mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
2138 commits 15 branches 540 tags 276 MiB
Commit graph

1175 commits

Author SHA1 Message Date
shravan
aec7a78822 522 adding swagger doc directly to repo instead of getting it from the internet 2020-01-24 21:31:38 +05:30
shravan
d5778e3815 522 add missing circle ci change from previous revision 2020-01-24 21:12:36 +05:30
shravan
29bb74c537 522 more missing changes from circleci 2020-01-24 21:09:04 +05:30
shravan
db95002828 522 missing circle ci change 2020-01-24 21:01:56 +05:30
shravan
dfedd86505 522 resolving circle ci 2020-01-24 20:59:14 +05:30
shravan
b2e2dd8a0f 522 now supports all possible kinds 2020-01-24 20:22:33 +05:30
shravan
a959c4969e 522 revising setting of global state 2020-01-24 18:53:51 +05:30
shravan
a3bcde6f1e adding tests 2020-01-24 15:45:56 +05:30
shravan
56b54e6484 522 fixing bugs discovered from writing tests 2020-01-24 14:33:40 +05:30
shravan
fa7c522b5c 522 minor changes from tests 2020-01-24 09:51:40 +05:30
shravan
a90999417e 522 added kind prefix 2020-01-23 22:12:01 +05:30
shravan
af68f77b62 522 untested changes 2020-01-23 20:45:25 +05:30
shravan
be8527be47 revised 522 changes 2020-01-23 20:19:58 +05:30
shravan
344af84ec5 adding patch validation formutation 2020-01-23 18:03:37 +05:30
shravan
00da200c59 fixing cli output printing issues 2020-01-17 21:28:53 +05:30
shravan
2e60df0cb3 removing uneeded log statements 2020-01-17 09:55:04 +05:30
shravan
fc8153724e added map of kind to list api from swagger document 2020-01-17 09:51:13 +05:30
shravan
d0da7a8ed4 Merge branch 'master' into 536_extend_cli 2020-01-17 09:50:11 +05:30
Shuting Zhao
24f3659b03 update debug info log level 2020-01-16 14:37:01 -08:00
Shuting Zhao
5d3d27cafd report violation for mutation failure only, not block the creation 2020-01-16 14:29:44 -08:00
Shuting Zhao
ba8030bec0 change to use validationFailureAction for the mutation failure action 2020-01-16 11:57:28 -08:00
shravan
f41b7124ac fixing merge issues 2020-01-17 00:09:39 +05:30
shravan
79999c4948 extended cli 2020-01-17 00:05:15 +05:30
Shuting Zhao
7e59e8e484 mutation failure to not block resource creation 2020-01-15 21:46:58 -08:00
Shuting Zhao
77a6408f30 pass in patchedResource inside the same mutation rule 2020-01-15 18:15:48 -08:00
Shuting Zhao
b26ed89880 - set failurepolicy of webhookconfiguraitons to ignore; - disable auto-gen on policy disabllow_default_namespace 2020-01-15 18:01:50 -08:00
shravan
1b417f42dd changed validating webhook configuration names 2020-01-15 20:29:02 +05:30
shravan
520e675155 Merge branch 'master' into 253_ValidationInMutationFlag_v2 2020-01-15 19:45:16 +05:30
Shuting Zhao
fbe6ea2f24 fix annotation path error if applied to pod controller 2020-01-14 15:57:02 -08:00
Shivkumar Dudhani
cadd8f6b1b
check for multiple variables in a expression & serviceAccount variables (#610) 
* check for multiple variables in a expression & serviceAccount variables

* update the regex matcher
 2020-01-13 18:56:11 -08:00
Shivkumar Dudhani
dabe592d46
fix the bugs and add pre-condition checks (#606) 
* fix the bugs and add pre-condition checks

