Mariam Fahmy
c7122edfa8
feat: add tests for different values of mutateExistingOnPolicyUpdate ( #10797 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-07 15:06:01 +00:00
Mariam Fahmy
53e0ccdc25
fix: pass resource names to auth check for mutateExisting policies ( #10808 )
2024-08-07 14:09:16 +00:00
Mariam Fahmy
4d1f040e49
fix: add the resource name to the SubjectAccessReview ( #10221 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-07 12:46:44 +00:00
dependabot[bot]
4342c36c09
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #10799 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
2024-08-07 11:12:29 +00:00
dependabot[bot]
719f19fc78
chore(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 ( #10804 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/crypto/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 09:08:49 +00:00
dependabot[bot]
3caba8a99e
chore(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 ( #10806 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 07:53:20 +00:00
Mariam Fahmy
c796bb765c
fix: return policies with either audit or enforce rules from the cache ( #10667 )
...
* fix: return policies with either audit or enforce rules from the cache
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: introduce validationFailureAction under verifyImage rules
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 18:24:28 +00:00
Mariam Fahmy
a32bdf1ac1
feat: add chainsaw tests for generate policies (part 2) ( #10795 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-06 17:13:55 +03:00
Frank Jogeleit
deab83d62f
reconcile only PolicyReports managed by kyverno ( #10794 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-06 12:43:47 +00:00
Mariam Fahmy
8d44864a61
feat: add chainsaw tests for generate policies (part 1) ( #10551 )
...
* feat: add chainsaw tests for generate policies (part 1)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: rename deprecated chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-06 11:48:50 +00:00
Steven Kriegler
75fb7e1d1a
Remove cleanup cronjobs for updaterequests and ephemeralreports ( #10760 )
...
* Remove cleanup cronjobs for updaterequests and ephemeralreports
Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com>
* Cleanup Chart readme
Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com>
* Run `make codegen-manifest-all`
Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com>
---------
Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
2024-08-06 07:41:04 +00:00
Khaled Emara
c0cf6c5bf1
feat(json): unmarshal at decode time ( #10700 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-05 15:46:50 +03:00
Frank Jogeleit
91ffbb6758
feat: assert rule autogen ( #10780 )
...
* Support autogen for assert validation rules
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* simplify assert autogen logic
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* add chainsaw test
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---------
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2024-08-05 10:59:55 +00:00
Frank Jogeleit
cfef8a089a
init controller-gen support for oneOf and not ( #10776 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-08-02 22:19:35 +00:00
Charles-Edouard Brétéché
2ead7fb8f6
test: add chainsaw tests for reports generated by policy using an assertion tree ( #10779 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-08-02 19:43:15 +00:00
Mariam Fahmy
ce7e570268
fix: set all operations by default in the generated VAP ( #10100 )
...
* fix: set all operations by default in the generated VAP
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-02 14:12:42 +00:00
Mariam Fahmy
9d28116eb4
fix: allow exceptions to match Pod/ephemeralcontainers by default ( #10778 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-02 12:47:09 +00:00
Charles-Edouard Brétéché
a1510d9db1
feat: add more policy validation around policies using kyverno-json ( #10777 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-08-02 14:47:03 +03:00
Charles-Edouard Brétéché
fc694bc24c
feat: add kyverno json support to validation rule ( #10763 )
...
* feat: add kyverno json support to validation rule
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v2beta1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* validation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* engine handler
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* context functions
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* better bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-08-02 08:24:30 +00:00
dependabot[bot]
5c04256a4a
chore(deps): bump cbrgm/cleanup-stale-branches-action ( #10775 )
...
Bumps [cbrgm/cleanup-stale-branches-action](https://github.com/cbrgm/cleanup-stale-branches-action ) from 1.1.19 to 1.1.20.
- [Release notes](https://github.com/cbrgm/cleanup-stale-branches-action/releases )
- [Commits](03d7d18e1a...3a038290b5
2024-08-02 07:33:39 +00:00
Mariam Fahmy
6d732d28c7
fix: get ns labels before creating a policy context ( #10773 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-02 05:14:36 +03:00
Charles-Edouard Brétéché
e004d8ae8d
chore: bump chainsaw ( #10687 )
...
* chore: bump chainsaw
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bump
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v0.2.8-beta.1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v0.2.8-beta.2
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* beta 3
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* cli
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-07-31 15:50:20 +00:00
Charles Uneze
7a6fee648b
Add kyverno helm repo ( #10758 )
...
Signed-off-by: Charles Uneze <charlesniklaus@gmail.com>
2024-07-31 13:11:52 +00:00
Lavish Pal
7efb8a7c65
Move Nancy scan to a periodic job ( #10725 )
...
