Ammar Yasser
f618717f75
fix: Check for the client being nil before applying a mutation ( #10726 )
...
Signed-off-by: aerosouund <aerosound161@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-26 10:49:51 +00:00
Mariam Fahmy
716611b7ea
fix: return all the exceptions that match the incoming resource ( #10722 )
...
* fix: return all the exceptions that match the incoming resource
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify log messages
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 17:36:19 +00:00
Korada Vishal
ca17cb2c6f
Improved test covergae for forceMutate ( #10103 )
...
Signed-off-by: Vishal K <korada.vishal.phe22@itbhu.ac.in>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-24 10:43:07 +00:00
Mariam Fahmy
b0cef72df1
feat: support exclude block in generating VAPs ( #10215 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-16 18:06:58 +03:00
Mariam Fahmy
35494bd8bb
feat add chainsaw tests for pod security and exceptions ( #10664 )
...
* feat add chainsaw tests for pod security and exceptions
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: enable ProcMountType in the kind config
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-16 12:14:47 +00:00
Mariam Fahmy
5b715420a3
fix: truncate event messages to 1024 chars ( #10636 )
...
* fix: truncate event messages to 1024 chars
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* add chainsaw test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-07-10 14:31:32 +00:00
Vishal Choudhary
9904718d08
fix: rename level 1 logs to INFO from DEBUG ( #10617 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-10 12:31:19 +00:00
Anushka Mittal
429b05544a
fix: compute operations for mutatingwebhookconf ( #10639 )
...
* fix: compute operations for mutatingwebhookconf
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
* chore: add unit test
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
---------
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>
2024-07-10 10:02:04 +00:00
Khaled Emara
aafc4fe97e
fix(json-ctx): overwrite element each iteration ( #10615 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-07-05 15:06:48 +00:00
Mariam Fahmy
ad6ee93e3b
fix: CEL policies aren't applied to deleted resources ( #10611 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-04 22:16:36 +05:30
Charles-Edouard Brétéché
1647675190
feat: improve api json parsing ( #10600 )
...
* feat: improve api json parsing
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-04 16:05:42 +02:00
Khaled Emara
c2a9e9ef69
feat(events): normalize gctx events reason to be inline with other po… ( #10395 )
...
* feat(events): normalize gctx events reason to be inline with other policies
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(events): hide queue limit messages at a higher level
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(gctx): add factory test
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-04 16:12:48 +03:00
Mariam Fahmy
a46f1eb48c
fix: failed to delete resource ( #10582 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-02 19:54:27 +00:00
Mariam Fahmy
f738b027c3
fix: cleanup policy name is appended to logs ( #10583 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-02 16:32:51 +00:00
Vishal Choudhary
d57edc8530
feat: fix notary tests ( #10579 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-07-02 14:18:29 +00:00
Yukun Wang
8890fffafb
fix: include error message when policy context creation failed ( #10566 )
...
* fix: include error message when policy context creation failed
Signed-off-by: airycanon <airycanon@airycanon.me>
* Update pkg/webhooks/resource/validation/validation.go
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Yukun Wang <airycanon@airycanon.me>
---------
Signed-off-by: airycanon <airycanon@airycanon.me>
Signed-off-by: Yukun Wang <airycanon@airycanon.me>
Co-authored-by: shuting <shuting@nirmata.com>
2024-07-01 13:29:11 +00:00
Mariam Fahmy
68df5af40e
fix rule type for mutate and generate rules ( #10554 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-28 16:40:56 +00:00
Husni Alhamdani
52ec560ffb
move mutate existing rule skipped log to v4 ( #10560 )
...
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
2024-06-28 12:08:46 +08:00
Charles-Edouard Brétéché
1a02b70a1c
feat: make any struct common to all api versions ( #10553 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-27 10:09:57 +00:00
Charles-Edouard Brétéché
6f4818d724
feat: rework conditions marshaling ( #10550 )
...
* feat: rework conditions marshaling
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-27 10:00:02 +03:00
Charles-Edouard Brétéché
e900abf3a0
feat: remove kyverno client v2beta1 ( #10543 )
...
* feat: remove kyverno client v2beta1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-26 08:48:32 +00:00
Mariam Fahmy
ff88c4c39a
feat: migrate validationFailureAction and validationFailureActionOverrides ( #10528 )
...
* feat: migrate validationFailureAction and validationFailureActionOverrides under validate rule
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add unit tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-26 09:13:02 +02:00
shuting
88ae60ea9d
fix: correctly validate patterns for old and new objects ( #10310 )
...
* fix: correctly validate patterns for old and new objects
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* test: add new scenario to the existing test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: indention
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-06-25 14:11:34 +00:00
Husni Alhamdani
cd6988d1e2
fix: reset mutable fields orphandownstream ( #10478 )
...
* fix: reset mutable fields orphandownstream
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
* fix: reset mutable fields orphandownstream
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
* fix: reset mutable fields orphandownstream
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
---------
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-06-25 09:24:35 +00:00
Charles-Edouard Brétéché
018d45cb29
feat: add reports circuit breaker ( #10499 )
...
