mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
7403 commits 20 branches 550 tags 288 MiB
Commit graph

687 commits

Author SHA1 Message Date
Pooja Singh
8105e4cad8
Allowing only few variables in the policies (#1063) 
* Checking for non whitelisted variables in the policy

* method name change

* small issue while rebasing
 2020-08-23 15:11:03 -07:00
Pooja Singh
2717a03ab2
Not checking for cluster resources for CLI in policy validate (#1076) 2020-08-21 23:07:54 +05:30
Mohan B E
f60deecdce
Feature/namespaced policy 280 (#1058) 
* namespaced policy crd and cache

* modified main.go

* removed kyverno

* implemented policy violation generator for namespaced policy on audit

* modified cache

* added validation for cluster resource types

* install.yaml

* install.yaml

* removed namespaces from crd and refactored code

* modified NamespacePolicy to Policy

* added ClusterRole aggregate for policies

* modified clusterrole
 2020-08-19 09:07:23 -07:00
shuting
d6062fdd47
Add go fmt (#1055) 
* remove empty flag

* format code

* revert change in install.yaml
 2020-08-14 12:21:06 -07:00
Yuvraj
73840e3c5f
configrable rules added (#1017) 
* configrable rules added

* fix exclude group logic from code

* flag added in yaml

* exclude username added

* exclude username added

* config interface implimented

* configure exclude username

* get role ref

* test case fixed

* panic fix

* move from interface to slice

* exclude added in mutate

* trim strings

* configmap changes added

* kustomize changes for configmap

* k8s resources added
 2020-08-07 17:09:24 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30
shuting
75a7543c6d
Events fix (#1006) 
* remove success event

* remove event success message

* remove events generated on clusterpolicy
 2020-07-20 20:30:02 +05:30
shuting
87fa77fbcc
965 add validate audit handler (#967) 
* store policy names cache to reduce lookup time

* add validate audit handler

* fix #958, remove auto-gen annotation on Pod

* formatting code

* update processTime to readable format

* #586, add back unit test

* update logging info

* remove unused interface

* handle generate policy in a single thread in weboook

* resolve pr comments
 2020-07-09 11:48:34 -07:00
Jim Bugwadia
05250c2870
replace deletion timestamp check (#961) 2020-06-30 23:30:31 -07:00
Jim Bugwadia
65193feccb
update logging, naming, and event retry (#959) 
* update logging and naming

* check per policy patch count
 2020-06-30 11:53:27 -07:00
shuting
7ffeb6efca
skip generate violation on pre-exist pod (#952) 2020-06-25 09:52:54 -07:00
shuting
06a2b246dd
Background mode only apply to running pods (#949) 
* background mode process Running pod only

* update debug doc
 2020-06-25 09:52:27 -07:00
shuting
b3a1e51a84
bug fix auto-gen annotation reported as violation (#902) 
* fix auto-gen annotation reported as violation

* update log
 2020-06-03 17:47:06 -07:00
Jim Bugwadia
5cdcbec3c9
Bugfix/1.1.6 adjust resync and cleanup unused (#884) 
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* remove policy store

Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.

We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.

* handle wildcard namespaces in background processing

* fix unit tests 1) remove platform dependent path usage 2) remove policy store

* add test case for mutate with wildcard namespaces

* adjust all resync periods

* remove unused data fields

* add pattern for match
 2020-05-27 19:51:34 -07:00
Shuting Zhao
087f183895 fix typo 2020-05-26 23:07:48 -07:00
Shuting Zhao
139000fe3f fix namespace lister 2020-05-26 22:26:07 -07:00
Shuting Zhao
7ea2930fa4 - fix violations re-create on the same resource - skip background processing if a resource is to be deleted 2020-05-26 16:25:11 -07:00
Jim Bugwadia
838d02c475
Bugfix/659 support wildcards for namespaces (#871) 
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* remove policy store

Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.

We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.

