kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
shuting	f4614213e5	Test publishing dev-test images (#2848 ) * publish dev-* images Signed-off-by: ShutingZhao <shuting@nirmata.com> * add LD_FLAGS_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * add IMAGE_TAG_LATEST_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test statement Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-17 02:46:59 +00:00
Vyankatesh Kudtarkar	39a299f317	Update labels to fetch cluster role (#2842 )	2021-12-16 07:55:58 +00:00
Naman Lakhwani	59a460b31e	adding support for Cosign key-value annotations (#2824 ) * adding annotation check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * updating manifests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * changing map val type to string form interface{} Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * passing args to opts Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-16 06:19:44 +00:00
treydock	c8e5750c4f	Ensure Helm chart networkpolicy is valid by default (#2827 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-15 21:43:05 +08:00
Jim Bugwadia	a3efcc80ac	add permissions for Kyverno deployment update (#2830 ) * add permissions for Kyverno deployment update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove quotes Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-13 14:38:13 -08:00
Naman Lakhwani	edafffd2bd	added issuer check (#2804 ) * added issuer check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * switch to using SimpleContainerImage Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * added subject check and required test cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * small nits Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * correcting tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 19:46:22 +00:00
Jim Bugwadia	b17e76493e	tighten and clarify Kyverno roles and permissions (#2799 ) * update roles and rolebindings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert label and fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * restrict role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix whitespace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove ingress extensions/v1beta1 Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * tighten and clarify Kyverno roles and permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fake commit to trigger workflows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert tests and update test role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add newlines Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove invalid param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup roles in Helm templates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove `mutate` cluster role binding Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 04:34:06 +00:00
Prateek Pandey	911bebcf4d	[docs]: sync api docs with latest api changes (#2808 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-09 14:44:29 +00:00
Danny__Wei	8da64cb5cf	fix: add Windows testcases for path_canonicalize (#2803 ) Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-08 15:14:49 +00:00
Sebastian Widmer	80664d339f	Add command-line flags to allow setting client rate limits (QPS/Burst) (#2797 ) * Add `-clientRateLimitQPS` and `-clientRateLimitBurst` flags to allow controlling client rate limits. Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Return error if QPS is higher than max value of float32 Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-12-08 14:03:07 +01:00
Kumar Mallikarjuna	a667a69812	JMESPath arithmetic function units (#2753 ) * MAS arithmetic functions Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Adding Divide() and Modulo() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Tidy go.mod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix lift issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set division scale to maximum of operands Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Precision for Add()/Subtract() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set duration precision Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added comment for duration diff calculation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-07 15:44:46 +00:00
Joel Kamp	081dd97cc3	fix: update registry credentials on verify (#2798 ) Signed-off-by: Joel Kamp <joel.kamp@invitae.com>	2021-12-06 16:08:16 -08:00
Danny__Wei	beeec06c7f	Add `path_canonicalize` custom JMESPath function (#2787 ) * Add path_canonicalize custom JMESPath function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * Add CLI test for the custom path_canonicalize function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * remove the extra parameter Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com>	2021-12-06 12:10:34 +01:00
Vyankatesh Kudtarkar	b7767d79d3	change cluster role labels (#2776 ) * change cluster role labels * change cluster role label value * fix cluster role label issue * fix comment	2021-12-02 15:52:34 +05:30
Bricktop	962f4de8d8	Only report on intended errors when checking JSONPatch path for variables (#2710 ) * Only report on intended errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Change error text to be more fitting Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Replace vars for checks Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove more checks for testing Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Disable schema validation Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove unneeded fmt prints Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-11-30 17:14:58 +00:00
Tobias Brunner	ef20ae4d47	Add VSHN as adopter with APPUiO Cloud (#2773 ) Signed-off-by: Tobias Brunner <tobias.brunner@vshn.ch>	2021-11-30 08:03:47 -08:00
Anita-ihuman	5ef89e7da0	improved the contributing guidelines. (#2766 ) Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>	2021-11-30 21:18:39 +08:00
Sebastian Widmer	4c251bcffd	Add `pattern_match` custom JMESPath function analogous to `regex_match` (#2717 ) * Add `pattern_match` custom JMESPath function analogous to `regex_match` Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Add CLI test for the custom `pattern_match` function Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-11-30 00:13:07 +08:00
Vyankatesh Kudtarkar	5c50191d8a	change matchGVK logic (#2736 ) * change matchGVK logic * fix issue * add testcases * add testcase core * format code * fix comment	2021-11-24 22:17:32 +08:00
Igor Urazov	9e10eef422	Don't check for Prom Operator apiVersion (#2723 ) `.Capabilities.APIVersions.Has` function has limitations when running with `helm template`, which is common step in multiple CD tools. In order to properly resolve `Capabilities.APIVersions` `helm template` has to run with `--validate` option and connect to cluster that has Prom Operator CRDs installed. As this template is opt-in and user has to set value to enable this, apiVersion check doesn't provide much value and can be removed. Signed-off-by: Ihor Urazov <iurazov@healthjoy.com>	2021-11-23 15:12:43 -05:00
Jim Bugwadia	3c9430d2fc	handle missing predicate type (#2743 ) * handle missing predicate type Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 10:49:21 -08:00
Vyankatesh Kudtarkar	4c28540f83	fix crd sync issue (#2634 )	2021-11-22 21:52:45 +08:00