* add precondition documentation
 2020-01-13 11:21:14 -08:00
Shuting Zhao
cca5dd31b6 pass in original resource to validation if patches from mutation is nil 2020-01-13 10:15:52 -08:00
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
shuting
0f398e631d
Merge pull request #599 from nirmata/542_feature 
flag to use FQDN as CommonName in CSR
 2020-01-10 18:38:18 -08:00
Shuting Zhao
4eff0e9a8c fix build error 2020-01-10 18:31:43 -08:00
Shuting Zhao
f618bbcff3 pass in ctx to mutation and generation 2020-01-10 18:25:16 -08:00
Shuting Zhao
4c83ab8b52 add more unit tests 2020-01-10 17:15:44 -08:00
Shuting Zhao
eb0390d0ed remove managedResource 2020-01-10 13:34:45 -08:00
Shuting Zhao
ac0404bd6c Merge branch 'master' into add_testscenario 2020-01-10 12:00:04 -08:00
Shuting Zhao
434ed20857 report violation in generate when path not present 2020-01-10 11:59:05 -08:00
shivkumar dudhani
3f965a245b add check for clone 2020-01-10 08:01:18 -08:00
Shuting Zhao
2eb0e49306 fix build error 2020-01-09 17:53:27 -08:00
Shuting Zhao
5a44ab3e16 generate violation in validate when substitute path not present 2020-01-09 17:44:11 -08:00
Shuting Zhao
f78ca61859 generate violation in mutation when substitute path not present 2020-01-09 12:24:37 -08:00
Shuting Zhao
731fdb3e07 validate paths in variable substitution is present 2020-01-09 12:23:05 -08:00
Shuting Zhao
d0a1acbac4 fix build error 2020-01-08 16:56:41 -08:00
Shuting Zhao
e3123e96b6 Merge branch 'master' into add_testscenario 2020-01-08 16:48:15 -08:00
shivkumar dudhani
1e5f871665 lowercase the cmdline arg 2020-01-08 16:40:19 -08:00
Shuting Zhao
5924bcae40 remove duplicate structure definition 2020-01-08 10:44:41 -08:00
Shuting Zhao
472fa29fce move mutation to subpackage pkg/engine/mutate 2020-01-07 17:06:17 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
Shuting Zhao
08491df046 Merge commit 'ffd2179b0332738a088b362e94147a981f0d02ed' into 600_bug 
# Conflicts:
#	pkg/webhooks/mutation.go
 2020-01-07 14:17:25 -08:00
Shuting Zhao
259c8839e5 remove duplicate import pkg 2020-01-07 11:33:18 -08:00
Shuting Zhao
cafc3883a4 - fix validation to process on patched resource; - format code 2020-01-07 11:32:52 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shuting Zhao
c97b3ce5b0 fetch annotation from resource annotation map 2020-01-06 19:24:24 -08:00
Shuting Zhao
dcc3179b09 remove dclient from pvbuilder 2020-01-06 18:53:36 -08:00
Shuting Zhao
ecbbd04bc5 - remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00
shivkumar dudhani
38dcb2e94f flag to use FQDN as CommonName in CSR 2020-01-06 16:12:53 -08:00
Shuting Zhao
9194251a38 fix pod controller annotation to "none" 2020-01-06 14:41:25 -08:00
Shuting Zhao
77955ff212 change the policy action to operate on it's own validationFailureAction 2020-01-06 14:41:02 -08:00
Shuting Zhao
f5411c1c76 update policymutation_test 2020-01-03 15:19:33 -08:00
Shuting Zhao
dce1e0555a move helper to pkg/utils 2020-01-03 10:41:47 -08:00
Shuting Zhao
0c9053d50d register resource webhook in policy control loop 2020-01-02 20:25:30 -08:00
Shuting Zhao
956cb0559a - register resource webhook when policy controller starts; - add debug log 2020-01-02 19:12:45 -08:00
Shuting Zhao
b5192dc559 remove old crd namespacedpolicyviolation 2020-01-02 15:33:57 -08:00
Shuting Zhao
b493600754 remove omitemptu on pocliy.spec and policy.spec.rules 2020-01-02 12:17:47 -08:00
Shuting Zhao
d36934fe11 Merge commit '5b8ab3842b43a72cc675b93b8b72e290adfca1d2' into 518_pod_controller 
# Conflicts:
#	pkg/api/kyverno/v1/types.go
#	pkg/engine/mutation.go
#	pkg/engine/mutation_test.go
#	pkg/engine/validation.go
#	pkg/policy/existing.go
 2020-01-02 10:32:17 -08:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549) 
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
 2019-12-30 17:08:50 -08:00
Shuting Zhao
56c03f712a only generate rule on policy creation 2019-12-27 15:57:43 -08:00
Shuting Zhao
bae2865550 - add =() to volumes; - update error msg 2019-12-27 14:59:12 -08:00
Shuting Zhao
340dee24bc Merge branch 'master' into 544_documentation 
# Conflicts:
#	pkg/engine/overlay_test.go
 2019-12-27 13:04:07 -08:00
Shuting Zhao
f2a0f0e3dc replace annotation match by regexp 2019-12-27 12:57:06 -08:00
Shuting Zhao
eb6ab9d2d8 fix rule mis-application 2019-12-26 19:05:12 -08:00
Shuting Zhao
076196688e skip process existing pod if annotation present 2019-12-26 18:41:14 -08:00
Shuting Zhao
f0d943e970 Merge branch 'master' into 518_pod_controller 2019-12-26 15:35:23 -08:00
Shuting Zhao
54ecb7738a - insert annotation to podTemplate; - skip apply rule on pod if annotation exists 2019-12-26 15:34:19 -08:00
Shivkumar Dudhani
085856baa1
add event source and format event messages (#565) 2019-12-26 11:50:41 -08:00
Shuting Zhao
b5255893e3 update autogen annotation for pod controllers 2019-12-26 10:09:49 -08:00
Shuting Zhao
a8aa83573b fix merge error 2019-12-20 19:08:26 -08:00
Shuting Zhao
1f0187e8ea Merge commit 'f1330ede8234eb4d449eb9ec72b41c627488350d' into 518_pod_controller 2019-12-20 19:06:35 -08:00
Shuting Zhao
8be4db3de3 Merge branch '529_query' into 518_pod_controller 2019-12-20 18:55:08 -08:00
Shuting Zhao
cc87ea7339 add unit test 2019-12-20 18:53:44 -08:00
Shuting Zhao
74b85d8143 generate rule for pod controllers 2019-12-20 18:53:29 -08:00
Shuting Zhao
e3a8cabe8d add omitempty to types 2019-12-20 18:51:07 -08:00
shivkumar dudhani
d04f49b5d8 fix message string 2019-12-17 17:16:50 -08:00
shivkumar dudhani
2a56a8e043 remove duplicate functions 2019-12-17 16:37:52 -08:00
shivkumar dudhani
a86aa06e28 Merge branch 'master' into 529_query 2019-12-17 16:36:58 -08:00
shivkumar dudhani
615f1ae940 Merge branch 'master' into 529_query 2019-12-17 16:22:00 -08:00
shivkumar dudhani
38987d50c3 store context values as single JSON document using merge patches. 2019-12-17 16:06:13 -08:00
Shuting Zhao
0d71e4a669 remove condition check while generating mutation patch as conditions are verified in the first iteration 2019-12-16 18:26:38 -08:00
shuting
4149d706e8
Merge pull request #558 from nirmata/428_quantity 
implement quantity comparison
 2019-12-16 15:53:09 -08:00
Shivkumar Dudhani
39e08aa1fc
76 cache invalidate (#557) 
* invalidate local cache of registererd resources

