mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
4520 commits 16 branches 550 tags 288 MiB
Commit graph

100 commits

Author SHA1 Message Date
Max Goncharenko
24c4f06ecd Fix #1506; Resolve path reference in entire rule instead of just pattern/overlay 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
 2021-03-16 13:45:40 +02:00
Max Goncharenko
db49046e26
fix #1465: raise log level to error; add failed rules (#1709) 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
 2021-03-15 15:34:21 -07:00
shuting
70d90ffb06
- remove preProcessJSONPatches; - update local Dockerfile (#1703) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-15 10:29:46 -07:00
Shuting Zhao
7795f335c8 fix negative index 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 18:36:13 -08:00
Shuting Zhao
517c60fadc add unit tests 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 18:02:52 -08:00
Shuting Zhao
c4ebef7b0d - support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902 
- upgrade to evanphx/json-patch/v5

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 15:25:07 -08:00
Shuting Zhao
492d0e8009 remove kustomize patchesJSON6902 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-25 15:25:07 -08:00
shuting
267be0815f
Bug fixes - policy validation, auto-generated rules, apiCall support in mutate and generate (#1629) 
* Fix invalid policy reports generated for blocked resource

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1464 - copy context and preconditions to auto-gen rules

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1628 - add policy validations

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1593 - support apiCall in mutate and generate

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 12:08:26 -08:00
shuting
3bc386955e
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) 
* ignore certain paths when generates JSON patches

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove extra comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix https://github.com/kyverno/kyverno/issues/1339

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* resolve PR comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-19 11:08:06 -08:00
shuting
27e2b9abd5
Fix mutation panic (#1462) 
* fix #1454

* - add unit tests; - rename method
 2021-01-08 16:45:39 -08:00
shuting
52d091c5a3
Improve / clean up code (#1444) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages
 2021-01-06 16:32:02 -08:00
shuting
2fc3b3b998
Fixes 1410 strategic merge patch (#1414) 
* fixes #1410

* fix unit test

* re-initialize worker immediately on failure
 2020-12-23 17:48:00 -08:00
shuting
e868dbfeb9
Fix 1287 - failed to update annotation through mutate policy (#1289) 
* fix 1287

* update mutate log
 2020-11-24 10:11:05 -08:00
Shuting Zhao
b9fb926ddb fixes for golint ./... 2020-11-17 13:07:30 -08:00
Shuting Zhao
e985ee4031 correct misspelled words 2020-11-17 12:01:01 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Shuting Zhao
b8b1d81df0 handles array parsing in configmap value 2020-09-22 18:26:52 -07:00
Mohan B E
bd406f5bb8
added conversion of overlay to patch strategic merge (#1138) 
* added conversion of overlay to patch strategic merge and modified unittest for the same

* updated best practice policy
 2020-09-22 16:19:09 -07:00
Mohan B E
51ac382c6c
Feature/configmaps var 724 (#1118) 
* added configmap data substitution for foreground mutate and validate

* added configmap data substitution for foreground mutate and validate fmt

* added configmap lookup for background

* added comments to resource cache

* added configmap data lookup in preConditions

* added parse strings in In operator and configmap lookup docs

* added configmap lookup docs

* modified configmap lookup docs
 2020-09-22 14:11:49 -07:00
Mohan B E
a1081c8f82
fixed policy validationa and patch strategic merge bug (#1136) 2020-09-18 12:18:13 -07:00
Mohan B E
95542908eb
fixed additional anchor bug in patch strategic merge (#1114) 2020-09-14 10:25:00 -07:00
shuting
931d7cd47c
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) 
* add watch policy to clusterrole kyverno:customresources

* fix build

* fix nil pointer

* skip json patches if the mutation is re-invoked

* set resource mutating webhook invocation policy to IfNeeded
 2020-09-03 08:54:37 -07:00
Mohan B E
3690bf5fff
conditional anchor preprocessing for patch strategic merge (#1090) 
* conditional anchor preprocessing for patch strategic merge

* modified sequence pre processing and added unit test

* merged master

* go fmt

* corrected mistake and added error handling to policy validate
 2020-09-01 09:12:05 -07:00
Mohan B E
a827f88dc7
resolved conditional anchor issue and added validation to pattern labels (#1060) 
* resolved conditional anchor issue and added validation to pattern labels

