* updates for foreach and mutate
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* allow tests to pass on Windows
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter check
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add elementIndex variable
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix jsonResult usage
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add mutate validation and fix error in validate.foreach
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update message
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* do not skip validation for all array entries when one is skipped
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add foreach tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix fmt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix format errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove unused declarations
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert namespaceWithLabelYaml
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix mutate of element list
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update CRDs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update api/kyverno/v1/policy_types.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/forceMutate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/forceMutate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/forceMutate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/mutation.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/mutation.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/mutation.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/validate/validate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update pkg/engine/validate/validate.go
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update test/cli/test/custom-functions/policy.yaml
Co-authored-by: Steven E. Harris <seh@panix.com>
* Update test/cli/test/foreach/policies.yaml
Co-authored-by: Steven E. Harris <seh@panix.com>
* accept review comments and format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add comments to strategicMergePatch buffer
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* load context and evaluate preconditions foreach element
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test for foreach mutate context and precondition
* precondition testcase
* address review comments
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update message
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Steven E. Harris <seh@panix.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
* Add path_canonicalize custom JMESPath function
Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com>
* Add CLI test for the custom path_canonicalize function
Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com>
* remove the extra parameter
Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com>
Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com>
* Remove lock embedded in CRD controller, use concurrent map to store shcemas
* delete rcr info from data store
* skip policy validation on status update
* - remove status check in policy mutation; - fix test
* Remove fqdncn flag
* add flag profiling port
* skip policy mutation & validation on status update
* sync policy status every minute
* update log messages
* added api templates
* E2E test for generate roles, rolebindings, clusterrole and clusterrolebindings
* table driven e2e tests
* table driven e2e tests and go fmt
* removed unwanted vars
* increased sleep time
* removed role generation clone
* increated sleep time
* added rolebinding clone and retry mechanism for get resources
* modified test for clone
* added namespace to role
* added namespace variable
* added git actions job
* changed build name
* removed docker login
* added role verbs
* removed github actions job and rbac file
* added clusterrole test with clone
* fixed travis issue
* - support wildcards for namespaces
* do not annotate resource, unless policy is an autogen policy
* close HTTP body
* improve messages
* remove policy store
Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.
We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.
* handle wildcard namespaces in background processing
* fix unit tests 1) remove platform dependent path usage 2) remove policy store
* add test case for mutate with wildcard namespaces
* adjust all resync periods
* remove unused data fields
* add pattern for match