* update client in initContainer

* update message
 2019-12-16 12:55:44 -08:00
Shuting Zhao
35adbbe0df convert type boolean to string in /metadata/annotation 2019-12-13 18:04:19 -08:00
Shuting Zhao
5ced2409a3 update test 2019-12-13 13:30:24 -08:00
Shuting Zhao
0969aa9bf9 implement quantity comparison 2019-12-13 13:17:22 -08:00
shivkumar dudhani
793d878b18 correct webhook endpoint 2019-12-13 11:13:58 -08:00
shivkumar dudhani
c4da72ad3e fix indentation in logs 2019-12-13 09:49:09 -08:00
Shuting Zhao
625e45c847 remove duplicate code 2019-12-12 18:55:40 -08:00
shivkumar dudhani
0bd05fd227 missing update 2019-12-12 18:48:53 -08:00
shivkumar dudhani
5659f2fbcf merge master 2019-12-12 18:44:52 -08:00
shivkumar dudhani
8414681e60 support variable substitution in overlay mutation 2019-12-12 18:25:54 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
shivkumar dudhani
745727fd70 add missing files 2019-12-12 16:35:37 -08:00
shivkumar dudhani
a19785261d Merge branch '524_bug' into v1.1.0 2019-12-12 16:25:50 -08:00
shivkumar dudhani
b5de11fc0e refactor engine packages for validate & generate 2019-12-12 15:02:59 -08:00
shivkumar dudhani
507c43ddca update test 2019-12-12 10:55:10 -08:00
shivkumar dudhani
8b1e084691 update tests 2019-12-12 10:47:25 -08:00
shivkumar dudhani
7c9bc6fecf variable substitution 2019-12-12 10:19:45 -08:00
Shuting Zhao
2c783cfe02 rename namespacedpolicyviolation: update code 2019-12-11 16:09:05 -08:00
Shuting Zhao
a107ad7ac8 rename namespacedpolicyviolation: update codegen 2019-12-11 16:07:39 -08:00
shivkumar dudhani
4c55fe00bc Merge branch 'v1.1.0' into 524_bug 2019-12-11 11:21:31 -08:00
shivkumar dudhani
75eee39d7d remove fix for 535 2019-12-11 11:18:38 -08:00
shivkumar dudhani
ad54683f71 CR fixes 2019-12-11 11:15:13 -08:00
shuting
f06b19bb14
Merge pull request #525 from nirmata/421_test_webhook 
421 test webhook
 2019-12-11 11:13:37 -08:00
shivkumar dudhani
12edc56613 initial commit 2019-12-11 09:45:22 -08:00
shivkumar dudhani
4c2a16904c update tests 2019-12-10 09:15:50 -08:00
Shuting Zhao
8edb00d714 - skip processing mutate rule if condition is not met; - update debugging info 2019-12-09 19:28:34 -08:00
Shuting Zhao
b2ad71cc5e remove channel, introduced a flag to indicate the webhook creation status 2019-12-05 15:49:02 -08:00
Shuting Zhao
183f844029 - move resourcewebhookregister to webhookconfig 2019-12-05 13:51:02 -08:00
Shuting Zhao
1c1f47bbc5 correct error msg 2019-12-05 11:57:34 -08:00
Shuting Zhao
b99293018e add unit test 2019-12-05 11:55:00 -08:00
shivkumar dudhani
4f174779dc remove typed client ref 2019-12-05 11:52:13 -08:00
Shuting Zhao
55f243b55b add validation for a policy userInfo 2019-12-04 18:50:51 -08:00
Shivkumar Dudhani
ffe3bdb677
remove newline from engine response strings (#537) 
* remove newline from engine response strings

* add scenario file updates

* cr: remove . in trailing msg string
 2019-12-04 18:04:42 -08:00
shivkumar dudhani
a498c2c36d update msg 2019-12-04 17:28:47 -08:00
shivkumar dudhani
1642682aa2 528_add_webhook_defaults 2019-12-04 17:28:39 -08:00
Shuting Zhao
0f5cf40eda - holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient 2019-12-04 12:31:27 -08:00
shivkumar dudhani
eed7115563 pv for resource with no names assigned 2019-12-03 17:15:50 -08:00
shivkumar dudhani
0f6f3c1e02 missing update 2019-12-02 17:29:41 -08:00
shivkumar dudhani
0ea1d9986a cleanup resource & policy 2019-12-02 17:15:47 -08:00
Shuting Zhao
51642cbcf3 skip process mutate patches if conditon tag is not present 2019-11-27 19:40:47 -08:00
Shuting Zhao
e743a4702c escape slash in annotation patch 2019-11-27 17:51:33 -08:00
Shuting Zhao
261560eafb mutate rule: do not ignore empty key in resource if overlay has nested anchor 2019-11-27 16:07:15 -08:00
shivkumar dudhani
e7607fae87 refactor cluster and oplicy violation cleanup 2019-11-27 11:23:29 -08:00
shivkumar dudhani
2476940ddf remove cluster and namespace PV controller 2019-11-26 18:21:09 -08:00
shivkumar dudhani
678b7416c1 refactor policy violation resource 2019-11-26 18:07:15 -08:00
Shuting Zhao
f6db1b9e87 create policy webhookcfgs after verifying webhook status 2019-11-25 18:22:05 -08:00
Shuting Zhao
a963843245 fix none namespace error 2019-11-25 18:14:04 -08:00
Shuting Zhao
f506789498 create resource mutating webhook after verifying webhook is active 2019-11-25 18:07:11 -08:00
Shuting Zhao
8b0fb4b801 remove VerifyMutatingWebhook during shutdown 2019-11-25 13:08:02 -08:00
Shivkumar Dudhani
990c32b6bd
fix test (#521) 2019-11-22 12:54:34 -08:00
Shivkumar Dudhani
734ef44b17
504 bug (#505) 
* correct role/clusterrole kind