* feat: add reports circuit breaker
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* improve metrics and granularity
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-25 11:16:30 +08:00
Mariam Fahmy
94d9bbe73f
chore: use v2 clients for policy exceptions ( #10530 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-24 16:36:55 +00:00
Mariam Fahmy
e892a0531e
chore: add tests that use spec.webhookConfiguration ( #10526 )
...
* chore: add tests that use spec.webhookConfiguration
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-24 13:40:50 +00:00
Mariam Fahmy
b7bf894fe9
chore: use v2 for exceptions in chainsaw tests ( #10529 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-24 11:54:57 +00:00
Mariam Fahmy
abe2a2310b
feat: migrate webhookTimeoutSeconds and failurePolicy ( #10515 )
...
* feat: migrate webhookTimeoutSeconds and failurePolicy
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint issue
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-20 13:04:37 +00:00
Charles-Edouard Brétéché
b36a2ecdcc
feat: bump update request api version ( #10508 )
...
* feat: bump update request api version
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* use v2
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix linter
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix linter
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-20 09:44:43 +00:00
Charles-Edouard Brétéché
a5254f7344
feat: remove old intermediate reports types ( #10504 )
...
* feat: remove old ephemeral reports types
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* helm
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-19 19:54:43 +00:00
Mariam Fahmy
88d1063647
chore: use mutateExistingOnPolicyUpdate under mutate rule in chainsaw tests ( #10507 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-19 18:16:46 +02:00
Mariam Fahmy
9285006f7a
feat: add mutateExistingOnPolicyUpdate field under the mutate rule ( #10461 )
...
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: add mutateExistingOnPolicyUpdate field under the mutate rule
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-19 09:29:19 +00:00
Charles-Edouard Brétéché
6e1def1004
feat: remove v1alpha2 group/version ( #10500 )
...
* feat: remove v1alpha2 group
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-19 08:08:15 +00:00
Vishal Choudhary
334594c128
feat: add support for cosign experimental OCI 1.1 signatures ( #10228 )
...
* feat: add support for cosign experimental OCI 1.1 signatures
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: remove unrelated changes
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: requested changes
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-18 23:03:53 +00:00
Charles-Edouard Brétéché
d75d19ab3d
fix: use generate name for admission reports ( #10491 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-17 17:54:04 +00:00
Charles-Edouard Brétéché
7f57b9618a
feat: cleanup v2alpha1 kyverno api ( #10457 )
...
* feat: cleanup v2alpha1 kyverno api
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: webhook
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-06-14 09:39:36 +00:00
Mariam Fahmy
846439b13e
feat: add generateExisting field under the generate rule ( #10441 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-13 13:41:46 +00:00
shuting
fe8c429e78
fix: avoid creating duplicate urs for background policies ( #10431 )
...
* feat: add generator abstraction
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: replace urgenerator
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: ko build
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: load threshold from kyverno configmap
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add metadata client to get ur count
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add helm option to preserve configmap settings during upgrade
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add helm option to preserve configmap settings during upgrade 2
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: rename imports
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: handle nil value
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issue
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update threshold to 1000
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: avoid duplicate URs creation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: revert false changes
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: simplify background applications
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-06-12 15:23:53 +00:00
shuting
9e5c297dcf
feat: add a circuit breaker for updaterequests ( #10382 )
...
* feat: add generator abstraction
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: replace urgenerator
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: ko build
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: load threshold from kyverno configmap
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add metadata client to get ur count
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add helm option to preserve configmap settings during upgrade
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add helm option to preserve configmap settings during upgrade 2
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: rename imports
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update codegen manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: handle nil value
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issue
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update threshold to 1000
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-06-11 08:54:51 +00:00
Vishal Choudhary
2104171b4f
fix: add verbosity to background scanner log ( #10404 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-06-06 13:51:01 +02:00
Khaled Emara
b834bc0164
fix(gctx): returning old error ( #10398 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-05 19:35:42 +00:00
mohamedasifs123
97327fd31c
Fix : failed to parse BACKGROUND_SCAN_INTERVAL log message wrong ( #9933 )
...
* Update policy_controller.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
* Update policy_controller.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
* Update policy_controller.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
* Update policy_controller.go
-s
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
* Update policy_controller.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
* Update policy_controller.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
---------
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Signed-off-by: mohamedasifs123 <asifabu272@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-06-05 10:05:31 +00:00
shuting
5260b4f7bc
chore: bump k8s libs to 0.30 ( #10285 )
...
* chore: bump k8s libs to 0.30
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update crds
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump kubectl-validate
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix linter
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump k8s
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix sum
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: indent
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: bump deps
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-06-04 15:09:44 +08:00
JenTing
3e37f80f87
Fix typo ( #10360 )
...
Signed-off-by: JenTing Hsiao <hsiaoairplane@gmail.com>
2024-06-02 06:50:40 +00:00
Mariam Fahmy
c46cb06d95
fix: remove unused parameters ( #10330 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-05-29 23:29:24 +00:00
Vishal Choudhary
47adea6f1c
feat: add support for background scanning of existing resource in image verification ( #10287 )
...
