mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
1851 commits 15 branches 540 tags 276 MiB
Commit graph

104 commits

Author SHA1 Message Date
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
Shivkumar Dudhani
1171ac691b
cleanup phase 1 (#653) 2020-01-24 09:37:12 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549) 
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
 2019-12-30 17:08:50 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
Shivkumar Dudhani
ffe3bdb677
remove newline from engine response strings (#537) 
* remove newline from engine response strings

* add scenario file updates

* cr: remove . in trailing msg string
 2019-12-04 18:04:42 -08:00
Shuting Zhao
261560eafb mutate rule: do not ignore empty key in resource if overlay has nested anchor 2019-11-27 16:07:15 -08:00
shivkumar dudhani
f97406698d remove namespace from resource spec 2019-11-15 12:03:58 -08:00
Shivkumar Dudhani
3ab0790342
use PolicyContext with engine.Generate (#483) 2019-11-13 15:46:43 -08:00
shuting
ded0183aa2
Merge pull request #478 from nirmata/472_update_apiversion 
472 update apiversion
 2019-11-13 15:19:27 -08:00
Shuting Zhao
b67577994a update apiversion to v1 in code 2019-11-13 13:41:08 -08:00
Shivkumar Dudhani
7a12e12cb5
skip validation if the resource updates dont violate policy rules (#477) 2019-11-13 13:13:07 -08:00
Shuting Zhao
45dc0bd358 Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 345_support_usergroup_info 
# Conflicts:
#	test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
 2019-11-13 00:31:07 -08:00
Shuting Zhao
5a3ed62b13 Merge branch 'master' into 345_support_usergroup_info 
# Conflicts:
#	pkg/engine/validation_test.go
#	pkg/webhooks/annotations.go
#	pkg/webhooks/annotations_test.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-11 19:19:08 -08:00
Jim Bugwadia
8348c5761c fix tests 2019-11-11 18:51:21 -08:00
Jim Bugwadia
87be5ca4b8 update policies and test cases 2019-11-11 17:55:54 -08:00
Jim Bugwadia
3ffb0cfa39 add disallow_sysctl and move policies 2019-11-11 17:17:09 -08:00
Jim Bugwadia
05503e4fd1 update other policies 2019-11-11 14:09:07 -08:00
Jim Bugwadia
dd4d091c23 update restrict_automount_sa_token 2019-11-10 21:57:20 -08:00
Jim Bugwadia
5e8b6c4183 update add_networkPolicy 2019-11-10 21:27:50 -08:00
Jim Bugwadia
244909ebb3 update require_probes 2019-11-10 21:18:17 -08:00
Jim Bugwadia
c1be682a93 update require_pod_requests_limits 2019-11-10 21:06:49 -08:00
Jim Bugwadia
f668113904 update add_ns_quota 2019-11-10 20:58:57 -08:00
Jim Bugwadia
a6d5fb6e30 update restrict_image_registries 2019-11-10 18:13:01 -08:00
Jim Bugwadia
f31abbffab update disallow_latest_tag 2019-11-10 17:54:38 -08:00
Jim Bugwadia
7f54e8e2e3 Merge branch '451_fix_disallow_host_net_port' into 452_make_sample_policy_rule_names_consistent 
# Conflicts:
#	samples/best_practices/disallow_host_network_hostport.yaml
#	test/scenarios/samples/best_practices/disallow_host_network_port.yaml
 2019-11-10 17:35:43 -08:00
Jim Bugwadia
20736e5e81 update disallow_default_namespace and disallow_host_network_port and disallow_host_pid_ipc 2019-11-10 15:50:18 -08:00
Jim Bugwadia
170e2a5179 update disallow_docker_sock_mount and disallow_host_network_port 2019-11-10 12:53:48 -08:00
Jim Bugwadia
fd1a26db29 update DisallowBindMounts 2019-11-09 16:33:19 -08:00
Jim Bugwadia
fae8ac0325 update RequireReadOnlyRootFS 2019-11-09 16:18:33 -08:00
Jim Bugwadia
121b81a83b update disallow new capabilities 2019-11-09 16:07:16 -08:00
Jim Bugwadia
cba79c69a2 update disallow_priviledged 2019-11-08 20:04:42 -08:00
Jim Bugwadia
5ce8fd7a9a update disallow_root_user 2019-11-08 19:25:43 -08:00
Jim Bugwadia
6baa678e27 rename add_safe_to_evict 2019-11-08 19:02:49 -08:00
Shuting Zhao
ec331b8d17 remove resource info in the validation error 2019-11-07 12:30:58 -08:00
Shuting Zhao
2dec70cc72 make expected message optional in scenario file 2019-11-07 12:13:34 -08:00
Shuting Zhao
58054ef5b6 remove duplicate test 2019-11-07 12:13:34 -08:00
Jim Bugwadia
1173e062c9 - add policy and test for known ingress 
- fix messages and remove unnecessary comments in testrunner/scenario.go
 2019-11-05 19:07:44 -08:00
Shuting Zhao
9f7b6eaaf6 skip applying mutate rule if condition key is not present in the resource, consider the rule as success 2019-11-05 16:27:06 -08:00
Jim Bugwadia
cab87f24ba add tect case 2019-11-05 15:32:45 -08:00
Jim Bugwadia
5ded29f74e temp update for debugging 2019-11-05 12:28:44 -08:00
Shuting Zhao
4195f45a42 add missing scenario test 2019-11-05 10:19:42 -08:00
Jim Bugwadia
35bed4bc6a add safe-to-evict annotation 2019-11-04 17:55:13 -08:00
Jim Bugwadia
41afefbe8e add disallow Helm tiller 2019-11-03 18:19:06 -08:00
Jim Bugwadia
1323a9a81e add policy and test case 2019-11-01 15:19:26 -07:00
Jim Bugwadia
440c23f231 add test case (currently fails) 2019-11-01 11:40:23 -07:00
shivkumar dudhani
9b9f6686cb remove comments 2019-10-14 14:17:16 -07:00
shivkumar dudhani
4e5f551fa7 clean up 2019-10-14 14:10:34 -07:00
shivkumar dudhani
530ac6962c initial clean up 2019-10-14 12:36:19 -07:00
Shuting Zhao
eb8bd71ac2 add test scenario - missing image tag 2019-10-10 19:13:04 -07:00