* remove namespace from resource spec

* namespace lister to filter on namespace

* CR fixes

* refactor

* add namespace field back to types
 2019-11-22 12:23:50 -08:00
shuting
6f22f334da
Merge pull request #517 from nirmata/local_test 
explicitly set resource version of policy violation when update
 2019-11-19 10:26:38 -08:00
Shuting Zhao
50f53ac651 explicitly set resource version of policy violation when update 2019-11-18 18:04:57 -08:00
Shivkumar Dudhani
a81d5c9ae7
update event message (#515) 2019-11-18 17:13:48 -08:00
shivkumar dudhani
40b685c9db merge with v1.1.0 2019-11-18 11:48:36 -08:00
shivkumar dudhani
3df71f6fea Merge branch 'v1.1.0' into 507_bug 2019-11-18 11:44:17 -08:00
Shivkumar Dudhani
89c298b5f2
policy violation name format update (#502) 2019-11-18 11:42:00 -08:00
Shivkumar Dudhani
61b202c64a
420 init container (#501) 
* init container to cleanup stale webhook configurations if any.

* remove test code

* use internal pkg for os signals

* move webhook cleanup before http.server shutown.

* update make file and remove init

* update CI script
 2019-11-18 11:41:37 -08:00
shivkumar dudhani
09cd524625 CR fixes 2019-11-18 11:12:36 -08:00
shivkumar dudhani
3c3931b67b wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00
shivkumar dudhani
57e8e2a395 Revert "wait for cache to sync and cleanup" 
This reverts commit 9c3b32b903.
 2019-11-15 15:57:18 -08:00
shivkumar dudhani
cde9d9d3cd Revert "missing file" 
This reverts commit cd43dba947.
 2019-11-15 15:56:46 -08:00
shivkumar dudhani
cd43dba947 missing file 2019-11-15 15:53:34 -08:00
shivkumar dudhani
9c3b32b903 wait for cache to sync and cleanup 2019-11-15 15:53:22 -08:00
shivkumar dudhani
a315c22e2f refer informer cache in policy controller for mutatingwebhookconfigs 2019-11-15 14:01:40 -08:00
Shuting Zhao
8bf60a7fea correct role/clusterrole kind 2019-11-14 15:49:11 -08:00
Shuting Zhao
22162b28f2 handle namespaced/cluster violation cleanup separately 2019-11-14 13:06:56 -08:00
Shuting Zhao
c140f660f6 fix pv cleanup #496 2019-11-14 12:01:41 -08:00
Shivkumar Dudhani
e841a1b204
filter namespaces (#491) 
* filter namespaces

* fix test
 2019-11-13 19:08:00 -08:00
shuting
14697f9d06
Merge pull request #490 from nirmata/local_test 
fix annotation patch in mutate rule
 2019-11-13 19:02:17 -08:00
Shivkumar Dudhani
69d4cb0b27
remove v1alpha pkgs (#489) 2019-11-13 18:58:49 -08:00
Shuting Zhao
79a7bde4ab - fix test; - improve logging 2019-11-13 18:44:18 -08:00
Shuting Zhao
a1ce6e4297 fix annotation patch in mutate rule 2019-11-13 17:56:56 -08:00
Shuting Zhao
722c12f82c - return detailed error message; - set pv name with old pv when updates the pv 2019-11-13 15:49:53 -08:00
Shivkumar Dudhani
3ab0790342
use PolicyContext with engine.Generate (#483) 2019-11-13 15:46:43 -08:00
shuting
ded0183aa2
Merge pull request #478 from nirmata/472_update_apiversion 
472 update apiversion
 2019-11-13 15:19:27 -08:00
Shivkumar Dudhani
23ba517fef
add patched resource + correct register handlers (#482) 2019-11-13 15:16:46 -08:00
Shuting Zhao
eab9609c6a update api in tests 2019-11-13 13:56:07 -08:00
Shuting Zhao
b67577994a update apiversion to v1 in code 2019-11-13 13:41:08 -08:00
Shivkumar Dudhani
765a17df03
423 policy store (#471) 
* fix log format

