kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-26 09:33:48 +00:00

Author	SHA1	Message	Date
shuting	4f9b07070a	feat: enable mutating webhook for ivpol (#12423 ) * feat: enable mutating webhook for ivpol Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add objects to payload Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add chainsaw test Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: propagate policy response to admission reponse Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-03-17 12:31:37 +00:00
shuting	5c5a5fc0b0	feat: reconcile `ivpol.status` (#12392 ) * feat: update ivpol.status api Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: reconcile ivpol.status Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: autogen fields replacement Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update ivpol autogen rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: invoke ivpol webhook handler Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com>	2025-03-15 05:29:19 +05:30
shuting	91e6ae14fe	feat: register webhook for ivpol (#12391 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-03-12 16:04:11 +05:30
Vishal Choudhary	d812982b2e	feat: webhook handlers for image verification (#12318 ) * feat: webhook support for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add validation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: trim prefix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: only use matched policies Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: conflicts Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove commented code Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-03-11 07:38:11 +00:00
Charles-Edouard Brétéché	705ced765d	chore: add policy api unit tests (#12315 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-03-06 16:31:14 +00:00
Vishal Choudhary	c47b48bda6	feat: autogenerate image verification policies for pod controllers (#12290 ) * feat: autogen for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2025-03-04 21:30:23 +00:00
Charles-Edouard Brétéché	a6166d2bb7	chore: add policy API unit tests (#12289 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-03-04 14:02:24 +00:00
Charles-Edouard Brétéché	bfb4d20cb3	chore: add unit tests (#12281 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-03-04 08:14:11 +00:00
Vishal Choudhary	00f3e2f775	feat: add evaluation config to image verification policies (#12279 ) * feat: add evaluation config to image verification policies Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-03-03 21:27:07 +05:30
Charles-Edouard Brétéché	1bbda7bc46	chore: add VP/CEL unit tests (#12271 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-03-03 08:41:37 +00:00
shuting	f2f724469d	chore: remove mutatingpolicies (#12261 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-02-28 14:22:09 +00:00
Mariam Fahmy	2ea7e7ce76	feat: add new field to control VAP generation per policy (#12242 ) * feat: add new field to control VAP generation per policy Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: remove 1.28 and 1.29 from tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2025-02-28 13:35:13 +00:00
Vishal Choudhary	7439fcc733	feat(test): image verification on any payload (#12266 )	2025-02-28 09:09:25 +00:00
Charles-Edouard Brétéché	007ae5c1b1	chore: add VP/CEL unit tests (#12264 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-02-27 12:14:23 +00:00
shuting	26a6b37265	feat: add evaluation mode to api (#12262 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-02-27 16:31:10 +05:30
Vishal Choudhary	8d915b52ce	feat: add evaluator for image verification policies (#12251 ) * feat: add variables Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: implement evaluator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2025-02-27 15:19:11 +08:00
Charles-Edouard Brétéché	ebaad6fbb1	feat: improve validating policy api (#12243 ) * feat: improve validating policy api Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-02-26 15:18:12 +00:00
shuting	7a34b60ed2	feat: create patchers and apply mutations (#12253 ) * feat: create patchers and apply mutations Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: create patchers and apply mutations Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-02-26 13:32:28 +00:00
Vishal Choudhary	f68706cab2	feat: add cel library for image verification (#12233 ) * feat: concurrently add images to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cel library for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: type conv Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-02-26 00:56:17 +00:00
Charles-Edouard Brétéché	c0621cc3fc	chore: add VP api unit tests (#12248 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-02-25 18:31:33 +00:00
Mariam Fahmy	75a10ac550	feat: introduce generic exception interface (#12244 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2025-02-25 16:11:19 +00:00
Charles-Edouard Brétéché	9d56f5f2b5	feat: stop reusing admissionregistrationv1.ValidatingAdmissionPolicySpec (#12246 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-02-25 14:48:47 +00:00
Mariam Fahmy	6359fd4a1a	feat: generate VAPs from VPs (#12222 ) * feat: generate VAPs from VPs Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2025-02-25 20:27:29 +08:00
shuting	2326a4e393	feat: add mpol.spec.admission and mpol.spec.background (#12218 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-02-21 17:48:22 +00:00
Vishal Choudhary	221c559247	feat: cosign verifier for new image verifier crd (#12196 ) * feat: cosign verifier for new image verifier crd Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#12170) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * feat: add MutatingPolicies CRD (#12150) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * README: fix markdown syntax (#12176) Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.1 to 0.20.2 (#12180) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.20.1 to 0.20.2. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.20.1...v0.20.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: cel policies nits (#12184) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use serviceAccountName instead of deprecated serviceAccount (#12158) Signed-off-by: Francesco Ilario <filario@redhat.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#12179) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#12178) Bumps [github.com/awslabs/amazon-ecr-credential-helper/ecr-login](https://github.com/awslabs/amazon-ecr-credential-helper) from 0.0.0-20241227172826-c97b94eac159 to 0.9.1. - [Release notes](https://github.com/awslabs/amazon-ecr-credential-helper/releases) - [Changelog](https://github.com/awslabs/amazon-ecr-credential-helper/blob/main/CHANGELOG.md) - [Commits](https://github.com/awslabs/amazon-ecr-credential-helper/commits/v0.9.1) --- updated-dependencies: - dependency-name: github.com/awslabs/amazon-ecr-credential-helper/ecr-login dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add notary verifier with tsa support (#12160) * feat: add notary repository Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add notary verifier Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: more tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: more tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: codegen (#12195) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat(gctx): add jmespath caching through projections (#11833) feat(gctx): move ready check to runtime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: publish codecov reports (#12197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: format conformance.yaml workflow file (#12194) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: add result count for VPs in the CLI (#12193) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: implement functions Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Francesco Ilario <filario@redhat.com> Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Koichi Shiraishi <zchee.io@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Francesco Ilario <filario@redhat.com> Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>	2025-02-21 09:03:53 +08:00
Vishal Choudhary	219f25ace2	feat: add notary verifier with tsa support (#12160 ) * feat: add notary repository Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add notary verifier Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: more tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: more tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-02-18 07:23:39 +00:00
Mariam Fahmy	2c7dd2fd59	feat: add MutatingPolicies CRD (#12150 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2025-02-17 12:02:04 +00:00
shuting	9aebe10d15	refactor: status manager (#12173 ) * chore: move webhook status reconciler Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: status removal Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-02-14 15:22:25 +00:00
Frank Jogeleit	05f9bb4506	feat: configure admission and background flag for ValidatingPolicies (#12153 )	2025-02-13 17:24:45 +00:00
Vishal Choudhary	ae9e68e052	feat: add types for image verification attestors (#12080 ) * feat: add types for image verification attestors Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2025-02-13 13:47:51 +00:00
shuting	7ef2764365	feat: aggregate vpol.status.conditions (#12133 ) * feat: add vpol status controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update ready API struct Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: printer coloum Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update status cmp func Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: support status.RBACPermissionsGranted Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2025-02-12 11:04:18 +00:00
Mariam Fahmy	7d5750a717	chore: move celexceptions to the new group (#12143 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2025-02-11 19:05:22 +02:00
Charles-Edouard Brétéché	e3ac39827d	feat: use dedicated group for new policies (#12123 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2025-02-07 12:51:03 +01:00

33 commits