mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity
1667 commits 15 branches 540 tags 276 MiB
Commit graph

865 commits

Author SHA1 Message Date
Shuting Zhao
6a8e07d779 create namespaced pv on resource owner 2019-11-12 16:15:14 -08:00
Shuting Zhao
cde14c66b6 update crd 2019-11-12 16:14:47 -08:00
Shuting Zhao
162a9ee754 create namespace pv when validate policy fails 2019-11-12 16:14:47 -08:00
Shuting Zhao
7fa812dbc3 rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 16:11:34 -08:00
Shuting Zhao
d675774278 add namespace cluster policyviolation crd 2019-11-12 16:04:14 -08:00
Shuting Zhao
799c417ae2 integrate with pv genreator 2019-11-12 16:04:00 -08:00
shivkumar dudhani
f271af95cc use store to hold values and queue for keys 2019-11-12 16:01:09 -08:00
Shuting Zhao
778a246d28 Merge commit 'ccbb6e33a5599b8fbb9315f9a55e1ed1ef18bbb7' into 455_namespace_pv 
# Conflicts:
#	main.go
#	pkg/namespace/report.go
#	pkg/policy/report.go
#	pkg/policyviolation/clusterpv.go
#	pkg/webhooks/validation.go
 2019-11-12 15:11:58 -08:00
Shuting Zhao
d294c1fa94 create namespaced pv on resource owner 2019-11-12 14:58:38 -08:00
shivkumar dudhani
ccbb6e33a5 introduce policy violation generator 2019-11-12 14:41:29 -08:00
Shuting Zhao
a67306f106 update crd 2019-11-12 13:32:50 -08:00
Shuting Zhao
4734dba10f create namespace pv when validate policy fails 2019-11-12 13:32:30 -08:00
Shuting Zhao
14769936a2 rename policyviolation related package/function to clusterpolicyviolation 2019-11-12 11:22:06 -08:00
Shuting Zhao
1f2b71ace8 add namespace cluster policyviolation crd 2019-11-12 11:21:23 -08:00
Shuting Zhao
3dd9672a5d handle error properly 2019-11-12 10:05:10 -08:00
Shuting Zhao
2a14c1f5dc - add profiling; - fix CLI 2019-11-11 21:23:26 -08:00
Shuting Zhao
546a25d025 add missing file 2019-11-11 21:06:09 -08:00
Shuting Zhao
85d04f609c remove overlay failure conditionNotPresent as it allows the tag not present 2019-11-11 21:03:34 -08:00
Shuting Zhao
5a3ed62b13 Merge branch 'master' into 345_support_usergroup_info 
# Conflicts:
#	pkg/engine/validation_test.go
#	pkg/webhooks/annotations.go
#	pkg/webhooks/annotations_test.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-11 19:19:08 -08:00
Shuting Zhao
d26029d3be fix unit test 2019-11-11 19:08:46 -08:00
Shuting Zhao
6c8f4f90da fix patches annotation 2019-11-11 18:52:26 -08:00
Jim Bugwadia
8348c5761c fix tests 2019-11-11 18:51:21 -08:00
Jim Bugwadia
87be5ca4b8 update policies and test cases 2019-11-11 17:55:54 -08:00
Jim Bugwadia
3ffb0cfa39 add disallow_sysctl and move policies 2019-11-11 17:17:09 -08:00
Shuting Zhao
02fd1227be reverse listResource interface 2019-11-11 16:10:55 -08:00
Shuting Zhao
586b197b00 user sharedInformer for rolebindings and clusterrolebindings 2019-11-11 15:43:13 -08:00
Shuting Zhao
03e85c2266 make getRoleRef a separate package 2019-11-11 14:52:09 -08:00
Shuting Zhao
4a80f70957 add unit test 2019-11-11 14:29:36 -08:00
Jim Bugwadia
05503e4fd1 update other policies 2019-11-11 14:09:07 -08:00
shivkumar dudhani
f788f0e526 introduce policy store 2019-11-11 11:10:25 -08:00
Shuting Zhao
5b0a6d62a4 add unit test 2019-11-11 09:56:53 -08:00
Jim Bugwadia
