1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

7900 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
d7d3efab3b
chore: update dependabot gomod config (#11164)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-17 12:25:44 +05:30
Pradeep Lakshmi Narasimha
1ab1897d2c
fix: Added missing label info in the cleanup metrics (#10321) (#11147)
Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
2024-09-16 08:57:59 +00:00
dependabot[bot]
29ee373bab
chore(deps): bump github.com/fluxcd/pkg/oci from 0.41.0 to 0.41.1 (#11153)
Bumps [github.com/fluxcd/pkg/oci](https://github.com/fluxcd/pkg) from 0.41.0 to 0.41.1.
- [Commits](https://github.com/fluxcd/pkg/compare/oci/v0.41.0...oci/v0.41.1)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/oci
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 08:22:34 +00:00
dependabot[bot]
46c6996b32
chore(deps): bump github.com/cyphar/filepath-securejoin (#11152)
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 07:55:29 +00:00
dependabot[bot]
9c406b9af8
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#11150)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4dd16135b6...8214744c54)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-16 07:17:56 +00:00
Pradeep Lakshmi Narasimha
ea9028fe94
fix: Updated Go version to v1.23.1 to address CVE-2024-34156 (#11112)
Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-09-13 19:36:31 +08:00
Jim Bugwadia
02c475ea58
move governance (#11138)
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-09-13 15:34:11 +08:00
Charles-Edouard Brétéché
fb0db0a79e
fix: go releaser config (#11135)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-13 07:51:51 +05:30
dependabot[bot]
43173e6c76
chore(deps): bump k8s.io/apiextensions-apiserver in the kubernetes group (#11130)
Bumps the kubernetes group with 1 update: [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver).


Updates `k8s.io/apiextensions-apiserver` from 0.31.0 to 0.31.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.31.0...v0.31.1)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: kubernetes
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-12 14:18:03 +00:00
Charles-Edouard Brétéché
2d5b6dae45
chore: add dependabot groups for k8s and otel (#11116)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-12 13:31:28 +00:00
Vishal Choudhary
ea19244876
fix: expect base64 string in raw tuf root (#11117)
* fix: expect base64 string in raw tuf root

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: rename kyverno yaml file

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-09-12 12:34:52 +00:00
dependabot[bot]
7402803593
chore(deps): bump k8s.io/kube-aggregator from 0.31.0 to 0.31.1 (#11111)
Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.31.0 to 0.31.1.
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.31.0...v0.31.1)

---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-12 14:05:00 +02:00
dependabot[bot]
52c93d96a9
chore(deps): bump k8s.io/cli-runtime from 0.31.0 to 0.31.1 (#11107)
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.31.0 to 0.31.1.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.31.0...v0.31.1)

---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-12 11:16:34 +00:00
dependabot[bot]
a87b504e5f
chore(deps): bump google.golang.org/grpc from 1.66.1 to 1.66.2 (#11109)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.1 to 1.66.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.66.1...v1.66.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-12 10:33:13 +00:00
Charles-Edouard Brétéché
b1e2095ec3
chore: fix sonar exclusions (#11119)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-12 09:06:48 +00:00
dependabot[bot]
10a8fab27d
chore(deps): bump k8s.io/api from 0.31.0 to 0.31.1 (#11108)
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.31.0 to 0.31.1.
- [Commits](https://github.com/kubernetes/api/compare/v0.31.0...v0.31.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-12 08:24:53 +00:00
dependabot[bot]
53383d97db
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#11110)
Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.54.0 to 0.55.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.54.0...zpages/v0.55.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-12 07:30:50 +00:00
Vishal Choudhary
d0689000b6
feat: add flag to pass tuf root directly (#11103)
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-09-12 12:45:07 +08:00
AdamKorcz
fbb77dcb97
fix broken oss-fuzz build (#11101)
Signed-off-by: Adam Korczynski <adam@adalogics.com>
2024-09-11 22:21:01 +00:00
Charles-Edouard Brétéché
b463ee40d2
feat: use pointer in rule (validate field) (#11095)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-11 09:12:53 +00:00
Charles-Edouard Brétéché
a170b736d2
chore: bump otel libs (#11096)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-11 08:11:05 +00:00
dependabot[bot]
99e486c4a9
chore(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 (#11093)
Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 0.6.1 to 0.6.2.
- [Release notes](https://github.com/sigstore/sigstore-go/releases)
- [Commits](https://github.com/sigstore/sigstore-go/compare/v0.6.1...v0.6.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-11 07:37:39 +00:00
Vishal Choudhary
71f29d011c
fix: make webhook cleanup setup optional and add cleanup ci test (#11077)
* fix: make webhook cleanup setup optional and add cleanup ci test

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add logging

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add validating webhook count check

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-09-11 08:38:45 +02:00
Charles-Edouard Brétéché
e7e2f0a07f
feat: use pointer in rule (mutation field) (#11078)
* feat: use pointer in rule (mutation field)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-11 04:32:10 +03:00
Charles-Edouard Brétéché
fb9e2c2b49
chore: fix sonar exclusions (take 2) (#11074)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
2024-09-10 15:46:53 +00:00
Charles-Edouard Brétéché
a6b32bcca5
chore: reduce jobs run on push (#11080)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 14:52:09 +00:00
Charles-Edouard Brétéché
12edb6d405
feat: use pointer in rule (generate field) (#11076)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 13:56:00 +00:00
asr2003
bcf6075fd1
fix: policy report generation for namespaced policies in CLI (#10923)
* fix policy report generation for namespaced policies

