kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Mritunjay Kumar Sharma	b815caef5d	refactor cli code from pkg to cmd (#3591 ) * refactor cli code from pkg to cmd Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes in imports Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed conflicts Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * moved non-commands to utils Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-14 12:20:18 +00:00
Jim Bugwadia	0f186afb3e	update imageVerify schema (#3574 ) * update imageVerify schema Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change nested/recursive types to apiextv1.JSON Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix message Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-11 16:47:27 +01:00
Sambhav Kothari	6f7bd7451b	Refactor image extraction to allow extracting custom resources (#3572 ) * refactor: image extraction Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Refactor image extraction to allow extracting custom resources Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-11 09:30:38 +00:00
Soumya Singh	84aa2e3fbb	Add returnType for regexMatch in kyverno jp output (#3575 ) Signed-off-by: tend2infinity <somu12.ss@gmail.coom> Co-authored-by: tend2infinity <somu12.ss@gmail.coom>	2022-04-11 08:34:14 +01:00
Charles-Edouard Brétéché	3d554ce53b	refactor: engine context (#3563 ) Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-09 11:52:50 +00:00
Charles-Edouard Brétéché	06c2b2bb79	refactor: switch to admission v1 (#3526 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-06 20:43:07 +00:00
Charles-Edouard Brétéché	c8275b7c00	refactor: make response type (RuleType) typed (#3556 ) * refactor: move common utils Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: make response type (RuleType) typed Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: merge Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-06 19:04:08 +00:00
Charles-Edouard Brétéché	975f6ba7c8	test: pass lock by value (#3481 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-04-05 15:52:13 +00:00
Charles-Edouard Brétéché	29d7010e25	refactor: move common utils (#3553 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 13:02:43 +00:00
Charles-Edouard Brétéché	bd953cf4fa	fix: checkEngineResponse in webhooks (#3551 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 10:41:08 +00:00
Abhi Kapoor	18d4dadab6	Do not generate preconditions not met warning for audit policies (#3487 ) * Do not generate preconditions not met warning for audit policies Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update PR template to reeference the closing keyword Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update pkg/engine/validation.go Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> * Update pkg/engine/validation.go Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 10:08:01 +00:00
Charles-Edouard Brétéché	a93ac45586	refactor: move some helpers in utils package (#3539 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-04 18:58:22 +00:00
Charles-Edouard Brétéché	cb6f55cdcd	refactor: use GetValidationFailureAction method (#3546 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-04 16:33:12 +00:00
silenceper	d97258654f	fix wildcards in value arrays (#3486 ) Signed-off-by: silenceper <silenceper@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-01 10:42:07 +00:00
Charles-Edouard Brétéché	663ad49dca	refactor: add a json patch util and use it in autogen package (#3524 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-01 13:26:47 +08:00
Charles-Edouard Brétéché	9fc65fa5a7	refactor: use policy interface and introduce admission utils package (#3512 ) * refactor: use more policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: migrate to policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-31 20:25:54 +08:00
Charles-Edouard Brétéché	83343697b9	refactor: make use of policy interface (#3499 ) - refactor: make use of policy interface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-30 18:34:30 +05:30
Prateek Pandey	bdb675b9c0	feat: generate support for namespace policy (#3472 ) * feat: generate support for namespace policy Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * use policy spec instead Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor the changes Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add synced flag for Namespace policies Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-03-29 13:04:33 +00:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Vyankatesh Kudtarkar	58b1fd6210	fix ordering of mutate element (#3468 ) Co-authored-by: shuting <shuting@nirmata.com>	2022-03-25 15:15:31 +00:00
shuting	d1bf3d4742	clean up dependencies (#3469 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-03-25 08:40:25 +00:00
Charles-Edouard Brétéché	f34d3c342d	refactor: add ValidationFailureAction to the api (#3451 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-03-23 08:59:41 +00:00
Vyankatesh Kudtarkar	e268be9e88	support for deprecated API's (#3439 ) * support for deprecated API's * add testcase * update condition * fix logic	2022-03-22 18:25:35 +00:00
Charles-Edouard Brétéché	11bbb4f83e	refactor: replace ExcludeResources by MatchResources (#3444 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-22 14:24:40 +00:00
Charles-Edouard Brétéché	0c8e8c1212	feat: move GetRules() at the policy level (#3420 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 15:18:32 +00:00
