Mariam Fahmy
|
970c255765
|
feat: validate CELPolicyExceptions (#12083)
* feat: validate CELPolicyExceptions
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: add cel-policy-exceptions tests in the CI
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-02-05 15:01:11 +00:00 |
|
shuting
|
1f3d82893b
|
feat: add vpol status (#11956)
* feat: add vpol status
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: update status API
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update code-gen manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: reconcile vpol.status.conditions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add missing files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: add default webhook filters
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: enable .status subresource
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add missing files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
|
2025-02-05 14:16:53 +00:00 |
|
Charles-Edouard Brétéché
|
8fc6e78c16
|
feat: add validating policies to reports aggregation (#12096)
* feat: add validating policies to reports aggregation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chainsaw test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* unit tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-05 13:21:28 +00:00 |
|
Charles-Edouard Brétéché
|
4a4aef54d3
|
feat: add reporting to validating admission handler (#12090)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-04 20:32:18 +00:00 |
|
Charles-Edouard Brétéché
|
4f63ef5bc1
|
feat: consider Warn validation action (#12081)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-04 14:35:52 +00:00 |
|
Charles-Edouard Brétéché
|
3b0c9d662c
|
refactor: webhook server/handlers (#12079)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-04 14:52:48 +02:00 |
|
Mariam Fahmy
|
192e655c45
|
chore: remove polex compiler (#12078)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-02-04 11:52:19 +00:00 |
|
Charles-Edouard Brétéché
|
b908b1037a
|
feat: consider validation actions (#12072)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-04 06:29:40 +02:00 |
|
Charles-Edouard Brétéché
|
e55a90cc4b
|
feat: implement match conditions failure policy (#12071)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-04 00:04:26 +02:00 |
|
Charles-Edouard Brétéché
|
884a77a044
|
feat: add context provider in admission handling (#12070)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-03 19:11:31 +02:00 |
|
Mariam Fahmy
|
202ab74ff5
|
feat: compile CEL exceptions (#12066)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-02-03 17:17:41 +02:00 |
|
Charles-Edouard Brétéché
|
1cb0d1c356
|
feat: add message expression support to validating policies (#12063)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-03 14:04:19 +00:00 |
|
Vishal Choudhary
|
7d8ed212a4
|
feat: create image data loader (#12036)
* feat: add image data loader to context
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: build
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update types
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: replace crane with remote
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-03 13:42:40 +00:00 |
|
Charles-Edouard Brétéché
|
2bf7262814
|
feat: add admission request cel variable (#12054)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-03 11:40:05 +00:00 |
|
Charles-Edouard Brétéché
|
0077fdae2b
|
feat: add validation message in cel engine response (#12052)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-02-03 11:13:06 +00:00 |
|
Mariam Fahmy
|
4c950dcb32
|
feat: use v1 of ValidatingAdmissionPolicies (#12050)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-31 14:21:43 +00:00 |
|
Mariam Fahmy
|
226cacd65c
|
fix: match the old object against the object selector for VAPs in the CLI (#12051)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-31 14:47:32 +01:00 |
|
Mariam Fahmy
|
d1536580da
|
feat: add CEL PolicyException CRD (#12038)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-31 11:39:17 +00:00 |
|
Charles-Edouard Brétéché
|
f59b78aef0
|
feat: process cel engine response in webhook handler (#12047)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-31 11:07:22 +00:00 |
|
Charles-Edouard Brétéché
|
b8f7a83942
|
feat: support adminssion review in cel engine (#12046)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-31 08:03:59 +00:00 |
|
Charles-Edouard Brétéché
|
7a4e1bede9
|
feat: use more admission attributes (#12044)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-30 23:58:12 +00:00 |
|
Charles-Edouard Brétéché
|
2ab3b2dd51
|
fix: cel lib get config map return type (#12042)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-31 01:15:05 +02:00 |
|
Charles-Edouard Brétéché
|
f448db3f36
|
feat: use admission attributes (#12041)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-30 20:36:41 +00:00 |
|
abhashsolanki18
|
5c9adf9fb5
|
fix: error handling and reduce log clutter (#11979)
* fix: error handling and reduce log clutter
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed lint test
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
---------
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
|
2025-01-30 09:47:09 +00:00 |
|
Charles-Edouard Brétéché
|
dfa9f2f727
|
feat(validating policies): add support for ns and object selectors (#12034)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-30 01:07:01 +02:00 |
|
Charles-Edouard Brétéché
|
30360e871a
|
feat: execute handler (#12033)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-29 11:24:13 -08:00 |
|
Charles-Edouard Brétéché
|
a36f8c857c
|
fix: don't sort cel policies (#12028)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-29 15:00:46 +00:00 |
|
Charles-Edouard Brétéché
|
bff9590ebc
|
fix: bad usage of wait group (#12029)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-29 12:28:41 +00:00 |
|
Charles-Edouard Brétéché
|
1d3a9294cc
|
feat: watch validating policies (#12008)
* feat: watch validating policies
