kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Riko Kudo	f5aa68eb55	add test cases for yaml verification feature (#5326 ) * add test cases for yaml verification feature Signed-off-by: Riko Kudo <rurikudo@ibm.com> * update policies to use the new schema version Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-15 08:27:58 -05:00
Vyankatesh Kudtarkar	7137ccaa28	fix 5151 issue (#5170 )	2022-10-31 19:15:02 +08:00
Charles-Edouard Brétéché	ad2cbd3b33	feat: add simple conformance tests (#5073 ) * feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-20 12:17:33 +00:00
Abhinav Sinha	a1182859ad	Added `x509_decode` JMESPath function (#4664 ) * Added `x509_decode` JMESPath function Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Use `crypto/x509` stdlib Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Return result as `map[string]interface{}` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Made minor fixes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Fixed error with unmarshalling decoded certificate Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Added e2e test for decoding X.509 certs Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Reverted to using `smallstep/zcrypto` for X.509 Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Minor fix Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Addressed reviews Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Removed redundant dependency on `pkg/errors` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-09-28 18:15:39 +00:00
Charles-Edouard Brétéché	4d7e1281de	fix: namespaced policy not validated in engine (#4653 ) * fix: namespaced policy not validated in engine Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-09-26 12:47:37 +08:00
Charles-Edouard Brétéché	4864be14f1	fix: make ldflags optional in .ko.yaml (#4419 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-26 13:40:27 +00:00
vivek kumar sahu	17052436cb	Treat normal and precondition variable equally (#4217 ) * When the value of the variables not present will assigned as nil Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fixed failing test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * remove extra line Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-18 04:34:36 +00:00
vivek kumar sahu	c95bb74992	Context vars substitution in CLI (#4290 ) * context variables substitution will be independent of sequence Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-09 05:48:57 +00:00
vivek kumar sahu	f6c131cfcc	precondition failure will skip rule independent of audit or enforce mode (#4163 ) * precondition fails will skip rule independent of audit or enforce mode Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli-test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * small fix Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-14 09:35:27 +05:30
vivek kumar sahu	a37901425f	return helpful error message on invalid patched resources. (#4129 ) Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-06 13:24:28 +05:30
Tathagata Paul	16f8620993	added resource lists for test cli (#4082 ) Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>	2022-06-20 06:38:13 +00:00
Shubham Nazare	165c5d9fc3	feat: Extend CLI to cover generate policies (#3456 ) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-25 14:26:22 +00:00
vivek kumar sahu	fbbe57f5e1	Request operation value by default to CREATE (#3894 ) * set by default request.operation to CREATE Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-25 13:59:53 +00:00
Vyankatesh Kudtarkar	31928c9507	Fix subject match selector issue in cli (#3887 ) * Fix subject match selector issue in cli * remove space * code refactoring	2022-05-11 15:21:13 +00:00
Sambhav Kothari	2dc54e5c1b	Allow variables of any kind to be defined (#3828 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-05-07 20:30:11 +00:00
Moritz Johner	4d2ec26c90	CLI should respect scored annotation for warnings (#3821 ) Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-05-07 13:33:50 +00:00
Sambhav Kothari	c3604c1170	Add an object_from_lists function (#3824 )	2022-05-07 12:05:04 +00:00
Sambhav Kothari	e55bf0bf6f	Relax JMESPath variable validation (#3826 )	2022-05-07 16:40:53 +05:30
Jim Bugwadia	db3502656d	Cert attestor (#3809 ) * add certificates attestor Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle duplicate images; use container name as key Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use OldObject for modify requests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * use unique image names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Jim Bugwadia <jim@nirmata.com> * create a single annotation patch across rules and images Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and change annotation key name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * split certs from keys Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add Rekor and fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-05 21:57:20 -07:00
Sambhav Kothari	6e48fdf4ce	Fix issue with image registry when decoding OCI descriptors with out of spec keys (#3799 )	2022-05-04 13:38:56 -04:00
gsweene2	af51ceb4ff	Add JMESPath Function `items` (#3777 ) Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-05-04 10:33:24 +00:00
Vyankatesh Kudtarkar	fca068d0f6	Fix Cli test for image verification (#3760 ) * fix Cli test for image verification	2022-05-04 04:11:59 +00:00
Sambhav Kothari	0a5f004047	Allow non-object type elements for foreach rules (#3763 ) Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-02 16:39:37 +00:00
Jim Bugwadia	3cb620499e	Remove YAML multiline support in CM values (#3721 ) * remove YAML multiline support in CM values Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused code Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-02 08:57:35 +01:00