dd4d091c23 update restrict_automount_sa_token 2019-11-10 21:57:20 -08:00
Jim Bugwadia
5e8b6c4183 update add_networkPolicy 2019-11-10 21:27:50 -08:00
Jim Bugwadia
244909ebb3 update require_probes 2019-11-10 21:18:17 -08:00
Jim Bugwadia
c1be682a93 update require_pod_requests_limits 2019-11-10 21:06:49 -08:00
Jim Bugwadia
f668113904 update add_ns_quota 2019-11-10 20:58:57 -08:00
Jim Bugwadia
a6d5fb6e30 update restrict_image_registries 2019-11-10 18:13:01 -08:00
Jim Bugwadia
f31abbffab update disallow_latest_tag 2019-11-10 17:54:38 -08:00
Jim Bugwadia
7f54e8e2e3 Merge branch '451_fix_disallow_host_net_port' into 452_make_sample_policy_rule_names_consistent 
# Conflicts:
#	samples/best_practices/disallow_host_network_hostport.yaml
#	test/scenarios/samples/best_practices/disallow_host_network_port.yaml
 2019-11-10 17:35:43 -08:00
Jim Bugwadia
20736e5e81 update disallow_default_namespace and disallow_host_network_port and disallow_host_pid_ipc 2019-11-10 15:50:18 -08:00
shivkumar dudhani
f11a05a652 create event on webhook status update 2019-11-10 13:30:15 -08:00
Jim Bugwadia
170e2a5179 update disallow_docker_sock_mount and disallow_host_network_port 2019-11-10 12:53:48 -08:00
Jim Bugwadia
fd1a26db29 update DisallowBindMounts 2019-11-09 16:33:19 -08:00
Jim Bugwadia
fae8ac0325 update RequireReadOnlyRootFS 2019-11-09 16:18:33 -08:00
Jim Bugwadia
121b81a83b update disallow new capabilities 2019-11-09 16:07:16 -08:00
Shivkumar Dudhani
1613434c46
458 cleanup (#464) 
* cleanup of policy violation on policy spec changes + refactoring

* remove unused code

* remove duplicate types

* cleanup references

* fix info log and clean code

* code clean

* remove dead code
 2019-11-08 20:45:26 -08:00
Jim Bugwadia
cba79c69a2 update disallow_priviledged 2019-11-08 20:04:42 -08:00
Jim Bugwadia
5ce8fd7a9a update disallow_root_user 2019-11-08 19:25:43 -08:00
Jim Bugwadia
6baa678e27 rename add_safe_to_evict 2019-11-08 19:02:49 -08:00
Shuting Zhao
981b378c86 match rbac info when process a rule 2019-11-08 18:58:09 -08:00
Shuting Zhao
6048d59949 change engine interface to take policyContext struct 2019-11-08 18:57:27 -08:00
Shuting Zhao
0e9a952d64 get rbac info for an admission request 2019-11-08 18:56:24 -08:00
Shuting Zhao
3f59b4cf10 change client.ListResource to take listOptions 2019-11-08 18:54:43 -08:00
Shuting Zhao
a7e55ed25e update types for match/exclude 2019-11-08 18:53:29 -08:00
Shivkumar Dudhani
687c0c6470
Merge pull request #418 from nirmata/391_feature 
Check if mutating webhook admission control is enabled
 2019-11-08 12:55:28 -08:00
Shuting Zhao
ec331b8d17 remove resource info in the validation error 2019-11-07 12:30:58 -08:00
Shuting Zhao
a30b8a604d update format 2019-11-07 12:13:35 -08:00
Shuting Zhao
443619757e update tests/scenario 2019-11-07 12:13:35 -08:00
Shuting Zhao
15895d3852 - aggregate resource info per rule; - remove resource info in each success message; 2019-11-07 12:13:35 -08:00
Shuting Zhao
2dec70cc72 make expected message optional in scenario file 2019-11-07 12:13:34 -08:00
Shuting Zhao
98fa90bf1e update validation_test.go 2019-11-07 12:13:34 -08:00
Shuting Zhao
58054ef5b6 remove duplicate test 2019-11-07 12:13:34 -08:00
