Furkan Türkal
a21c5fb347
fix: cache regex globally ( #7546 )
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Emin <emin.aktas@trendyol.com>
2023-06-16 10:07:15 +00:00
Charles-Edouard Brétéché
8b8311bcca
fix: recursive lazy loading ( #7552 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-16 07:29:49 +00:00
Mike Bryant
91021b65b6
fix: Delete downstream objects on precondition fail ( #7496 )
...
* fix: Delete downstream objects on precondition fail
When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition.
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* add debug command
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* sync trigger updates to downstream
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix bgscan fetching trigger
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: Move rbac change into tests for better isolation
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* fix unit test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-15 11:32:19 -04:00
Charles-Edouard Brétéché
6f040af4d0
refactor: cut dependency between image verifier and registry client ( #7536 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 16:19:38 +00:00
Lion916
ee1e7a7add
fix: add type conversion error judgment to avoid program panic ( #6526 )
...
fix: add type conversion error judgment to avoid program panic
Signed-off-by: wangshuai <wangshuai31@xiaomi.com>
Co-authored-by: wangshuai <wangshuai31@xiaomi.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
2023-06-14 14:24:45 +00:00
shuting
d3db3bc342
refactor: generate reconciliation on policy updates ( #7531 )
...
* generate rule type validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* generate rule type validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add the kuttl test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* rever validation checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* refactor
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-14 13:52:27 +00:00
itsCheithanya
692d419aa4
Updated the message to the level4log and removed err that originated from ApplyBackgroundChecks. ( #7528 )
...
* updated the message to the level4log and removed err that originated from ApplyBackgroundChecks
Signed-off-by: Cheithanya <cheithanya2002@gmail.com>
* Update pkg/policy/policy_controller.go
Signed-off-by: shuting <shutting06@gmail.com>
---------
Signed-off-by: Cheithanya <cheithanya2002@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
2023-06-14 12:36:26 +00:00
Charles-Edouard Brétéché
a727ffca42
refactor: introduce engine image data client interface ( #7529 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-14 10:06:52 +00:00
Mike Bryant
93bbc57c7a
fix: Remove ownerReferences when cloning across Namespaces ( #7517 )
...
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-13 15:35:10 +00:00
Charles-Edouard Brétéché
71ff19476d
fix: log level initialisation ( #7515 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 22:23:53 +08:00
Charles-Edouard Brétéché
644ed25fd0
fix: misleading error message in deny conditions ( #7503 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-13 12:51:08 +00:00
shuting
5ce80c4e68
fix: target scope validation for the generate rule ( #7479 )
...
* fix target scope validation for generate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-13 10:26:56 +00:00
shuting
5fa6e1fa48
fix: cloneList sync behavior ( #7466 )
...
* fix flaky tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#7463 )
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f4ef78c080...465a07811f#7462 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix cloneList sync behavior
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* skip creating duplicate URs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* renam
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-13 09:12:13 +00:00
Charles-Edouard Brétéché
b6209da108
fix: use RawClient in context loader ( #7499 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 16:03:17 +00:00
Charles-Edouard Brétéché
1401bcf2fb
feat: use context for toggles management ( #7501 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-12 17:36:12 +02:00
Marc Brugger
3d5ed2b4e5
fix: log kind/namespace/name in scan errors ( #7498 )
...
Signed-off-by: bakito <github@bakito.ch>
2023-06-12 16:17:15 +02:00
Charles-Edouard Brétéché
9387d20443
fix: propagate context when listing resources ( #7487 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-11 13:57:21 +02:00
Charles-Edouard Brétéché
42657f672f
refactor: introduce abstract client interface in engine ( #7377 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-10 09:20:34 +00:00
shuting
37dfdaeeab
fix ( #7473 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-09 08:51:42 +00:00
Charles-Edouard Brétéché
271a568693
feat: obey the order field in patchStrategicMerge method ( #7336 )
...
* feat: obey the order field in patchStrategicMerge method
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* default
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 17:54:55 +00:00
Charles-Edouard Brétéché
60fd1ccda9
fix: add missing webhook timeouts ( #7435 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 11:00:59 +00:00
Charles-Edouard Brétéché
3d5341949b
feat: switch json patch lib for real ( #7452 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-08 10:23:20 +00:00
Charles-Edouard Brétéché
ea98b08951
fix: autogen not generating the correct kind ( #7455 )
...
* fix: autogen not generating the correct kind
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* add kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 20:32:35 +02:00
shuting
0c3351887a
fix: the same source cannot be used for multiple targets with a generate clone rule ( #7436 )
...