Jim Bugwadia	ab5171cee5	Verify digest (#3679 ) * add verifyDigest to check all tags are converted to digests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add required to check for image verification annotation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate CRD Signed-off-by: Jim Bugwadia <jim@nirmata.com> * adding imageverify true/false patch Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * patch addition logic Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * image verify CLI tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fixes and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix digest mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix policy cache Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-27 15:09:52 +00:00
Sambhav Kothari	25badfe4fb	Fix regression in wildcard matches in In/AnyIn operators (#3686 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-26 18:03:05 +00:00
Vyankatesh Kudtarkar	79be6379b2	fix test cli CI failures from main (#3682 )	2022-04-26 20:00:46 +08:00
Vyankatesh Kudtarkar	56c90fd087	Support context variables when using foreach CLI (#3637 ) * Support context variables when using foreach CLI * add testcases	2022-04-25 16:36:31 +00:00
Sambhav Kothari	44b5bf0b57	Allow definition of inline variables in context (#3658 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-04-25 19:06:07 +08:00
Tathagata Paul	10cf0f2344	add support for roles, cluster roles and subjects (#3188 ) * add support for roles, cluster roles and subjects in kyverno cli Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-04-12 04:00:49 +00:00
Vyankatesh Kudtarkar	e268be9e88	support for deprecated API's (#3439 ) * support for deprecated API's * add testcase * update condition * fix logic	2022-03-22 18:25:35 +00:00
Aidan Delaney	4ec3b36f7f	Remove support for test.yaml (#3442 ) kyverno-test.yaml is now the only supported test file name Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>	2022-03-22 14:09:08 +05:30
Sambhav Kothari	6498425937	Add a registry flag to allow direct access to container registries in the CLI (#3396 ) * Add a registry flag to allow direct access to container registries in the CLI Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-03-16 09:56:47 +05:30
Vyankatesh Kudtarkar	68093cd44c	Cli Apply command support Dir as resources (#3391 ) * apply command support dir as resources * fix issue	2022-03-15 16:00:59 +08:00
Vyankatesh Kudtarkar	148a892277	Fix any_all wildcard issue (#3352 )	2022-03-08 12:59:33 +00:00
Vyankatesh Kudtarkar	e8bf16a00b	Fix label mutation while updating the secret (#3273 ) * Fix label mutation while updating the secret * Update util.go * fix converter issue * code indentation	2022-02-22 19:49:03 +08:00
Vyankatesh Kudtarkar	04e5f50cde	fix mutate wildcard issue (#3193 ) Co-authored-by: shuting <shuting@nirmata.com>	2022-02-18 10:32:10 +00:00
Vyankatesh Kudtarkar	0a5aad39cf	Fix foreach validations precondition issue (#3228 ) * fix foreach validations precondition issue * added test-cases	2022-02-18 09:11:41 +00:00
Tathagata Paul	b91ff5a7f2	Bug fix: negation of string kernel version caused Cluster Policy to fail (#3229 ) * fixed bug where negation of kernel version caused cpolr to fail Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * small fix in function validateString Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Added necessary tests Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Added one more test Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Add more tests and added a policy to the test folder Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added policy for test cli Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:33:30 +05:30
vivek kumar sahu	0293368504	fixing bug to handle two different types of rules (#2954 ) * fixing bug for the info variable Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-02-09 10:33:54 +00:00
Vyankatesh Kudtarkar	b3f702ba8d	test-cases for wildcard match label selector (#3165 )	2022-02-04 03:45:40 +00:00
Vyankatesh Kudtarkar	373f421b07	Fix panic for provides a set to the key of a precondition and deny condition (#3162 )	2022-02-03 14:46:58 +00:00
Sambhav Kothari	98284114f5	Relax rule context validation to follow JMESPath grammar (#3129 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 18:23:59 +00:00
Sambhav Kothari	2b1e7189b1	Fix variable substitution when curly braces are used in jmespath (#3133 ) * Fix variable substitution when inline jmespath objects are defined Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add additional test cases which use brackets Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:11:19 +00:00
Jim Bugwadia	06e93fec46	apply patches cumulatively (#3083 ) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-25 09:00:18 +00:00
treydock	cd4650eb5a	Fix CLI test/apply when any/all use namespaceSelector (#3050 ) * Fix CLI test/apply when any/all use namespaceSelector Fixes #3047 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * gofmt fix Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-25 08:06:17 +00:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Anushka Mittal	df4d7ae26c	Broken exclude any all (#2990 ) * added check for any/all Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * minor corrections Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrected return check for rbac info Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added cli test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-20 08:29:16 +00:00
Sambhav Kothari	f5e00ee034	Add a parse_yaml function (#2999 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-17 13:41:08 +00:00
Sambhav Kothari	1af9e48b0d	Add image data to validate image configs (#2946 ) * Add image data to validate image configs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add tests for image context Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add e2e test cases for image size policy Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-17 04:06:44 +00:00

1 2

74 commits