Shubham Palriwala	ea3529f2d0	Trivy now scans local images (#2744 ) * fix: trivy now scans entire container Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 20:57:51 +08:00
Jim Bugwadia	8a0d465d90	fix signature (#2740 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:12:12 +08:00
Jim Bugwadia	189c6f8cda	fix dependabot issue and remove stale entries in go.mod (#2741 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:11:38 +08:00
vivek kumar sahu	3e7c469d2e	set default value of "request.operation" to "CREATE" (#2688 ) * set default value of "request.operation" equals to "CREATE" Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * handles the value of "request.operation" as "CREATE" in the CLI Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fixed the failing e2e test case Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added logs Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test case Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-11-18 16:09:35 +01:00
Kumar Mallikarjuna	7f95bee23c	Added time_since() custom JMESPath function (#2680 ) * Added time_since() custom JMESPath function Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove time.Layout (not supported in Go 1.16) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Modify time_since() for 3 arguments Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add tests for functions_test.go Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Timestamp literals and tabulated tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove layout map and default to RFC3339 Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-11-17 21:17:17 +01:00
Jose Armesto	1ff16ba5d4	Do not log error when resource is not namespaced (#2730 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-11-17 15:09:00 +01:00
Steven E. Harris	f90b982903	Allow use of "pods/binding" subresource (#2721 ) For cases where a policy matches the "Bindings" kind in the "core/v1" API group and version, adjust the pertinent Webhook configuration rule to use the "pods/binding" subresource. Doing so allows observing and reacting to the Kubernetes scheduler (and its "extenders") assigning pods to nodes, before any other system actors observe that assignment. This is an opportune moment in between the pod' creation and a kubelet starting it running. Signed-off-by: Steven E. Harris <seh@panix.com>	2021-11-16 22:26:22 +01:00
Vyankatesh Kudtarkar	fa95132806	Fix: Hard-coded ClusterRoleName in OwnerRef breaks (#2718 ) * fix hardcoded clusterrole name * Fix label	2021-11-16 19:32:42 +08:00
Kumar Mallikarjuna	e3c17972a8	Update CHANGELOG (#2727 ) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-11-16 19:31:36 +08:00
Anushka Mittal	94395ac243	Wildcard values (#2692 ) * wildcard-support Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Added unit tests Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * improvements in anyin and allin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-15 15:02:46 +01:00
Anushka Mittal	497514fd94	Fixes in new operators (#2704 ) * fixes in operators to in many-to-one comparison Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrected allnotin Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * correction for duplicates Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-12 11:15:16 +01:00
Anushka Mittal	7d423f97c4	added check for misspelled fields in condition (#2707 ) * added check for misspelled fields in condition Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrections in error message Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>	2021-11-11 17:57:18 +01:00
Batuhan Apaydın	b5615b6380	feat: create new builder for buildx (#2703 ) Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com>	2021-11-10 21:07:40 +01:00
Kumar Mallikarjuna	17e671bf53	Remove redundant PDB (#2598 ) * Remove field podDisruptionBudget.enabled Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CHANGELOG.md Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CHANGELOG to 1.5.2-rc1 Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove enabled flag Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-11-09 09:15:28 -08:00
Marcus Noble	8690f8b142	Handle reports with missing result property (#2696 ) * Handle reports with missing result property Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Make use of type structs Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix import Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix cast from map to struct Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-11-09 12:03:15 +01:00
Bricktop	ef553e6e78	Add CODEOWNERS file for maintainers (#2686 ) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-11-09 09:28:52 +01:00
Pooja Singh	5195bc5bf2	added skip status for generate (#2657 )	2021-11-08 20:11:29 -08:00
Danny__Wei	84c44c0827	obtain webhook config name dynamically (#2698 )	2021-11-08 20:09:19 -08:00
shuting	0f0c070072	Fix memory issue - RCR conversion (#2678 )	2021-11-08 15:53:21 -08:00
Pooja Singh	0e8341166d	ignoring generate kinds from mutate webhook (#2656 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-11-06 23:06:00 +05:30
Chip Zoller	7c5142b26a	Contributors updates, Kyverno CLI acknowledgements (#2644 ) * add platform to bug template Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Helm value updates Signed-off-by: Chip Zoller <chipzoller@gmail.com> * linting, formatting, link updates Signed-off-by: Chip Zoller <chipzoller@gmail.com> * linting, formatting, updates Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Updates per contributors meeting; linting, fixes Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Updated templates with acknowledgement of CLI parity Signed-off-by: Chip Zoller <chipzoller@gmail.com> * git => GitHub Signed-off-by: Chip Zoller <chipzoller@gmail.com>	2021-11-06 11:08:42 -04:00
Pritish Samal	4810dda3e9	fix typo in comments (#2685 ) Signed-off-by: CIPHERTron <pritish.samal918@gmail.com>	2021-11-06 16:05:31 +01:00
Jim Bugwadia	50cb1859c3	add keyless verification (#2677 ) * add keyless verification Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter warning Signed-off-by: Jim Bugwadia <jim@nirmata.com> * wrap error with details Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-04 23:26:22 -07:00
Jim Bugwadia	e5e849acfe	Fix image var in cmdline (#2673 ) * add image substitution Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm foreach test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add error checks Signed-off-by: ShutingZhao <shutting06@gmail.com> Co-authored-by: ShutingZhao <shutting06@gmail.com>	2021-11-03 14:06:47 -07:00
shuting	04189e450c	bump chart version to release fix for https://github.com/kyverno/kyverno/pull/2655 (#2672 ) Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-11-03 16:15:01 -04:00
Jim Bugwadia	5c16ee738a	redo variable validation (#2647 ) * redo variable validation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle quotes for JMESPath - escaping Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 11:16:55 -07:00
Yulia Nedyalkova	40d30df726	Fix bug in event creation for failed policies (#2652 ) Signed-off-by: yulianedyalkova <julianedialkova@gmail.com>	2021-11-03 11:55:58 +01:00
Batuhan Apaydın	4eab46fb7d	feat: support other key methods (#2607 ) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-03 00:45:35 -07:00

1 2 3 4 5 ...

3918 commits