* restored IsConditionAnchor

* added annotation and anypattern validation

* added conditional anchor key checker

* reverted docs

* fixed tests

* modified validation

* modified validate condition check
 2020-08-28 18:22:22 -07:00
shuting
39de46fe39
983 kustomize support (#1026) 
* prototype - strategic merge patch

* add end to end test

* add engine strategic merge patch support

* set webhook reinvocationPolicy to IfNeeded

* refactor engine mutate code

* support JMESPath in strategic merge patch

* implement patchesJson6902

* update doc

* resolve pr comments
 2020-08-05 09:11:23 -07:00
shuting
87fa77fbcc
965 add validate audit handler (#967) 
* store policy names cache to reduce lookup time

* add validate audit handler

* fix #958, remove auto-gen annotation on Pod

* formatting code

* update processTime to readable format

* #586, add back unit test

* update logging info

* remove unused interface

* handle generate policy in a single thread in weboook

* resolve pr comments
 2020-07-09 11:48:34 -07:00
Jim Bugwadia
c962971372
Update mutate overlay to handle keys with slashes for labels (like annotations). Added debug V4 logs for mutate flows. (#972) 2020-07-04 19:32:11 -07:00
Jim Bugwadia
912bc3ccc4 - fix panic in log and improve CLI error reporting 2020-06-12 18:23:59 -07:00
Jim Bugwadia
838d02c475
Bugfix/659 support wildcards for namespaces (#871) 
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* remove policy store

Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.

We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.

* handle wildcard namespaces in background processing

* fix unit tests 1) remove platform dependent path usage 2) remove policy store

* add test case for mutate with wildcard namespaces
 2020-05-26 10:36:56 -07:00
Yuvraj
b725f1ce05 Fixed Conflict 2020-03-27 15:07:14 +05:30
Yuvraj
c873306564 Fixed error 
Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
 2020-03-27 14:39:35 +05:30
Yuvraj
2a356d1c46 Fix conflict 
Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
 2020-03-27 14:13:01 +05:30
Yuvraj
4fa5a056f3 Fix conflict 
Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
 2020-03-27 14:10:21 +05:30
Yuvraj
010bc2b43d
Merge branch 'master' into feature/golangci-lint 2020-03-27 13:35:33 +05:30
Yuvraj
801c7513cb golanfci-lint changes 
Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
 2020-03-24 00:35:05 +05:30
shivkumar dudhani
e6e5bbb603 Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00
shivkumar dudhani
d327309d72 refactor logging 2020-03-17 16:25:34 -07:00
shivkumar dudhani
1b1ab78f77 logs & access 2020-03-17 11:05:20 -07:00
shravan
4db0cf7a87 522 adding force mutate function 2020-03-06 01:09:38 +05:30
shivkumar dudhani
5cee543755 refactor variable substitution 2020-02-14 11:59:28 -08:00
shuting
3343d73b76 linter fix (#657) 2020-01-27 08:58:53 -08:00
Shivkumar Dudhani
f4406bbefc
linter fixes (#656) 
* cleanup phase 1

* linter fixes phase 2

* linter fixes

* linter fixes
 2020-01-24 16:27:51 -08:00
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
Shivkumar Dudhani
1171ac691b
cleanup phase 1 (#653) 2020-01-24 09:37:12 -08:00
Shuting Zhao
7e59e8e484 mutation failure to not block resource creation 2020-01-15 21:46:58 -08:00
Shuting Zhao
fbe6ea2f24 fix annotation path error if applied to pod controller 2020-01-14 15:57:02 -08:00
Shuting Zhao
4c83ab8b52 add more unit tests 2020-01-10 17:15:44 -08:00
Shuting Zhao
5a44ab3e16 generate violation in validate when substitute path not present 2020-01-09 17:44:11 -08:00
Shuting Zhao
f78ca61859 generate violation in mutation when substitute path not present 2020-01-09 12:24:37 -08:00
Shuting Zhao
472fa29fce move mutation to subpackage pkg/engine/mutate 2020-01-07 17:06:17 -08:00