1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Commit graph

8052 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
7351501ef6
feat(cli,apply): load validating policies (#11933)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-17 09:53:17 +00:00
shuting
97ed53f6bb
feat: register webhook configurations for validatingpolicies (#11892)
* feat: add spec.webhookConfiguration

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: refactor build webhook for kyverno policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update yamls

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add listers

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: update api

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: remove matchPolicy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update crd yaml

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add short name

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update deepcopy

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: upadte spec

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: fix description

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: register webhook for validatingpolicies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: fix import

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update manifests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update manifests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-01-17 11:33:47 +02:00
Mariam Fahmy
782641d3ff
fix the result column for Kyverno test (#11842)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-16 15:29:30 +00:00
abhashsolanki18
d2e6759115
fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash (#11834)
* fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* Fix nil pointer dereference in namespace handling for ValidatingAdmissionPolicy.

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* added test for namespace resource

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* fixed test

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* fixed test

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* fixed test, combined binding and policy

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

---------

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
2025-01-16 13:39:24 +00:00
Jim Bugwadia
6ac985e7f5
Update ADOPTERS.md (#11936)
add kubriX platform as an official adopter!

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2025-01-16 07:38:15 +00:00
Vishal Choudhary
9b5db4253b
feat: update annotations of kyverno images (#11935)
* feat: update annotations of kyverno images

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update Makefile

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update Makefile

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update Makefile

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update Makefile

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update Makefile

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Update Makefile

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2025-01-16 06:19:34 +00:00
dependabot[bot]
d48652e591
chore(deps): bump github.com/notaryproject/notation-core-go from 1.1.0 to 1.2.0 (#11926)
Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/notaryproject/notation-core-go/releases)
- [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/notaryproject/notation-core-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-01-15 16:35:31 +00:00
Mariam Fahmy
0bb5b19a35
chore: add 1.13.1 and 1.13.2 to issue templates (#11930)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 14:28:27 +00:00
Mariam Fahmy
2016f82600
chore: use v1 of VAPs in the tests (#11929)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 14:08:35 +00:00
Mariam Fahmy
a72868bd6f
chore: move CEL package to admissionpolicy package (#11931)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 13:04:18 +00:00
Charles-Edouard Brétéché
a50911d8b5
refactor: cleanup cli apply functions (#11928)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-15 12:19:57 +02:00
dependabot[bot]
72f932c3bc
chore(deps): bump sigs.k8s.io/kustomize/api from 0.18.0 to 0.19.0 (#11925)
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.18.0...api/v0.19.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-15 09:22:14 +01:00
Frank Jogeleit
c0d7df709a
Implement Object type checking based on OpenAPI v3 schema (#11919)
* Implement Object type checking based on OpenAPI v3 schema

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* Fix conflicting resource name

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* make typeName an configurable argument

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

---------

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-14 15:36:09 +00:00
Charles-Edouard Brétéché
6af7ab8905
feat: add CEL variables type checking (#11920)
* feat: add CEL variables support

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add CEL variables type checking

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more types

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* provider

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-14 15:57:55 +01:00
Mariam Fahmy
4678078c3d
feat: add auditAnnotation in CEL Compiler (#11918)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-14 13:16:29 +00:00
Charles-Edouard Brétéché
9177c57b21
feat: add CEL variables support (#11913)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-14 09:41:18 +00:00
dependabot[bot]
34bc3994a3
chore(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 (#11911)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.2 to 1.69.4.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.69.2...v1.69.4)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-14 08:04:48 +00:00
Charles-Edouard Brétéché
616cb93bc4
feat: add validating policy compiler (#11906)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-13 13:56:36 +01:00
dependabot[bot]
e7c372a398
chore(deps): bump github.com/fluxcd/pkg/oci from 0.43.0 to 0.43.1 (#11903)
Bumps [github.com/fluxcd/pkg/oci](https://github.com/fluxcd/pkg) from 0.43.0 to 0.43.1.
- [Commits](https://github.com/fluxcd/pkg/compare/oci/v0.43.0...oci/v0.43.1)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/oci
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 11:13:49 +00:00
dependabot[bot]
ab94b8511c
chore(deps): bump github.com/cyphar/filepath-securejoin (#11901)
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.6 to 0.4.0.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 11:44:38 +01:00
dependabot[bot]
e2e45f2503
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 (#11902)
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.1...v5.6.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 08:07:39 +00:00
Charles-Edouard Brétéché
bdc55fbc93
feat: add context cel lib to get config map (#11898)
* feat: add context cel lib to get config map

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* function name

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix type

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 14:19:50 +00:00
Frank Jogeleit
032d428b12
feat: setup validating policy cel environment (#11897)
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2025-01-10 13:54:04 +00:00
Charles-Edouard Brétéché
4e84edff68
feat: add support for loading validating policies in the cli (#11883)
* feat: add support for loading validating policies in the cli