* feat: add support for background scanning of existing resource in image verification
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: change rule response type to image verify
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: fix nilptr reference
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-05-24 09:41:04 +00:00
Khaled Emara
ed4eb9666a
fix(anchor): skip anchors don't have priority ( #10206 )
...
* fix(anchor): give priority to skip anchors
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(anchor): conditional anchor with a failing sibling
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(anchor): conditional anchor mixed with other results
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(anchor): successful anchor with a skip anchor
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-05-22 09:04:14 +00:00
Mariam Fahmy
57b2c5fe4f
fix: add a copy method to the policy context ( #10236 )
...
* fix: add a copy method to the policy context
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: add a CLI test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: remove mutate changes
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-21 15:29:09 +00:00
shuting
e58d7120c6
fix: sort webhookconfig.operations ( #10274 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-05-21 13:22:08 +00:00
shuting
84e0ced314
fix: webhook config set ( #10262 )
...
* tests: add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: merge operations map correctly
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-05-21 08:33:59 +00:00
Mariam Fahmy
59ff771ae8
fix: process the matched resources only for mutate existing policies ( #10164 )
...
* fix: process the matched resources only for mutate existing policies
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint issue
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: add unit tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-05-20 12:40:53 +00:00
shuting
fb9c66f455
feat(perf): add new linter prealloc to enforce slice declarations best practice ( #10250 )
...
* feat(perf): add new linter prealloc to enforce slice declarations best practice
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix(linter): prealloac slices
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-05-20 14:46:35 +05:30
Jim Bugwadia
46e5d818b1
truncate event messages to 1024 chars ( #10255 )
2024-05-20 08:16:30 +00:00
Vishal Choudhary
3af0e461f0
fix: deepcopy patched resource in foreach mutate ( #10252 )
...
* fix: deepcopy patched resource to avoid indirect reversal of its elements
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy elements while reversing
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy resources inside foreach
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-05-20 14:45:21 +08:00
shuting
37af1f83a7
fix: isolate reports creation context ( #10245 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-05-16 15:58:38 +03:00
Mariam Fahmy
900bf48ecf
fix: skip generating VAPs in case namespace's name contains wildcards ( #10205 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-10 14:19:10 +00:00
Mariam Fahmy
6fec52436a
fix: generate VAPs that match all resources when kinds is set to * ( #10208 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-09 06:46:10 +00:00
Mariam Fahmy
60e347bedb
feat: support generating VAPs in case of matching resources in specific namespaces ( #9981 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-05-08 11:09:47 +00:00
Mariam Fahmy
3fa6a8d34e
fix: add resourceNames field in the generated VAPs ( #10187 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-07 12:19:12 +00:00
Mariam Fahmy
f291407ca9
fix: skip generating VAPs for policies that match multiple resources with a namespace/object selector ( #10181 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-06 21:52:22 +08:00
Khaled Emara
21602a1e1f
fix(polex): multiple polexes with conditions ( #9994 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-06 10:28:39 +00:00
Mariam Fahmy
8805620574
fix: add CONNECT operation in the webhook config for pod/exec subresource ( #9855 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-06 09:51:46 +00:00
Mariam Fahmy
cd33b84a62
fix: add pods/ephemeralcontainers to the generated VAPs ( #10162 )
...
* fix: add pods/ephemeralcontainers to the generated VAPs
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: remove an extra space
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-05-06 08:29:55 +00:00
Vishal Choudhary
c403a498a3
fix: add error check in jmespath type conversion in context variables ( #10152 )
...
* fix: add error check in jmespath type conversion in context variables
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix(lint): new line in tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: properly update path variable
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: remove log statemet
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-05-01 04:30:34 +00:00
Norwin Schnyder
5d50022f43
fix: skip rules without operation in resource webhook creation ( #10146 )
...
* fix: skip rules without operation in resource webhook creation
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
* test: add unit test for buildRulesWithOperations
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
* fix liniting issues
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
---------
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-04-30 17:05:44 +00:00
Vishal Choudhary
e66a550560
fix: fetch only adopted ephemeral report ( #10148 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-04-30 15:17:24 +00:00
Khaled Emara
c9d821ee72
fix: shared policy context needs to be copied ( #10139 )
...
* fix: shared policy context needs to be copied
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(e2e): concurrent PSS execution
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(e2e): wait for pss policies to be ready
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-04-30 14:05:33 +00:00
shuting
96ffbadd77
fix: sort pod controllers for autogen rule ( #10140 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-04-30 12:26:12 +00:00
Mariam Fahmy
77f1f97f6e
chore: remove a package that is imported twice ( #10101 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-29 10:40:39 +00:00
Mariam Fahmy
798950f72c
fix: return skip when celPreconditions/matchConditions aren't met ( #9940 )
...
* fix: return skip when cel preconditions aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: return skip when matchConditions in VAPs aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-22 13:49:25 +00:00
Shubham Singh
dbc12ac2be
[Bug] Enabling many-to-one comparisons for AnyNotIn operator ( #9462 )
...