* add source labels to targets
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* handle multiple triggers/targets for the same clone source
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add source labels to targets
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove unused code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* rename the test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* split apiversion label into version and group
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-07 13:50:47 +00:00
Charles-Edouard Brétéché
f20c0ed417
chore: add buffer unit tests ( #7453 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 13:48:50 +02:00
Charles-Edouard Brétéché
1d2b50bc03
chore: add engine api stats unit tests ( #7451 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 10:11:46 +00:00
Charles-Edouard Brétéché
a345e15511
refactor: remove json patches from engine response ( #7449 )
...
* refactor: remove json patches from engine response
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove filtering
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 17:45:11 +08:00
Frank Jogeleit
5c3da75306
chore: remove unused deperected patches from RuleResponse ( #7450 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
2023-06-07 09:10:57 +00:00
Charles-Edouard Brétéché
b6795239ba
refactor: remove json patches from mutation tests ( #7447 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 13:35:58 +08:00
Charles-Edouard Brétéché
945cb1a809
chore: remove last-applied-patches annotation ( #7438 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-07 04:51:02 +00:00
Charles-Edouard Brétéché
6e462446b8
refactor: remove json patches from rule response in tests ( #7443 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 17:52:26 +00:00
Charles-Edouard Brétéché
248e6be073
fix: error reported when sanity check fails ( #7439 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 15:47:28 +00:00
Marc Brugger
c92605b7a6
fix: abort validation if value could be processed ( #7307 )
...
* fix: abort validation if value could be processed
Signed-off-by: bakito <github@bakito.ch>
* add test to verify compareString is not executed for quantities
Signed-off-by: bakito <github@bakito.ch>
---------
Signed-off-by: bakito <github@bakito.ch>
2023-06-06 14:41:20 +00:00
Charles-Edouard Brétéché
9078acb92a
fix: exceptions not considered on delete ( #7433 )
...
* fix: helm template for cleanup jobs image
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: exceptions not considered on delete
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 22:15:10 +08:00
Charles-Edouard Brétéché
9d0d2491b5
fix: reports discovery error ( #7428 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 11:55:47 +00:00
shuting
7b7d64dcf2
fix: array element removal should be synced to the downstream resource with a generate data sync rule ( #7417 )
...
* refactor
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix downstream update
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix flaky test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-06 12:07:07 +02:00
Charles-Edouard Brétéché
863ed5c384
fix: stop recording json patches in rule responses (part 2) ( #7422 )
...
* fix: stop recording json patches in rule responses (part 2)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-06 00:41:46 +08:00
Charles-Edouard Brétéché
6bc3761b7a
refactor: stop recording json patches but generate them on demand (part 1) ( #7394 )
...
* refactor: stop recording json patches but generate them on demand
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* changed lib
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix verify images
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* image verif tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* unit tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-05 12:33:23 +00:00
Charles-Edouard Brétéché
ff7cda2694
feat: add config exclusions in the engine ( #7420 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-05 13:47:46 +02:00
Frank Jogeleit
5d5011d5d9
feat: hold custom labels ( #7416 )
...
* feat: hold custom labels
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
* fix: remove unnecessary SetLabels
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
---------
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
2023-06-05 10:37:28 +00:00
Charles-Edouard Brétéché
c013ccbc65
fix: json patch unit tests ( #7415 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-05 08:12:13 +00:00
Jim Bugwadia
7aedbe001c
expose JSON Pointer in Images variable for extension services ( #7413 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2023-06-05 14:11:52 +08:00
Charles-Edouard Brétéché
07ef7da0c4
fix: replace mattbaird/jsonpatch with appscode/jsonpatch ( #7401 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-03 20:08:58 +08:00
Ved Ratan
cf28c6480f
Fix: [Bug] The default field in a context variable does not replace nil results ( #7251 )
...
* fixed the bug
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added assertion
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fixed tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* removed redundant code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added assert
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
2023-06-02 13:53:38 +00:00
shuting
4d5f832d01
fix mutate targets validation ( #7387 )
...
* fix mutate targets validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-02 15:06:01 +02:00
Charles-Edouard Brétéché
cbce1c91b7
fix: cosign global var ( #7397 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-02 12:18:10 +00:00
shuting
3db7c41a62
Remove policy validation prevent loop for generate ( #7388 )
...
* remove checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2023-06-02 13:53:16 +02:00
Charles-Edouard Brétéché
5ebb37fd44
fix: missing/incorrect env variables ( #7383 )
...
* fix: panic if an env variable is missing
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-06-02 09:19:18 +00:00
Vishal Choudhary
80d139bb5d
Added fetchAttestations method to notaryV2 implimentation ( #6800 )
...