* update test
 2019-11-13 13:21:00 -08:00
Shivkumar Dudhani
7a12e12cb5
skip validation if the resource updates dont violate policy rules (#477) 2019-11-13 13:13:07 -08:00
Shuting Zhao
670d665aed cleanup unused code 2019-11-13 13:01:08 -08:00
Shuting Zhao
9e0f39efcf remove GetOwners() 2019-11-13 12:34:55 -08:00
Shuting Zhao
81ac13cb05 lookup policies from policy store in webhook 2019-11-13 12:15:51 -08:00
Shuting Zhao
fc35a52ad8 Merge branch 'master' into 455_namespace_pv 
# Conflicts:
#	definitions/install_debug.yaml
#	main.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-13 11:46:46 -08:00
Shuting Zhao
e2af3852f9 fix comments 2019-11-13 10:37:57 -08:00
Shuting Zhao
3c2d98ef9f fix test 2019-11-13 10:21:33 -08:00
Shuting Zhao
e36ba36e9f - resolve comments - remove unused code 2019-11-13 10:17:03 -08:00
shivkumar dudhani
0d44229110 fix tests 2019-11-13 08:07:11 -08:00
Shuting Zhao
b5b3dae145 fix logging format 2019-11-13 00:47:37 -08:00
Shuting Zhao
71ad192ced fix test 2019-11-13 00:37:34 -08:00
Shuting Zhao
45dc0bd358 Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 345_support_usergroup_info 
# Conflicts:
#	test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
 2019-11-13 00:31:07 -08:00
Shuting Zhao
fc2cf7659b Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 455_namespace_pv 2019-11-13 00:28:04 -08:00
Shuting Zhao
01b915de8d remove unused function 2019-11-13 00:27:44 -08:00
Shuting Zhao
196c7b36b0 update pv labels if it changes 2019-11-13 00:03:01 -08:00
Shuting Zhao
55b0bf0d3a add event handler for NamespacedPolicyViolation 2019-11-12 23:43:29 -08:00
Shuting Zhao
bdcb2eac6a claim namespaced policy violations 2019-11-12 23:19:38 -08:00
Jim Bugwadia
9d63cfc192 Merge branch 'master' into 452_make_sample_policy_rule_names_consistent 2019-11-12 23:16:01 -08:00
Shuting Zhao
37ad1249b2 - add dclient; - add retry getting resource before create pv 2019-11-12 20:19:20 -08:00
Shuting Zhao
7ca87b0ac6 Merge branch '455_namespace_pv' of https://github.com/nirmata/kyverno into 455_namespace_pv 
# Conflicts:
#	pkg/policyviolation/generator.go
#	pkg/policyviolation/namespacedpv.go
#	pkg/webhooks/report.go
 2019-11-12 19:18:34 -08:00
Shuting Zhao
cd6906c1c9 add namespace pv controller 2019-11-12 19:17:35 -08:00
Shuting Zhao
483db18711 create namespaced pv on resource owner 2019-11-12 19:16:11 -08:00
Shuting Zhao
5be2cea536 create namespace pv when validate policy fails 2019-11-12 19:15:20 -08:00
Shuting Zhao
b811bb269e rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 19:12:36 -08:00
Shuting Zhao
1bfc8cfbb8 rebase with branch policy_store 2019-11-12 19:05:29 -08:00
Shuting Zhao
89e5e7fa54 integrate with pv genreator 2019-11-12 19:05:29 -08:00
Shuting Zhao
c651d06041 create namespaced pv on resource owner 2019-11-12 19:02:31 -08:00
Shuting Zhao
3706822df7 update crd 2019-11-12 19:02:31 -08:00
Shuting Zhao
2893cc3f7d create namespace pv when validate policy fails 2019-11-12 19:02:31 -08:00
Shuting Zhao
e7ec93a5ba rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 19:02:31 -08:00
Shuting Zhao
0badf761a8 add namespace cluster policyviolation crd 2019-11-12 19:02:31 -08:00
Shuting Zhao
dfd41774f0 add namespace pv controller 2019-11-12 19:01:48 -08:00
shivkumar dudhani
1049e3fe81 pass dynamic client 2019-11-12 18:25:50 -08:00
shivkumar dudhani
f0505189d4 add log levels 2019-11-12 17:01:08 -08:00
shivkumar dudhani
d8bf7fa284 clean up fixes 2019-11-12 16:49:05 -08:00
Shuting Zhao
4a85aaa9ad Merge branch '455_namespace_pv' of https://github.com/nirmata/kyverno into 455_namespace_pv 2019-11-12 16:20:17 -08:00
Shuting Zhao
944685d392 rebase with branch policy_store 2019-11-12 16:19:31 -08:00
Shuting Zhao
8b5ddb66e3 integrate with pv genreator 2019-11-12 16:15:40 -08:00
Shuting Zhao
6a8e07d779 create namespaced pv on resource owner 2019-11-12 16:15:14 -08:00
Shuting Zhao
cde14c66b6 update crd 2019-11-12 16:14:47 -08:00
Shuting Zhao
162a9ee754 create namespace pv when validate policy fails 2019-11-12 16:14:47 -08:00
Shuting Zhao
7fa812dbc3 rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 16:11:34 -08:00
Shuting Zhao
