mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
6249 commits 16 branches 550 tags 288 MiB
Commit graph

23 commits

Author SHA1 Message Date
shuting
3786e49cad
reduce sleep duration for generate kuttl tests (#7589) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-06-19 16:58:39 +00:00
shuting
5fa6e1fa48
fix: cloneList sync behavior (#7466) 
* fix flaky tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#7463)

Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](f4ef78c080...465a07811f)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump slsa-framework/slsa-github-generator (#7462)

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix cloneList sync behavior

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* skip creating duplicate URs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* renam

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 09:12:13 +00:00
shuting
7b7d64dcf2
fix: array element removal should be synced to the downstream resource with a generate data sync rule (#7417) 
* refactor

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix downstream update

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix panic

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix flaky test

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-06-06 12:07:07 +02:00
shuting
f87b0204e6
fix: generate policy validation to prevent endless loop (#7026) 
* refactor policy validation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add loop check for generate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* linter fixes

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* linter fixes

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-04-28 13:54:17 +00:00
shuting
d08a50a641
add source assertion (#6869) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-04-12 10:43:15 +00:00
shuting
9bca7b36b1
fix clone test (#6777) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-04-04 11:46:58 +02:00
yinka
04c7b64ae7
add kuttl generate tests for Namespaced policy (#6662) 
* [WIP] kuttl generate tests for Namespaced Policy

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-clone-create-on-trigger-deletion

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-data-sync-delete-trigger

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-clone-sync-delete-trigger

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-data-nosync-delete-trigger

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-clone-nosync-delete-trigger

Signed-off-by: yimikao <holayinkajr@gmail.com>

* add change

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-data-sync-update-trigger-no-match

Signed-off-by: yimikao <holayinkajr@gmail.com>

* remove file

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-data-nosync-update-trigger-no-match

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-clone-sync-update-trigger-no-match

Signed-off-by: yimikao <holayinkajr@gmail.com>

* pol-clone-nosync-update-trigger-no-match

Signed-off-by: yimikao <holayinkajr@gmail.com>

* corner cases

Signed-off-by: yimikao <holayinkajr@gmail.com>

* standard

Signed-off-by: yimikao <holayinkajr@gmail.com>

* remove failing test

Signed-off-by: yimikao <holayinkajr@gmail.com>

* sleep before assert

Signed-off-by: yimikao <holayinkajr@gmail.com>

* increase sleep dur

Signed-off-by: yimikao <holayinkajr@gmail.com>

* sleep before assert

Signed-off-by: yimikao <holayinkajr@gmail.com>

* use cm

Signed-off-by: yimikao <holayinkajr@gmail.com>

* fix cm name

Signed-off-by: yimikao <holayinkajr@gmail.com>

* use former resources

Signed-off-by: yimikao <holayinkajr@gmail.com>

* fix tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: yimikao <holayinkajr@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-04-03 18:45:24 +00:00
shuting
6249ab70e8
fix: block generate policies when lack of permission to operate downstream resources (#6610) 
* debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* return on errors only

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update clusterrolebinding

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update clusterrolebinding

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove debug

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix ns

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-03-22 13:14:57 +00:00
shuting
637f830917
feat: apply generate rules on trigger events (#6508) 
* - fire generation on trigger deletion, with condition rules;
- delete downstream if trigger no longer matches;
- delete downstream if trigger is deleted, with sync rule

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* trim condition key spaces

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix UR spec

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-create-on-trigger-deletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-create-on-trigger-deletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-data-sync-delete-trigger

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-data-nosync-delete-trigger

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-data-sync-update-trigger-no-match

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rename policy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-data-nosync-update-trigger-no-match

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add debug logs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-clone-create-on-trigger-deletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update readme

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-clone-sync-delete-trigger

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-clone-nosync-delete-trigger

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-clone-sync-update-trigger-no-match

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update readme

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test cpol-clone-nosync-update-trigger-no-match

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-03-10 17:17:10 +00:00
shuting
48726dcd4a
feat: validate immutable fields for a generate rule - 2 (#6451) 
* update validation checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix ns assertions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-03-10 14:39:44 +00:00
shuting
85a83e4fae
fix: namespace matching for background namespaced policies (#6530) 
* fix namespace matching for background policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add a kuttl test match-trigger-namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-03-10 13:55:08 +00:00
shuting
ea306d6d7f
rename generateExistingOnPolicyUpdate to generateExisting (#6470) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-03-03 12:05:53 +01:00
shuting
264eaec049
fix: remove timestamp checks for the clone rule (#6439) 
* remove timestamp checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-03-01 15:49:05 +00:00
shuting
0c91e87bbb
fix: delete downstream for a generate rule removal, with data and sync (#6393) 
* remove policy handler for updates