Charles-Edouard Brétéché	865eef248d	feat: stop adding autogen annotation (#3379 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 11:30:49 +00:00
Christian Kotzbauer	860253d6aa	[ImageVerify] Verify additional certificate-extensions (#3404 ) * feat: add additionalExtensions to keyless imageVerify Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * feat: regenerate code Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>	2022-03-17 08:42:12 +00:00
Sambhav Kothari	6498425937	Add a registry flag to allow direct access to container registries in the CLI (#3396 ) * Add a registry flag to allow direct access to container registries in the CLI Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-03-16 09:56:47 +05:30
Charles-Edouard Brétéché	ce5f648f30	refactor: introduce rules getters and setters (#3350 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-09 15:28:31 +00:00
Charles-Edouard Brétéché	ea977b259c	refactor: move controller autogen annotation in api package (#3364 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refator: move controller autogen annotation in api package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-09 21:48:04 +08:00
Charles-Edouard Brétéché	90d0badda4	fix: CRD generation (#3334 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-06 11:07:51 -08:00
Vyankatesh Kudtarkar	0a5aad39cf	Fix foreach validations precondition issue (#3228 ) * fix foreach validations precondition issue * added test-cases	2022-02-18 09:11:41 +00:00
Jim Bugwadia	421a81ce63	Fix old object validation check (#3248 ) * fix validation check on UPDATE Signed-off-by: Jim Bugwadia <jim@nirmata.com> * prevent policy bypass using preconditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * separate replace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add error handling Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:18:49 -08:00
Tathagata Paul	b91ff5a7f2	Bug fix: negation of string kernel version caused Cluster Policy to fail (#3229 ) * fixed bug where negation of kernel version caused cpolr to fail Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * small fix in function validateString Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Added necessary tests Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Added one more test Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * Add more tests and added a policy to the test folder Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added policy for test cli Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-17 09:33:30 +05:30
Mritunjay Kumar Sharma	5a541567de	Fix image parsing for image referenced as digests (#3196 ) * fixes image break with sha256 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes priority to digest Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-15 08:35:53 +00:00
Jim Bugwadia	bd1a145678	Fix keyless attest (#3219 ) * allow root cert for keyless attestations checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add logs and improve var names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle err in sig loading Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-13 20:35:11 -08:00
Sambhav Kothari	4445780c7c	Add a kyverno jp command to test jmespath expressions (#3169 ) * Add a kyverno jp command to test jmespath expressions Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Auto-generate custom function docs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-02-04 05:23:12 +00:00
Prateek Pandey	286b0427d0	fix filtered and sort patches index (#3146 ) added missing start index value for the patches slice Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-02-01 13:16:08 -08:00
Abhinav Sinha	25641abeb9	Fix kyverno panic with `PodSpec.containers` JSON merge patch w/o image (#3143 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-01 10:01:46 +05:30
Abhinav Sinha	7a55d26d89	Fixed kyverno panic at JMESPath zero division (#3137 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:45:20 +00:00
Sambhav Kothari	2b1e7189b1	Fix variable substitution when curly braces are used in jmespath (#3133 ) * Fix variable substitution when inline jmespath objects are defined Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add additional test cases which use brackets Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-31 17:11:19 +00:00
Sambhav Kothari	a1daf167e7	Fix parsing of resources in preconditions (#3108 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-31 08:18:31 -08:00
Jim Bugwadia	7cf1dd2b15	update cosign to 1.5.0 and fix issuer and subject for keyless (#3089 ) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-27 21:13:23 -08:00
Sambhav Kothari	2eb8f5f285	Fix memory leak when updating ggcr keychain (#3088 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-26 12:45:05 -08:00
Jim Bugwadia	06e93fec46	apply patches cumulatively (#3083 ) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-01-25 09:00:18 +00:00
shuting	e5e64f86cf	fix mutating ownerReferenecs (#3061 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-24 05:20:27 +00:00
Jim Bugwadia	bb06901119	fix mutate preprocessing for anchors (#3052 ) * fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-23 13:54:22 +00:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00
Kumar Mallikarjuna	4124e0f682	Update division for same units (#3038 ) Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 11:06:08 +00:00
Abhinav Sinha	f0359f8272	Fixed error handling for negation anchors (#2986 ) * Fixed error handling for negation anchors Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-19 15:39:07 +05:30

1 2 3 4 5 ...

820 commits