d675774278 add namespace cluster policyviolation crd 2019-11-12 16:04:14 -08:00
Shuting Zhao
799c417ae2 integrate with pv genreator 2019-11-12 16:04:00 -08:00
shivkumar dudhani
f271af95cc use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00
Shuting Zhao
778a246d28 Merge commit 'ccbb6e33a5599b8fbb9315f9a55e1ed1ef18bbb7' into 455_namespace_pv 
# Conflicts:
#	main.go
#	pkg/namespace/report.go
#	pkg/policy/report.go
#	pkg/policyviolation/clusterpv.go
#	pkg/webhooks/validation.go
 2019-11-12 15:11:58 -08:00
Shuting Zhao
d294c1fa94 create namespaced pv on resource owner 2019-11-12 14:58:38 -08:00
shivkumar dudhani
ccbb6e33a5 introduce policy violation generator 2019-11-12 14:41:29 -08:00
Shuting Zhao
a67306f106 update crd 2019-11-12 13:32:50 -08:00
Shuting Zhao
4734dba10f create namespace pv when validate policy fails 2019-11-12 13:32:30 -08:00
Shuting Zhao
14769936a2 rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 11:22:06 -08:00
Shuting Zhao
1f2b71ace8 add namespace cluster policyviolation crd 2019-11-12 11:21:23 -08:00
Shuting Zhao
3dd9672a5d handle error properly 2019-11-12 10:05:10 -08:00
Shuting Zhao
2a14c1f5dc - add profiling; - fix CLI 2019-11-11 21:23:26 -08:00
Shuting Zhao
546a25d025 add missing file 2019-11-11 21:06:09 -08:00
Shuting Zhao
85d04f609c remove overlay failure conditionNotPresent as it allows the tag not present 2019-11-11 21:03:34 -08:00
Shuting Zhao
5a3ed62b13 Merge branch 'master' into 345_support_usergroup_info 
# Conflicts:
#	pkg/engine/validation_test.go
#	pkg/webhooks/annotations.go
#	pkg/webhooks/annotations_test.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-11 19:19:08 -08:00
Shuting Zhao
d26029d3be fix unit test 2019-11-11 19:08:46 -08:00
Shuting Zhao
6c8f4f90da fix patches annotation 2019-11-11 18:52:26 -08:00
Jim Bugwadia
8348c5761c fix tests 2019-11-11 18:51:21 -08:00
Jim Bugwadia
87be5ca4b8 update policies and test cases 2019-11-11 17:55:54 -08:00
Jim Bugwadia
3ffb0cfa39 add disallow_sysctl and move policies 2019-11-11 17:17:09 -08:00
Shuting Zhao
02fd1227be reverse listResource interface 2019-11-11 16:10:55 -08:00
Shuting Zhao
586b197b00 user sharedInformer for rolebindings and clusterrolebindings 2019-11-11 15:43:13 -08:00
Shuting Zhao
03e85c2266 make getRoleRef a separate package 2019-11-11 14:52:09 -08:00
Shuting Zhao
4a80f70957 add unit test 2019-11-11 14:29:36 -08:00
Jim Bugwadia
05503e4fd1 update other policies 2019-11-11 14:09:07 -08:00
shivkumar dudhani
f788f0e526 introduce policy store 2019-11-11 11:10:25 -08:00
Shuting Zhao
5b0a6d62a4 add unit test 2019-11-11 09:56:53 -08:00
Jim Bugwadia
dd4d091c23 update restrict_automount_sa_token 2019-11-10 21:57:20 -08:00
Jim Bugwadia
5e8b6c4183 update add_networkPolicy 2019-11-10 21:27:50 -08:00
Jim Bugwadia
244909ebb3 update require_probes 2019-11-10 21:18:17 -08:00
Jim Bugwadia
c1be682a93 update require_pod_requests_limits 2019-11-10 21:06:49 -08:00
Jim Bugwadia
f668113904 update add_ns_quota 2019-11-10 20:58:57 -08:00
Jim Bugwadia
a6d5fb6e30 update restrict_image_registries 2019-11-10 18:13:01 -08:00
Jim Bugwadia
f31abbffab update disallow_latest_tag 2019-11-10 17:54:38 -08:00
Jim Bugwadia
7f54e8e2e3 Merge branch '451_fix_disallow_host_net_port' into 452_make_sample_policy_rule_names_consistent 
# Conflicts:
#	samples/best_practices/disallow_host_network_hostport.yaml
#	test/scenarios/samples/best_practices/disallow_host_network_port.yaml
 2019-11-10 17:35:43 -08:00
Jim Bugwadia
20736e5e81 update disallow_default_namespace and disallow_host_network_port and disallow_host_pid_ipc 2019-11-10 15:50:18 -08:00
shivkumar dudhani
f11a05a652 create event on webhook status update 2019-11-10 13:30:15 -08:00
Jim Bugwadia
170e2a5179 update disallow_docker_sock_mount and disallow_host_network_port 2019-11-10 12:53:48 -08:00
Jim Bugwadia
fd1a26db29 update DisallowBindMounts 2019-11-09 16:33:19 -08:00
Jim Bugwadia
fae8ac0325 update RequireReadOnlyRootFS 2019-11-09 16:18:33 -08:00
Jim Bugwadia
121b81a83b update disallow new capabilities 2019-11-09 16:07:16 -08:00
Shivkumar Dudhani
1613434c46
458 cleanup (#464) 
* cleanup of policy violation on policy spec changes + refactoring

