kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Jim Bugwadia	bd1a145678	Fix keyless attest (#3219 ) * allow root cert for keyless attestations checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add logs and improve var names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle err in sig loading Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-13 20:35:11 -08:00
vivek kumar sahu	0293368504	fixing bug to handle two different types of rules (#2954 ) * fixing bug for the info variable Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-02-09 10:33:54 +00:00
Ramanand Thakur	7f1530c66e	Indentation fix (#3179 ) Removed unnecessary indentation on line 107 to avoid confusion.	2022-02-08 01:00:01 +08:00
Sambhav Kothari	4445780c7c	Add a kyverno jp command to test jmespath expressions (#3169 ) * Add a kyverno jp command to test jmespath expressions Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Auto-generate custom function docs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-04 05:23:12 +00:00
Vyankatesh Kudtarkar	373f421b07	Fix panic for provides a set to the key of a precondition and deny condition (#3162 )	2022-02-03 14:46:58 +00:00
Abhinav Sinha	ed3811ea5a	Bump up verbosity for `patched resource mismatch` (#3127 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-03 11:24:00 +00:00
Prateek Pandey	286b0427d0	fix filtered and sort patches index (#3146 ) added missing start index value for the patches slice Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-02-01 13:16:08 -08:00
Abhinav Sinha	25641abeb9	Fix kyverno panic with `PodSpec.containers` JSON merge patch w/o image (#3143 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-01 10:01:46 +05:30
Sambhav Kothari	98284114f5	Relax rule context validation to follow JMESPath grammar (#3129 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 18:23:59 +00:00
Abhinav Sinha	7a55d26d89	Fixed kyverno panic at JMESPath zero division (#3137 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:45:20 +00:00
Sambhav Kothari	2b1e7189b1	Fix variable substitution when curly braces are used in jmespath (#3133 ) * Fix variable substitution when inline jmespath objects are defined Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add additional test cases which use brackets Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:11:19 +00:00
Sambhav Kothari	a1daf167e7	Fix parsing of resources in preconditions (#3108 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-31 08:18:31 -08:00
Rob Best	851ebe3e65	Add cloud provider keychains to DefaultKeychain (#3116 ) Removes the need to specify an image pull secret to make use of cloud provider credentials. As I understand it, this should be fine outside of cloud provider contexts. As part of this, I've switched to using authn/kubernetes, which I believe is preferable to k8schain. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-28 11:33:27 -08:00
Naman Lakhwani	d3dd7a7b45	fixing and adding tests (#3112 ) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-01-27 22:50:29 -08:00
Jim Bugwadia	7cf1dd2b15	update cosign to 1.5.0 and fix issuer and subject for keyless (#3089 ) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-27 21:13:23 -08:00
Sambhav Kothari	7e5bf4083e	Fix the kyverno default keychain value to be the ggcr default keychain (#3096 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-27 14:38:08 +08:00
Sambhav Kothari	2eb8f5f285	Fix memory leak when updating ggcr keychain (#3088 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-26 12:45:05 -08:00
Jim Bugwadia	06e93fec46	apply patches cumulatively (#3083 ) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-25 09:00:18 +00:00
treydock	cd4650eb5a	Fix CLI test/apply when any/all use namespaceSelector (#3050 ) * Fix CLI test/apply when any/all use namespaceSelector Fixes #3047 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * gofmt fix Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-25 08:06:17 +00:00
shuting	e5e64f86cf	fix mutating ownerReferenecs (#3061 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-24 05:20:27 +00:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Mritunjay Kumar Sharma	cdedf11a1c	bumps k8s libraries for k8s v1.23 upgrade for kyverno (#3043 ) * bumps k8s libraries for k8s v1.23 upgrade for kyverno Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes kustomize version Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates golang to v1.17 to test fails Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates logr package to 1.2.2 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Fixed tests for `pkg/cosign` and `pkg/webhooks/generation` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * fix go-logr deps version issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> * fix kube-openapi commit hash Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-22 20:26:53 +08:00
shuting	ae4ff4f6b9	Fix dynamic webhook for namespace policies (#3044 ) * fix dynamic webhook for namespace policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * improve policy listing to reduce duplicate processing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logger Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-22 07:55:14 +00:00
shuting	2eb9660aee	Reduce throttling requests for Kyverno resources (#3042 ) * remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com> * use typed client for report/rcr operations Signed-off-by: ShutingZhao <shuting@nirmata.com> * clarify naming patterns for Kyverno ClusterRoles/ClusterRoleBindings (#3029) * clarify naming patterns for Kyverno ClusterRoles/ClusterRoleBindings (#3032) * fix comment * fix comment Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-22 05:36:42 +00:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00
Kumar Mallikarjuna	4124e0f682	Update division for same units (#3038 ) Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 11:06:08 +00:00
shuting	376a8d3b22	Reduce throttling requests for Kyverno managed resources (#3016 ) * remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-21 18:36:05 +08:00