* handle wildcard namespaces in background processing

* fix unit tests 1) remove platform dependent path usage 2) remove policy store

* add test case for mutate with wildcard namespaces
 2020-05-26 10:36:56 -07:00
Shuting Zhao
bc981f9a11 fix 869 2020-05-20 13:42:23 -07:00
Shuting Zhao
0670abe2d2 set log level 2020-05-18 21:16:48 -07:00
Shuting Zhao
416f5ecc00 Merge branch 'master' into 744_deny_requests 
# Conflicts:
#	pkg/utils/util.go
#	pkg/webhooks/server.go
 2020-05-18 18:05:22 -07:00
Shuting Zhao
ad4f06f22d Merge branch 'master' into 744_deny_requests 
# Conflicts:
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2020-05-18 12:32:42 -07:00
Shuting Zhao
f97c202d52 extract controller resync period to a constant file 2020-05-18 11:56:17 -07:00
Shuting Zhao
b9d38d2fd3 fix error "failed to list resources" 2020-05-18 11:56:17 -07:00
Jim Bugwadia
8c4c98d1a4
Merge pull request #855 from nirmata/bugfix/fixes_791_792_832 
Bugfix/fixes 791 792 832
 2020-05-17 19:30:11 -07:00
Yuvraj
0635df7b11
Bug - annotation inserted to podTemplate by auto-gen should reflect the policy name (#850) 
* Added check for  annotation inserted to podTemplate by auto-gen

* skip reporting violation on pod which has annotation pod-policies.kyverno.io/autogen-applied

* Revert Changes

* typo fixed

* Update condition for skiping the pods
 2020-05-17 18:51:56 -07:00
Jim Bugwadia
993bad7b65 improve comments 2020-05-17 09:54:32 -07:00
Jim Bugwadia
bf1aaba99b allow cross platform builds 2020-05-17 09:51:46 -07:00
Jim Bugwadia
bc37d27de6 remove unnecessary comments and reduce cache resync intervals 2020-05-17 09:51:18 -07:00
shravan
3a146a5952 744 added not found error type 2020-05-13 10:06:21 +05:30
shravan
09310d19e1 744 fixing policy validation 2020-05-06 22:27:06 +05:30
shravan
6b1498b770 744 fixing policy validation and removing allRequests field 2020-05-06 19:46:32 +05:30
shravan
1b2868620e 744 fixing tests and making sure policy with variables that are not request.object are not allowed in background mode 2020-05-06 00:29:40 +05:30
shravan
f8f27cea18 744 fixing policy validation 2020-04-27 22:01:33 +05:30
shravan
0a34357921 744 improving error message 2020-04-27 16:02:02 +05:30
shravan
f839f27b41 Merge branch 'master' into 744_deny_requests 2020-04-27 15:12:35 +05:30
shravan
0a65a66cc0 823 tested prototype 2020-04-27 15:05:10 +05:30
shravan
7dc7420ad9 744 policy validation skip 2020-04-23 01:05:00 +05:30
shravan
93fa54bf79 744 deny all requests 2020-04-18 18:26:09 +05:30
shravan
83ecd95945 744 added all request values to context 2020-04-15 21:17:14 +05:30
shravan
4cb44bce09 744 save commit 2020-04-14 19:06:48 +05:30
shravan
b6f01db0b1 744 resolve merge conflicts 2020-04-13 20:31:40 +05:30
shravan
2451756651 744 tested prototype 2020-04-10 23:24:54 +05:30
shravan
d4baf44fd9 753 practical test fixes 2020-04-04 16:18:36 +05:30
shravan
dd0f3d140e 753 resolving merge conflicts 2020-04-04 15:55:19 +05:30
shravan
fde5e5490f 753 testcase and fixes 2020-04-04 14:49:50 +05:30
shravan
0b2aa90444 753 new req save commit 2020-04-04 12:46:51 +05:30
shravan
410e53bd9f 787 tested prototype 2020-04-02 21:13:39 +05:30
shravan
bbeefb955b 778 tested prototype 2020-04-01 19:06:13 +05:30
shravan
20b161a270 765 resolved merge conflicts 2020-03-29 09:09:26 +05:30