1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

205 commits

Author SHA1 Message Date
Khaled Emara
c0cf6c5bf1
feat(json): unmarshal at decode time (#10700)
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-08-05 15:46:50 +03:00
Charles-Edouard Brétéché
fc694bc24c
feat: add kyverno json support to validation rule (#10763)
* feat: add kyverno json support to validation rule

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v2beta1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* engine handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* bindings

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* context functions

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* better bindings

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-08-02 08:24:30 +00:00
Charles Uneze
7a6fee648b
Add kyverno helm repo (#10758)
Signed-off-by: Charles Uneze <charlesniklaus@gmail.com>
2024-07-31 13:11:52 +00:00
Khaled Emara
d173752041
feat(json): unmarshal once per policy (#10701)
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-30 10:52:41 +00:00
Khaled Emara
c2646f7a9d
feat(json): reduce reliance on DocumentToUntyped() (#10724)
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-29 11:57:20 +00:00
Charles-Edouard Brétéché
1647675190
feat: improve api json parsing (#10600)
* feat: improve api json parsing

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-04 16:05:42 +02:00
Charles-Edouard Brétéché
1a02b70a1c
feat: make any struct common to all api versions (#10553)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-27 10:09:57 +00:00
Charles-Edouard Brétéché
6f4818d724
feat: rework conditions marshaling (#10550)
* feat: rework conditions marshaling

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-27 10:00:02 +03:00
Charles-Edouard Brétéché
e900abf3a0
feat: remove kyverno client v2beta1 (#10543)
* feat: remove kyverno client v2beta1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-26 08:48:32 +00:00
Mariam Fahmy
ff88c4c39a
feat: migrate validationFailureAction and validationFailureActionOverrides (#10528)
* feat: migrate validationFailureAction and validationFailureActionOverrides under validate rule

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add unit tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-26 09:13:02 +02:00
Mariam Fahmy
abe2a2310b
feat: migrate webhookTimeoutSeconds and failurePolicy (#10515)
* feat: migrate webhookTimeoutSeconds and failurePolicy

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix lint issue

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-20 13:04:37 +00:00
Charles-Edouard Brétéché
b36a2ecdcc
feat: bump update request api version (#10508)
* feat: bump update request api version

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* use v2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-20 09:44:43 +00:00
Charles-Edouard Brétéché
a5254f7344
feat: remove old intermediate reports types (#10504)
* feat: remove old ephemeral reports types

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* helm

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-19 19:54:43 +00:00
Mariam Fahmy
9285006f7a
feat: add mutateExistingOnPolicyUpdate field under the mutate rule (#10461)
* fix

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add mutateExistingOnPolicyUpdate field under the mutate rule

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-19 09:29:19 +00:00
Charles-Edouard Brétéché
6e1def1004
feat: remove v1alpha2 group/version (#10500)
* feat: remove v1alpha2 group

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-19 08:08:15 +00:00
Vishal Choudhary
334594c128
feat: add support for cosign experimental OCI 1.1 signatures (#10228)
* feat: add support for cosign experimental OCI 1.1 signatures

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: remove unrelated changes

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: requested changes

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-18 23:03:53 +00:00
Charles-Edouard Brétéché
7f57b9618a
feat: cleanup v2alpha1 kyverno api (#10457)
* feat: cleanup v2alpha1 kyverno api

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-06-14 09:39:36 +00:00
Mariam Fahmy
846439b13e
feat: add generateExisting field under the generate rule (#10441)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-13 13:41:46 +00:00
Marc Brugger
be06bff665
support inline exceptions in cli apply (#10133)
* support inline exceptions in cli apply

Signed-off-by: bakito <github@bakito.ch>

* rename flag

Signed-off-by: bakito <github@bakito.ch>

* Update cmd/cli/kubectl-kyverno/commands/apply/command.go

Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Marc Brugger <github@bakito.ch>

* Update docs/user/cli/commands/kyverno_apply.md

Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Marc Brugger <github@bakito.ch>

* Restore missed sections from merge

Signed-off-by: Marc Brugger <github@bakito.ch>

---------

Signed-off-by: bakito <github@bakito.ch>
Signed-off-by: Marc Brugger <github@bakito.ch>
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-06 06:33:28 +00:00
Lanting Chiang
f91bf6529d
allow kyverno apply command to continue on failure (#10036)
* allow kyverno apply to continue on failure