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove policy update handler from the ur controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rework cleanup downstream on policy deletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix downstream deletion on data rule removal

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl test for clusterpolicy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* linter fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl test for policy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add delays

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix name assertion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* delete downstream when deletes the clone source

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl test pol-clone-sync-delete-source

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* linter fixes

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl test pol-clone-sync-delete-downstream

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add kuttl test pol-data-sync-modify-rule

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix panic

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix panic

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix labels

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix policy assertions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix annotation missing names

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rename policy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove dead code

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* create unique namespaces

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* create more unique namespaces

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix assertion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2023-03-01 03:48:18 +00:00
Chip Zoller
bc7b73401e
More kuttl standard generate tests (#6332) 
* add test cpol-data-sync-delete-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test cpol-data-sync-modify-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* rename to be more descriptive

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-sync-delete-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* cleanup test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test cpol-data-nosync-delete-rule

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test cpol-data-nosync-delete-policy

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix formatting

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add Kyverno kuttl specific snippets to BEST_PRACTICES

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add reminder note

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test cpol-data-nosync-modify-rule

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test cpol-data-nosync-modify-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-nosync-create-policy-invalid

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-sync-delete-policy

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* separate files

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-nosync-delete-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-nosync-delete-rule

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-nosync-delete-policy

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix description

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix description

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-nosync-modify-rule

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test pol-data-nosync-modify-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test existing-basic-create-data

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test existing-basic-create-preconditions-data

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add basic clone multiple test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add delays

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add generate permissions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* reorder source and ClusterPolicy, cleanup removal, README update

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add test for cascading-mutation

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Change creation order, remove cleanup

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* increase sleep

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* remove unused test files

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* remove networkpolicies from perms

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add networkpolicies back

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* clarify readme

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

---------

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-02-27 14:39:18 +00:00
shuting
ccfcce83da
add kuttl test pol-clone-sync-modify-source (#6407) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-02-27 11:51:21 +00:00
shuting
3653130806
feat: add the kuttl test for Policy (Namespaced) with generate rule, data, and sync (#6387) 
* add the test

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update readme

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-02-24 21:59:17 +00:00
shuting
07b350166f
feat: add kuttl test for namespaced generate policy, with clone and sync (#6386) 
* add a kuttl test

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix policy type

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix policy type

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix policy type

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rename files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rename files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rename files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-02-24 11:36:19 +00:00
Charles-Edouard Brétéché
cfd4501dcc
test: add a couple pattern unit tests (#6252) 
* test: add a couple pattern unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-02-08 11:17:42 +00:00
shuting
6b3be9ada1
feat: enable leader election for the background controller (#6237) 
* enable leader election for the background controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-02-07 14:44:51 +01:00
Prateek Pandey
42221a93e4
fix: add clone check before validating namespace policy (#5459) 
fix: add clone check before validate clone namespace

- fix data policy validation
- add kuttl tests to validate the behaviour

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-11-25 12:49:22 +05:30
Chip Zoller
c708f4a881
Add most basic kuttl tests for generate rules, clone and sync (#5413) 
- add pol-clone-nosync-create and pol-clone-nosync-invalid tests
- add pol-clone-nosync-delete-downstream
- add pol-clone-nosync-modify-downstream
- add pol-clone-nosync-delete-source
- add pol-clone-nosync-modify-source
- add pol-clone-nosync-delete-rule
- add pol-clone-nosync-delete-policy
- add cpol-clone-sync-delete-rule
- add cpol-clone-sync-delete-policy
- add (but disabled) cpol-clone-sync-modify-source
- fix and move back cpol-clone-sync-modify-source
- add cpol-clone-sync-delete-source
- add cpol-clone-sync-modify-downstream
- add pol-clone-sync-invalid
- add pol-clone-sync-delete-rule
- add pol-clone-sync-delete-policy
- introduce pre-test sleep for Namespace deletion

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-11-21 16:30:25 +05:30
Chip Zoller
e749e6a8e5
Complete all basic kuttl tests for generate rules, clone and no-sync (#5400) 
* add pol-clone-nosync-create and pol-clone-nosync-invalid tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add pol-clone-nosync-delete-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add pol-clone-nosync-modify-downstream

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add pol-clone-nosync-delete-source

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add pol-clone-nosync-modify-source

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add pol-clone-nosync-delete-rule

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add pol-clone-nosync-delete-policy

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-11-17 21:56:20 +01:00