* added cases for int, float
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
* added bool as well
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
* added tests
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
* some more tests
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
* go fmt
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
* fixed the failing test cases
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
---------
Signed-off-by: Shubham Singh <shubhammahar1306@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-04-22 12:12:08 +00:00
NeuroticalT
370abe257e
Fix: metrics exposure inconsistencies and unwanted side-effects ( #10016 )
...
* Change: metrics exposure improvement
Signed-off-by: Tamas Eger <tamas.eger@instructure.com>
* Fix: addressing linter errors
Signed-off-by: Tamas Eger <tamas.eger@instructure.com>
* Fix: unit test assert failure
Signed-off-by: Tamas Eger <tamas.eger@instructure.com>
---------
Signed-off-by: Tamas Eger <tamas.eger@instructure.com>
Co-authored-by: Tamas Eger <tamas.eger@instructure.com>
2024-04-22 07:33:04 +00:00
Mariam Fahmy
ea64529e63
fix: evaluate namespaceObject for Kyverno policies in the CLI ( #9977 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-19 10:55:41 +00:00
Mariam Fahmy
e91b80a600
fix: evaluate namespaceObject for VAPs in the CLI ( #9978 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-19 10:20:03 +00:00
Mariam Fahmy
f98d7d86b3
refactor: add a function to check if VAPs are registered in the API server ( #10014 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-04-17 10:01:00 +00:00
Vishal Choudhary
3db5bdfad8
fix: add mutex to mock policy context builder ( #10057 )
...
It is possible that two different threads call the build function at the same time causing one append to be lost, this PR adds a mutex to avoid this
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-04-17 09:13:19 +00:00
Khaled Emara
fb40aa5f38
feat(audit): use a worker pool for Audit policies ( #10048 )
...
* enhancement: split validation logic for enforce and audit policies to return admission response earlier
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add missing file
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issues
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: get latest policy object before updating status
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: remove debug code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: compare before updates
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: initial reconcile
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: updates
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat(audit): use a worker pool for Audit policies
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix: unit test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix(attempt): spin up go routine
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: add flags maxAuditWorkers, maxAuditCapacity
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: enable debug log on failure
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: wait group panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* load-tests: add stess tests configurations
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* load-tests: disable admissionreports
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: build policy contexts syncronously
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: only run generate and mutate existing go routines when policies are present
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: mutate and verify tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: return early if no audit policy
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: run handlegenerate and mutate existing in all cases
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: only test bgapplies in generate test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: defer wait in tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* enhancement: process validate enforce in a go routine
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-04-17 15:46:18 +08:00
shuting
3e7a7ac244
fix: policy status reconciliation ( #10032 )
...
* fix: get latest policy object before updating status
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: remove debug code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-04-12 07:08:15 +00:00
Mariam Fahmy
39da5bd927
fix: re-use the maxQueuedEvents ( #10024 )
...
* fix: re-use the maxQueuedEvents
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: use the apierrors.IsNotFound instead of checking a specfic error msg
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-04-10 15:41:22 +08:00
shuting
6416d8600e
chore: bump to go 1.22.2 ( #10001 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-04-08 09:30:05 +00:00
Khaled Emara
c9055ac2ff
fix(autogen): only generate rule for request kind ( #9984 )
...
* fix(autogen): only generate rule for request kind
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat(autogen): use jsoniter instead of std for json
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(atogen): use sets instead of manipulating strings
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(autogen): formatting linter
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(autogen): backwards compatability
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* revert(autogen): old behavior
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix: builds error
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2024-04-04 08:09:30 +00:00
Charles-Edouard Brétéché
c241cfce44
fix: polex matching code ( #9955 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-04-03 18:56:48 +00:00
Vishal Choudhary
83f2846572
feat: add TSA cert chain support in cosign ( #9961 )
...
* feat: add TSA cert chain support in cosign
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add chainsaw test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add unit test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-03-30 20:50:07 +00:00
Vishal Choudhary
912364293c
fix: cosign ctlog unit tests ( #9970 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-03-29 16:49:11 +00:00
Vishal Choudhary
93eac3f7a4
fix: deferred loader panic when mutate and generate policies are applied ( #9935 )
...
* fix: deferred loader panic when mutate and generate policies are applied
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update policies
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* remove clusterrolebinding
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy only json context
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: polctx
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-03-29 14:37:15 +01:00
Vishal Choudhary
1a1954002f
fix: add rekor opts to cosign certificate verification and make rekor url optional ( #9957 )
...
* fix: add rekor opts to cosign certificate verification and make rekor url optional
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-03-28 18:17:24 -07:00
Charles-Edouard Brétéché
76bd67739a
fix: polex mem footprint ( #9954 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-03-28 09:31:40 +00:00
Charles-Edouard Brétéché
4438b24b69
refactor: exception selector interface ( #9907 )
...