Anushka Mittal	df4d7ae26c	Broken exclude any all (#2990 ) * added check for any/all Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * minor corrections Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * corrected return check for rbac info Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added cli test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-20 08:29:16 +00:00
Liu Shaohui	25722366f0	Fix: namespace quota policy failed to be applied for two resources named ResourceQuota with different APIVersions (#2612 ) Signed-off-by: Shaohui Liu <liushaohui@xiaomi.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-20 12:48:52 +05:30
Kumar Mallikarjuna	e4e15322d1	Disable autogen for policies without Pod (#2737 ) * Disable autogen for policies without Pod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix autogen check Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix failing test Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix webhook tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove redundant checks Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Check autogen for exclude block Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-19 17:42:31 +00:00
Prateek Pandey	c30dfe70a5	fix deployment replica type conversion and refactor webhook logs (#3022 ) - add level in info webhook configuration update success logs - fix deployment replica count conversion issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-19 17:14:33 +00:00
shuting	ad56087b91	list resources once per policy in the background reconcilliation (#3026 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-19 16:42:01 +00:00
Kumar Mallikarjuna	e39489f838	SharedInformers for WebhookConfigurations (#3007 ) * SharedInformers for WebhookConfigurations Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to typed resources Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove default informers from Resource Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Formatted files Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-19 15:57:32 +00:00
Abhinav Sinha	f0359f8272	Fixed error handling for negation anchors (#2986 ) * Fixed error handling for negation anchors Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-19 15:39:07 +05:30
Abhinav Sinha	b5341b685d	Support `namespaceSelector` with dynamic webhook enabled (#2953 ) * Support `namespaceSelector` with dynamic webhook enabled Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Implemented suggested changes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Implemented suggest changes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-19 07:59:08 +00:00
Vyankatesh Kudtarkar	e22e9499b6	CLI fix for foreach policies (#2997 ) * CLI fix for foreach policies * add test-case for foreach container and initcontainer * fix comments Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-18 23:38:49 +00:00
shuting	cde1d0f2b2	clean up managed resources when cannot find kyverno deployment (#3018 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-01-18 16:45:24 +00:00
Kumar Mallikarjuna	771d62b735	Added Kyverno specific SharedInformerFactory (#2987 ) * Added Kyverno specific SharedInformerFactory Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to returned resource Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-18 15:52:48 +00:00
Prateek Pandey	421e6d9622	fix(generate): use JSON patch for GenerateRequests status updates (#3000 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-18 14:53:48 +00:00
shuting	b6447e0649	Remove resourceCache from engine (#3013 ) * update log messages Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resourceCache from the background controller when: - register resource scope - list resources per namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * - use client call for configmap lookup; - remove resourceCache from policy controller, webhook server and generate controller Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-18 12:59:35 +00:00
Vyankatesh Kudtarkar	c2de92d8c6	Support mutation of variables in validate.deny (#2947 ) * Support mutation of variables in validate.deny * remove comment * fix e2e test	2022-01-18 10:53:30 +00:00
Sambhav Kothari	f5e00ee034	Add a parse_yaml function (#2999 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-17 13:41:08 +00:00
Sambhav Kothari	1af9e48b0d	Add image data to validate image configs (#2946 ) * Add image data to validate image configs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add tests for image context Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add e2e test cases for image size policy Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-17 04:06:44 +00:00
Sambhav Kothari	f42092208f	Fix variable substitution for foreach preconditions (#2993 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-16 05:33:34 +00:00
Sambhav Kothari	0c11af2d9a	Fix autogen issue with cronjob generator and foreach pod generator (#2989 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-15 12:28:28 -08:00
Jim Bugwadia	1fec430249	handle CRDs with no props (#2975 ) * handle CRDs with no props Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-14 21:08:04 +01:00
Tathagata Paul	1f3e625b99	Renamed test.yaml to kyverno-test.yaml (#2898 ) Signed-off-by: 4molybdenum2 <tathagatapaul7@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-14 08:45:59 +00:00
Jim Bugwadia	59d4cf8c0b	check for issuer and subject only when declared in policy. fix log levels (#2973 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-13 12:49:52 +08:00
Aarush Bhat	c202fb0f15	kyverno/test: print test summary of kyverno test results (#2944 ) Signed-off-by: sloorush <aarush.bhatt@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-12 18:52:22 +05:30
Sambhav Kothari	baf4fa335b	Remove spurious prints and fix line endings (#2963 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-11 14:15:26 +00:00

... 2 3 4 5 6 ...

2403 commits