shuting
d7a37924a9
feat: skip applying a VP which is converted to VAP ( #12312 )
...
* feat: skip vpol application if it's converted to vap
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: add missing error checks
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-07 08:07:50 +00:00
Vishal Choudhary
4b4e6cc415
feat: add parse image reference function ( #12317 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-07 07:34:08 +00:00
Charles-Edouard Brétéché
43ddc8c31e
feat: support rest mapper in cli with cluster enabled ( #12319 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-07 06:58:40 +00:00
dependabot[bot]
b3fa7b577b
chore(deps): bump helm/kind-action in /.github/actions/run-tests ( #12324 )
...
Bumps [helm/kind-action](https://github.com/helm/kind-action ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/helm/kind-action/releases )
- [Commits](ae94020eaf...a1b0e39133
2025-03-06 22:54:57 +00:00
dependabot[bot]
35f26a777b
chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 ( #12323 )
...
Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action ) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/helm/chart-testing-action/releases )
- [Commits](e6669bcd63...0d28d3144d
2025-03-06 22:14:42 +00:00
dependabot[bot]
da275e594e
chore(deps): bump helm/kind-action from 1.11.0 to 1.12.0 ( #12320 )
...
Bumps [helm/kind-action](https://github.com/helm/kind-action ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/helm/kind-action/releases )
- [Commits](ae94020eaf...a1b0e39133
2025-03-06 21:51:22 +00:00
Javier Solana
6bb677dd2a
chore: ignore kyverno.tar file ( #12314 )
...
Signed-off-by: Javier Solana <javier.solana@cabify.com>
Co-authored-by: Javier Solana <javier.solana@cabify.com>
2025-03-06 21:08:11 +00:00
dependabot[bot]
d5d1f9c77a
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp ( #12307 )
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore ) from 1.8.15 to 1.9.0.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.15...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 17:19:47 +00:00
Charles-Edouard Brétéché
705ced765d
chore: add policy api unit tests ( #12315 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-06 16:31:14 +00:00
Frank Jogeleit
da1fbd9475
Cel HTTP Lib ( #12241 )
...
* Implement HTTP CEL lib for external API calls
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* fix lint errors
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---------
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2025-03-06 15:13:13 +00:00
Frank Jogeleit
1cc5b7a3ab
Skip reporting for vpol when vap generation is enabled ( #12311 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2025-03-06 14:35:34 +00:00
dependabot[bot]
448b77f207
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure ( #12306 )
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore ) from 1.8.15 to 1.9.0.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.15...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:54:51 +00:00
dependabot[bot]
cdd7d901ba
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws ( #12305 )
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore ) from 1.8.15 to 1.9.0.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.15...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 10:23:21 +00:00
Khaled Emara
c61d0735e3
feat(vp): implement gctx in context library ( #12055 )
...
* feat(vp): implement gctx in context library
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(cel): add chainsaw test for validating policies gctx
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-06 09:27:03 +00:00
shuting
637f756994
feat: support json payload via CLI apply command ( #12296 )
...
* chore: remove unused code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: support json in CLI apply command
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: remove not used validation expressions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-06 08:48:26 +00:00
Charles-Edouard Brétéché
0bcc850d77
feat: support GVK to GVR mapping in the CLI ( #12301 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-06 14:24:48 +08:00
Charles-Edouard Brétéché
23d0f873b3
feat: add api-group-resources codegen ( #12303 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-05 20:21:02 +00:00
Vishal Choudhary
32f13d5894
fix: use object key in json image verification ( #12298 )
2025-03-05 19:53:19 +00:00
Karthik Manam
c0c9cec7c3
docs: add popular use cases section to README ( #12297 )
...
* docs: add popular use cases section to README
This commit adds a new section to the README that outlines common
use cases for Kyverno, helping new users quickly understand its
practical applications. The section is organized into four key
categories: Security & Compliance, Operational Excellence, Cost
Optimization, and Developer Guardrails.
Signed-off-by: Karthik babu Manam <karthikmanam@gmail.com>
* docs: add popular use cases section to README
This commit adds a new section to the README that outlines common
use cases for Kyverno, helping new users quickly understand its
practical applications. The section is organized into four key
categories: Security & Compliance, Operational Excellence, Cost
Optimization, and Developer Guardrails.
Signed-off-by: Karthik babu Manam <karthikmanam@gmail.com>
---------
Signed-off-by: Karthik babu Manam <karthikmanam@gmail.com>
2025-03-05 19:10:30 +00:00
Charles-Edouard Brétéché
98be7408eb
chore: remove dead code ( #12302 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-05 16:39:41 +00:00
Frank Jogeleit
6967533d9d
feat: support CELPolicyException in the report-controller ( #12287 )
...
* feat: support CELPolicyException in the report-controller
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* feat: support CELPolicyException in the report-controller
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---------
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2025-03-05 12:54:35 +00:00
dependabot[bot]
45225f5ec6
chore(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 ( #12295 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.70.0 to 1.71.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.70.0...v1.71.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 09:21:08 +00:00
dependabot[bot]
788213382a
chore(deps): bump github.com/prometheus/client_golang ( #12294 )
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.21.0 to 1.21.1.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.21.0...v1.21.1 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 08:23:39 +00:00
Vishal Choudhary
c47b48bda6
feat: autogenerate image verification policies for pod controllers ( #12290 )
...
