kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
dependabot[bot]	ce14eed715	sibling of `4b820557fc`	2024-12-12 07:13:09 +00:00
Vishal Choudhary	174534b518	fix: properly verify precondition in old object validation (#11644 ) * fix: properly verify precondition in old object validation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: assert bug Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: properly update the values Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-12-04 06:32:12 +00:00
Vishal Choudhary	ec658b7abf	fix: api call chainsaw tests (#11682 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-12-02 15:46:37 +00:00
Vishal Choudhary	b35aaab898	fix: match failure action case insensitively for validating old object (#11486 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-11-07 00:10:56 +08:00
Charles-Edouard Brétéché	db7584c417	chore: use more chainsaw step templates (#11317 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-10-04 12:54:39 +03:00
Charles-Edouard Brétéché	5a0ce6bb67	chore: bump chainsaw (#11161 ) * chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more template use Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.10 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * go mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-09-17 09:28:33 +00:00
Charles-Edouard Brétéché	fd3fa10956	fix: chainsaw tests (#11033 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-09-07 18:17:37 +00:00
Vishal Choudhary	1ef9b876e1	fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033 ) * feat: allow changes to preexisting resources that violate a validate foreach, cel or pss policy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: do old object verification as create operation this fixes the case where we are checking request.operation in a deny condition Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update the json context in set operation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update error message Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add match and exclude check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: match exclude in if Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add option to disable validation of old object Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update readme Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: conflicts Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nil ptr error Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: old obj verification in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw test for assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pss Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: common functions for allow existing violations Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typos Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pss old resource Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw test for PSS Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: use old objects Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: more merge changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: e2e matrxix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: refactor and dont return error when old obj validation fails Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: return resp when not matched Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add logs and return skip when old object validation fails Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update validate_resource.go Co-authored-by: shuting <shutting06@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update validate_pss.go Co-authored-by: shuting <shutting06@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update validate_assert.go Co-authored-by: shuting <shutting06@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2024-09-06 06:42:56 +00:00
Vishal Choudhary	86b8a6d0f3	feat: show violations and mutations as warning (#10214 ) * feat: add audit warning to policy spec Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: emit warning when audit warning is set Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add audit warn to policy cache Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add warnings for validation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add warnings for mutation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add more chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: fix ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: rename field to emit warning Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: validate tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove validation action failure fro mutation unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-09-05 10:02:00 +00:00
D N Siva Sathyaseelan	cc966bf7af	feat:support default value into apiCall context variables (#10594 ) * initial changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * test changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added Check for default in transformAndStore Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * codegen applied Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * considered an edge case Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * fix: remove error when jsondata and default is nil Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * codegen done Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> --------- Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-09-05 13:57:44 +08:00
Pradeep Lakshmi Narasimha	416b7d2f8b	fix: Honour generateSuccessEvents config for generating success events (#9870 ) (#10741 ) Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>	2024-09-04 10:25:34 +00:00
Mariam Fahmy	2140a0239b	chore: rename validationFailureAction to failureAction under the rule (#10893 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-08-27 20:07:57 +00:00
Jim Bugwadia	f06399200c	remove wildcard permissions (#10785 ) * remove wildcard permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix background controller perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove secrets perm Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reports-controller role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add wildcard check and limit generate policy checks based on `synchronize` Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix wildcard check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update default QPS and burst for better performance and to prevent test failure Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-20 11:55:32 +03:00
Mariam Fahmy	c796bb765c	fix: return policies with either audit or enforce rules from the cache (#10667 ) * fix: return policies with either audit or enforce rules from the cache Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: introduce validationFailureAction under verifyImage rules Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-06 18:24:28 +00:00
Charles-Edouard Brétéché	e004d8ae8d	chore: bump chainsaw (#10687 ) * chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.8-beta.1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.8-beta.2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * beta 3 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-07-31 15:50:20 +00:00
Mariam Fahmy	f3c9be9d0f	chore: rename deprecated chainsaw tests (#10668 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-17 04:52:38 +00:00
Mariam Fahmy	35494bd8bb	feat add chainsaw tests for pod security and exceptions (#10664 ) * feat add chainsaw tests for pod security and exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: enable ProcMountType in the kind config Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-16 12:14:47 +00:00
Mariam Fahmy	ad6ee93e3b	fix: CEL policies aren't applied to deleted resources (#10611 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-04 22:16:36 +05:30
Mariam Fahmy	418bf25659	feat: add chainsaw tests for validate policies (part 3) (#10546 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-26 14:07:03 +00:00
Mariam Fahmy	565f4b5427	feat: add chainsaw tests for validate policies (part 2) (#10545 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-26 11:37:32 +00:00
Mariam Fahmy	340009f55f	feat: add chainsaw tests for validate policies (#10544 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-26 10:39:54 +00:00
Mariam Fahmy	e892a0531e	chore: add tests that use spec.webhookConfiguration (#10526 ) * chore: add tests that use spec.webhookConfiguration Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-24 13:40:50 +00:00
Mariam Fahmy	b7bf894fe9	chore: use v2 for exceptions in chainsaw tests (#10529 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-24 11:54:57 +00:00
Mariam Fahmy	61e78fd968	chore: add tests that use spec.mutateExistingOnPolicyUpdate (#10514 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-20 10:27:42 +00:00
Mariam Fahmy	88d1063647	chore: use mutateExistingOnPolicyUpdate under mutate rule in chainsaw tests (#10507 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-19 18:16:46 +02:00
Vishal Choudhary	c403a498a3	fix: add error check in jmespath type conversion in context variables (#10152 ) * fix: add error check in jmespath type conversion in context variables Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix(lint): new line in tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: properly update path variable Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove log statemet Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-05-01 04:30:34 +00:00