Signed-off-by: lanting.chiang <lanting.chiang@robinhood.com>

* allow kyverno apply to continue on failure

Signed-off-by: lanting.chiang <lanting.chiang@robinhood.com>

---------

Signed-off-by: lanting.chiang <lanting.chiang@robinhood.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-05-06 09:00:54 +00:00
shuting
8929bd72a1
chore: update perf docs for 1.12 (#10116)
* fix: update kwok installation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: create deployment

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: create pod

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update commands

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update readme

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-04-29 13:09:44 +03:00
Jim Bugwadia
ec730bc560
update dev docs (#10089)
* update dev docs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update dev docs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-04-23 13:47:16 +08:00
Anushka Mittal
66a2c7283b
chore: changes to use latest kyverno-json apis (#9980)
* changes to use latest kyverno-json apis

Signed-off-by: Anushka Mittal <anushka@nirmata.com>

* codegen diffs

Signed-off-by: Anushka Mittal <anushka@nirmata.com>

---------

Signed-off-by: Anushka Mittal <anushka@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-04-02 14:35:26 +00:00
Vishal Choudhary
83f2846572
feat: add TSA cert chain support in cosign (#9961)
* feat: add TSA cert chain support in cosign

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add chainsaw test

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add unit test

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: unit tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-03-30 20:50:07 +00:00
Khaled Emara
bd6eff61cb
chore(gctx): document schema better (#9923)
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-03-20 19:34:40 +00:00
Khaled Emara
429e84be10
fix(globalcontext): panics and validation (#9903) 2024-03-14 16:12:39 +00:00
Khaled Emara
511df7a466
fix(globalcontext): old WaitGroup not stopping (#9813)
* fix(globalcontext): old waitgroup not stopping

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(globalcontext): add AGE

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* feat(globalcontext): add lastRefreshTime

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* fix(globalcontext): unhandled intormer run exception

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(globalcontext): comment wording

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(globalcontext): codegen

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* fix(globalcontext): linter

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

---------

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-02-27 18:24:39 +00:00
Jim Bugwadia
a95cd808a4
update versions (#9783)
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-02-26 07:26:37 +00:00
mohamedasifs123
d114b282de
add plural form aliases for resources and exceptions flags (#9749)
* Update command.go

Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>

* lint

Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>

* lint

Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>

---------

Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-02-19 21:35:23 +00:00
Charles-Edouard Brétéché
c649169a78
feat: add scan command for generic resources (#9651)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-05 15:49:01 +00:00
Charles-Edouard Brétéché
8a0d2a598a
feat: add root command to process generic json resources (#9639)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-05 12:38:01 +00:00
Khaled Emara
8a4d9941de
feat: add globalcontext loader and interface (#9602)
* feat(globalcontext): add interface

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* fix(globalcontext): package import path

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* design(contextloader): move globalcontext from Load to init

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* fix(globalcontext): remove pointer

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* design(globalcontext): create specific Store

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-05 11:24:37 +00:00
Srikanth Iyengar
63b03a8442
(docs) changed docs tool to kubernetes-sigs/reference-docs (#9212)
* (docs) updated gen-crd tool to reference-docs/genref

Signed-off-by: Srikanth Iyengar <ksrikanth3012@gmail.com>

* (docs) updated branch with recent docs

Signed-off-by: Srikanth Iyengar <ksrikanth3012@gmail.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* (docs) codegen

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Srikanth Iyengar <ksrikanth3012@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-02-04 13:57:00 +01:00
Sanskar Gurdasani
204d061a93
support -e shorthand with --exception (#9624)
Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>
2024-02-04 10:41:31 +00:00
Charles-Edouard Brétéché
b532525321
fix: global context crd improvements (#9621)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-02 17:42:20 +00:00
Vishal Choudhary
10ae9e306c
feat: update refreshInterval in globalcontext CRD to use a duration (#9615) 2024-02-02 12:06:51 +00:00
Charles-Edouard Brétéché
1e0bac2d6f
feat: add global context crd to codegen (#9595)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 12:32:13 +00:00
Charles-Edouard Brétéché
0b85bc41b7
feat: add global context crd (#9591)
* feat: add global context crd

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* merge main

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 10:58:31 +00:00
Charles-Edouard Brétéché
0a8d955028
fix: update cli docs (#9585)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 00:01:46 +00:00
Sanskar Gurdasani
231e7a681e
Support PolicyExceptions with CLI (#9525)
* loding policyExecptions from  func

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* adding PolicyExceptions in crds

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* adding PolicyExceptions in GetPolicy function

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* adding policyexceptions in Load function

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* resolve error becuase of now Getpolicy return policyexceptions

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* added -exception flag loaded policyexception

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* added policyexceptions in processor and NewEngine

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* Revert "added -exception flag loaded policyexception"

This reverts commit f53b205c08.