Shuting Zhao
de9ebd899b improve validation error message; update scenario files 2019-11-07 12:13:34 -08:00
Shuting Zhao
e3c9282e6a fix edit failure blocked by annotation change 
- as we change the patches key in annotation to "policies.kyverno.io/patches" in commit bdb3f40f15
 2019-11-07 12:13:34 -08:00
Shuting Zhao
caf7abfecc Get policy list once in handleAdmissionRequest 2019-11-07 12:13:16 -08:00
Shuting Zhao
38f1f3bbb9 Merge branch '414_mutate_safe-to-evict_emptydir' into 413_known_ingress 2019-11-06 17:58:09 -08:00
Shuting Zhao
8496a483dc - remove resource info per rule; - add resource info in each failed admission request 2019-11-06 17:14:32 -08:00
Shuting Zhao
4daa23f530 add missing file 2019-11-06 16:40:24 -08:00
Shuting Zhao
b32c6bf50b remove unused code 2019-11-06 16:16:50 -08:00
Shuting Zhao
d31ace604e fix test 2019-11-06 16:16:38 -08:00
Shuting Zhao
a7aec886b4 handle processOverlay with overlayError 2019-11-06 16:16:29 -08:00
Jim Bugwadia
1173e062c9 - add policy and test for known ingress 
- fix messages and remove unnecessary comments in testrunner/scenario.go
 2019-11-05 19:07:44 -08:00
Shuting Zhao
d0391ecab3 make the err "resource field is not present" a constant 2019-11-05 16:36:15 -08:00
Shuting Zhao
9f7b6eaaf6 skip applying mutate rule if condition key is not present in the resource, consider the rule as success 2019-11-05 16:27:06 -08:00
Jim Bugwadia
cab87f24ba add tect case 2019-11-05 15:32:45 -08:00
Shuting Zhao
664a85363a correct scenario test 2019-11-05 12:59:22 -08:00
Jim Bugwadia
5ded29f74e temp update for debugging 2019-11-05 12:28:44 -08:00
Shuting Zhao
662f649926 add comment to the code 2019-11-05 11:04:43 -08:00
Shuting Zhao
4195f45a42 add missing scenario test 2019-11-05 10:19:42 -08:00
Shuting Zhao
489e55d6c3 add best_practices scenario_mutate_safe-to-evict 2019-11-05 10:16:07 -08:00
Shuting Zhao
764d0fede2 Merge commit '35bed4bc6aef6622b89f0fc4dee9a175aa9768ff' into 158_array_validation 2019-11-05 09:50:32 -08:00
Shuting Zhao
3fbb9f8a35 Merge commit 'cfbd2120938b8a7f81f4a9c325fa3f6e816d2bf1' into 158_array_validation 2019-11-05 09:43:28 -08:00
Shuting Zhao
d9335a5f8c add warning message; remove existence anchor check in mutation 2019-11-04 19:23:48 -08:00
Shivkumar Dudhani
cfbd212093
Merge pull request #427 from nirmata/375_handle_json_numbers_resubmit 
375 handle json numbers resubmit
 2019-11-04 18:05:24 -08:00
Jim Bugwadia
35bed4bc6a add safe-to-evict annotation 2019-11-04 17:55:13 -08:00
Jim Bugwadia
41afefbe8e add disallow Helm tiller 2019-11-03 18:19:06 -08:00
Jim Bugwadia
3b1143c934
Merge pull request #436 from nirmata/411_no_docker_sock_mount 
411 no docker sock mount
 2019-11-01 15:38:40 -07:00
shivkumar dudhani
a191bd67f4 update message string 2019-11-01 15:21:23 -07:00
Jim Bugwadia
1323a9a81e add policy and test case 2019-11-01 15:19:26 -07:00
Jim Bugwadia
440c23f231 add test case (currently fails) 2019-11-01 11:40:23 -07:00
Shuting Zhao
86c00a8f30 return failure path for mutate condition check 2019-11-01 11:14:58 -07:00
Shuting Zhao
ef8bf695b1 mutate: support anchor on map/array 2019-10-31 20:38:24 -07:00
shivkumar dudhani