Signed-off-by: Lavish pal <lvishpal408@gmail.com>
2024-07-31 08:32:29 +00:00
dependabot[bot]
c9103a11bb
chore(deps): bump github.com/docker/docker ( #10750 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 26.1.3+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-07-30 18:07:40 +00:00
Charles-Edouard Brétéché
b63062e72f
chore: bump kyverno-json ( #10753 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-07-30 16:20:53 +00:00
Charles-Edouard Brétéché
2f0ef30089
chore: bump kyverno-json ( #10752 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-07-30 15:01:09 +00:00
dependabot[bot]
e9b0d26b05
chore(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 ( #10747 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.34.0 to 1.34.1.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.34.0...v1.34.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-30 13:14:55 +00:00
Khaled Emara
d173752041
feat(json): unmarshal once per policy ( #10701 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-30 10:52:41 +00:00
dependabot[bot]
74e17cc629
chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 ( #10746 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6.0.1 to 6.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](a4f60bb28d...aaa42aa062
2024-07-30 16:45:14 +08:00
dependabot[bot]
7232d8e57e
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 ( #10742 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
2024-07-29 16:18:20 +00:00
dependabot[bot]
6aba51564d
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 ( #10743 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5cf07d8b70...afb54ba388
2024-07-29 15:20:44 +00:00
Khaled Emara
0aeb32df3b
feat(autogen): use static bytes instead of string ( #10723 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-29 13:46:11 +00:00
Khaled Emara
c2646f7a9d
feat(json): reduce reliance on DocumentToUntyped() ( #10724 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-29 11:57:20 +00:00
dependabot[bot]
70c1dc6a06
chore(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 ( #10732 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.33.1 to 1.34.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 08:40:45 +00:00
dependabot[bot]
7c730aee6f
chore(deps): bump sigstore/scaffolding from 0.7.4 to 0.7.5 ( #10744 )
...
Bumps [sigstore/scaffolding](https://github.com/sigstore/scaffolding ) from 0.7.4 to 0.7.5.
- [Release notes](https://github.com/sigstore/scaffolding/releases )
- [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md )
- [Commits](26f31cb72c...634364a897
2024-07-29 15:50:53 +08:00
Mariam Fahmy
734f1df059
fix: check the resource namespace ( #10738 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-26 21:45:54 +08:00
Ammar Yasser
f618717f75
fix: Check for the client being nil before applying a mutation ( #10726 )
...
Signed-off-by: aerosouund <aerosound161@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-26 10:49:51 +00:00
dependabot[bot]
8109f2194e
chore(deps): bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4 ( #10733 )
...
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils ) from 0.8.3 to 0.8.4.
- [Release notes](https://github.com/kubernetes-sigs/release-utils/releases )
- [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.3...v0.8.4 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/release-utils
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-26 09:09:20 +00:00
dependabot[bot]
8dadebb2ea
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 ( #10731 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d790406f5...5cf07d8b70
2024-07-26 16:20:37 +08:00
Mariam Fahmy
716611b7ea
fix: return all the exceptions that match the incoming resource ( #10722 )
...
* fix: return all the exceptions that match the incoming resource
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify log messages
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 17:36:19 +00:00
Jim Bugwadia
2855d27ce4
change security to point to org repo ( #10716 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-07-25 07:40:38 +00:00
Korada Vishal
ca17cb2c6f
Improved test covergae for forceMutate ( #10103 )
...
Signed-off-by: Vishal K <korada.vishal.phe22@itbhu.ac.in>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-24 10:43:07 +00:00
dependabot[bot]
f539e854be
chore(deps): bump github.com/cyphar/filepath-securejoin ( #10713 )
...
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin ) from 0.3.0 to 0.3.1.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases )
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md )
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 )
---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 09:02:52 +00:00
Geetha Madhuri Bojanki
f9a8388c14
Updated the outdated example mentioned in Development.md file with latest one ( #10706 )
...
* Updated Expose the endpoint on a local port section in DEVELOPMENT.md file
Signed-off-by: Geetha Madhuri <geetha.bojanki@infosys.com>
* Updated the outdated example mentioned in Development.md file with latest one
Signed-off-by: Geetha Madhuri <geetha.bojanki@infosys.com>
---------
Signed-off-by: Geetha Madhuri <geetha.bojanki@infosys.com>
2024-07-24 07:18:39 +00:00
dependabot[bot]
db45329cd6
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 ( #10704 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](0d4c9c5ea7...9780b0c442
2024-07-23 10:10:59 +00:00
dependabot[bot]
2f9f33183f
chore(deps): bump sigs.k8s.io/kustomize/api from 0.17.2 to 0.17.3 ( #10696 )
...
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize ) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.17.2...api/v0.17.3 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-23 17:16:06 +08:00
dependabot[bot]
0421c44659
chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.17.1 to 0.17.2 ( #10695 )
...
Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.17.1...api/v0.17.2 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/kyaml
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 10:34:31 +00:00
dependabot[bot]
af8d4f9260
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 ( #10697 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4fa2a79536...2d790406f5
2024-07-22 07:14:22 +00:00
dependabot[bot]
974da43c55
chore(deps): bump k8s.io/cli-runtime from 0.30.2 to 0.30.3 ( #10690 )
...
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime ) from 0.30.2 to 0.30.3.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.30.2...v0.30.3 )
---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-21 21:57:21 +00:00