* Revert "Added support for PolicyExceptions for apply command "

This reverts commit 82689ea0c1.

* Update cmd/cli/kubectl-kyverno/commands/test/test.go

loading exceptions with policies

Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: Sanskar Gurdasani <92817635+Sanskarzz@users.noreply.github.com>

* updated GetFullPaths function and remove unnecessary code

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* added tests for loading exceptions in GetPolicy function

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* added tests for loading policy exceptions

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* Used selector in List function

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* generated cli crd

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* updated loadpolicy_test tests and corrected kind

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* resolved unit test error in path_test.go file

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* limiting the usage of exceptions to ValidatingAdmissionPolicies

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>

* remove changes in common code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>
Signed-off-by: Sanskar Gurdasani <92817635+Sanskarzz@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-31 22:28:14 +00:00
shuting
635f160ae0
feat (generate): add orphanDownstreamOnPolicyDelete to preserve downstream on policy deletion (#9579)
* add chainsaw tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add .orphanDownstreamOnPolicyDelete

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-01-31 13:50:38 +02:00
Charles-Edouard Brétéché
afede6486d
refactor: use single type for ephemeral reports (#9537)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-27 23:30:04 +00:00
shuting
7170cbb0c2
feat:Webhook config per policy (#9483)
* add spec.webhookConfigurations

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update crd

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* configure webhook

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* register webhook handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* skip storing finegrained policies in cache

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update resource validate handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* updates

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* enable mutate resource handler for fine-grained policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-01-27 13:00:22 +00:00
Charles-Edouard Brétéché
f4aba55e0a
fix: move new reports api to top level folder (#9531)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-27 08:03:01 +00:00
Mariam Fahmy
f01f0d6dc4
feat: support podSecurity exclusion in exceptions (#9343)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-01-26 18:43:07 +00:00
Vishal Choudhary
e6c39f31a5
feat: add a new API group reports.kyverno.io (#9521)
* feat: add new report interface

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* chore: reports.kyverno.io/v1 apigroup

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* chore: codegen

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add report manager

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add reports manager to reports controller

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add alternateReportStorage to helm chart

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: report utils deepcopy

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* init flag

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: wrong return value

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-26 13:40:29 +00:00
Vishal Choudhary
87c7ce254a
feat: add skipImageReferences in verify images (#8633)
* feat: add skipImageReferences in verify images

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: chainsaw-test.yaml

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: typo in assert

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-23 12:27:39 +00:00
Charles-Edouard Brétéché
cad231fc15
feat: add resource migration command (#9296)
* feat: add resource migration command

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* finalize PR

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-19 11:47:28 +00:00
Gurmannat Sohal
6902a2b092
Unit tests for Pod Security Admission Integrations (#8585)
* feat: enable field-restricted exclusions using the psa

Signed-off-by: Liang Deng <283304489@qq.com>

* fix ci error

Signed-off-by: Liang Deng <283304489@qq.com>

* fix ci error

Signed-off-by: Liang Deng <283304489@qq.com>

* initial unit tests

* Add all remaining unit tests

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fine grain unit tests by adding fields and values

* add detailed pod level exclusion and related tests

* add tests for init & ephemeral containers

* add kuttl tests for the new advanced support

* add kuttl tests for the new advanced support

* add readme for kuttl tests

* add replacement in go.mod

* resolving CI errors

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix ci errors

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix ci errors

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* updating pod-security-admissio

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* resolving null pointer panic

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* resolved conformance error

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* chainsaw

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chainsaw

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* remove duplication

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix linting

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* remove over computation

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* added field checks, pss skip condition

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* correcting chainsaw tests

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* merge branch 'main' into unit-tests

Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>

* fix builds

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: Liang Deng <283304489@qq.com>
Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Liang Deng <283304489@qq.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-12-26 22:28:08 +08:00
Mariam Fahmy
5f09fa810c
chore: introduce v2 for updaterequests (#9267)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2023-12-23 00:09:02 +00:00