7e7286a9c1 support string - numbers comparison, use validatepattern in generate for subset check 2019-10-31 13:29:03 -07:00
Shivkumar Dudhani
92c96aaf1f
Revert "use validatepattern in generate rule to check for subset existance" 2019-10-31 13:21:38 -07:00
shivkumar dudhani
61c1ea5a49 use validatepattern in generate rule to check for subset existance 2019-10-31 13:04:56 -07:00
shivkumar dudhani
697f927b50 fix log 2019-10-30 14:09:37 -07:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
shivkumar dudhani
c7787eff8d Merge branch 'master' of github.com:nirmata/kyverno into 391_feature 2019-10-29 12:01:15 -07:00
shivkumar dudhani
ba94577d40 upates 2019-10-29 11:51:30 -07:00
shivkumar dudhani
6b97b5be3d merge master 2019-10-29 11:04:10 -07:00
shivkumar dudhani
a287067315 add backward support for command line arguments for filtering resources 2019-10-29 10:56:28 -07:00
shuting
fd90b25755
Revert "261 dynamic config" 2019-10-28 18:37:41 -07:00
shivkumar dudhani
4b19dd0715 Merge branch '261_dynamic_config' of github.com:nirmata/kyverno into 261_dynamic_config 2019-10-28 15:24:13 -05:00
shivkumar dudhani
a1d7f984db remove comments 2019-10-28 15:23:52 -05:00
Shivkumar Dudhani
158a499feb
Merge branch 'master' into 261_dynamic_config 2019-10-28 15:06:37 -05:00
Shuting Zhao
8047ed68d3 remove required mark for managedresource "kind" 2019-10-28 11:44:48 -07:00
Shivkumar Dudhani
22e7ab1c49
Merge branch 'master' into 261_dynamic_config 2019-10-25 19:17:15 -05:00
shivkumar dudhani
c119f0d34b split sync cache 2019-10-25 18:49:26 -05:00
shivkumar dudhani
56adc98b8c initial commit 2019-10-25 16:55:48 -05:00
Shuting Zhao
3a3efe00f1 - rename to managedResource; - refact code structure 2019-10-24 15:50:11 -07:00
Shuting Zhao
3c75a89489 Merge branch '387_pv_enforce' of https://github.com/nirmata/kyverno into 387_pv_enforce 
# Conflicts:
#	pkg/policyviolation/helpers.go
 2019-10-23 23:25:19 -07:00
Shuting Zhao
6e69c8b69b cleanup pv with dependant when blocked admission request pass 2019-10-23 23:18:58 -07:00
Shuting Zhao
1db901cca6 add comment 2019-10-23 09:58:42 -07:00
Shuting Zhao
e4791e5828 remove unused code 2019-10-21 15:55:20 -07:00
Shuting Zhao
f820cb4c83 implement #387 Generate clusterpolicyviolation when policy action set to "enforce" 2019-10-21 15:55:20 -07:00
shivkumar dudhani
3fa8834b4a policy validation: refactoring 2019-10-21 14:22:31 -07:00
Shuting Zhao
68c87a09ec add unit test for negationanchor on mutation 2019-10-18 18:17:11 -07:00
Shuting Zhao
2e1b731e35 fix test error 2019-10-18 17:50:26 -07:00
Shuting Zhao
32f94bca27 manage policy validation inside engine pkg 2019-10-18 17:45:24 -07:00
shivkumar dudhani
64eab3d1d6 initial commit 2019-10-18 17:38:46 -07:00
Shuting Zhao
7239b4d9b7 Merge commit '37c25daa17ad046f739e74d803cb78d887805bb4' into 346_validate_policy 
# Conflicts:
#	pkg/api/kyverno/v1alpha1/utils.go
 2019-10-18 10:09:44 -07:00
Shuting Zhao
01dae46580 remove unused code 2019-10-16 10:33:28 -07:00
Shuting Zhao
2ff6eb6e78 implement #387 Generate clusterpolicyviolation when policy action set to "enforce" 2019-10-15 20:56:41 -07:00
shuting
81f202752c
Merge pull request #379 from nirmata/337_policy_description 