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rest config
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-28 16:24:40 +00:00 |
|
Mariam Fahmy
|
da717c4b17
|
feat: add validation action to VPs (#12017)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-28 14:34:26 +01:00 |
|
Charles-Edouard Brétéché
|
26e75fbf59
|
feat: add validating policy webhook handler (#12015)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-28 09:06:30 +00:00 |
|
Charles-Edouard Brétéché
|
92436bf4ed
|
refactor: use k8s wait group (#12010)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-27 23:25:33 +00:00 |
|
Charles-Edouard Brétéché
|
db4f7fb5e6
|
feat: register cel context lib (#12007)
* feat: register cel context lib
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* unit test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-27 16:16:27 +00:00 |
|
Mariam Fahmy
|
b8c6931aa5
|
feat: add autogen package for ValidatingPolicies (#11996)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-27 12:36:11 +00:00 |
|
Charles-Edouard Brétéché
|
a5fe768a53
|
feat: implement cel engine context provider (#11995)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-24 15:42:58 +00:00 |
|
Mariam Fahmy
|
1703428ffb
|
chore: remove unused functions in autogen (#11993)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-24 12:30:11 +00:00 |
|
Charles-Edouard Brétéché
|
ed80be3eff
|
feat: add support for more context elements (#11986)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-24 08:37:33 +00:00 |
|
Johann Schley
|
02c54490bc
|
Fix default value for apiCall context (#11733)
* chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#11712)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/crypto/compare/v0.29.0...v0.30.0)
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
* add test for apiCall default value
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
* move fallback to default into fetch function
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
* Update pkg/engine/apicall/apiCall.go
improved log message text
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
* Update pkg/engine/apicall/apiCall.go
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
* address comments
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Johann Schley <johann.schley@swisscom.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
|
2025-01-24 04:54:32 +00:00 |
|
Charles-Edouard Brétéché
|
144bf436ed
|
fix: implement cel context lib correctly (#11983)
* fix: implement cel context lib correctly
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* more changes
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-23 11:02:33 +00:00 |
|
Charles-Edouard Brétéché
|
f5467fcd61
|
refactor: reduce generic policy interface (#11977)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-22 16:32:30 +00:00 |
|
Charles-Edouard Brétéché
|
61d69c9290
|
refactor: reduce generic policy interface (#11974)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-22 09:03:48 +00:00 |
|
Charles-Edouard Brétéché
|
9d11e8f98c
|
feat: introduce evaluation results in cel engine (#11971)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-21 16:41:45 +00:00 |
|
Charles-Edouard Brétéché
|
54a8a53205
|
feat: add validating policy engine api wrapper (#11963)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-21 15:59:34 +08:00 |
|
Charles-Edouard Brétéché
|
a30fc14d4d
|
feat: add namespace support in CLI values (#11958)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-20 13:43:13 +02:00 |
|
Charles-Edouard Brétéché
|
5cc408dddb
|
feat: use policy provider (#11947)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-20 09:43:05 +00:00 |
|
Mariam Fahmy
|
77a7e5193a
|
feat: add MAP's mutation logic for the CLI (#11946)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-17 15:16:34 +00:00 |
|
Charles-Edouard Brétéché
|
7351501ef6
|
feat(cli,apply): load validating policies (#11933)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2025-01-17 09:53:17 +00:00 |
|
shuting
|
97ed53f6bb
|
feat: register webhook configurations for validatingpolicies (#11892)
* feat: add spec.webhookConfiguration
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: refactor build webhook for kyverno policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update yamls
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add listers
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: update api
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: remove matchPolicy
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update crd yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add short name
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update deepcopy
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: upadte spec
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix description
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add missing files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: register webhook for validatingpolicies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix import
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
|
2025-01-17 11:33:47 +02:00 |
|
abhashsolanki18
|
d2e6759115
|
fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash (#11834)
* fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* Fix nil pointer dereference in namespace handling for ValidatingAdmissionPolicy.
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* added test for namespace resource
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed test
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed test
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed test, combined binding and policy
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
---------
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
|
2025-01-16 13:39:24 +00:00 |
|
Mariam Fahmy
|
a72868bd6f
|
chore: move CEL package to admissionpolicy package (#11931)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2025-01-15 13:04:18 +00:00 |
|