kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	b36a2ecdcc	feat: bump update request api version (#10508 ) * feat: bump update request api version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-20 09:44:43 +00:00
Charles-Edouard Brétéché	a5254f7344	feat: remove old intermediate reports types (#10504 ) * feat: remove old ephemeral reports types Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 19:54:43 +00:00
Mariam Fahmy	88d1063647	chore: use mutateExistingOnPolicyUpdate under mutate rule in chainsaw tests (#10507 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-19 18:16:46 +02:00
Mariam Fahmy	9285006f7a	feat: add mutateExistingOnPolicyUpdate field under the mutate rule (#10461 ) * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add mutateExistingOnPolicyUpdate field under the mutate rule Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-19 09:29:19 +00:00
Charles-Edouard Brétéché	6e1def1004	feat: remove v1alpha2 group/version (#10500 ) * feat: remove v1alpha2 group Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 08:08:15 +00:00
Vishal Choudhary	334594c128	feat: add support for cosign experimental OCI 1.1 signatures (#10228 ) * feat: add support for cosign experimental OCI 1.1 signatures Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove unrelated changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: requested changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-18 23:03:53 +00:00
Charles-Edouard Brétéché	d75d19ab3d	fix: use generate name for admission reports (#10491 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-17 17:54:04 +00:00
Charles-Edouard Brétéché	7f57b9618a	feat: cleanup v2alpha1 kyverno api (#10457 ) * feat: cleanup v2alpha1 kyverno api Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-06-14 09:39:36 +00:00
Mariam Fahmy	846439b13e	feat: add generateExisting field under the generate rule (#10441 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-13 13:41:46 +00:00
shuting	fe8c429e78	fix: avoid creating duplicate urs for background policies (#10431 ) * feat: add generator abstraction Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: replace urgenerator Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: ko build Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: load threshold from kyverno configmap Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add metadata client to get ur count Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade 2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename imports Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen manifests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: handle nil value Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update threshold to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: avoid duplicate URs creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: revert false changes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: simplify background applications Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-12 15:23:53 +00:00
shuting	9e5c297dcf	feat: add a circuit breaker for updaterequests (#10382 ) * feat: add generator abstraction Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: replace urgenerator Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: ko build Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: load threshold from kyverno configmap Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add metadata client to get ur count Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade 2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename imports Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen manifests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: handle nil value Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update threshold to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-11 08:54:51 +00:00
Vishal Choudhary	2104171b4f	fix: add verbosity to background scanner log (#10404 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-06-06 13:51:01 +02:00
Khaled Emara	b834bc0164	fix(gctx): returning old error (#10398 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-05 19:35:42 +00:00
mohamedasifs123	97327fd31c	Fix : failed to parse BACKGROUND_SCAN_INTERVAL log message wrong (#9933 ) * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go -s Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> --------- Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-05 10:05:31 +00:00
shuting	5260b4f7bc	chore: bump k8s libs to 0.30 (#10285 ) * chore: bump k8s libs to 0.30 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kubectl-validate Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump k8s Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sum Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: indent Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump deps Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-04 15:09:44 +08:00
JenTing	3e37f80f87	Fix typo (#10360 ) Signed-off-by: JenTing Hsiao <hsiaoairplane@gmail.com>	2024-06-02 06:50:40 +00:00
Mariam Fahmy	c46cb06d95	fix: remove unused parameters (#10330 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-05-29 23:29:24 +00:00
Vishal Choudhary	47adea6f1c	feat: add support for background scanning of existing resource in image verification (#10287 ) * feat: add support for background scanning of existing resource in image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: change rule response type to image verify Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: fix nilptr reference Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-05-24 09:41:04 +00:00
Khaled Emara	ed4eb9666a	fix(anchor): skip anchors don't have priority (#10206 ) * fix(anchor): give priority to skip anchors Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(anchor): conditional anchor with a failing sibling Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(anchor): conditional anchor mixed with other results Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(anchor): successful anchor with a skip anchor Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-05-22 09:04:14 +00:00
Mariam Fahmy	57b2c5fe4f	fix: add a copy method to the policy context (#10236 ) * fix: add a copy method to the policy context Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add a CLI test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: remove mutate changes Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-21 15:29:09 +00:00
shuting	e58d7120c6	fix: sort webhookconfig.operations (#10274 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-21 13:22:08 +00:00
shuting	84e0ced314	fix: webhook config set (#10262 ) * tests: add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: merge operations map correctly Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-21 08:33:59 +00:00
Mariam Fahmy	59ff771ae8	fix: process the matched resources only for mutate existing policies (#10164 ) * fix: process the matched resources only for mutate existing policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add unit tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-05-20 12:40:53 +00:00
shuting	fb9c66f455	feat(perf): add new linter `prealloc` to enforce slice declarations best practice (#10250 ) * feat(perf): add new linter prealloc to enforce slice declarations best practice Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(linter): prealloac slices Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-20 14:46:35 +05:30
Jim Bugwadia	46e5d818b1	truncate event messages to 1024 chars (#10255 )	2024-05-20 08:16:30 +00:00
Vishal Choudhary	3af0e461f0	fix: deepcopy patched resource in foreach mutate (#10252 ) * fix: deepcopy patched resource to avoid indirect reversal of its elements Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: copy elements while reversing Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: copy resources inside foreach Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * add test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-05-20 14:45:21 +08:00
