kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
D N Siva Sathyaseelan	cc966bf7af	feat:support default value into apiCall context variables (#10594 ) * initial changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * test changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * logical changes Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * added Check for default in transformAndStore Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * codegen applied Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * considered an edge case Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> * fix: remove error when jsondata and default is nil Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * codegen done Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> --------- Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-09-05 13:57:44 +08:00
Ammar Yasser	b78c501b1b	test: Uncomment tests for the policy validation feature and modify signatures (#10784 ) * test: Uncomment tests for the policy validation feature and modify signatures Update the tests to call the method in the right convention it currently uses. And removing dependency on the github.com/kyverno/kyverno/pkg/openapi package which is no longer required for calling Validate. As well as updating the expected errors for the Test_ValidateJSON6902. Signed-off-by: aerosouund <aerosound161@gmail.com> * fix: Configure Test_ValidateNamespace to use ValidationFailureActionOverrides as an argument instead of the whole policy spec Signed-off-by: aerosouund <aerosound161@gmail.com> * refactor: Use newest method signatures with Validate by passing two empty usernames Signed-off-by: aerosouund <aerosound161@gmail.com> * test: Use stretchr testify and bring the test that was written in main to the suite Signed-off-by: aerosouund <aerosound161@gmail.com> --------- Signed-off-by: aerosouund <aerosound161@gmail.com> Signed-off-by: Ammar Yasser <aerosound161@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-09-04 21:38:03 +00:00
Liang Deng	cac7b21225	fix: concurrent map read and map write when applying a validate.podSecurity rule (#11012 ) Signed-off-by: Liang Deng <283304489@qq.com>	2024-09-04 17:05:10 +00:00
shuting	01cc42e78a	fix: add auth check to the admission controller for generate policies (#10963 ) * fix: add auth check to the admission controller for generate policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: enable auth check if sync=true Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: restict to list/get permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-09-04 11:26:24 +00:00
Vishal Choudhary	c0d6eaddb3	feat: delete webhook configurations after kyverno is uninstalled (#10782 ) * feat: delete webhook configurations after kyverno is uninstalled Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: optionally add permissions Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: disable finalizers in latest manifest Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: move webhook cleanup to webhooks controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add finalizers on deployment Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: refactor Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add roles to cleanupcontroller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cleanup to generic controllers Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add webhook cleanup in generic controllers Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: remove unnecessary clusterrole and clusterrole bindings Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: make this behaviour opt-in Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: reconcile webhook setup on deployment change Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update codegen and remove unused vars Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add finalizers to chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-09-04 10:59:59 +00:00
Pradeep Lakshmi Narasimha	416b7d2f8b	fix: Honour generateSuccessEvents config for generating success events (#9870 ) (#10741 ) Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>	2024-09-04 10:25:34 +00:00
Alex Hamlin	218877dc03	Evaluate one version of each pod security standard (#10924 ) The original logic for evaluating pod security standards took two steps for each defined check: 1. If the policy author requested the latest version of the standard, find the newest version of the check and evaluate the pod against it, adding any failure to the final results. 2. Otherwise, evaluate the pod against each version of the check whose minimum version is below the requested version, adding any failures to the final results. This second step can be problematic, as new PSS versions may permit a broader range of values for a restricted field compared to old versions. As a concrete example, versioned podSecurity rules don't permit some of the newer sysctls allowed by Kubernetes v1.27 and v1.29, since Kyverno still evaluates v1.0 of the check. With this change, Kyverno identifies the highest version of the check that the podSecurity rule allows, and only executes that version of the check against the pod. Since the "latest" version is special-cased to compare newer than all non-latest versions, no special logic is required in that case. I've added unit tests for several combinations of sysctl and policy version, especially to check that policy v1.27 permits the new sysctl allowed in v1.27 but not the sysctls allowed in v1.29. I've also taken the liberty of changing `assert.Assert` to `assert.Check`, to collect multiple failures from a single unit test run. Signed-off-by: Alex Hamlin <alexanderh@qualtrics.com>	2024-09-03 18:58:40 +00:00