337 policy description
 2019-10-15 14:34:14 -07:00
shuting
3232fadbe5
Merge pull request #389 from nirmata/388_bug 
delete PV if the P it refers to is stale
 2019-10-15 12:27:40 -07:00
Shuting Zhao
c6d5ec7575 Merge commit '82647670a54ead965c8cb964f3063409d0826070' into 337_policy_description 
# Conflicts:
#	pkg/testrunner/testrunner_test.go
#	samples/README.md
#	samples/best_practices/policy_validate_deny_runasrootuser.yaml
#	test/scenarios/samples/best_practices/scenario_validate_nonRootUser.yaml
 2019-10-15 12:27:22 -07:00
shivkumar dudhani
5d228d9586 fix error param 2019-10-15 11:30:06 -07:00
shivkumar dudhani
1a7b92f001 delete PV if the P it refers to is state 2019-10-15 11:07:22 -07:00
shivkumar dudhani
9b9f6686cb remove comments 2019-10-14 14:17:16 -07:00
Shuting Zhao
a384c263f4 remove duplicate test scenario 2019-10-14 14:14:18 -07:00
shivkumar dudhani
4e5f551fa7 clean up 2019-10-14 14:10:34 -07:00
Shuting Zhao
75806146c6 Merge branch 'best_practice_policies' into 337_policy_description 
# Conflicts:
#	samples/README.md
 2019-10-14 13:21:10 -07:00
shivkumar dudhani
530ac6962c initial clean up 2019-10-14 12:36:19 -07:00
Shuting Zhao
bdb3f40f15 rename mutate annotation to "policies.kyverno.io/patches" 2019-10-11 17:59:50 -07:00
Shuting Zhao
eb8bd71ac2 add test scenario - missing image tag 2019-10-10 19:13:04 -07:00
Shuting Zhao
38bf4d6055 add 'deny-use-of-host-fs' 2019-10-10 18:42:54 -07:00
Shuting Zhao
17f7eb6213 Merge branch 'master' into best_practice_policies 2019-10-10 18:15:55 -07:00
shivkumar dudhani
fd72ee3178 add unit tests 2019-10-10 17:34:20 -07:00
shivkumar dudhani
f6367cfe4a add negation anchor 2019-10-10 16:59:08 -07:00
Shuting Zhao
300665b22b Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 2019-10-10 12:30:14 -07:00
Shuting Zhao
24f3b8ac96 disallow automountServiceAccountToken 2019-10-10 12:29:48 -07:00
shivkumar dudhani
dbc35eb8f4 enable disabled tests 2019-10-10 12:22:07 -07:00
Shuting Zhao
7fcc6bbd33 require default namespace resource quota 2019-10-10 10:46:11 -07:00
Shuting Zhao
3087257b46 disallow use of default namespace 2019-10-10 10:34:49 -07:00
Shuting Zhao
012360ae3a allow trusted registries 2019-10-10 10:29:10 -07:00
Shuting Zhao
4d29b461ff add require_image_tag_not_latest.yaml 2019-10-09 18:35:07 -07:00
Shuting Zhao
b5475fda5d comment out failed testscenarios 2019-10-09 18:31:09 -07:00
Shuting Zhao
3e1ef320a8 add require_probes.yaml 2019-10-09 17:49:00 -07:00
Shuting Zhao
ea25ed8460 add check-pod-request-limit.yaml 2019-10-09 17:37:31 -07:00
Shuting Zhao
18c190447f update require-readonly-rootfilesystem.yaml 2019-10-08 22:09:58 -07:00
Shuting Zhao
cb44585d70 add disallow_readonly_rootfilesystem.yaml 2019-10-08 22:05:15 -07:00
Shuting Zhao
c755df6b70 add scenario_validate_disallow_hostpid_hostipc.yaml 2019-10-08 21:58:05 -07:00
Shuting Zhao
ce41e4a99d add disallow_host_network_hostport.yaml 2019-10-08 21:51:35 -07:00
Shuting Zhao
0c0a9a69a6 add disallow_priviledged_privelegesecalation.yaml 2019-10-08 21:42:49 -07:00
Shuting Zhao
137d596e11 rename EngineResponseNew to EngineResponse accordingly 2019-10-08 16:23:24 -07:00
shuting
5c38c28904