* moved to oras
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* linting error fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added error checking
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed errors
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added final build
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added predicate fetching
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added checks in statements
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed continuous checking if predicate is found
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* renamed notaryv2 to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* changed notaryv2 to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* run codegen all
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* commented cert
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added variable support to certs
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* renamed notaryV2 to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* deprecated predicate types
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* disallow keys and keyless under attestors if type is set to notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* gcr crane implementation init
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* types
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* using remote puller and pusher
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* implemented notation repository interface
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated notary implementation and fixed errors
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed oras
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* kuttl test init
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added image verify test
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* check image attestation notary
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added readme
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added tests for extract statements
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: remove status from policy webhooks (#6939 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: split chart values in readme per component (#6936 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix: incorrect json patch validation (#6941 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add verbosity level in helm chart values (#6940 )
* feat: add verbosity level in helm chart values
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: match on ephemeral containers (#6963 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: refine event permissions in default roles (#6957 )
* remove the event delete permission
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add '- events.k8s.io/v1'
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Add kuttl test for ephemeral containers (#6966 )
* Move Sam to Emeritus status
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* add kuttl test for ephemeral containers
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
---------
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* refactor: restructure cli test command (#6942 )
* refactor: restructure cli test command
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add credential helpers flags (#6974 )
* feat: add credential helpers flags
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#6976 )
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](1f0aa582c8...e5f43133f6#6084 )
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Removed duplicate import
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* make verify-codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Updated kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Fixed kuttl failure
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* moved policy check to validation
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reused functions
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added more configMap
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* removed unecessary check
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* auto codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* updated codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Renamed ApplyJMESPath() to applyJMESPath()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
---------
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump actions/setup-python from 4.5.0 to 4.6.0 (#6981 )
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](d27e3f3d7c...57ded4d7d5#6982 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](40a12dcee2...894ff025c7#6978 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: restrict default permissions (#6972 )
* restrict admission permissions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* restrict background permissions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update install.yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* kuttl README (#6984 )
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added Context in CleanupPolicySpec
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added context.go file with loadVariable()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added loadAPIData() in context.go and called from handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added conditionals for not supported context variables
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted versions in CRDs
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reverted CRDs to v0.11.1
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Imported fmt in handlers.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Removed duplicate import
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* make verify-codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Updated kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Fixed kuttl failure
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* moved policy check to validation
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Reused functions
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added kuttl test
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added more configMap
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* removed unecessary check
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* auto codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* updated codegen
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Renamed ApplyJMESPath() to applyJMESPath()
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* Added Readme in context-cleanup-pod
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
---------
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#6989 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2#6987 )
Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go ) from 1.0.0-rc.2 to 1.0.0-rc.3.
- [Release notes](https://github.com/notaryproject/notation-core-go/releases )
- [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.0.0-rc.2...v1.0.0-rc.3 )
---
updated-dependencies:
- dependency-name: github.com/notaryproject/notation-core-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: new access checks for background policies (#6970 )
* switch to use sar for access checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update helm config
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix username
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update msg
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix sa name
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update install.yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump kind image to 1.27.1 (#6993 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: bump k8s deps to 1.27 (#6868 )
* feat: bump k8s deps to 1.27
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bump k8s 1.27.1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
* fix: disable autogen in foreach mutation with json patches (#6996 )
* fix: disable autogen in foreach mutation with json patches
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: add server ip config to cleanup controller (#6999 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add features section in helm values (#6935 )
* feat: add features section in helm values
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* configs
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* overrides
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add reports cleanup jobs to prevent outage (#6960 )
* feat: add reports cleanup jobs to prevent outage
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* security cotnext
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* feat: add registry credential helpers feature (#7002 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: improve instrumented clients (#7006 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: record configmap resource version to not reload when version didn't change (#7007 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#7012 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](9e9de2292d...204a51a57a#7016 )
Red Hat ACM is useful for distributed kyverno policies across a
managed fleet of clusters. Adding to adopters file with a link that
describes details of using the ACM policy generator with Kyverno.
Signed-off-by: Gus Parvin <gparvin@redhat.com>
* fix: helm template with metricsRefreshInterval (#7019 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* add support for Kubernetes API server POST (#6948 )
* allow POST for Kubernetes API calls
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add kuttl tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fmt and undo local changes
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix codegen and unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests and extends docs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* feat: update built-in resource schemas (#7014 )
* feat: update built-in resource schemas
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix unit test
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: use github.com/evanphx/json-patch/v5 (#7015 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#7025 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e#7027 )
Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>
* refactor: engine patchers (#7030 )
* refactor: engine patchers
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#7033 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8662eabe0e...f3feb00acb#7036 )
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* update development doc (#7037 )
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix: generate policy validation to prevent endless loop (#7026 )
* refactor policy validation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add loop check for generate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: remove deletionTimestamp checks (#7039 )
* remove deletionTimestamp check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove deletionTimestamp check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add back source check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove deletionTimestamp check
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#7055 )
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog ) from 2.90.1 to 2.100.1.