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* copy data

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* legacy loader

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:43:48 +00:00
Charles-Edouard Brétéché
af82c1cc73
chore: bump a couple of deps (#11890)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 09:52:08 +00:00
Charles-Edouard Brétéché
1d03b932a4
refactor: get policy helper (#11891)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 09:30:54 +00:00
Charles-Edouard Brétéché
cc85831dbe
chore: bump a couple of deps (#11879)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 16:53:05 +01:00
dependabot[bot]
befc4d694d
chore(deps): bump github.com/google/cel-go from 0.22.0 to 0.22.1 (#11880)
Bumps [github.com/google/cel-go](https://github.com/google/cel-go) from 0.22.0 to 0.22.1.
- [Release notes](https://github.com/google/cel-go/releases)
- [Commits](https://github.com/google/cel-go/compare/v0.22.0...v0.22.1)

---
updated-dependencies:
- dependency-name: github.com/google/cel-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-09 16:26:26 +01:00
Charles-Edouard Brétéché
f8d02e2695
chore: bump a couple of deps (#11878)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 13:29:52 +01:00
Charles-Edouard Brétéché
8be679cdfb
feat: bump kube deps to 1.32 (#11877) 2025-01-09 19:51:43 +08:00
Charles-Edouard Brétéché
25ac400481
chore: bump a couple of deps (#11876)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 10:05:22 +00:00
shuting
ce62379d9c
chore: bump go-git to 5.13.0 (#11860)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-01-09 09:27:02 +00:00
raffis
306a2e47d9
fix(reports-controller): add a flag to disable reports sanity checks (#11867)
* fix(reports-controller): remove crd sanity check

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>

* feat: add a flag to disable reports sanity checks

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add changelog

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-09 17:03:23 +08:00
Jim Bugwadia
0e5ac8bd49
Add Tigera to Kyverno ADOPTERS.md (#11874)
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2025-01-09 08:20:35 +00:00
dependabot[bot]
b9f576bfca
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 (#11837)
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from 5.6.0 to 5.6.1.
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.0...v5.6.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-09 05:30:42 +00:00
Charles-Edouard Brétéché
3369a03844
feat: add validating policy crd in helm chart (#11870)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 13:04:54 +08:00
Charles-Edouard Brétéché
47e99166a5
feat: add kyverno vap API (#11790)
* feat: add kyverno vap API

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add context lib

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-01-08 15:56:36 +00:00
Charles-Edouard Brétéché
823661e4af
fix: sorting in fix test command (#11869) 2025-01-08 13:30:15 +00:00
Rokibul Hasan
236ac9c216
Add flag for JSON output in policy reports (#11840)
* Add flag for JSON output in policy reports

Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>

* make codegen-docs-all

Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>

---------

Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-07 06:22:11 +00:00
Damien Degois
c282f71212
remove policy exception dependancy from globalcontext and add some tests (#11788)
Signed-off-by: Damien Degois <damien@degois.info>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-03 16:16:37 +00:00
Damien Degois
e0fe6ec59a
fix global context error message logic error (#11815)
following same file line 91 and github.com/kyverno/kyverno/pkg/globalcontext/store#35

the proper handling should be `!ok`

Signed-off-by: Damien Degois <damien@degois.info>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-03 11:47:07 +00:00
Sandesh More
37c73f9314
Fix: Policy with failureActionOverrides not applying desired failure actions in desired namespaces (#11811)
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
Co-authored-by: sandesh more <samore@purestorage.com>
2025-01-03 10:50:49 +00:00
Mohd Uzair
d84fc7b4e1
fix panic when rules are empty (#11821)
Signed-off-by: MUzairS15 <muzair.shaikh810@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-03 09:51:44 +00:00
Rokibul Hasan
5573e5cded
Fix panic in background controller when updating Generate rule (#11835)
Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
2025-01-03 08:45:06 +00:00
dependabot[bot]
25032e363f
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#11791)
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.11.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.11)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-30 13:45:42 +00:00
shuting
1743f71a9a
chore: bump x/net 0/33/0 (#11825)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-30 08:59:27 +00:00
shuting
9e9110e91a
chore: bump python to 3.13.1 (#11800)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-20 12:43:06 +00:00
Vishal Choudhary
53eba82a7a
fix: cleanup unwanted files (#11803) 2024-12-20 12:00:30 +00:00
dependabot[bot]
7dfbd4a031
chore(deps): bump helm/kind-action from 1.10.0 to 1.11.0 (#11774)
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](0025e74a8c...ae94020eaf)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-20 10:26:37 +00:00
Vishal Choudhary
f51a49fcaf
fix: update chainsaw test apply timeout to 30s (#11794)
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-12-20 09:59:42 +00:00