kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

Author	SHA1	Message	Date
Danny Kulchinsky	f6982760fc	truncate custom jmespath function (#2836 ) * [feature] custom jmespath truncate function Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * formatting Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * simplify naming a bit Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 15:52:52 +08:00
Vyankatesh Kudtarkar	bbdfc21d73	Kyverno CLI test default manifest should use a less generic name (#2715 ) * Kyverno CLI test default manifest should use a less generic name * fix Note Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 06:31:34 +00:00
Frank Jogeleit	abb5bd2947	Add SelectorLabel to (Cluster)PolicyReporter resources (#2841 ) Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 05:03:52 +00:00
Vyankatesh Kudtarkar	39a299f317	Update labels to fetch cluster role (#2842 )	2021-12-16 07:55:58 +00:00
Naman Lakhwani	59a460b31e	adding support for Cosign key-value annotations (#2824 ) * adding annotation check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * updating manifests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * changing map val type to string form interface{} Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * passing args to opts Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-16 06:19:44 +00:00
Naman Lakhwani	edafffd2bd	added issuer check (#2804 ) * added issuer check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * switch to using SimpleContainerImage Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * added subject check and required test cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * small nits Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * correcting tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 19:46:22 +00:00
Danny__Wei	8da64cb5cf	fix: add Windows testcases for path_canonicalize (#2803 ) Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-08 15:14:49 +00:00
Sebastian Widmer	80664d339f	Add command-line flags to allow setting client rate limits (QPS/Burst) (#2797 ) * Add `-clientRateLimitQPS` and `-clientRateLimitBurst` flags to allow controlling client rate limits. Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Return error if QPS is higher than max value of float32 Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-12-08 14:03:07 +01:00
Kumar Mallikarjuna	a667a69812	JMESPath arithmetic function units (#2753 ) * MAS arithmetic functions Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Adding Divide() and Modulo() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Tidy go.mod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix lift issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set division scale to maximum of operands Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Precision for Add()/Subtract() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set duration precision Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added comment for duration diff calculation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-07 15:44:46 +00:00
Joel Kamp	081dd97cc3	fix: update registry credentials on verify (#2798 ) Signed-off-by: Joel Kamp <joel.kamp@invitae.com>	2021-12-06 16:08:16 -08:00
Danny__Wei	beeec06c7f	Add `path_canonicalize` custom JMESPath function (#2787 ) * Add path_canonicalize custom JMESPath function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * Add CLI test for the custom path_canonicalize function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * remove the extra parameter Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com>	2021-12-06 12:10:34 +01:00
Vyankatesh Kudtarkar	b7767d79d3	change cluster role labels (#2776 ) * change cluster role labels * change cluster role label value * fix cluster role label issue * fix comment	2021-12-02 15:52:34 +05:30
Bricktop	962f4de8d8	Only report on intended errors when checking JSONPatch path for variables (#2710 ) * Only report on intended errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Change error text to be more fitting Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Replace vars for checks Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove more checks for testing Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Disable schema validation Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove unneeded fmt prints Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-11-30 17:14:58 +00:00
Sebastian Widmer	4c251bcffd	Add `pattern_match` custom JMESPath function analogous to `regex_match` (#2717 ) * Add `pattern_match` custom JMESPath function analogous to `regex_match` Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Add CLI test for the custom `pattern_match` function Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-11-30 00:13:07 +08:00
Vyankatesh Kudtarkar	5c50191d8a	change matchGVK logic (#2736 ) * change matchGVK logic * fix issue * add testcases * add testcase core * format code * fix comment	2021-11-24 22:17:32 +08:00
Jim Bugwadia	3c9430d2fc	handle missing predicate type (#2743 ) * handle missing predicate type Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 10:49:21 -08:00
Vyankatesh Kudtarkar	4c28540f83	fix crd sync issue (#2634 )	2021-11-22 21:52:45 +08:00
Shubham Palriwala	ea3529f2d0	Trivy now scans local images (#2744 ) * fix: trivy now scans entire container Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 20:57:51 +08:00
Jim Bugwadia	8a0d465d90	fix signature (#2740 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:12:12 +08:00
vivek kumar sahu	3e7c469d2e	set default value of "request.operation" to "CREATE" (#2688 ) * set default value of "request.operation" equals to "CREATE" Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * handles the value of "request.operation" as "CREATE" in the CLI Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fixed the failing e2e test case Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added logs Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test case Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-11-18 16:09:35 +01:00
Kumar Mallikarjuna	7f95bee23c	Added time_since() custom JMESPath function (#2680 ) * Added time_since() custom JMESPath function Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove time.Layout (not supported in Go 1.16) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Modify time_since() for 3 arguments Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add tests for functions_test.go Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Timestamp literals and tabulated tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove layout map and default to RFC3339 Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-11-17 21:17:17 +01:00