Signed-off-by: asr2003 <162500856+asr2003@users.noreply.github.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: asr2003 <162500856+asr2003@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 12:50:53 +00:00
Charles-Edouard Brétéché
b79e588ff5
chore: fix sonar exclusions (#11072)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 12:08:30 +00:00
Charles-Edouard Brétéché
b5e1c97913
feat: use pointer in rule (exclude field) (#11050)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 11:14:49 +00:00
shuting
9934c0e61a
chore: remove MarcelMue (#11066)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-09-10 10:26:25 +00:00
shuting
1b1b90ed93
fix: avoid generating empty urs (#11065)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-09-10 09:42:16 +00:00
dependabot[bot]
32da5c3291
chore(deps): bump google.golang.org/grpc from 1.66.0 to 1.66.1 (#11062)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.0 to 1.66.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.66.0...v1.66.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 08:43:41 +00:00
dependabot[bot]
ac6f4c1263
chore(deps): bump sigstore/scaffolding from 0.7.8 to 0.7.9 (#11061)
Bumps [sigstore/scaffolding](https://github.com/sigstore/scaffolding) from 0.7.8 to 0.7.9.
- [Release notes](https://github.com/sigstore/scaffolding/releases)
- [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md)
- [Commits](16ae89aa23...8a33f8e915)

---
updated-dependencies:
- dependency-name: sigstore/scaffolding
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 06:52:31 +00:00
Jim Bugwadia
ce5cd476df
support HTTP headers in service API calls (#11041)
* support HTTP headers in service API calls

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* generate CRDs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix chunked tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix POST call

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 21:04:08 +00:00
Jim Bugwadia
be0ad07774
Generate Policy Exceptions (#9987)
* add control names and images to PSS results

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove init

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tets

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add --generate-exceptions flag

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use controlsJSON

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* suppress message `Applying....`

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* generate CLI docs and fix lint issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert changes in launch.json

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* gen CLI docs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle auto-gen rules

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle auto-gen rules for CronJob

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle auto-gen rules for CronJob

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Frank Jogeleit <frank.jogeleit@web.de>
2024-09-09 20:42:16 +00:00
nsagark
98a29e1321
Update CONTRIBUTORS.md (#11053) 2024-09-09 17:36:21 +00:00
Anudeep Nalla
ed1d90fd93
added Anudeep to CONTRIBUTORS.md (#11054)
Signed-off-by: anuddeeph1 <anudeep.nalla@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-09-09 16:09:37 +00:00
Charles-Edouard Brétéché
6837483895
fix: make match field required in rule API (#11048)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 14:24:57 +00:00
Chandan-DK
e13de2016b
bug: print failure message when rule fails in kyverno apply (#9166)
* bug: print failure message when rule fails in kyverno apply

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* print the policy and failing resource just once

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove unused argument resPath in addGenerateResponse method

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove print statement for error rule status

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* add missing print statements for mutation in kyverno cli

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove unused import

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* remove violation print statements for validations

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* print failed validations

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* TODO

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* move printing logic of mutate rules to command.go

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

---------

Signed-off-by: Chandan-DK <chandandk468@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 13:44:38 +00:00
Charles-Edouard Brétéché
d5dcd4611d
feat: use pointer in rule (#11037)
* feat: use pointer in rule

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix policy controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 21:10:02 +08:00
Charles-Edouard Brétéché
16d59407d1
chore: verify chainsaw with cosign (#11044)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 12:08:41 +00:00
Charles-Edouard Brétéché
c5dcfd8880
chore: add missing versions in actions refs (#11045)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 11:42:21 +00:00
Pradeep Lakshmi Narasimha
f4e9f7e44b
Adding myself as contributor (#11046) 2024-09-09 11:14:38 +00:00
Khaled Emara
0a4c14eb82
fix(status): don't get the policy twice before status update (#11026)
* fix(status): don't compare uid

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(webhook): logger message

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

---------

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-09-09 18:30:26 +08:00
Charles-Edouard Brétéché
8e14e1e7c7
chore: fix trivy action version (#11043)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-09 09:11:09 +00:00
Charles-Edouard Brétéché
92afacd29a
fix: remove yaml markers from api (#11039)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-08 22:15:04 +00:00
dependabot[bot]
46b32bd443
chore(deps): bump kyverno/action-install-chainsaw (#11032)
Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.8 to 0.2.9.
- [Release notes](https://github.com/kyverno/action-install-chainsaw/releases)
- [Commits](82d8e74703...b2f61a8d04)

---
updated-dependencies:
- dependency-name: kyverno/action-install-chainsaw
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-07 22:21:47 +00:00
Charles-Edouard Brétéché
4a836883d9
fix: chainsaw tests (#11034)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-07 21:48:08 +00:00
Charles-Edouard Brétéché
fd3fa10956
fix: chainsaw tests (#11033)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-07 18:17:37 +00:00