Merge pull request #369 from nirmata/368_bug 
update engineResponse Name
 2019-10-08 16:02:07 -07:00
Shivkumar Dudhani
d973e84084
Merge pull request #366 from nirmata/best_practice_policies 
Add best practice policies
 2019-10-08 15:51:19 -07:00
Shuting Zhao
d7080c2d94 fix pr comment 2019-10-08 14:21:47 -07:00
shivkumar dudhani
70ff2fa177 update engineResponse Name 2019-10-08 10:57:24 -07:00
Shuting Zhao
2077409c85 fix 365 annotation_bug 2019-10-07 18:31:14 -07:00
Shuting Zhao
cac41d9fda using anyPattern for allowed image registries 2019-10-07 14:34:32 -07:00
Shuting Zhao
87d9cdd9dd best practice: volume white list 2019-10-07 12:46:34 -07:00
Shuting Zhao
16a851cd8b update sysctl 2019-10-07 11:35:04 -07:00
Shuting Zhao
c80f9e0f9d best_practice: sysctl 2019-10-07 11:21:14 -07:00
Shuting Zhao
2243e9e2e7 best practice: validate container capability 2019-10-04 18:15:39 -07:00
Shuting Zhao
0c09ba53eb best-practice: validate default proc mount 2019-10-04 17:48:57 -07:00
Shuting Zhao
1bd8663e4c add selinux best practice 2019-10-04 17:28:42 -07:00
Shuting Zhao
04c147eb77 add security context "fsgroup" 2019-10-04 16:50:23 -07:00
Shuting Zhao
57456e5f06 improve code 2019-10-03 18:19:47 -07:00
Shuting Zhao
ae393f567d make validation checks on different block internally 2019-10-03 17:53:46 -07:00
Shuting Zhao
e20d86f45c remove duplicate code: hasMutate.. 2019-10-03 17:00:05 -07:00
Shuting Zhao
c56c5c365d Provide more details to policy validation errors 2019-10-03 16:49:41 -07:00
Shuting Zhao
572418795a add validate checks for generate 2019-10-03 14:47:50 -07:00
Shuting Zhao
9d0b4c7d30 validate anchor in mutate and validate rule 2019-10-03 12:52:58 -07:00
shivkumar dudhani
c4e263564f CR: uncomment deadcode 2019-10-01 16:59:26 -07:00
shivkumar dudhani
7782c776f1 merge with master 2019-10-01 16:28:54 -07:00
Shivkumar Dudhani
e02d334dfc
Merge pull request #358 from nirmata/346_validate_policy 
346 validate policy
 2019-10-01 16:25:09 -07:00
Shuting Zhao
3ee2d57694 ignore kinds check on exclude resource description 2019-10-01 15:01:24 -07:00
shivkumar dudhani
515a31199e update equality operator 2019-10-01 13:08:34 -07:00
Shuting Zhao
a620c14c58 fix PR comment 2019-10-01 12:41:10 -07:00
shivkumar dudhani
17d80a08c0 introduce equality anchor 2019-10-01 12:35:14 -07:00
Shuting Zhao
8b174235df add unit tests 2019-10-01 11:50:10 -07:00
shivkumar dudhani
c3a2256c1c process policy in namespaces 2019-09-28 15:39:06 -07:00
shivkumar dudhani
56b2d2990b clean up 2019-09-28 14:20:39 -07:00
shivkumar dudhani
808cccb421 update validation logic 2019-09-28 14:09:46 -07:00
Shuting Zhao
28bb9c80b4 validate existing anchor of validate rule 2019-09-27 19:03:55 -07:00
Shuting Zhao
a72a73b8a9 fix warning 2019-09-27 16:35:09 -07:00
Shuting Zhao
8a7250ffef refactor policy validation, moved to pkg/api/kyverno 2019-09-27 16:31:27 -07:00
Shuting Zhao
76ad9406b1 only allow one type of rule defined in a single rule 2019-09-26 18:02:24 -07:00
shivkumar dudhani
ae3059b858 unit test initial check 2019-09-26 11:00:30 -07:00
shivkumar dudhani
087efffd96 support existance on list type 2019-09-25 21:01:45 -07:00
shivkumar dudhani
