kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00

Author	SHA1	Message	Date
Naman Lakhwani	d126280184	keyless signing kyverno images with digest (#2896 ) * signing with digest Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * keyless signing Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding annotations Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * keyless image signing with digest in release workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-04 08:08:28 -08:00
Anita-ihuman	3f2caccab5	Updated the list of adopters (#2828 ) * improved the contributing guidelines. Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * added more adopters and the success stories Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * updating maintainers.md file Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>	2022-01-04 01:56:50 +00:00
shuting	045a58e2ef	Don't create ReportChangeRequest on managed pods/jobs deletion (#2890 ) * don't generate policy report on managed pod/job Signed-off-by: ShutingZhao <shuting@nirmata.com> * - don't generate rcr for managed pods/jobs; - add debug info Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-01-03 15:43:38 +00:00
shuting	9631d1d196	fix buildversion for local build (#2887 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-03 20:40:55 +05:30
shuting	2c9319ea87	don't generate policy report on managed pod/job (#2889 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-30 00:34:43 +08:00
Anushka Mittal	a9fd8b86fd	Rules length check (#2884 ) * len check Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * explicitly adding RuleStatusSkip Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * added log message Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-28 16:37:41 +00:00
Abhinav Sinha	2cd988a153	Added validation for Condition Operators (#2864 ) * Added validation for Condition Operators Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * Updated description of `Condition.Operator` with all current valid condition operators` Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * Added `ConditionOperators` map and updated existing `ConditionOperator` type references Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>	2021-12-28 15:12:31 +00:00
Prateek Pandey	f6e40b5dd1	feat(validation): support for ephemeral containers (#2875 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-28 14:22:52 +00:00
Vyankatesh Kudtarkar	0a92a2fed8	2460: Add wildcard support for match label selector (#2832 ) * add wildcard support for match label selector * fix comment * update cluster role label * fix comment * fix comment * add support for key label selector * update method name Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-27 22:59:38 -08:00
Jim Bugwadia	48f2105c51	fix report permissions (#2874 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-24 11:55:47 +08:00
Vyankatesh Kudtarkar	2be70a5074	Fix foreach precondition isssue (#2871 )	2021-12-22 22:20:40 +08:00
Naman Lakhwani	898520b7cf	add `semver_compare` JMESPath function (#2846 ) * add semver_compare JMESPath function Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for semver_compare Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * enabling version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests for version compaision via regular operators Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * removing unnecessary switch cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-21 08:12:35 -08:00
Vyankatesh Kudtarkar	6a942683b0	Fix foreach jmespath issue (#2867 )	2021-12-21 20:55:27 +08:00
Franz Nemeth	a371dfbaa6	remove app.kubernetes.io/managed-by label from crds (#2852 ) * remove app.kubernetes.io/managed-by label from crds Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net> * removed app.kubernetes.io/manged-by from config/bundle/labels.yaml Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net> * removed internal.config.kubernetes.io/index in crds.yaml Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net>	2021-12-21 07:43:44 +00:00
shuting	4a027f3bd7	Increase Kyverno memory request and limit (#2862 ) * bump memory request and limit Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove quotes Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-20 23:11:28 -08:00
Franz Nemeth	db030f918d	added priorityClassName to helm values.yaml (#2855 ) Signed-off-by: Franz Nemeth <franz.nemeth@fnemeth.net> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-21 05:43:23 +00:00
Danny Kulchinsky	ff99d92f80	jmespath truncate - handle negative input value (#2856 ) Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>	2021-12-20 06:50:46 +00:00
Abhinav Sinha	2076f07b9f	added support for --git-branch flag and directory in git path for kyverno test cmd (#2763 ) * added support for --git-branch flag and directory in git path for kyverno test cmd Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added cli tests Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * replaced hard-coded Makefile test-cmd branch names with var GIT_BRANCH Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * moved `test-cmd` job from Makefile to github workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added `release*` branch to `e2e` workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-20 14:09:53 +08:00
Kushal Beniwal	b961bb479e	Fix typos (#2860 ) * fix typo in README Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in CODE_OF_CONDUCT Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in CONTRIBUTING Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in comment Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com> * fix typo in comment Signed-off-by: Kushal Beniwal <kbeniwal2305@gmail.com>	2021-12-18 20:03:16 +00:00
Danny Kulchinsky	f6982760fc	truncate custom jmespath function (#2836 ) * [feature] custom jmespath truncate function Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * formatting Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> * simplify naming a bit Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 15:52:52 +08:00
Vyankatesh Kudtarkar	bbdfc21d73	Kyverno CLI test default manifest should use a less generic name (#2715 ) * Kyverno CLI test default manifest should use a less generic name * fix Note Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 06:31:34 +00:00
Frank Jogeleit	abb5bd2947	Add SelectorLabel to (Cluster)PolicyReporter resources (#2841 ) Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 05:03:52 +00:00
shuting	f4614213e5	Test publishing dev-test images (#2848 ) * publish dev-* images Signed-off-by: ShutingZhao <shuting@nirmata.com> * add LD_FLAGS_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * add IMAGE_TAG_LATEST_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test statement Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-17 02:46:59 +00:00
Vyankatesh Kudtarkar	39a299f317	Update labels to fetch cluster role (#2842 )	2021-12-16 07:55:58 +00:00
Naman Lakhwani	59a460b31e	adding support for Cosign key-value annotations (#2824 ) * adding annotation check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * updating manifests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * changing map val type to string form interface{} Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * passing args to opts Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-16 06:19:44 +00:00
treydock	c8e5750c4f	Ensure Helm chart networkpolicy is valid by default (#2827 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-15 21:43:05 +08:00