* remove unused code

* remove duplicate types

* cleanup references

* fix info log and clean code

* code clean

* remove dead code
 2019-11-08 20:45:26 -08:00
Jim Bugwadia
cba79c69a2 update disallow_priviledged 2019-11-08 20:04:42 -08:00
Jim Bugwadia
5ce8fd7a9a update disallow_root_user 2019-11-08 19:25:43 -08:00
Jim Bugwadia
6baa678e27 rename add_safe_to_evict 2019-11-08 19:02:49 -08:00
Shuting Zhao
981b378c86 match rbac info when process a rule 2019-11-08 18:58:09 -08:00
Shuting Zhao
6048d59949 change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00
Shuting Zhao
0e9a952d64 get rbac info for an admission request 2019-11-08 18:56:24 -08:00
Shuting Zhao
3f59b4cf10 change client.ListResource to take listOptions 2019-11-08 18:54:43 -08:00
Shuting Zhao
a7e55ed25e update types for match/exclude 2019-11-08 18:53:29 -08:00
Shivkumar Dudhani
687c0c6470
Merge pull request #418 from nirmata/391_feature 
Check if mutating webhook admission control is enabled
 2019-11-08 12:55:28 -08:00
Shuting Zhao
ec331b8d17 remove resource info in the validation error 2019-11-07 12:30:58 -08:00
Shuting Zhao
a30b8a604d update format 2019-11-07 12:13:35 -08:00
Shuting Zhao
443619757e update tests/scenario 2019-11-07 12:13:35 -08:00
Shuting Zhao
15895d3852 - aggregate resource info per rule; - remove resource info in each success message; 2019-11-07 12:13:35 -08:00
Shuting Zhao
2dec70cc72 make expected message optional in scenario file 2019-11-07 12:13:34 -08:00
Shuting Zhao
98fa90bf1e update validation_test.go 2019-11-07 12:13:34 -08:00
Shuting Zhao
58054ef5b6 remove duplicate test 2019-11-07 12:13:34 -08:00
Shuting Zhao
de9ebd899b improve validation error message; update scenario files 2019-11-07 12:13:34 -08:00
Shuting Zhao
e3c9282e6a fix edit failure blocked by annotation change 
- as we change the patches key in annotation to "policies.kyverno.io/patches" in commit bdb3f40f15
 2019-11-07 12:13:34 -08:00
Shuting Zhao
caf7abfecc Get policy list once in handleAdmissionRequest 2019-11-07 12:13:16 -08:00
Shuting Zhao
38f1f3bbb9 Merge branch '414_mutate_safe-to-evict_emptydir' into 413_known_ingress 2019-11-06 17:58:09 -08:00
Shuting Zhao
8496a483dc - remove resource info per rule; - add resource info in each failed admission request 2019-11-06 17:14:32 -08:00
Shuting Zhao
4daa23f530 add missing file 2019-11-06 16:40:24 -08:00
Shuting Zhao
b32c6bf50b remove unused code 2019-11-06 16:16:50 -08:00
Shuting Zhao
d31ace604e fix test 2019-11-06 16:16:38 -08:00
Shuting Zhao
a7aec886b4 handle processOverlay with overlayError 2019-11-06 16:16:29 -08:00
Jim Bugwadia
1173e062c9 - add policy and test for known ingress 
- fix messages and remove unnecessary comments in testrunner/scenario.go
 2019-11-05 19:07:44 -08:00
Shuting Zhao
d0391ecab3 make the err "resource field is not present" a constant 2019-11-05 16:36:15 -08:00
Shuting Zhao
9f7b6eaaf6 skip applying mutate rule if condition key is not present in the resource, consider the rule as success 2019-11-05 16:27:06 -08:00
Jim Bugwadia
cab87f24ba add tect case 2019-11-05 15:32:45 -08:00
Shuting Zhao
664a85363a correct scenario test 2019-11-05 12:59:22 -08:00
Jim Bugwadia
5ded29f74e temp update for debugging 2019-11-05 12:28:44 -08:00
Shuting Zhao
662f649926 add comment to the code 2019-11-05 11:04:43 -08:00
Shuting Zhao
4195f45a42 add missing scenario test 2019-11-05 10:19:42 -08:00
Shuting Zhao
489e55d6c3 add best_practices scenario_mutate_safe-to-evict 2019-11-05 10:16:07 -08:00
Shuting Zhao
764d0fede2 Merge commit '35bed4bc6aef6622b89f0fc4dee9a175aa9768ff' into 158_array_validation 2019-11-05 09:50:32 -08:00
Shuting Zhao
3fbb9f8a35 Merge commit 'cfbd2120938b8a7f81f4a9c325fa3f6e816d2bf1' into 158_array_validation 2019-11-05 09:43:28 -08:00
Shuting Zhao
d9335a5f8c add warning message; remove existence anchor check in mutation 2019-11-04 19:23:48 -08:00
Shivkumar Dudhani
cfbd212093
Merge pull request #427 from nirmata/375_handle_json_numbers_resubmit 
375 handle json numbers resubmit
 2019-11-04 18:05:24 -08:00
Jim Bugwadia
35bed4bc6a add safe-to-evict annotation 2019-11-04 17:55:13 -08:00
Jim Bugwadia
41afefbe8e add disallow Helm tiller 2019-11-03 18:19:06 -08:00
Jim Bugwadia
3b1143c934
Merge pull request #436 from nirmata/411_no_docker_sock_mount 
411 no docker sock mount
 2019-11-01 15:38:40 -07:00
shivkumar dudhani
a191bd67f4 update message string 2019-11-01 15:21:23 -07:00
Jim Bugwadia
1323a9a81e add policy and test case 2019-11-01 15:19:26 -07:00
Jim Bugwadia
440c23f231 add test case (currently fails) 2019-11-01 11:40:23 -07:00
Shuting Zhao
86c00a8f30 return failure path for mutate condition check 2019-11-01 11:14:58 -07:00
Shuting Zhao
ef8bf695b1 mutate: support anchor on map/array 2019-10-31 20:38:24 -07:00
shivkumar dudhani
7e7286a9c1 support string - numbers comparison, use validatepattern in generate for subset check 2019-10-31 13:29:03 -07:00