974fff169a support evaluation of nested values 2019-09-25 16:06:37 -07:00
shivkumar dudhani
c65f12b97b initial commit 2019-09-25 15:12:33 -07:00
Shuting Zhao
5e0415911a add best-practice: policy_validate_disallow_default_serviceaccount 2019-09-16 14:16:54 -07:00
shuting
3d02f81434
Merge pull request #351 from nirmata/348_feature_wildcardsNamespaces 
support wild cards for namespaces in rule resource description
 2019-09-12 23:06:51 -07:00
shivkumar dudhani
44af35d6e4 support wild cards for namespaces in rule resource description 2019-09-12 17:11:55 -07:00
shivkumar dudhani
5dab189743 fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00
Shuting Zhao
e6a5b1ceb8 add namespace_quota testrunner 2019-09-10 12:27:21 -07:00
Shuting Zhao
2e22c21164 add policy_validate_disallow_node_port.yaml 2019-09-10 11:57:33 -07:00
Shuting Zhao
6ecec2f5a7 add resource_quota testrunner 2019-09-09 23:55:14 -07:00
Shuting Zhao
3237f3d799 add policy_validate_not_readonly_rootfilesystem.yaml 2019-09-09 18:13:38 -07:00
Shuting Zhao
3eeba1a32b add policy_validate_hostPID_hosIPC.yaml 2019-09-09 17:34:25 -07:00
Shuting Zhao
d0fd3e69ef update testrunner, unit test for validate_host_network_port 2019-09-09 16:08:15 -07:00
Shuting Zhao
0fe5a065dd add validate_hostpath testrunner 2019-09-09 15:06:54 -07:00
Shuting Zhao
b494dec7f3 add validate_namespace test runner 2019-09-09 14:33:55 -07:00
Shuting Zhao
d92026f94a add disallow_priviledgedprivelegesecalation test runner 2019-09-09 10:56:19 -07:00
Shuting Zhao
ae8264deae Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 
# Conflicts:
#	examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
#	examples/best_practices/policy_validate_container_security_context.yaml
#	examples/best_practices/validate_container_security_context.yaml
 2019-09-09 10:36:56 -07:00
Shuting Zhao
b667c47587 update testrunner for examples/best_practices/policy_validate_container_security_context.yaml 2019-09-06 18:54:19 -07:00
Shuting Zhao
bc087d7918 Merge branch 'master' of https://github.com/nirmata/kyverno into best_practice_policies 
# Conflicts:
#	examples/best_practices/validate_default_namespace.yaml
 2019-09-06 17:04:44 -07:00
shivkumar dudhani
2669b0ae6b set default ValidationFailureAction to 'audit' 2019-09-06 10:18:45 -07:00
shivkumar dudhani
ff60dc05fd add policies 2019-09-06 10:03:24 -07:00
shivkumar dudhani
f56603e4d4 update message to show resource path of failure for validation + print custom message on failure + anyPattern to return on first success validation + update scenarios for test runner 2019-09-05 12:44:38 -07:00
shivkumar dudhani
cf32510067 remove old function refereces and update tests 2019-09-05 09:37:57 -07:00
Shuting Zhao
6912114363 Merge commit '595dd1f18523845720b53a4b5d818782d85cb616' into best_practice_policies 2019-09-04 15:36:28 -07:00
shivkumar dudhani
973abe6233 ignore creationg of event and PV if Name is not assgined. 2019-09-04 15:30:09 -07:00
shivkumar dudhani
90a7282b97 remove log 2019-09-04 14:09:42 -07:00
shivkumar dudhani
7a43bed8e4 remove commented code + fix log param 2019-09-04 14:06:06 -07:00
Shivkumar Dudhani
b1e5f0a8c7
Merge branch 'master' into refactor_webhookconfigGeneration 2019-09-04 13:50:46 -07:00