Vishal Choudhary	95f54a1cb6	feat: enable custom data in policy reports using properties (#10933 ) * feat: enable custom data in policy reports using properties Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: dont throw error in variable substitution for properties Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-09-03 17:36:07 +00:00
Rizul Gupta	02ffe4131c	add image name in all logs (#10837 ) * add image name in all logs Signed-off-by: Rizul Gupta <mail2rizul@gmail.com> * make lint tests pass Signed-off-by: Rizul Gupta <mail2rizul@gmail.com> --------- Signed-off-by: Rizul Gupta <mail2rizul@gmail.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-08-30 09:22:44 +00:00
Anushka Mittal	b76bb77e46	Deferred loading for image info in policy context (#10787 ) * fix: add deferred loading for image info in policy context Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * chore: move logic to context.go Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * chore: add unit test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * fix: cleanup code Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * fix: unit test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * fix: unit test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> --------- Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-08-30 05:35:26 +00:00
asr2003	8f418a90fc	fix: variable substitution error handling in policy validation (#10936 ) * fix variable substitution error handling in policy validation and add tests Signed-off-by: Ambati Sahithi <162500856+asr2003@users.noreply.github.com> * cleanup Signed-off-by: Ambati Sahithi <162500856+asr2003@users.noreply.github.com> * fix variable substitution error handling in policy validation and add tests Signed-off-by: Ambati Sahithi <162500856+asr2003@users.noreply.github.com> * cleanup Signed-off-by: Ambati Sahithi <162500856+asr2003@users.noreply.github.com> * add review comment Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: asr2003 <162500856+asr2003@users.noreply.github.com> * Update pkg/validation/policy/validate.go The rule and policy will be appended to the top level message, so no need to repeat here. Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Ambati Sahithi <162500856+asr2003@users.noreply.github.com> * Update pkg/validation/policy/validate.go update for unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Ambati Sahithi <162500856+asr2003@users.noreply.github.com> Signed-off-by: asr2003 <162500856+asr2003@users.noreply.github.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-08-29 23:49:45 +00:00
Mariam Fahmy	bde90340a6	chore: remove v1alpha1 of VAPs and use v1beta1 (#10955 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-29 15:31:25 +00:00
Mariam Fahmy	e00596a551	fix: match wildcard names for generateExisting policies (#10945 ) * fix: match wildcard names for generateExisting policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add unit tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-29 13:09:30 +00:00
shuting	2cd462570a	feat: `foreach` support for `clone` (#10888 ) * chore: add chainsaw tests for foreach clone Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update webhooks for foreach generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename generatePattern Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: chainsaw tests for generateExisting Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add chainsaw tests for foreach clone, sync=true Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add chainsaw test foreach clonelist, sync=true, delete source Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: sync deletion for cloneList Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-08-29 11:59:22 +00:00
Charles-Edouard Brétéché	f87fa52cb7	feat: bump to k8s 1.31 (#10938 ) * feat: bump to k8s 1.31 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tidy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mod Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix otel Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix otel schema Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: fix image verification tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * linter issues Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cel change Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-28 17:09:58 +00:00
Mariam Fahmy	2140a0239b	chore: rename validationFailureAction to failureAction under the rule (#10893 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-08-27 20:07:57 +00:00
Khaled Emara	aceb7d5068	feat(gctx): retry logic (#10796 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-08-21 19:32:58 +00:00
Vishal Choudhary	4287f8cc29	feat: regexp support for sigstore bundle (#10901 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-21 15:34:04 +00:00
Jim Bugwadia	f06399200c	remove wildcard permissions (#10785 ) * remove wildcard permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix background controller perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove secrets perm Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reports-controller role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add wildcard check and limit generate policy checks based on `synchronize` Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix wildcard check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update default QPS and burst for better performance and to prevent test failure Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-20 11:55:32 +03:00
