kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	e06c20f5cc	refactor: do not allow matching with subresource kind (#6625 ) * refactor: do not allow matching with subresource kind Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-03-21 13:28:00 +00:00
Charles-Edouard Brétéché	0b56613d59	fix: map APIResource in FindResources results (#6611 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-03-17 11:21:26 +00:00
Charles-Edouard Brétéché	861776d50c	fix: policy cache use GVR instead of kind (#6543 ) * fix: policy cache use GVR instead of kind Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * GVRS Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * ephemeralcontainers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-03-13 14:44:39 +00:00
Vyom Yadav	99d988e98c	feat: add support for subresources to validating and mutating policies (#4916 ) * feat: add support for subresources to validating and mutating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add CLI test cases with subresources for validating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Fix existing e2e tests for validating policies and remove tests migrated to kuttl Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for mutating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policy by-pass by manipulating preconditions Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>	2022-12-10 00:45:23 +08:00
Sandesh More	17ba925490	add filter for validation policies when ValidationFailureActionOverrides is used (#4809 ) Signed-off-by: Sandesh More <sandesh.more@infracloud.io> Signed-off-by: Sandesh More <sandesh.more@infracloud.io>	2022-10-13 07:59:10 +00:00
Charles-Edouard Brétéché	53adf904d6	refactor: separate policy cache and controller (#3925 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 18:36:19 +02:00
Charles-Edouard Brétéché	70954b9995	refactor: policy cache (#3919 ) * refactor: simplify policy cache Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: policy cache Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * remove update and add policies map Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-16 07:56:16 +00:00
Charles-Edouard Brétéché	207459cc40	refactor: policycache package logger (#3783 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-03 20:24:11 +08:00
Charles-Edouard Brétéché	9f9e0d749f	refactor: use policy interface in policycache package (#3503 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-30 19:58:09 +05:30
Charles-Edouard Brétéché	1fce53f49d	refactor: improve policycache package (#3495 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-03-29 17:20:00 +00:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	0c8e8c1212	feat: move GetRules() at the policy level (#3420 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 15:18:32 +00:00
Charles-Edouard Brétéché	ce5f648f30	refactor: introduce rules getters and setters (#3350 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-09 15:28:31 +00:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00
Jim Bugwadia	a9fef256c7	updates for foreach and mutate (#2891 ) * updates for foreach and mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow tests to pass on Windows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add elementIndex variable Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix jsonResult usage Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add mutate validation and fix error in validate.foreach Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not skip validation for all array entries when one is skipped Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add foreach tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused declarations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert namespaceWithLabelYaml Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix mutate of element list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update CRDs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update api/kyverno/v1/policy_types.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/forceMutate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/mutation.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update pkg/engine/validate/validate.go Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/custom-functions/policy.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * Update test/cli/test/foreach/policies.yaml Co-authored-by: Steven E. Harris <seh@panix.com> * accept review comments and format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add comments to strategicMergePatch buffer Signed-off-by: Jim Bugwadia <jim@nirmata.com> * load context and evaluate preconditions foreach element Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test for foreach mutate context and precondition * precondition testcase * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Steven E. Harris <seh@panix.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-05 09:36:33 +08:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
RinkiyaKeDad	b6f090f763	fixes for cache tests Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-07-29 10:44:31 +05:30
Arsh Sharma	97eaa7e854	adding any/all under match and exclude blocks (#2130 ) * intial commit Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * update types Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * updated all type Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * extract to single struct Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * updated match resource description function Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * minor test working Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * match resources test is working Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * exclude resources test is working Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * changed double negetive in logic Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * yamls updated and added validation and cache loops Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * match exclude working but need to fix matchExcludeConflict function Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * restored doMatchAndExcludeConflict function Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * rewrote the matchExcludeConflictFunction Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * finalizing completed till utils_test.go Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * ready for review complete Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * update yamls Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * one more merge conflict solved Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * regenerates YAMLs Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * possible fix for failing tests Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * removed duplicate any/all logic and added a test, (rest refacotring is in progress) Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * cache test is working Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * improved cache test and it is working Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * added check for mutate and generate policies too Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * cleaned doesResourceMatchConditionBlock logic but validation still has code from attempt to combine the all block Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * reverted validate.go to older logic Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * removed commented code Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * removed extra comments Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-07-28 12:59:53 -07:00
Vyankatesh Kudtarkar	07910edd15	2074 : Fix Policy cache returns the duplicated policies (#2082 ) * Fix Policy cache returns the duplicated policies * Add testcases	2021-06-30 12:20:21 -07:00
Vyankatesh Kudtarkar	d48f21f6fd	Fix GVK issue for policy cache (#1904 ) * Fix Dev setup * fix GVK Issue for policy cache Co-authored-by: vyankatesh <vyankatesh@neualto.com>	2021-05-11 12:45:34 -07:00
shuting	62dfab7f96	Removes check for strategicMergePatch in forceMutate (#1898 ) * Pass by value in policy cache Signed-off-by: Shuting Zhao <shutting06@gmail.com> * Removes check for strategicMergePatch in forceMutate Signed-off-by: Shuting Zhao <shutting06@gmail.com> * Removes failed test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-07 18:07:41 -07:00
Vyankatesh Kudtarkar	299547f376	Matched list to configure the matched resources (#1844 ) * Fix Dev setup * initial commit * add testcases for matchlist * fix e2e issue * fix comment * fix issue * fix lock issue * revert changes * fix cache issue * Fix cache test * fix policy object * fix comments * fix public methos issue Co-authored-by: vyankatesh <vyankatesh@neualto.com>	2021-05-06 12:02:06 -07:00
Yashvardhan Kukreja	10c714d5ba	feat: [preconditions, conditions] added backwards-compatible support for logical operators (#1604 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-03-01 20:31:06 -08:00
Shuting Zhao	cdc5190c56	update nirmata/kyverno to kyverno/kyverno	2020-10-07 11:12:31 -07:00
Mohan B E	f60deecdce	Feature/namespaced policy 280 (#1058 ) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole	2020-08-19 09:07:23 -07:00
shuting	267f38bb93	remove policy name cache entry on policy DELETE (#986 )	2020-07-13 20:29:39 -07:00
shuting	87fa77fbcc	965 add validate audit handler (#967 ) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments	2020-07-09 11:48:34 -07:00
shuting	ed52bd3d9f	Add policy cache based on policyType (#960 ) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description	2020-07-02 12:49:10 -07:00

28 commits