* refactor: exception selector interface
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-03-28 08:03:01 +00:00
Charles-Edouard Brétéché
ad62014b33
chore: simplify getting exception name ( #9916 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-03-15 15:02:57 +00:00
Khaled Emara
429e84be10
fix(globalcontext): panics and validation ( #9903 )
2024-03-14 16:12:39 +00:00
Vishal Choudhary
f2833861f8
fix: properly update policy context after preexisting resource in violation check ( #9893 )
...
* fix: properly update policy context after preexisting resource in violation check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: remove all copy function usages
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: nit
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* refactor context resource swap
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: test:
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: logger panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: copy cover policycontext
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2024-03-13 16:24:53 +00:00
Jim Bugwadia
5e69204c99
add unit test ( #9894 )
...
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert change
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-03-13 17:09:30 +08:00
Arnaud Tournier
1e09f22e59
give public access to PreProcessPattern ( #9887 )
...
Signed-off-by: Arnaud Tournier <ltearno@gmail.com>
2024-03-12 09:25:00 +00:00
Jim Bugwadia
befcd73ea1
add control names and images to PSS results ( #9869 )
...
* add control names and images to PSS results
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tets
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update chainsaw tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-03-11 09:32:05 +00:00
Khaled Emara
b9fc1e3d50
chore(apicall): remove duplicate code ( #9880 )
...
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-03-11 15:30:29 +08:00
Suruchi Kumari
26df05d8c1
[Bug] [CLI] PSS report does not show properties with control details ( #9785 )
...
* add properties in pss report
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove tests
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix lint
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore: move chainsaw config at the root of the repo (#9768 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump svenstaro/upload-release-action from 2.7.0 to 2.9.0 (#9767 )
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action ) from 2.7.0 to 2.9.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases )
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md )
- [Commits](1beeb572c1...04733e069f#9791 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix: remove unnecessary validation check for podSecurity rule (#9790 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update versions (#9783 )
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore: add tests for exceptions in the CLI (#9781 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump go.opentelemetry.io/otel/sdk/metric (#9799 )
Bumps [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go ) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk/metric
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc (#9797 )
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go ) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump codecov/codecov-action from 4.0.1 to 4.0.2 (#9794 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](e0b68c6749...0cfda1dd0a#9796 )
Bumps [go.opentelemetry.io/otel/exporters/prometheus](https://github.com/open-telemetry/opentelemetry-go ) from 0.45.2 to 0.46.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/example/prometheus/v0.45.2...example/prometheus/v0.46.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/prometheus
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace (#9795 )
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go ) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* changes
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#9798 )
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go ) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump codecov/codecov-action from 4.0.2 to 4.1.0 (#9811 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](0cfda1dd0a...54bcd8715e#9809 )
Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib ) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.48.0...zpages/v0.49.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 (#9810 )
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix lint
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix(globalcontext): old WaitGroup not stopping (#9813 )
* fix(globalcontext): old waitgroup not stopping
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): add AGE
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat(globalcontext): add lastRefreshTime
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): unhandled intormer run exception
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): comment wording
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): codegen
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): linter
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add empty declaration of properties
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add changes
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix: add podSecurity validation checks for exceptions (#9817 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 (#9825 )
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#9821 )
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#9823 )
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump kyverno/action-install-chainsaw from 0.1.6 to 0.1.7 (#9832 )
Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw ) from 0.1.6 to 0.1.7.
- [Release notes](https://github.com/kyverno/action-install-chainsaw/releases )
- [Commits](204730d723...3bf0752f44#9831 )
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](84384bd6e7...062f259268#9830 )
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* [Bug] [CLI] Restore warn-exit-code functionality for apply command (#9828 )
* Restore warn-exite-code functionality for apply command
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* Nove error handling
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* Uncomment println statement
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* Fixing linting
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* Adding conformance tets for cli apply command with warn-exit-code
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* Update path to kubectl-kyverno binary
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* Add prepare-cli as needed dependency
Signed-off-by: Matt Veitas <mveitas@gmail.com>
* feat: install kubectl-kyverno in standard conformance tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: update chainsaw config
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: move CLI chainsaw tests to a separate action
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: CLI path
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: name
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: add chainsaw flag '--no-cluster'
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: CLI name
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Matt Veitas <mveitas@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#9822 )
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove comment and shift line 91
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* modify test
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* added rseperate function for adding properties in result
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test for pss report
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* remove comments
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix: remove duplicate chainsaw tests for PSA (#9835 )
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* modify policy
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* modify policy in test_dta
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* docs: Add new adopter to ADOPTERS.md (#9841 )
Signed-off-by: Younsung Lee <cysl@kakao.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix: use gcr crane opts while fetching image descriptors (#9838 )
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix: add missing unit tests for podSecurity.hostpathVolume check (#9845 )
* fix: add missing unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: update pinned lib
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: uncomment code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix: release CRDs manifests (#9849 )
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#9842 )
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix name access for policy types
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* modify pkg report
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* modify name
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add bindings
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Revert "add bindings"
This reverts commit c616c11d9bb4dd0554104025fcfb9cf9e25dc02d.