- [Release notes](https://github.com/kubernetes/klog/releases )
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes/klog/compare/v2.90.1...v2.100.1 )
---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: add background scan interval log (#7065 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: flaky github action (#7068 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* refactor: engine response policy (#7063 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add opt-in setting to deploy v3 chart (#7066 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* require generate.apiVersion (#7080 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: remove excluded groups from matching (#7083 )
* fix: remove excluded groups from matching
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add config inclusions support (#7082 )
* feat: add config inclusions support
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: add makefile target for kwok (#7097 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#7099 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e#7098 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: mutation code (#7095 )
* fix: mutation code
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* lazy loading of context vars (#7071 )
* lazy loading of context vars
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* gofumpt
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add kuttl tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* [Feature] Add kuttl tests with policy exceptions disabled (#7117 )
* added tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* removed redundant code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* typo fix and README changes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* Conditions message (#7113 )
* add message to conditions
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* extend tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123 )
Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases )
- [Commits](21991cec25...555a30da26#7121 )
Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize ) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/kyaml
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102 )
Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go ) from 2.0.2 to 2.1.0.
- [Release notes](https://github.com/oras-project/oras-go/releases )
- [Commits](https://github.com/oras-project/oras-go/compare/v2.0.2...v2.1.0 )
---
updated-dependencies:
- dependency-name: oras.land/oras-go/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* add condition msg to v2beta1 (#7126 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: print container flags and their values (#7127 )
* add condition msg to v2beta1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* print flags settings
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove the container flag genWorker from the admission controller (#7132 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103 )
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.54.0 to 1.55.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* remove the duplicate entry (#7125 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120 )
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.3 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fixed error
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* undo mistake
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go mod conflict fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* changes from review
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* NIT
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated image
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated checks
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed verifying wrong ref
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated cert in tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* added warning when predicate type is used
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: panic for policy variable validation (#7079 )
* fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* check errors
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: remove policy-reporter from dev lab (#7196 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: cleanup controller metrics name (#7198 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: http request metrics (#7197 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove unused code (#7203 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle Deny rules where conditions eval to true (#7204 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* [Bug] Enforce message wrong (#7208 )
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fixed tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3#7215 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17#7220 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: mutate existing auth check (#7219 )
* fix auth check when using variables in ns
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add kuttl tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: do not exclude kube-system service accounts by default (#7225 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* docs: add reports system design doc (#6949 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227 )
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228 )
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61#7232 )
Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/pod-security-admission
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: match logic misbehave (#7218 )
* add rule name in ur for mutate existing
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix match logic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix the match logic to only apply to the new object, unless it's a delete request
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240 )
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241 )
Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator ) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242 )
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver ) from 0.27.1 to 0.27.2.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases )
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.27.1...v0.27.2 )
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* updated kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fixed mistake in assert
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* quote image in error (#7259 )
Signed-off-by: bakito <github@bakito.ch>
* fix: auto update webhooks not configuring fail endpoint (#7261 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix latest version check (#7263 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270 )
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases )
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md )
- [Commits](7319e4733e...58d5258088#7272 )
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime ) from 0.14.6 to 0.15.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.6...v0.15.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add yaml util to check empty document (#7276 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fixed api version in kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated kuttl tests
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go sum update
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated admission controller assert
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated image
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* removed admission controller changes
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* go mod fix
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Signed-off-by: Gus Parvin <gparvin@redhat.com>
Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de>
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: bakito <github@bakito.ch>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Md Sahil <85174511+MdSahil-oss@users.noreply.github.com>
Co-authored-by: Gus Parvin <gparvin@redhat.com>
Co-authored-by: Raúl Garcia Sanchez <info@raulgarcia.de>
Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: Marc Brugger <github@bakito.ch>
2023-06-01 16:05:28 +08:00
Mariam Fahmy
7f6fb24057
feat: support cel expression in validate rules ( #7070 )
...
* feat: support cel expression in validate rules
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Adding CEL preconditions in kyverno policies
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Support parameter resources in validate.cel subrule
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Adding CEL preconditions in kyverno policies
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Add kuttl tests for validate.cel subrule
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* fix
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Fix disallow-host-path kuttl test
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Add kuttl test for cel preconditions
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Fix kuttl tests for validate.cel
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Use K8S API Validation and AuditAnnotation
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
* Use K8S API ParamKind and ParamRef
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
---------
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-05-31 14:30:55 -07:00