Shivkumar Dudhani
92c96aaf1f
Revert "use validatepattern in generate rule to check for subset existance" 2019-10-31 13:21:38 -07:00
shivkumar dudhani
61c1ea5a49 use validatepattern in generate rule to check for subset existance 2019-10-31 13:04:56 -07:00
shivkumar dudhani
697f927b50 fix log 2019-10-30 14:09:37 -07:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
shivkumar dudhani
c7787eff8d Merge branch 'master' of github.com:nirmata/kyverno into 391_feature 2019-10-29 12:01:15 -07:00
shivkumar dudhani
ba94577d40 upates 2019-10-29 11:51:30 -07:00
shivkumar dudhani
6b97b5be3d merge master 2019-10-29 11:04:10 -07:00
shivkumar dudhani
a287067315 add backward support for command line arguments for filtering resources 2019-10-29 10:56:28 -07:00
shuting
fd90b25755
Revert "261 dynamic config" 2019-10-28 18:37:41 -07:00
shivkumar dudhani
4b19dd0715 Merge branch '261_dynamic_config' of github.com:nirmata/kyverno into 261_dynamic_config 2019-10-28 15:24:13 -05:00
shivkumar dudhani
a1d7f984db remove comments 2019-10-28 15:23:52 -05:00
Shivkumar Dudhani
158a499feb
Merge branch 'master' into 261_dynamic_config 2019-10-28 15:06:37 -05:00
Shuting Zhao
8047ed68d3 remove required mark for managedresource "kind" 2019-10-28 11:44:48 -07:00
Shivkumar Dudhani
22e7ab1c49
Merge branch 'master' into 261_dynamic_config 2019-10-25 19:17:15 -05:00
shivkumar dudhani
c119f0d34b split sync cache 2019-10-25 18:49:26 -05:00
shivkumar dudhani
56adc98b8c initial commit 2019-10-25 16:55:48 -05:00
Shuting Zhao
3a3efe00f1 - rename to managedResource; - refact code structure 2019-10-24 15:50:11 -07:00
Shuting Zhao
3c75a89489 Merge branch '387_pv_enforce' of https://github.com/nirmata/kyverno into 387_pv_enforce 
# Conflicts:
#	pkg/policyviolation/helpers.go
 2019-10-23 23:25:19 -07:00
Shuting Zhao
6e69c8b69b cleanup pv with dependant when blocked admission request pass 2019-10-23 23:18:58 -07:00
Shuting Zhao
1db901cca6 add comment 2019-10-23 09:58:42 -07:00
Shuting Zhao
e4791e5828 remove unused code 2019-10-21 15:55:20 -07:00
Shuting Zhao
f820cb4c83 implement #387 Generate clusterpolicyviolation when policy action set to "enforce" 2019-10-21 15:55:20 -07:00
shivkumar dudhani
3fa8834b4a policy validation: refactoring 2019-10-21 14:22:31 -07:00
Shuting Zhao
68c87a09ec add unit test for negationanchor on mutation 2019-10-18 18:17:11 -07:00
Shuting Zhao
2e1b731e35 fix test error 2019-10-18 17:50:26 -07:00
Shuting Zhao
32f94bca27 manage policy validation inside engine pkg 2019-10-18 17:45:24 -07:00
shivkumar dudhani
64eab3d1d6 initial commit 2019-10-18 17:38:46 -07:00
Shuting Zhao
7239b4d9b7 Merge commit '37c25daa17ad046f739e74d803cb78d887805bb4' into 346_validate_policy 
# Conflicts:
#	pkg/api/kyverno/v1alpha1/utils.go
 2019-10-18 10:09:44 -07:00
Shuting Zhao
01dae46580 remove unused code 2019-10-16 10:33:28 -07:00
Shuting Zhao
2ff6eb6e78 implement #387 Generate clusterpolicyviolation when policy action set to "enforce" 2019-10-15 20:56:41 -07:00
shuting
81f202752c
Merge pull request #379 from nirmata/337_policy_description 
337 policy description
 2019-10-15 14:34:14 -07:00
shuting
3232fadbe5
Merge pull request #389 from nirmata/388_bug 
delete PV if the P it refers to is stale
 2019-10-15 12:27:40 -07:00
Shuting Zhao
c6d5ec7575 Merge commit '82647670a54ead965c8cb964f3063409d0826070' into 337_policy_description 
# Conflicts:
#	pkg/testrunner/testrunner_test.go
#	samples/README.md
#	samples/best_practices/policy_validate_deny_runasrootuser.yaml
#	test/scenarios/samples/best_practices/scenario_validate_nonRootUser.yaml
 2019-10-15 12:27:22 -07:00
shivkumar dudhani
5d228d9586 fix error param 2019-10-15 11:30:06 -07:00
shivkumar dudhani
1a7b92f001 delete PV if the P it refers to is state 2019-10-15 11:07:22 -07:00
shivkumar dudhani
9b9f6686cb remove comments 2019-10-14 14:17:16 -07:00
Shuting Zhao
a384c263f4 remove duplicate test scenario 2019-10-14 14:14:18 -07:00
shivkumar dudhani
4e5f551fa7 clean up 2019-10-14 14:10:34 -07:00
Shuting Zhao
75806146c6 Merge branch 'best_practice_policies' into 337_policy_description 
# Conflicts:
#	samples/README.md
 2019-10-14 13:21:10 -07:00
shivkumar dudhani
530ac6962c initial clean up 2019-10-14 12:36:19 -07:00
Shuting Zhao
bdb3f40f15 rename mutate annotation to "policies.kyverno.io/patches" 2019-10-11 17:59:50 -07:00
Shuting Zhao
eb8bd71ac2 add test scenario - missing image tag 2019-10-10 19:13:04 -07:00
Shuting Zhao
38bf4d6055 add 'deny-use-of-host-fs' 2019-10-10 18:42:54 -07:00
Shuting Zhao
17f7eb6213 Merge branch 'master' into best_practice_policies 2019-10-10 18:15:55 -07:00
shivkumar dudhani
fd72ee3178 add unit tests 2019-10-10 17:34:20 -07:00
shivkumar dudhani
f6367cfe4a add negation anchor 2019-10-10 16:59:08 -07:00
Shuting Zhao
300665b22b Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 2019-10-10 12:30:14 -07:00