Vishal Choudhary	0c2a88638b	fix: properly use useCache field in image verification policies (#10709 ) * fix: properly use useCache field in image verification policies Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: revert client changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-19 14:26:07 +00:00
shuting	bd71af3291	feat: support `foreach` for `generate.data` (#10875 ) * chore: refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add foreach for generate.daya to api Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: refactor generator Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation -2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: support foreach.data Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: context variables Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add a chainsaw test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: sync on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: enable new chainsaw tests in CI Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: validate targets scope for ns-policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove unreasonable test Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-19 06:55:19 +00:00
Jim Bugwadia	c96f224e8e	reduce recursions for nested var substutution (#10877 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2024-08-18 17:40:27 +08:00
Khaled Emara	a5915a310b	chore(log): add caller (#10874 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-08-16 14:08:55 +00:00
Vishal Choudhary	06ffd1c961	feat: add support for sigstore bundle verification (#10567 ) * feat: add support for sigstore bundle verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: missed change Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: another linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add size check in layer Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-08-16 11:36:48 +00:00
Vishal Choudhary	f69ffe12ec	feat: add full regexp support to cosign (#10815 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-16 07:03:59 +00:00
Jim Bugwadia	3c63152f18	update message (#10862 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2024-08-15 14:42:29 +00:00
Khaled Emara	40ba712987	fix(log): set zerolog level to logr level (#10867 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-15 13:49:50 +00:00
Jim Bugwadia	2e39e27102	rename package: d4f --> breaker (#10863 ) * rename package: d4f --> breaker Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename package: d4f --> breaker Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2024-08-15 10:53:20 +00:00
shuting	5203809b73	chore: refactor background controller (#10850 ) * chore: refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add foreach for generate.daya to api Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-08-14 14:32:49 +00:00
shuting	481798c836	refactor: update updaterequest to be created for each policy (#10793 ) * chore: remove v1beta1 updaterequest definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update UR to map a policy instead a rule; adapt UR mapping changes for admission review Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove unused function Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update ur in policy controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: adapt ur changes in the background controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: more linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: modify mapping relationship for deletion events Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: remedy missing target for policy application Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: fetching logic for triggers Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: clean up targets upon policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: adds delay before assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: wrong yaml format Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update error handling logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable more debug info Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: makefile to update ur crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: generate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: skip empty ur generation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-08-13 17:14:06 +00:00
Khaled Emara	de37a045be	feat(logger): replace zap with zerlog for perf (#10790 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-13 15:12:21 +00:00
Mariam Fahmy	25b7142ee0	feat: generate VAPs from exceptions (#10771 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-13 11:55:22 +00:00
Mariam Fahmy	3a69702b49	fix: check permissions for validate.cel subrules only (#10829 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-08-13 12:25:29 +03:00
Khaled Emara	bbb1d6103c	feat(mutate): don't eagerly process img-ver (#10703 ) * feat(mutate): don't eagerly process img-ver Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(mutate): add mutate with img-ver test Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-12 14:59:27 +00:00
Khaled Emara	65a43d2059	feat(mutate): minimize unmarshals (#10702 ) * feat(mutate): minimize unmarshals Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(mutate): test type assertion Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(codegen): remove unused import Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-08-09 11:12:20 +00:00