Shivkumar Dudhani
bf35d711e6
Merge pull request #330 from nirmata/bug_exclude 
remove exlude kind checks
 2019-09-04 13:43:27 -07:00
shivkumar dudhani
c2e822c887 refactor webhook configuration 2019-09-04 13:43:12 -07:00
Shuting Zhao
b39ec75dbd fix "failed to patch resource: json: cannot unmarshal array into Go value of type jsonpatch.Operation" 2019-09-04 11:58:57 -07:00
shivkumar dudhani
b66c1b7f0c remove exlude kind checks 2019-09-04 10:40:49 -07:00
Shivkumar Dudhani
94bf186f30
Merge pull request #328 from nirmata/bug_exclude 
check the exclude conditions with AND
 2019-09-04 10:02:57 -07:00
shivkumar dudhani
5a6814a588 fix return values 2019-09-04 09:56:44 -07:00
shivkumar dudhani
dee4eef44a check the exclude conditions with AND 2019-09-03 19:31:42 -07:00
shivkumar dudhani
b152cdd004 rule to show violation count 2019-09-03 18:31:57 -07:00
shivkumar dudhani
9d81e61002 ignore stats if no rule is applied 2019-09-03 18:18:21 -07:00
shivkumar dudhani
cd6b1d0990 aggregate rule status 2019-09-03 17:43:36 -07:00
shivkumar dudhani
6228b8343e refactor engine api 2019-09-03 15:48:13 -07:00
shuting
42f10af603
Merge pull request #325 from nirmata/281_rename_policy 
281 rename policy
 2019-09-03 15:21:52 -07:00
shivkumar dudhani
786cbf5522 fix test 2019-09-03 15:02:00 -07:00
shivkumar dudhani
fa53519e2a change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00
Shuting Zhao
82273bf1cc Merge commit 'd12841898645ff05baa2340686821cc98eaefdea' into 293_remove_overall_mutation 
# Conflicts:
#	pkg/policy/apply.go
 2019-09-03 09:49:56 -07:00
shivkumar dudhani
0a132054e1 fixes + support generate policies 2019-08-30 14:06:47 -07:00
shivkumar dudhani
d43b4d93c2 rebase with master 2019-08-30 01:08:54 -07:00
shivkumar dudhani
a31f9c383d scneario file test runner 2019-08-30 00:22:37 -07:00
Shivkumar Dudhani
f10b5fdfe8
Merge pull request #322 from nirmata/307_feature 
Validate anchor values of type object/[map]interface{}
 2019-08-29 19:03:01 -07:00
shivkumar dudhani
07d86cb769 add success tests for validation & mutation 2019-08-29 18:48:58 -07:00
shivkumar dudhani
20e2f639eb add validate helper functions 2019-08-29 11:44:50 -07:00
shivkumar dudhani
d71ad7004c remove validation webhook configurations for resources 2019-08-28 11:04:38 -07:00
shivkumar dudhani
db3bcf3ca3 formatting error, fixes tests 2019-08-27 23:48:13 -07:00
shivkumar dudhani
8737ace7d7 handle http server close connection 2019-08-27 17:00:16 -07:00
shivkumar dudhani
470862a7b1 endpoint for policy mutation + refactor + graceful shutdown 2019-08-27 16:44:10 -07:00
shivkumar dudhani
6e74892548 reformat name 2019-08-27 14:59:17 -07:00
shivkumar dudhani
bfb16b0c11 create policy mutating webhook config resouce + refactoring 2019-08-27 14:52:56 -07:00
shivkumar dudhani
69060bf635 proposed solution 2019-08-27 11:41:47 -07:00
shivkumar dudhani
116203282d fix patches 2019-08-26 16:10:19 -07:00
shivkumar dudhani
e356cf37aa remove policyInfo 2019-08-26 13:36:11 -07:00
shivkumar dudhani
5b80da32ba replace policyInfo with engineResponse 2019-08-26 13:34:42 -07:00
shivkumar dudhani
b062d70e29 initial redesign 2019-08-23 18:34:23 -07:00