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert add bindings
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update chainsaw
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* update name
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Revert "update name"
This reverts commit 84de45b4ce1c5f94d8cbd0a66e893c7907f4a600.
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* simplify results
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Matt Veitas <mveitas@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: Younsung Lee <cysl@kakao.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Matt Veitas <mveitas@gmail.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Younsung Lee <cysl@kakao.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-03-07 13:54:00 -08:00
shuting
bc2f50ae13
fix: add missing unit tests for podSecurity.hostpathVolume check ( #9845 )
...
* fix: add missing unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: update pinned lib
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: uncomment code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-03-04 15:23:06 +00:00
Vishal Choudhary
cc7934f42a
fix: use gcr crane opts while fetching image descriptors ( #9838 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-03-04 08:14:00 +00:00
Mariam Fahmy
07a6bf42f5
fix: add podSecurity validation checks for exceptions ( #9817 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-02-28 08:21:10 +00:00
Khaled Emara
511df7a466
fix(globalcontext): old WaitGroup not stopping ( #9813 )
...
* fix(globalcontext): old waitgroup not stopping
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): add AGE
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat(globalcontext): add lastRefreshTime
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): unhandled intormer run exception
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): comment wording
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): codegen
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): linter
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-02-27 18:24:39 +00:00
Mariam Fahmy
103cd460d0
fix: remove unnecessary validation check for podSecurity rule ( #9790 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-02-26 06:56:51 +00:00
Vaibhav Mewada
ea48bdeb31
changed the log level in match policy context ( #9626 )
...
Signed-off-by: Vaibhav Mewada <vaibhav@zoop.one>
Co-authored-by: Vaibhav Mewada <vaibhav@zoop.one>
Co-authored-by: shuting <shuting@nirmata.com>
2024-02-23 11:13:55 +00:00
Khaled Emara
2b2587469d
feat: enhance global context ( #9710 )
...
* feat(globalcontext): add event handling
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat(globalcontext): handle cache sync error
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat(globalcontext): ensure api is called during init
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* design(events): decouple events from policies a bit
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat(globalcontext): use status
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): make status optional
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): status update
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): codegen
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): delete yaml annotations
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): fix status in tests
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcotext): update enqueue func
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): error
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): rbac
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): retry logic
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): unknown api call in test
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* bump
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix: set unique name for each testing resource
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: update readme
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: log msg
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: add delays
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: delay gctce creation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* debug: check Kyverno status
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* debug: update chainsaw config
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* debug: revert chainsaw config
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* test(globalcontext): print actual status
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): add necessary delays and check status before applying
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(globalcontext): long refreshInterval
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* debug: log success
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* debug: print informer data
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): use client instead of informer
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* debug: print status after update
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* debug: print ResourceVersion
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* debug: remove gcecontroller from other controllers
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): update status only once
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore: remove excess logs
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): add store to cleanup controller
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-23 10:34:04 +00:00
shuting
7a93dcdbc9
chore: default logging format to rfc3339 ( #9775 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-02-23 10:01:42 +00:00
Mariam Fahmy
956b403c7e
fix: add validation check for podSecurity subrule ( #9770 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-02-23 15:16:53 +08:00
Mariam Fahmy
2a277a01c4
feat: apply VAP bindings in CLI apply command in offline mode ( #9751 )
...
* feat: apply VAP bindings in CLI apply command in offline mode
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-02-21 07:52:25 +00:00
mohamedasifs123
d566e9886c
Fix :variables are not getting processed in validation message for "anyPattern" ( #9713 )
...
* Update validate_resource.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create pod.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create policy.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update validate_resource.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create README.md
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
---------
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
2024-02-21 07:20:43 +00:00
mohamedasifs123
66f54d8fd6
fix: Policies skipped because of preconditions not met should not be included in admission requests denial responses ( #9719 )
...
* Update block.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update block.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* lint
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update block.go
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test added
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* test
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* --signoff
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Create README.md
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Rename Policy1.yaml to policy-1.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/README.md
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Rename Policy2.yaml to policy-2.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
* Update chainsaw-test.yaml
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
---------
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-02-20 15:42:18 +00:00
Charles-Edouard Brétéché
a1cb4f1c30
fix: remove deprecated imageSignatureRepository flag ( #9698 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-08 12:10:29 +00:00
Charles-Edouard Brétéché
7775541b46
fix: reports aggregation ( #9697 )
...
* chore: rename admission to ephemeral in reports aggregation controller
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: reports aggregation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* second queue
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* cleanup
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* nit
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* flag
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-08 10:36:01 +00:00
Khaled Emara
10258921ac
feat(validation-webhook): validate global context reference ( #9678 )
...
* feat(validation-webhook): validate global context reference
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(validation-webhook): global reference name
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(globalcontext): fix tests after valdiation
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(policycache): dont add NotReady Policies
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): rename e2e tests
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): add entry errors
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(globalcontext): fix chainsaw test
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
2024-02-08 07:46:58 +00:00
Suruchi Kumari
704c6722ec
[Bug] Fix message and formatting of podSecurity validation failure with restrictedField ( #9658 )
...
