mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
6114 commits 20 branches 550 tags 288 MiB
Commit graph

36 commits

Author SHA1 Message Date
Mariam Fahmy
7f6fb24057
feat: support cel expression in validate rules (#7070) 
* feat: support cel expression in validate rules

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Adding CEL preconditions in kyverno policies

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Support parameter resources in validate.cel subrule

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* fix

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Adding CEL preconditions in kyverno policies

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Add kuttl tests for validate.cel subrule

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* fix

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Fix disallow-host-path kuttl test

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Add kuttl test for cel preconditions

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Fix kuttl tests for validate.cel

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Use K8S API Validation and AuditAnnotation

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

* Use K8S API ParamKind and ParamRef

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>

---------

Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2023-05-31 14:30:55 -07:00
shuting
0938003aee
add kuttl tests (#7283) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-05-26 01:16:50 +00:00
Jim Bugwadia
07be2d9d72
lazy evaluate vars in conditions (#7238) 
* lazy evaluate vars in conditions

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove unnecessary conversion

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml

Signed-off-by: shuting <shutting06@gmail.com>

* Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md

Signed-off-by: shuting <shutting06@gmail.com>

* added error check in test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
 2023-05-20 21:06:54 +00:00
Jim Bugwadia
696c7e924b
lazy loading of context vars (#7071) 
* lazy loading of context vars

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* gofumpt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add kuttl tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2023-05-05 20:35:47 -04:00
Jim Bugwadia
0c22858bbc
add support for Kubernetes API server POST (#6948) 
* allow POST for Kubernetes API calls

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add kuttl tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fmt and undo local changes

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix codegen and unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests and extends docs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2023-04-26 16:31:44 -07:00
Chip Zoller
8388860f6f
Add kuttl test for ephemeral containers (#6966) 
* Move Sam to Emeritus status

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add kuttl test for ephemeral containers

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

---------

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2023-04-18 13:56:29 +08:00
Vishal Choudhary
77bb5aca12
Added Support for CSR in x509_decode() (#6744) 
* fixes

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* err fix

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* added kuttl tests

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* updated files for test

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* updated tests

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* NIT

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* Update test/conformance/kuttl/validate/clusterpolicy/standard/enforce/csr/01-policy.yaml

Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <contactvishaltech@gmail.com>

* updated kuttl tests

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* added tests

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* updated readme

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* added requested changes

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* refactor

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* refactor

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* changes

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* refactor

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <contactvishaltech@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-04-14 09:36:38 +00:00
Charles-Edouard Brétéché
cf2502e1ea
chore: add kuttl test for namespace exclusion (#6914) 
* chore: add kuttl test for namespace exclusion

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Update test/conformance/kuttl/validate/clusterpolicy/standard/exclude/exclude-namespace/README.md

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-04-13 15:39:55 +00:00
shuting
27566eb3fa
fix deletion panic (#6902) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-04-13 12:02:39 +00:00
shuting
a48049aac2
apply policy on UPDATEs with deletionTimestamp set (#6878) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-04-13 07:00:50 +00:00
Charles-Edouard Brétéché
70b0f99f5e
chore: improve a few kuttl tests using shouldFail instead of commands (#6791) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-04-05 15:47:01 +00:00
Charles-Edouard Brétéché
89928e286a
chore: use Audit instead of audit in kuttl tests (#6770) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-04-03 16:27:21 +00:00
Charles-Edouard Brétéché
8f84d222ef
chore: use Enforce instead of enforce in kuttl tests (#6763) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-04-03 13:36:30 +00:00
Charles-Edouard Brétéché
dc8a60a43e
feat: add operations support in match/exclude (#6658) 
* feat: add operations support in match/exclude

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* clean

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* matching

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* operation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* make operation mandatory

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-03-29 04:22:21 +00:00
shuting
6249ab70e8
fix: block generate policies when lack of permission to operate downstream resources (#6610) 
* debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* return on errors only

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update clusterrolebinding

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update clusterrolebinding

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix ns

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-03-22 13:14:57 +00:00
Charles-Edouard Brétéché
b0243e1215
test: add kuttl tests for ephemeral containers (#6631) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-03-22 10:52:02 +00:00
Charles-Edouard Brétéché
e06c20f5cc
refactor: do not allow matching with subresource kind (#6625) 
* refactor: do not allow matching with subresource kind