* feat: autogen for image verification
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-03-04 21:30:23 +00:00
shuting
84e9517bad
feat: add cel evaluator for json payload ( #12288 )
...
* feat: add cel evaluator for json payload
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: linter fixes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
2025-03-04 15:20:26 +00:00
Charles-Edouard Brétéché
a6166d2bb7
chore: add policy API unit tests ( #12289 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-04 14:02:24 +00:00
dependabot[bot]
42acc20e43
chore(deps): bump github.com/opencontainers/image-spec ( #12285 )
...
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/opencontainers/image-spec/releases )
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md )
- [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/image-spec
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-04 11:30:13 +00:00
Vishal Choudhary
0dda60bf12
fix: autogen refactor ( #12286 )
...
* fix: autogen refactor
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: more refactor
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-03-04 18:55:45 +08:00
Charles-Edouard Brétéché
bfb4d20cb3
chore: add unit tests ( #12281 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-04 08:14:11 +00:00
Vishal Choudhary
70dc8cb81a
feat: image verify performance fix and tests ( #12282 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-03-04 06:34:31 +00:00
Vishal Choudhary
00f3e2f775
feat: add evaluation config to image verification policies ( #12279 )
...
* feat: add evaluation config to image verification policies
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: ci
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-03-03 21:27:07 +05:30
ohayak
5a067ec935
Update post-delete-configmap.yaml ( #12240 )
...
Add missing fallback values to webhookCleanup Hook
Signed-off-by: ohayak <ohayak@users.noreply.github.com>
2025-03-03 15:05:52 +00:00
刘旭
608b9fd5b7
fix(gctx): add event handler before informer start ( #12263 )
...
Signed-off-by: liuxu <liuxu623@gmail.com>
2025-03-03 13:46:49 +00:00
Charles-Edouard Brétéché
1bbda7bc46
chore: add VP/CEL unit tests ( #12271 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-03-03 08:41:37 +00:00
Rohan Raj
1202eef054
Indicate in report result the origin, admission, or background ( #12056 )
...
* Indicate in report result the origin, admission or background
Signed-off-by: Rohanraj123 <rajrohan88293@gmail.com>
* Add Null check on AsKyvernoPolicy() method
Signed-off-by: Rohanraj123 <rajrohan88293@gmail.com>
---------
Signed-off-by: Rohanraj123 <rajrohan88293@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-03-03 07:04:24 +00:00
shuting
f2f724469d
chore: remove mutatingpolicies ( #12261 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-28 14:22:09 +00:00
Mariam Fahmy
2ea7e7ce76
feat: add new field to control VAP generation per policy ( #12242 )
...
* feat: add new field to control VAP generation per policy
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: remove 1.28 and 1.29 from tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-28 13:35:13 +00:00
Mariam Fahmy
5dd6ebd04b
fix chainsaw test ( #12272 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-28 18:51:36 +08:00
dependabot[bot]
84216f6736
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 ( #12269 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.13.2 to 5.14.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-28 09:48:40 +00:00
Vishal Choudhary
7439fcc733
feat(test): image verification on any payload ( #12266 )
2025-02-28 09:09:25 +00:00
Mohd Kamaal
8777672fb1
changes if condition to check for RegExp field ( #12237 )
2025-02-28 06:43:32 +00:00
Frank Jogeleit
5f42a0bad8
feat: context function to request resources from api server ( #12181 )
...
* feat: context function to request resources from api server
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* add chainsaw test
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* replace dclient with dynamic client
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* update test case
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---------
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: shuting <shuting@nirmata.com>
2025-02-27 13:31:03 +00:00
Mariam Fahmy
b8a1731d49
feat: generate VAPs given celexceptions ( #12255 )
...
* feat: generate VAPs given celexceptions
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: modify chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix linter
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-02-27 13:08:35 +00:00
Charles-Edouard Brétéché
007ae5c1b1
chore: add VP/CEL unit tests ( #12264 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-02-27 12:14:23 +00:00
shuting
26a6b37265
feat: add evaluation mode to api ( #12262 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-02-27 16:31:10 +05:30
dependabot[bot]
5420fecbd6
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 ( #12257 )
...
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 09:25:15 +00:00
刘旭
d96f40072f
fix(gctx): remove unnecessary json Marshal/Unmarshal operations to reduce memory usage ( #12201 )
...
Signed-off-by: liuxu <liuxu623@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-02-27 17:03:36 +08:00
刘旭
8b4f222860
fix(gctx): fix gctx projection cache ( #12226 )
...
Signed-off-by: liuxu <liuxu623@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-02-27 08:23:23 +00:00
Vishal Choudhary
8d915b52ce
feat: add evaluator for image verification policies ( #12251 )
...
* feat: add variables
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: implement evaluator
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: build
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-02-27 15:19:11 +08:00
Charles-Edouard Brétéché
ebaad6fbb1
feat: improve validating policy api ( #12243 )
...
* feat: improve validating policy api
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-02-26 15:18:12 +00:00