* fix format
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
* fix test
Signed-off-by: GitHub <noreply@github.com>
---------
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-08 12:16:23 +08:00
Charles-Edouard Brétéché
6f440ab6c0
chore: rename admission to ephemeral in reports aggregation controller ( #9690 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-07 10:29:56 +00:00
Charles-Edouard Brétéché
64176cdbea
fix: don't delete garbage collected policy reports ( #9679 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-07 07:10:51 +00:00
Charles-Edouard Brétéché
f1c81dbc69
feat: remove admission controller ( #9677 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-07 06:20:35 +00:00
Khaled Emara
1eda4789d1
test(globalcontext): add e2e tests ( #9661 )
...
* fix(globalcontext): validation
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): use existence instead of ready for now
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): improve not ready error message
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): allow any APICall
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): prevent double marshal
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(globalcontext): add e2e tests
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* chore(globalcontext): move vaildation to OpenAPI V3
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-02-06 17:03:32 +00:00
Khaled Emara
8a4d9941de
feat: add globalcontext loader and interface ( #9602 )
...
* feat(globalcontext): add interface
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): package import path
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* design(contextloader): move globalcontext from Load to init
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(globalcontext): remove pointer
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* design(globalcontext): create specific Store
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-05 11:24:37 +00:00
Charles-Edouard Brétéché
b532525321
fix: global context crd improvements ( #9621 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-02 17:42:20 +00:00
Vishal Choudhary
3142af64a0
feat: add global context entry validation webhook ( #9619 )
...
* feat: add global context entry validation webhook
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: use `k8s.io/apimachinery/pkg/util/json` instead of `encoding/json`
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: lint
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-02-02 18:04:50 +01:00
Charles-Edouard Brétéché
2b712107d2
feat: consider maxAPICallResponseLength ( #9620 )
...
* chore: move global context package out of engine
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: consider maxAPICallResponseLength
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-02 15:35:57 +00:00
Charles-Edouard Brétéché
b59353c657
chore: move global context package out of engine ( #9618 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-02 14:35:24 +00:00
Vishal Choudhary
10ae9e306c
feat: update refreshInterval in globalcontext CRD to use a duration ( #9615 )
2024-02-02 12:06:51 +00:00
Khaled Emara
226fa9515a
feat: add globalcontext controller ( #9601 )
...
* feat: add globalcontext controller
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* rework controller
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rbac
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* cmd
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix rbac
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* engine
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* k8s resources
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* k8s resource
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* resync zero
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* api call
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* api call
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* clean
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix linter
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-02 10:41:35 +00:00
Mariam Fahmy
3510998d4f
feat: Support CEL expression warnings ( #9566 )
...
* feat: support CEL expression warnings
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: allow the policy creation but return warnings to the API server
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2024-02-02 10:04:02 +00:00
shuting
5f0d53fe34
feat: apply .matchConditions when generating reports ( #9599 )
...
* enable matchconditions for reports
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: linter issues
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: move files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-02-02 08:32:28 +00:00
M Viswanath Sai
d102abeb99
Feat: Human readable timestamps in logs ( #9276 )
...
* added timestamp flag and subsequent behaviour changes for logging
Signed-off-by: mviswanathsai <mviswanath.sai.met21@itbhu.ac.in>
* Changed verbose verbosity level in cli
Signed-off-by: mviswanathsai <mviswanath.sai.met21@itbhu.ac.in>
* fix linter
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* log level
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: mviswanathsai <mviswanath.sai.met21@itbhu.ac.in>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 19:14:47 +00:00
Vishal Choudhary
34c6044c8f
chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3 ( #9600 )
...
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-02-01 15:50:24 +00:00
Charles-Edouard Brétéché
1e0bac2d6f
feat: add global context crd to codegen ( #9595 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 12:32:13 +00:00
Charles-Edouard Brétéché
0b85bc41b7
feat: add global context crd ( #9591 )
...
* feat: add global context crd
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* merge main
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 10:58:31 +00:00
Anushka Mittal
ce0c704086
Deploy specific controllers ( #8849 )
...
* Initial changes for deploy specific controllers
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Include correct values in values.yaml
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Remove check for other controllers
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Sanity checks for other controllers
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* resolve lint errors
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* add separate flags for all crds; conditions for controller crd relation
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rm global
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rm global
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* values
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-02-01 10:14:05 +00:00
D N Siva Sathyaseelan
f267d19761
test: added test for pkg/utils/policy/marshal.go ( #9583 )
...
* test: added test for pkg/utils/policy/marshal.go
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
* test: added test for pkg/utils/policy/marshal.go
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
---------
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
2024-01-31 23:00:22 +00:00
Anushka Mittal
cfc9683033
Changes to dynamically configure webhooks ( #8437 )
...
