mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
8133 commits 16 branches 550 tags 288 MiB
Commit graph

8133 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariam Fahmy
bbe2b838af
chore: add resource manifests in autogen tests (#12205) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-19 13:59:07 +00:00
Frank Jogeleit
fef88ab433
Validating policy audit annotations (#12115) 
* feat: return single result from validating policy evaluation

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* feat: support audit annotations for validating policies

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* fix error message

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* feat: return single result from validating policy evaluation

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* feat: support audit annotations for validating policies

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* fix error message

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* fix testcase

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* rebase with main

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

---------

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-19 13:10:01 +00:00
Mariam Fahmy
e01e57355a
fix: modify celexception flake test (#12192) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-19 10:51:37 +00:00
Mariam Fahmy
76751b96b3
feat: support celexceptions in the CLI apply command (#12182) 
* feat: support celexceptions in the CLI

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add unit tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-19 08:38:44 +00:00
Charles-Edouard Brétéché
ea9027cbbf
chore: bump cobra dependency (#12199) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-19 07:32:02 +00:00
Mariam Fahmy
b723553c7e
fix: add result count for VPs in the CLI (#12193) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-18 20:51:36 +00:00
Charles-Edouard Brétéché
835a121de3
chore: format conformance.yaml workflow file (#12194) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-18 19:11:39 +00:00
Charles-Edouard Brétéché
a54aa2d070
fix: publish codecov reports (#12197) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-18 17:47:26 +00:00
Khaled Emara
2b28538bd3
feat(gctx): add jmespath caching through projections (#11833) 
feat(gctx): move ready check to runtime

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-18 15:51:14 +00:00
Charles-Edouard Brétéché
4f27ed3663
fix: codegen (#12195) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-18 13:52:33 +00:00
Vishal Choudhary
219f25ace2
feat: add notary verifier with tsa support (#12160) 
* feat: add notary repository

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add notary verifier

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: more tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: more tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: ci

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: update types

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-18 07:23:39 +00:00
dependabot[bot]
2898048511
chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#12178) 
Bumps [github.com/awslabs/amazon-ecr-credential-helper/ecr-login](https://github.com/awslabs/amazon-ecr-credential-helper) from 0.0.0-20241227172826-c97b94eac159 to 0.9.1.
- [Release notes](https://github.com/awslabs/amazon-ecr-credential-helper/releases)
- [Changelog](https://github.com/awslabs/amazon-ecr-credential-helper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/awslabs/amazon-ecr-credential-helper/commits/v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/awslabs/amazon-ecr-credential-helper/ecr-login
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-18 00:02:26 +00:00
dependabot[bot]
77bdaa684d
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#12179) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-17 23:21:36 +00:00
Francesco Ilario
b0816b97ef
use serviceAccountName instead of deprecated serviceAccount (#12158) 
Signed-off-by: Francesco Ilario <filario@redhat.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-17 22:46:29 +00:00
Charles-Edouard Brétéché
873522f44a
chore: cel policies nits (#12184) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-17 20:12:23 +00:00
dependabot[bot]
9a2678f493
chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.1 to 0.20.2 (#12180) 
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-17 19:29:32 +00:00
Koichi Shiraishi
e6cc39e98f
README: fix markdown syntax (#12176) 
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-17 14:08:28 +00:00
Mariam Fahmy
2c7dd2fd59
feat: add MutatingPolicies CRD (#12150) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-17 12:02:04 +00:00
dependabot[bot]
8cf166b2cf
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#12170) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-17 10:05:01 +00:00
Mariam Fahmy
2bb010ce88
chore: remove applyconfiguration (#12174) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-17 06:37:51 +00:00
Vishal Choudhary
0f502e67ee
feat: add image data context (#12175) 2025-02-15 05:16:15 +00:00
Mariam Fahmy
86fff3b394
feat: compile and evaluate autogen rules (#12163) 2025-02-15 12:56:51 +08:00
shuting
9aebe10d15
refactor: status manager (#12173) 
* chore: move webhook status reconciler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: status removal

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-14 15:22:25 +00:00
dependabot[bot]
4ca05509cf
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#12167) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 14:25:24 +00:00
AlexLugovtsov
541bdcd16e
add get to rbac.authorization.k8s.io (#12043) 
* add get to rbac.authorization.k8s.io