Mariam Fahmy	60a8384fd4	feat: add tests for different values of generateExisting (#10807 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-08 12:11:20 +00:00
Mariam Fahmy	c7122edfa8	feat: add tests for different values of mutateExistingOnPolicyUpdate (#10797 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-07 15:06:01 +00:00
Mariam Fahmy	53e0ccdc25	fix: pass resource names to auth check for mutateExisting policies (#10808 )	2024-08-07 14:09:16 +00:00
Mariam Fahmy	4d1f040e49	fix: add the resource name to the SubjectAccessReview (#10221 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-07 12:46:44 +00:00
Mariam Fahmy	c796bb765c	fix: return policies with either audit or enforce rules from the cache (#10667 ) * fix: return policies with either audit or enforce rules from the cache Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: introduce validationFailureAction under verifyImage rules Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-06 18:24:28 +00:00
Frank Jogeleit	deab83d62f	reconcile only PolicyReports managed by kyverno (#10794 ) Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-06 12:43:47 +00:00
Khaled Emara	c0cf6c5bf1	feat(json): unmarshal at decode time (#10700 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-05 15:46:50 +03:00
Frank Jogeleit	91ffbb6758	feat: assert rule autogen (#10780 ) * Support autogen for assert validation rules Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> * simplify assert autogen logic Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> * add chainsaw test Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>	2024-08-05 10:59:55 +00:00
Mariam Fahmy	ce7e570268	fix: set all operations by default in the generated VAP (#10100 ) * fix: set all operations by default in the generated VAP Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-02 14:12:42 +00:00
Mariam Fahmy	9d28116eb4	fix: allow exceptions to match Pod/ephemeralcontainers by default (#10778 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-02 12:47:09 +00:00
Charles-Edouard Brétéché	a1510d9db1	feat: add more policy validation around policies using kyverno-json (#10777 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-08-02 14:47:03 +03:00
Charles-Edouard Brétéché	fc694bc24c	feat: add kyverno json support to validation rule (#10763 ) * feat: add kyverno json support to validation rule Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * engine handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bindings Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * context functions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * better bindings Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-08-02 08:24:30 +00:00
Khaled Emara	d173752041	feat(json): unmarshal once per policy (#10701 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-07-30 10:52:41 +00:00
Khaled Emara	0aeb32df3b	feat(autogen): use static bytes instead of string (#10723 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-29 13:46:11 +00:00
Khaled Emara	c2646f7a9d	feat(json): reduce reliance on `DocumentToUntyped()` (#10724 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-29 11:57:20 +00:00
Ammar Yasser	f618717f75	fix: Check for the client being nil before applying a mutation (#10726 ) Signed-off-by: aerosouund <aerosound161@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-07-26 10:49:51 +00:00
Mariam Fahmy	716611b7ea	fix: return all the exceptions that match the incoming resource (#10722 ) * fix: return all the exceptions that match the incoming resource Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: modify log messages Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-25 17:36:19 +00:00
Korada Vishal	ca17cb2c6f	Improved test covergae for forceMutate (#10103 ) Signed-off-by: Vishal K <korada.vishal.phe22@itbhu.ac.in> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-24 10:43:07 +00:00
Mariam Fahmy	b0cef72df1	feat: support exclude block in generating VAPs (#10215 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-16 18:06:58 +03:00
Mariam Fahmy	35494bd8bb	feat add chainsaw tests for pod security and exceptions (#10664 ) * feat add chainsaw tests for pod security and exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: enable ProcMountType in the kind config Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-16 12:14:47 +00:00
Mariam Fahmy	5b715420a3	fix: truncate event messages to 1024 chars (#10636 ) * fix: truncate event messages to 1024 chars Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-07-10 14:31:32 +00:00
Vishal Choudhary	9904718d08	fix: rename level 1 logs to INFO from DEBUG (#10617 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-07-10 12:31:19 +00:00
Anushka Mittal	429b05544a	fix: compute operations for mutatingwebhookconf (#10639 ) * fix: compute operations for mutatingwebhookconf Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * chore: add unit test Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> --------- Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>	2024-07-10 10:02:04 +00:00
Khaled Emara	aafc4fe97e	fix(json-ctx): overwrite element each iteration (#10615 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-07-05 15:06:48 +00:00
Mariam Fahmy	ad6ee93e3b	fix: CEL policies aren't applied to deleted resources (#10611 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-04 22:16:36 +05:30
Charles-Edouard Brétéché	1647675190	feat: improve api json parsing (#10600 ) * feat: improve api json parsing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-04 16:05:42 +02:00