shuting	37af1f83a7	fix: isolate reports creation context (#10245 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-16 15:58:38 +03:00
Mariam Fahmy	900bf48ecf	fix: skip generating VAPs in case namespace's name contains wildcards (#10205 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-10 14:19:10 +00:00
Mariam Fahmy	6fec52436a	fix: generate VAPs that match all resources when kinds is set to * (#10208 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-09 06:46:10 +00:00
Mariam Fahmy	60e347bedb	feat: support generating VAPs in case of matching resources in specific namespaces (#9981 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-05-08 11:09:47 +00:00
Mariam Fahmy	3fa6a8d34e	fix: add resourceNames field in the generated VAPs (#10187 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-07 12:19:12 +00:00
Mariam Fahmy	f291407ca9	fix: skip generating VAPs for policies that match multiple resources with a namespace/object selector (#10181 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-06 21:52:22 +08:00
Khaled Emara	21602a1e1f	fix(polex): multiple polexes with conditions (#9994 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-06 10:28:39 +00:00
Mariam Fahmy	8805620574	fix: add CONNECT operation in the webhook config for pod/exec subresource (#9855 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-06 09:51:46 +00:00
Mariam Fahmy	cd33b84a62	fix: add pods/ephemeralcontainers to the generated VAPs (#10162 ) * fix: add pods/ephemeralcontainers to the generated VAPs Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: remove an extra space Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-06 08:29:55 +00:00
Vishal Choudhary	c403a498a3	fix: add error check in jmespath type conversion in context variables (#10152 ) * fix: add error check in jmespath type conversion in context variables Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix(lint): new line in tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: properly update path variable Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove log statemet Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-05-01 04:30:34 +00:00
Norwin Schnyder	5d50022f43	fix: skip rules without operation in resource webhook creation (#10146 ) * fix: skip rules without operation in resource webhook creation Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> * test: add unit test for buildRulesWithOperations Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> * fix liniting issues Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> --------- Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-04-30 17:05:44 +00:00
Vishal Choudhary	e66a550560	fix: fetch only adopted ephemeral report (#10148 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-04-30 15:17:24 +00:00
Khaled Emara	c9d821ee72	fix: shared policy context needs to be copied (#10139 ) * fix: shared policy context needs to be copied Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(e2e): concurrent PSS execution Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(e2e): wait for pss policies to be ready Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-04-30 14:05:33 +00:00
shuting	96ffbadd77	fix: sort pod controllers for autogen rule (#10140 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-04-30 12:26:12 +00:00
Mariam Fahmy	77f1f97f6e	chore: remove a package that is imported twice (#10101 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-04-29 10:40:39 +00:00
Mariam Fahmy	798950f72c	fix: return skip when celPreconditions/matchConditions aren't met (#9940 ) * fix: return skip when cel preconditions aren't met Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: return skip when matchConditions in VAPs aren't met Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-04-22 13:49:25 +00:00
Shubham Singh	dbc12ac2be	[Bug] Enabling many-to-one comparisons for `AnyNotIn` operator (#9462 ) * added cases for int, float Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * added bool as well Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * added tests Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * some more tests Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * go fmt Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> * fixed the failing test cases Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> --------- Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-04-22 12:12:08 +00:00
NeuroticalT	370abe257e	Fix: metrics exposure inconsistencies and unwanted side-effects (#10016 ) * Change: metrics exposure improvement Signed-off-by: Tamas Eger <tamas.eger@instructure.com> * Fix: addressing linter errors Signed-off-by: Tamas Eger <tamas.eger@instructure.com> * Fix: unit test assert failure Signed-off-by: Tamas Eger <tamas.eger@instructure.com> --------- Signed-off-by: Tamas Eger <tamas.eger@instructure.com> Co-authored-by: Tamas Eger <tamas.eger@instructure.com>	2024-04-22 07:33:04 +00:00
Mariam Fahmy	ea64529e63	fix: evaluate namespaceObject for Kyverno policies in the CLI (#9977 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-04-19 10:55:41 +00:00
Mariam Fahmy	e91b80a600	fix: evaluate namespaceObject for VAPs in the CLI (#9978 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-04-19 10:20:03 +00:00
Mariam Fahmy	f98d7d86b3	refactor: add a function to check if VAPs are registered in the API server (#10014 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-04-17 10:01:00 +00:00
Vishal Choudhary	3db5bdfad8	fix: add mutex to mock policy context builder (#10057 ) It is possible that two different threads call the build function at the same time causing one append to be lost, this PR adds a mutex to avoid this Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-04-17 09:13:19 +00:00
Khaled Emara	fb40aa5f38	feat(audit): use a worker pool for Audit policies (#10048 ) * enhancement: split validation logic for enforce and audit policies to return admission response earlier Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing file Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: get latest policy object before updating status Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove debug code Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: compare before updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: initial reconcile Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat(audit): use a worker pool for Audit policies Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix: unit test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): spin up go routine Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add flags maxAuditWorkers, maxAuditCapacity Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: enable debug log on failure Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: wait group panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * load-tests: add stess tests configurations Signed-off-by: ShutingZhao <shuting@nirmata.com> * load-tests: disable admissionreports Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: build policy contexts syncronously Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: only run generate and mutate existing go routines when policies are present Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: mutate and verify tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: return early if no audit policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: run handlegenerate and mutate existing in all cases Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: only test bgapplies in generate test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: defer wait in tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * enhancement: process validate enforce in a go routine Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-04-17 15:46:18 +08:00
shuting	3e7a7ac244	fix: policy status reconciliation (#10032 ) * fix: get latest policy object before updating status Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove debug code Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-04-12 07:08:15 +00:00

1 2 3 4 5 ...

3662 commits