Khaled Emara	c9d821ee72	fix: shared policy context needs to be copied (#10139 ) * fix: shared policy context needs to be copied Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(e2e): concurrent PSS execution Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(e2e): wait for pss policies to be ready Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-04-30 14:05:33 +00:00
Vishal Choudhary	f2833861f8	fix: properly update policy context after preexisting resource in violation check (#9893 ) * fix: properly update policy context after preexisting resource in violation check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: remove all copy function usages Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: nit Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * refactor context resource swap Signed-off-by: Jim Bugwadia <jim@nirmata.com> * feat: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: test: Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: logger panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: copy cover policycontext Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2024-03-13 16:24:53 +00:00
shuting	bc2f50ae13	fix: add missing unit tests for podSecurity.hostpathVolume check (#9845 ) * fix: add missing unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update pinned lib Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: uncomment code Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-03-04 15:23:06 +00:00
Mariam Fahmy	d8d6d89856	fix: remove duplicate chainsaw tests for PSA (#9835 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-03-01 20:49:04 +08:00
Mariam Fahmy	019fcaf377	fix: remove unnecessary podSecurity chainsaw test (#9791 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-26 14:23:34 +08:00
mohamedasifs123	d566e9886c	Fix :variables are not getting processed in validation message for "anyPattern" (#9713 ) * Update validate_resource.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create pod.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create chainsaw-test.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create policy.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update validate_resource.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update chainsaw-test.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create README.md Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> --------- Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>	2024-02-21 07:20:43 +00:00
mohamedasifs123	66f54d8fd6	fix: Policies skipped because of preconditions not met should not be included in admission requests denial responses (#9719 ) * Update block.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update block.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * lint Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update block.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test added Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * --signoff Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create README.md Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Rename Policy1.yaml to policy-1.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Rename Policy2.yaml to policy-2.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update chainsaw-test.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> --------- Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-02-20 15:42:18 +00:00
Mariam Fahmy	90ac90b89f	feat: use the check block for checking CLI output in chainsaw tests (#9616 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-05 14:59:19 +00:00
Charles-Edouard Brétéché	9102753323	fix: make alternate reports storage transparent (#9553 ) * fix: make alternate reports storage transparent Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bg scan Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm manager Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:53:37 +00:00
Liang Deng	8298a9a858	fix: validate pattern premature skip (#9155 ) Signed-off-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-29 13:06:39 +00:00
Mariam Fahmy	560aab2e69	fix PSA chainsaw tests (#9389 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-18 23:23:52 +00:00
Mariam Fahmy	e1a26f8eed	fix PSA chainsaw tests (#9341 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-05 08:57:40 +08:00
Khaled Emara	3d985872df	Add Chainsaw Test for Conditional Anchor (#9295 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-28 12:15:06 +00:00
Gurmannat Sohal	6902a2b092	Unit tests for Pod Security Admission Integrations (#8585 ) * feat: enable field-restricted exclusions using the psa Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * initial unit tests * Add all remaining unit tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fine grain unit tests by adding fields and values * add detailed pod level exclusion and related tests * add tests for init & ephemeral containers * add kuttl tests for the new advanced support * add kuttl tests for the new advanced support * add readme for kuttl tests * add replacement in go.mod * resolving CI errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * updating pod-security-admissio Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolving null pointer panic Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolved conformance error Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chainsaw Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove duplication Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix linting Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove over computation Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * added field checks, pss skip condition Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * correcting chainsaw tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * merge branch 'main' into unit-tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix builds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Liang Deng <283304489@qq.com> Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:28:08 +08:00
Mariam Fahmy	b61a1f3d18	fix: set v2beta1 of exceptions the storage version (#9254 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-22 10:13:58 +00:00
Mariam Fahmy	8e0a7aa204	feat: promote policy exceptions to v2 (#9208 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-19 10:43:39 +00:00
Charles-Edouard Brétéché	4564e1de8f	fix: chainsaw test (#9148 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-13 09:24:00 +00:00
Vishal Choudhary	1f4181645b	fix: allow changes to preexisting resource in violation of a policy in Enforce (#9027 ) * fix: allow changes to preexisting resource in violation of a policy in Enforce Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: missing error check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * nit: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update old policy context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: preconditions always retured true internal.CheckPreconditions always returned true when v.anyAllConditions, it should be populated with rule.RawAnyAllConditions when newValidator() is used to create a validator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: fix chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nit Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * debug Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: update test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add namespace Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test for bad to good conversion Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add test step Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-12 09:17:53 +00:00
Charles-Edouard Brétéché	b9b4b3e484	chore: bump chainsaw (#9114 ) * chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove sleeps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-08 01:14:23 +02:00
Charles-Edouard Brétéché	2ceac72f62	chore: convert chainsaw tests to Test resource (#9113 ) * chore: convert chainsaw tests to Test resource Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-07 22:38:30 +01:00
Charles-Edouard Brétéché	fd10739919	chore: bump chainsaw (#9071 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-04 12:39:10 +00:00
Charles-Edouard Brétéché	78b99def0b	chore: bump chainsaw (#9064 )	2023-12-04 10:48:12 +00:00
Charles-Edouard Brétéché	426525be37	chore: fix chainsaw tests cleanup timeout (#9028 ) * chore: fix chainsaw tests cleanup timeout Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * grace Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * checks Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix deletes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix exceptions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-11-28 06:32:32 +05:30
Charles-Edouard Brétéché	1a331f1297	chore: fix chainsaw exec timeout issue (#9013 ) * chore: fix chainsaw timeouts issues Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exec timeout Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * custom sigstore fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutate Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-11-26 23:43:29 +08:00

1 2

52 commits