Khaled Emara	c2a9e9ef69	feat(events): normalize gctx events reason to be inline with other po… (#10395 ) * feat(events): normalize gctx events reason to be inline with other policies Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(events): hide queue limit messages at a higher level Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(gctx): add factory test Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-04 16:12:48 +03:00
Mariam Fahmy	a46f1eb48c	fix: failed to delete resource (#10582 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-07-02 19:54:27 +00:00
Mariam Fahmy	f738b027c3	fix: cleanup policy name is appended to logs (#10583 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-07-02 16:32:51 +00:00
Vishal Choudhary	d57edc8530	feat: fix notary tests (#10579 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-07-02 14:18:29 +00:00
Yukun Wang	8890fffafb	fix: include error message when policy context creation failed (#10566 ) * fix: include error message when policy context creation failed Signed-off-by: airycanon <airycanon@airycanon.me> * Update pkg/webhooks/resource/validation/validation.go Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Yukun Wang <airycanon@airycanon.me> --------- Signed-off-by: airycanon <airycanon@airycanon.me> Signed-off-by: Yukun Wang <airycanon@airycanon.me> Co-authored-by: shuting <shuting@nirmata.com>	2024-07-01 13:29:11 +00:00
Mariam Fahmy	68df5af40e	fix rule type for mutate and generate rules (#10554 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-28 16:40:56 +00:00
Husni Alhamdani	52ec560ffb	move mutate existing rule skipped log to v4 (#10560 ) Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>	2024-06-28 12:08:46 +08:00
Charles-Edouard Brétéché	1a02b70a1c	feat: make any struct common to all api versions (#10553 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-27 10:09:57 +00:00
Charles-Edouard Brétéché	6f4818d724	feat: rework conditions marshaling (#10550 ) * feat: rework conditions marshaling Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-27 10:00:02 +03:00
Charles-Edouard Brétéché	e900abf3a0	feat: remove kyverno client v2beta1 (#10543 ) * feat: remove kyverno client v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-26 08:48:32 +00:00
Mariam Fahmy	ff88c4c39a	feat: migrate validationFailureAction and validationFailureActionOverrides (#10528 ) * feat: migrate validationFailureAction and validationFailureActionOverrides under validate rule Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add unit tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-26 09:13:02 +02:00
shuting	88ae60ea9d	fix: correctly validate patterns for old and new objects (#10310 ) * fix: correctly validate patterns for old and new objects Signed-off-by: ShutingZhao <shuting@nirmata.com> * test: add new scenario to the existing test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: indention Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-25 14:11:34 +00:00
Husni Alhamdani	cd6988d1e2	fix: reset mutable fields orphandownstream (#10478 ) * fix: reset mutable fields orphandownstream Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com> * fix: reset mutable fields orphandownstream Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com> * fix: reset mutable fields orphandownstream Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com> --------- Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-06-25 09:24:35 +00:00
Charles-Edouard Brétéché	018d45cb29	feat: add reports circuit breaker (#10499 ) * feat: add reports circuit breaker Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improve metrics and granularity Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-25 11:16:30 +08:00
Mariam Fahmy	94d9bbe73f	chore: use v2 clients for policy exceptions (#10530 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-24 16:36:55 +00:00
Mariam Fahmy	e892a0531e	chore: add tests that use spec.webhookConfiguration (#10526 ) * chore: add tests that use spec.webhookConfiguration Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-24 13:40:50 +00:00
Mariam Fahmy	b7bf894fe9	chore: use v2 for exceptions in chainsaw tests (#10529 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-24 11:54:57 +00:00
Mariam Fahmy	abe2a2310b	feat: migrate webhookTimeoutSeconds and failurePolicy (#10515 ) * feat: migrate webhookTimeoutSeconds and failurePolicy Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-20 13:04:37 +00:00
Charles-Edouard Brétéché	b36a2ecdcc	feat: bump update request api version (#10508 ) * feat: bump update request api version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-20 09:44:43 +00:00
Charles-Edouard Brétéché	a5254f7344	feat: remove old intermediate reports types (#10504 ) * feat: remove old ephemeral reports types Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 19:54:43 +00:00
Mariam Fahmy	88d1063647	chore: use mutateExistingOnPolicyUpdate under mutate rule in chainsaw tests (#10507 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-19 18:16:46 +02:00
Mariam Fahmy	9285006f7a	feat: add mutateExistingOnPolicyUpdate field under the mutate rule (#10461 ) * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add mutateExistingOnPolicyUpdate field under the mutate rule Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-19 09:29:19 +00:00
Charles-Edouard Brétéché	6e1def1004	feat: remove v1alpha2 group/version (#10500 ) * feat: remove v1alpha2 group Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 08:08:15 +00:00