* Changes to dynamically configure webhooks
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add unit tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add kuttl tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Refactoring
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Correct unit test
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Change way of webhooks configured
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Correct tests with new changes
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add delete operation by default
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Correct tests with new changes
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Correct order for operations
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add corrections
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add mutatingwebhookconfiguration test
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Correct unit test
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Added policy.yaml in mutate webhook test
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add corrections in kuttl test and code
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Change name of test
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Changes to update webhooks manifest
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add corrections for dynamic-op-mutate kuttl test
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Add minor changes; remove unnecessary file
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Correct adding operations for MutatingWebhookConf
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* dynamic op mutate and validate added
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Resolve conflicts
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Filter rules for mutatingwebhookconf correctly
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* replace TestStep with Test in chainsaw tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* converted to new chainsaw-test format
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* minor corrections
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* remove isMutationEmpty()
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* initial changes for dynamic opn enhancements
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* rename variables
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* resolve lint errors
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* refactor code
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* add changes for exclude operations
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* add conformance tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* add unit tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* corrections in conformance tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* modification in unit tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* correction in conformance tests
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* Update .vscode/launch.json
Signed-off-by: shuting <shuting@nirmata.com>
* update variable usage
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
* remove testresults
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
---------
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2024-01-31 15:46:53 +00:00
shuting
635f160ae0
feat (generate): add orphanDownstreamOnPolicyDelete to preserve downstream on policy deletion ( #9579 )
...
* add chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add .orphanDownstreamOnPolicyDelete
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update codegen
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-01-31 13:50:38 +02:00
Vishal Choudhary
82b65aebc4
feat: add fail/warn on deprecated/invalid operators ( #8624 )
...
* feat: add fail/warn on deprecated/invalid operators
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: nested for each
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: chainsaw-test.yaml
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-01-31 08:40:28 +00:00
Charles-Edouard Brétéché
e969e29eb8
chore: remove reports aggregation per namespace ( #9570 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-30 23:08:47 +00:00
Khaled Emara
8fcd9945a1
feat: use custom events watcher ( #9324 )
...
* feat: use cusotm events watcher
This custom Event handler solved the problem of a goroutine per Event.
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(events): add unit test to EventGenerator
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* fix(events): linter
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* feat: do away with EventBroadcaster
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* eddycharly fixes
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-30 14:08:15 -08:00
Charles-Edouard Brétéché
9102753323
fix: make alternate reports storage transparent ( #9553 )
...
* fix: make alternate reports storage transparent
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bg scan
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* aggregation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* aggregation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rm manager
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* update
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fixes
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fixes
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-30 14:53:37 +00:00
dreamjz
08d098d262
feat(jmespath):time_parse() support epoch time ( #9173 )
...
Signed-off-by: dreamjz <25699818+dreamjz@users.noreply.github.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-30 07:47:02 +00:00
Mariam Fahmy
831bf3c074
feat: reuse --protectManagedResources flag in the cleanup controller ( #8566 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-01-30 07:08:30 +00:00
Pushkar Mishra
e6d438289e
added tests for validate foreach with 0 elements ( #9459 )
...
* added tests for validate foreach with 0 doesn't skip
Signed-off-by: Pushkar Mishra <pushkarmishra029@gmail.com>
* fix
Signed-off-by: Pushkar Mishra <pushkarmishra029@gmail.com>
---------
Signed-off-by: Pushkar Mishra <pushkarmishra029@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 14:04:41 +00:00
Liang Deng
8298a9a858
fix: validate pattern premature skip ( #9155 )
...
Signed-off-by: Liang Deng <283304489@qq.com>
Co-authored-by: shuting <shuting@nirmata.com>
2024-01-29 13:06:39 +00:00
Mariam Fahmy
9ed14cb779
feat: support vap bindings in reports ( #9506 )
...
* feat: support vap bindings in reports
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: add binding to the rule response
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* add chainsaw test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix lint
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* add chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 12:49:17 +01:00
Charles-Edouard Brétéché
90cff77300
fix: CRDs codegen ( #9542 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 09:45:52 +00:00
Charles-Edouard Brétéché
747bc017e5
fix: follow up for #9534 ( #9543 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 08:54:58 +00:00
Vishal Choudhary
4108415153
feat: use awslabs keychain for AWS and gcr keychain for GCP ( #9416 )
...
* feat: use awslabs keychain for AWS and gcr keychain for GCP
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: remove unused var
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: remove more unused vars
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: gofumpt
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-29 08:25:52 +00:00
mohamedasifs123
e3274386e7
Update validate_resource.go ( #9534 )
...
Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com>
2024-01-28 20:41:42 +00:00
Charles-Edouard Brétéché
afede6486d
refactor: use single type for ephemeral reports ( #9537 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-01-27 23:30:04 +00:00
Siva Sathyaseelan
06a5580b2c
test: added test for pkg/utils/admission/metadata.go ( #9538 )
...
Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in>
2024-01-27 21:27:54 +01:00
shuting
7170cbb0c2
feat:Webhook config per policy ( #9483 )
...
* add spec.webhookConfigurations
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update crd
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* configure webhook
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* register webhook handler
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* skip storing finegrained policies in cache
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update resource validate handler
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* updates
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* enable mutate resource handler for fine-grained policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-01-27 13:00:22 +00:00