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-03-21 13:28:00 +00:00
HIHIA
0849c8f929
fix: schema validation for mutateExisting type of policy (#6602) 
Signed-off-by: HIHIA <283304489@qq.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-03-17 05:01:02 +00:00
Charles-Edouard Brétéché
861776d50c
fix: policy cache use GVR instead of kind (#6543) 
* fix: policy cache use GVR instead of kind

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* GVRS

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* ephemeralcontainers

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-03-13 14:44:39 +00:00
Charles-Edouard Brétéché
9d81549b8a
test: clean a couple kuttl tests (#6553) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-03-13 09:17:16 -04:00
cleverhu
04cd2a2cfb
add kuttl test for allnotin (#5700) 
Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2023-02-06 09:39:23 +00:00
shuting
36abeaecf9
fix: ns labels matching (#6020) 
* fix ns labels matching

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-01-18 11:26:34 +00:00
Vyom Yadav
c2dfd1d130
fix: policy match Kind case-senstive (#6008) 
Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
 2023-01-16 16:01:05 +08:00
shuting
c24e25fb56
fix cleanup var 'target.*' (#5888) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-01-05 14:38:23 +00:00
Vyom Yadav
9d2deb0568
fix: Add subresources support to policy exceptions (#5839) 
Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-01-05 06:23:44 +00:00
shuting
69739f3778
feat: add kuttl tests for #5704 (#5707) 
* add kuttl tests for #5704

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-12-16 14:18:48 +00:00
Vyom Yadav
99d988e98c
feat: add support for subresources to validating and mutating policies (#4916) 
* feat: add support for subresources to validating and mutating policies

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add CLI test cases with subresources for validating policies

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Fix existing e2e tests for validating policies and remove tests migrated to kuttl

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add kuttl e2e tests for validating policies with subresources

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add kuttl e2e tests for mutating policies with subresources

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

* Add kuttl e2e tests for validating policy by-pass by manipulating preconditions

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>

Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>
 2022-12-10 00:45:23 +08:00
Charles-Edouard Brétéché
87ce4b85de
feat: introduce v2alpha1 (#5625) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-12-08 11:45:47 +00:00
Chip Zoller
ff9328809b
Migrate validate e2e tests to kuttl tests (#5483) 
* add global-anchor test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add trusted-images test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add yaml-signing test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add x509-decode test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-11-28 14:04:21 +00:00
Vyankatesh Kudtarkar
dc0a07e5d8
Handle Match resources kind (#5421) 
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-11-22 01:20:24 +00:00
Vyankatesh Kudtarkar
83a84c9d47
[Bug]: Fix wildcard any/all issue (#5387) 
* Fix wildcard for any/all match/excude kinds

* remove non required test

* add kuttl test

* Revert "add kuttl test"

This reverts commit d2245bc248.

* add kuttl test

* fix test
 2022-11-17 14:07:03 +00:00
Nikhil Sharma
0fb45ed53a
feat: add CleanupPolicy validation code to CleanupPolicyHandler (#5338) 
* add validation code for cleanupPolicyHandler

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

* update

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* register kuttl tests for cleanup policy

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-11-16 13:11:33 +00:00
Charles-Edouard Brétéché
37948f179e
fix: kuttl test external-service (#5287) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-09 18:53:48 -05:00
Charles-Edouard Brétéché
1899938f05
chore: use conditions in kuttl tests to check ready policies (#5252) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-11-07 18:34:29 +00:00
Chip Zoller
d9480c268d
More kuttl tests (#5238) 
* add remainder of e2e verifyImages tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add external-metrics test case and scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add keyed-basic test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add migrated e2e test for gen role and rolebinding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add clone-role-and-rolebinding from e2e

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* remove timeout param from kuttl-test.yaml

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add tests for external-metrics Policy fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-11-07 17:23:19 +00:00
Chip Zoller
da18305015
add kuttl tests (#5204) 
- add kuttl tests
- try rekor: {url: "https://rekor.sigstore.dev"}
- add rekor{} object to last two policies

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2022-11-04 14:00:31 +00:00