Jose Armesto	1ff16ba5d4	Do not log error when resource is not namespaced (#2730 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-11-17 15:09:00 +01:00
Steven E. Harris	f90b982903	Allow use of "pods/binding" subresource (#2721 ) For cases where a policy matches the "Bindings" kind in the "core/v1" API group and version, adjust the pertinent Webhook configuration rule to use the "pods/binding" subresource. Doing so allows observing and reacting to the Kubernetes scheduler (and its "extenders") assigning pods to nodes, before any other system actors observe that assignment. This is an opportune moment in between the pod' creation and a kubelet starting it running. Signed-off-by: Steven E. Harris <seh@panix.com>	2021-11-16 22:26:22 +01:00
Vyankatesh Kudtarkar	fa95132806	Fix: Hard-coded ClusterRoleName in OwnerRef breaks (#2718 ) * fix hardcoded clusterrole name * Fix label	2021-11-16 19:32:42 +08:00
Anushka Mittal	94395ac243	Wildcard values (#2692 ) * wildcard-support Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Added unit tests Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * improvements in anyin and allin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-15 15:02:46 +01:00
Anushka Mittal	497514fd94	Fixes in new operators (#2704 ) * fixes in operators to in many-to-one comparison Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrected allnotin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * correction for duplicates Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-12 11:15:16 +01:00
Anushka Mittal	7d423f97c4	added check for misspelled fields in condition (#2707 ) * added check for misspelled fields in condition Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrections in error message Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-11 17:57:18 +01:00
Marcus Noble	8690f8b142	Handle reports with missing result property (#2696 ) * Handle reports with missing result property Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Make use of type structs Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix import Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix cast from map to struct Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-11-09 12:03:15 +01:00
Pooja Singh	5195bc5bf2	added skip status for generate (#2657 )	2021-11-08 20:11:29 -08:00
Danny__Wei	84c44c0827	obtain webhook config name dynamically (#2698 )	2021-11-08 20:09:19 -08:00
shuting	0f0c070072	Fix memory issue - RCR conversion (#2678 )	2021-11-08 15:53:21 -08:00
Pooja Singh	0e8341166d	ignoring generate kinds from mutate webhook (#2656 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-11-06 23:06:00 +05:30
Pritish Samal	4810dda3e9	fix typo in comments (#2685 ) Signed-off-by: CIPHERTron <pritish.samal918@gmail.com>	2021-11-06 16:05:31 +01:00
Jim Bugwadia	50cb1859c3	add keyless verification (#2677 ) * add keyless verification Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter warning Signed-off-by: Jim Bugwadia <jim@nirmata.com> * wrap error with details Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-04 23:26:22 -07:00
Jim Bugwadia	e5e849acfe	Fix image var in cmdline (#2673 ) * add image substitution Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm foreach test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add error checks Signed-off-by: ShutingZhao <shutting06@gmail.com> Co-authored-by: ShutingZhao <shutting06@gmail.com>	2021-11-03 14:06:47 -07:00
Jim Bugwadia	5c16ee738a	redo variable validation (#2647 ) * redo variable validation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle quotes for JMESPath - escaping Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 11:16:55 -07:00
Yulia Nedyalkova	40d30df726	Fix bug in event creation for failed policies (#2652 ) Signed-off-by: yulianedyalkova <julianedialkova@gmail.com>	2021-11-03 11:55:58 +01:00
Batuhan Apaydın	4eab46fb7d	feat: support other key methods (#2607 ) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 00:45:35 -07:00
Vyankatesh Kudtarkar	6eb7cf57f7	bug fix : Kyverno policies block uninstall of Kyverno (#2659 ) * bug fix uninstall kyverno issue * rename the methods	2021-11-02 23:44:32 -07:00
Jim Bugwadia	e701b7aceb	re-apply policies to managed pods (#2648 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-01 11:08:24 -07:00
Jim Bugwadia	de9fb567f0	Merge pull request #2643 from yashvardhan-kukreja/issue-2629/metrics-result-fix-up Fix: RuleResult label to be correctly populated while registering respective metrics	2021-10-31 02:19:51 -07:00
Bricktop	f42144b929	Improve consistency in jmesPath functions test file (#2640 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-29 14:45:03 -07:00
Jim Bugwadia	675b3608a4	Merge pull request #2630 from JimBugwadia/handle_cosign_payload_variations handle Cosign payload variations	2021-10-29 14:36:29 -07:00
Yashvardhan Kukreja	43d4b549ab	Fix: RuleResult label to be correctly populated while registering respective metrics Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-10-30 02:56:04 +05:30
Jim Bugwadia	4019d6b8b2	merge main and fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-10-29 09:18:47 -07:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Marcus Noble	1966c82c6d	Fix various go lint issues (#2639 ) * Fix various go lint issues Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix if mistake Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Simplified returns Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 17:06:03 +02:00
Lukasz Jakimczuk	40b579ccd7	Improving readability (#2638 ) Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io>	2021-10-29 14:48:22 +02:00
Marcus Noble	373420aa6d	Fix go vet errors (#2637 ) Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 14:09:11 +02:00
Lukasz Jakimczuk	ca975b8e99	Range Operators (#2622 ) Range operator: first iteration Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Changing hyphen to colon Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Accounting for negative numbers Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * View on the second version Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Adding tests to the operator Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Renoving negative support Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Adding comment Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Signing Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Going for the regexp version of operator Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io> * Adding negative range operator Signed-off-by: Łukasz Jakimczuk <lukasz.j@giantswarm.io>	2021-10-29 13:48:23 +02:00

... 3 4 5 6 7 ...

2379 commits