Vishal Choudhary	334594c128	feat: add support for cosign experimental OCI 1.1 signatures (#10228 ) * feat: add support for cosign experimental OCI 1.1 signatures Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove unrelated changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: requested changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-18 23:03:53 +00:00
Charles-Edouard Brétéché	d75d19ab3d	fix: use generate name for admission reports (#10491 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-17 17:54:04 +00:00
Charles-Edouard Brétéché	7f57b9618a	feat: cleanup v2alpha1 kyverno api (#10457 ) * feat: cleanup v2alpha1 kyverno api Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-06-14 09:39:36 +00:00
Mariam Fahmy	846439b13e	feat: add generateExisting field under the generate rule (#10441 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-13 13:41:46 +00:00
shuting	fe8c429e78	fix: avoid creating duplicate urs for background policies (#10431 ) * feat: add generator abstraction Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: replace urgenerator Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: ko build Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: load threshold from kyverno configmap Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add metadata client to get ur count Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade 2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename imports Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen manifests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: handle nil value Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update threshold to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: avoid duplicate URs creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: revert false changes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: simplify background applications Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-12 15:23:53 +00:00
shuting	9e5c297dcf	feat: add a circuit breaker for updaterequests (#10382 ) * feat: add generator abstraction Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: replace urgenerator Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: ko build Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: load threshold from kyverno configmap Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add metadata client to get ur count Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade 2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename imports Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen manifests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: handle nil value Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update threshold to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-11 08:54:51 +00:00
Vishal Choudhary	2104171b4f	fix: add verbosity to background scanner log (#10404 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-06-06 13:51:01 +02:00
Khaled Emara	b834bc0164	fix(gctx): returning old error (#10398 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-05 19:35:42 +00:00
mohamedasifs123	97327fd31c	Fix : failed to parse BACKGROUND_SCAN_INTERVAL log message wrong (#9933 ) * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go -s Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> * Update policy_controller.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> --------- Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Signed-off-by: mohamedasifs123 <asifabu272@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-05 10:05:31 +00:00
shuting	5260b4f7bc	chore: bump k8s libs to 0.30 (#10285 ) * chore: bump k8s libs to 0.30 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kubectl-validate Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump k8s Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sum Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: indent Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump deps Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-04 15:09:44 +08:00
JenTing	3e37f80f87	Fix typo (#10360 ) Signed-off-by: JenTing Hsiao <hsiaoairplane@gmail.com>	2024-06-02 06:50:40 +00:00
Mariam Fahmy	c46cb06d95	fix: remove unused parameters (#10330 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-05-29 23:29:24 +00:00
Vishal Choudhary	47adea6f1c	feat: add support for background scanning of existing resource in image verification (#10287 ) * feat: add support for background scanning of existing resource in image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: change rule response type to image verify Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: fix nilptr reference Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-05-24 09:41:04 +00:00
Khaled Emara	ed4eb9666a	fix(anchor): skip anchors don't have priority (#10206 ) * fix(anchor): give priority to skip anchors Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(anchor): conditional anchor with a failing sibling Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(anchor): conditional anchor mixed with other results Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(anchor): successful anchor with a skip anchor Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-05-22 09:04:14 +00:00
Mariam Fahmy	57b2c5fe4f	fix: add a copy method to the policy context (#10236 ) * fix: add a copy method to the policy context Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add a CLI test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: remove mutate changes Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-05-21 15:29:09 +00:00
shuting	e58d7120c6	fix: sort webhookconfig.operations (#10274 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-21 13:22:08 +00:00

1 2 3 4 5 ...

3791 commits