Signed-off-by: AlexLugovtsov <Aliaksei.luhautsou@telekom.com>

* codegen-manifest-all

Signed-off-by: AlexLugovtsov <Aliaksei.luhautsou@telekom.com>

---------

Signed-off-by: AlexLugovtsov <Aliaksei.luhautsou@telekom.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-14 13:59:37 +00:00
Mariam Fahmy
0625302c3d
fix: modify the client URL for finegrained validatingpolicies (#12171) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-14 21:35:41 +08:00
Mariam Fahmy
829ab94b11
fix CEL autogen (#12165) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-14 09:45:10 +00:00
dependabot[bot]
ef98916353
chore(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.14 (#12168) 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 08:28:55 +00:00
dependabot[bot]
1e54ee0298
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#12169) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 16:02:26 +08:00
Mohd Kamaal
87fb920cbe
update the docs for logging (#12140) 
* update the docs for logging

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

* Update logging.md

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

---------

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Co-authored-by: Kamaal <kamaal@macs-MacBook-Air.local>
 2025-02-13 17:52:47 +00:00
Frank Jogeleit
05f9bb4506
feat: configure admission and background flag for ValidatingPolicies (#12153) 2025-02-13 17:24:45 +00:00
Mohd Kamaal
de75c64a02
structuring log (#12111) 
* structuring log

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

* Update controller.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update main.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update run.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update config.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update pkg/webhooks/resource/mutation/mutation.go

Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update pkg/webhooks/resource/mutation/mutation.go

Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

---------

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Co-authored-by: Kamaal <kamaal@macs-MacBook-Air.local>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-13 15:02:02 +00:00
Abhash Solanki
1fa1c8674e
fix: Certificate Renewer Does Not Remove Old CA Certificate From Secret (#12073) 
* fix: Certificate Renewer Does Not Remove Old CA Certificate From Secret

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* updated logic

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

---------

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
 2025-02-13 14:25:42 +00:00
Vishal Choudhary
ae9e68e052
feat: add types for image verification attestors (#12080) 
* feat: add types for image verification attestors

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: codegen

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-13 13:47:51 +00:00
shuting
ce2c27c2d2
fix: sort autogen resources list (#12162) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-13 12:49:39 +00:00
Mariam Fahmy
609a122ede
chore: remove vp and celpolex from the kyverno group (#12156) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-12 14:21:17 +00:00
shuting
7ef2764365
feat: aggregate vpol.status.conditions (#12133) 
* feat: add vpol status controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update ready API struct

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: printer coloum

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: update status cmp func

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: support status.RBACPermissionsGranted

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-12 11:04:18 +00:00
Rafael da Fonseca
2da603ee1f
Add helm changelog for reports-server related fix (#12144) 
* Add helm changelog for reports-server related fix

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Remove old changelog entries

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

---------

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2025-02-12 09:04:39 +00:00
shuting
813b80d3d9
fix: update match conditions for autogen rules (#12146) 
* fix: update match conditions for autogen rules

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: autogen match condition prefix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: merge main

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
 2025-02-12 08:34:19 +00:00
Mariam Fahmy
7d5750a717
chore: move celexceptions to the new group (#12143) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-11 19:05:22 +02:00
Tuomo Tanskanen
a660088775
update issue templates (#12145) 
Add multiple missing releases to issue templates.

Also add k8s 1.32.x to Kubernetes versins for the webhook template.

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
 2025-02-11 15:05:28 +00:00
Rafael da Fonseca
f6b85ee3e5
Don't fail disabling reports CRDs when sanitychecks is disabled (for use with reports-server) (#12129) 2025-02-11 12:56:29 +00:00
Mariam Fahmy
f012241a82
feat: add cel-autogen chainsaw tests (#12135) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-10 22:30:12 +00:00
Vishal Choudhary
de0d8e04f8
feat: add image data fetching support (#12134) 2025-02-10 18:33:01 +05:30
dependabot[bot]
180eae5748
chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#12131) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-10 07:35:23 +00:00
shuting
0548d09c21
feat: add status.autogen (#12109) 
* feat: add status.autogen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-07 22:22:49 +05:30
Charles-Edouard Brétéché
e3ac39827d
feat: use dedicated group for new policies (#12123) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-07 12:51:03 +01:00
Mariam Fahmy
a4c10f6bb4
feat: compile and evaluate polex's match conditions (#12113) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-06 15:30:59 +02:00
Renato Vassão
d7751856ba
log action and message when creating event (#12092) 
Signed-off-by: Renato Vassão <renatomvd@hotmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2025-02-06 11:19:29 +00:00
shuting
e9e82f8832
feat: add autogen pod controllers to webhooks (#12112) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-06 10:38:02 +00:00