-by: ShutingZhao <shuting@nirmata.com> * Wrap Kyverno client and policyreport client to register client query metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Switch to use wrapper clients Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-31 11:33:47 +05:30
Riko Kudo	5f5cda9fee	Yaml signing and verification (#4235 ) * enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix log message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> change default value of dryrun option Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> support gpg signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> set cosign experimental env when keyless verification Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * improve default ignoreFields Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * add unit-test for k8smanifest Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update install yaml Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add unit-test for k8smanifest multi-signature Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and resolve conflict Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> enable YAML verification using k8s-manifest-sigstore Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> comment out role and rolebinding for dryrun Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix pubkey setting Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> upgrade manifest sigstore version and support multi sigs Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix validate.manifest rule Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update crd and add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> update k8s-manifest-sigstore version and support one or more signatures Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix verifyManifest result message Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> fix manifest verify policy and move dryrun rbac to dryrun dir Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> add small fix Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * remove generic name Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix sonatype-lift issue and unit-test error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> * update manifest rule to use attestor Signed-off-by: Riko Kudo <rurikudo@ibm.com> * remove unused value Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve conflict Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix install.yaml Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix to set COSIGN_EXPERIMENTAL env variable when keyless verification Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix misspell Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable kyverno cli in validate.manifests rule (#3) * enable kyverno cli in validate.manifests rule Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version and improve error handling for better result output Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update crds and deepcopy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update unit test Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * change to use spec.rules.exclude.subjects instead of skipUsers (#4) Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore (#5) * update k8s-manifest-sigstore version Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a comment for dryrun option field Signed-off-by: Riko Kudo <rurikudo@ibm.com> * enable to include ClusterPolicy/Policy in match resource Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style and env variable settings Signed-off-by: Riko Kudo <rurikudo@ibm.com> * simplify manifest verify func Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix func name Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix sonatype warning Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix default ignoreFields Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix yaml signing sigstore rbac (#6) * fix dryrun rbac to have minimal permissions Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix lint error Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix unit-test error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix gofumpt error Signed-off-by: Riko Kudo <rurikudo@ibm.com> * fix log style Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated CRD documentation Signed-off-by: Riko Kudo <rurikudo@ibm.com> * resolve go.mod conflicts Signed-off-by: Riko Kudo <rurikudo@ibm.com> * updated helm stuff Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Ruriko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-08-30 10:14:54 -07:00
Charles-Edouard Brétéché	144985ee5a	chore: fix golangcilint timeout (#4388 ) * chore: fix golangcilint timeout Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix commit sha Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add .gitattributes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-24 21:08:24 +08:00
Vyankatesh Kudtarkar	12693e1a9c	fix external.metrics.k8s.io/v1beta1 issue (#4139 ) * fix external.metrics.k8s.io/v1beta1 issue * update find resource discovery method * revert validate.go * revert chnages * update discovery method * fix error handler issue * add logger support	2022-07-01 03:00:05 +00:00
Vyankatesh Kudtarkar	bea0b794d5	add validation check to ensure the annotations quoted (#3976 )	2022-05-24 12:45:23 +00:00
shuting	85b486eb27	Support `@` for mutate targets (#3998 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-05-24 17:49:36 +05:30
Charles-Edouard Brétéché	41a3f6c388	chore: make kyverno informers and listers import aliases consistent (#3958 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make clients import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kube informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kyverno informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-18 04:02:31 +00:00
Charles-Edouard Brétéché	5aaf2d8770	chore: make kyverno api import aliases consistent (#3939 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	52cc493e57	chore: enable misspell linter (#3932 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 19:08:57 +05:30
Charles-Edouard Brétéché	d7a3ba596d	chore: enable errname linter (#3926 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 18:51:31 +08:00
Jim Bugwadia	0cd21ec0f3	skip var checks in attestations (#3876 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-05-11 09:31:48 +00:00
Charles-Edouard Brétéché	97e5e64fd4	chore: enable whitespace linter (#3864 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-10 17:01:29 +00:00

1 2 3 4

193 commits