Jim Bugwadia	a3efcc80ac	add permissions for Kyverno deployment update (#2830 ) * add permissions for Kyverno deployment update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove quotes Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-13 14:38:13 -08:00
Naman Lakhwani	edafffd2bd	added issuer check (#2804 ) * added issuer check Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * switch to using SimpleContainerImage Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * added subject check and required test cases Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * small nits Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * correcting tests Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 19:46:22 +00:00
Jim Bugwadia	b17e76493e	tighten and clarify Kyverno roles and permissions (#2799 ) * update roles and rolebindings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert label and fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * restrict role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix whitespace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove ingress extensions/v1beta1 Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * tighten and clarify Kyverno roles and permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fake commit to trigger workflows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert tests and update test role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add newlines Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove invalid param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup roles in Helm templates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove `mutate` cluster role binding Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 04:34:06 +00:00
Prateek Pandey	911bebcf4d	[docs]: sync api docs with latest api changes (#2808 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-09 14:44:29 +00:00
Danny__Wei	8da64cb5cf	fix: add Windows testcases for path_canonicalize (#2803 ) Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-08 15:14:49 +00:00
Sebastian Widmer	80664d339f	Add command-line flags to allow setting client rate limits (QPS/Burst) (#2797 ) * Add `-clientRateLimitQPS` and `-clientRateLimitBurst` flags to allow controlling client rate limits. Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Return error if QPS is higher than max value of float32 Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-12-08 14:03:07 +01:00
Kumar Mallikarjuna	a667a69812	JMESPath arithmetic function units (#2753 ) * MAS arithmetic functions Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Adding Divide() and Modulo() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Tidy go.mod Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix lift issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set division scale to maximum of operands Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Precision for Add()/Subtract() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Set duration precision Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added comment for duration diff calculation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Bricktop <marcel.mueller1@rwth-aachen.de>	2021-12-07 15:44:46 +00:00
Joel Kamp	081dd97cc3	fix: update registry credentials on verify (#2798 ) Signed-off-by: Joel Kamp <joel.kamp@invitae.com>	2021-12-06 16:08:16 -08:00
Danny__Wei	beeec06c7f	Add `path_canonicalize` custom JMESPath function (#2787 ) * Add path_canonicalize custom JMESPath function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * Add CLI test for the custom path_canonicalize function Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> * remove the extra parameter Signed-off-by: weiwei.danny <weiwei.danny@bytedance.com> Co-authored-by: weiwei.danny <weiwei.danny@bytedance.com>	2021-12-06 12:10:34 +01:00
Vyankatesh Kudtarkar	b7767d79d3	change cluster role labels (#2776 ) * change cluster role labels * change cluster role label value * fix cluster role label issue * fix comment	2021-12-02 15:52:34 +05:30
Bricktop	962f4de8d8	Only report on intended errors when checking JSONPatch path for variables (#2710 ) * Only report on intended errors Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Change error text to be more fitting Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Replace vars for checks Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove more checks for testing Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Disable schema validation Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Remove unneeded fmt prints Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-11-30 17:14:58 +00:00
Tobias Brunner	ef20ae4d47	Add VSHN as adopter with APPUiO Cloud (#2773 ) Signed-off-by: Tobias Brunner <tobias.brunner@vshn.ch>	2021-11-30 08:03:47 -08:00
Anita-ihuman	5ef89e7da0	improved the contributing guidelines. (#2766 ) Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>	2021-11-30 21:18:39 +08:00
Sebastian Widmer	4c251bcffd	Add `pattern_match` custom JMESPath function analogous to `regex_match` (#2717 ) * Add `pattern_match` custom JMESPath function analogous to `regex_match` Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Add CLI test for the custom `pattern_match` function Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-11-30 00:13:07 +08:00
Vyankatesh Kudtarkar	5c50191d8a	change matchGVK logic (#2736 ) * change matchGVK logic * fix issue * add testcases * add testcase core * format code * fix comment	2021-11-24 22:17:32 +08:00
Igor Urazov	9e10eef422	Don't check for Prom Operator apiVersion (#2723 ) `.Capabilities.APIVersions.Has` function has limitations when running with `helm template`, which is common step in multiple CD tools. In order to properly resolve `Capabilities.APIVersions` `helm template` has to run with `--validate` option and connect to cluster that has Prom Operator CRDs installed. As this template is opt-in and user has to set value to enable this, apiVersion check doesn't provide much value and can be removed. Signed-off-by: Ihor Urazov <iurazov@healthjoy.com>	2021-11-23 15:12:43 -05:00
Jim Bugwadia	3c9430d2fc	handle missing predicate type (#2743 ) * handle missing predicate type Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 10:49:21 -08:00
Vyankatesh Kudtarkar	4c28540f83	fix crd sync issue (#2634 )	2021-11-22 21:52:45 +08:00
Shubham Palriwala	ea3529f2d0	Trivy now scans local images (#2744 ) * fix: trivy now scans entire container Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 20:57:51 +08:00
Jim Bugwadia	8a0d465d90	fix signature (#2740 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:12:12 +08:00
Jim Bugwadia	189c6f8cda	fix dependabot issue and remove stale entries in go.mod (#2741 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-11-19 16:11:38 +08:00
vivek kumar sahu	3e7c469d2e	set default value of "request.operation" to "CREATE" (#2688 ) * set default value of "request.operation" equals to "CREATE" Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * handles the value of "request.operation" as "CREATE" in the CLI Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fixed the failing e2e test case Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added logs Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test case Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-11-18 16:09:35 +01:00
Kumar Mallikarjuna	7f95bee23c	Added time_since() custom JMESPath function (#2680 ) * Added time_since() custom JMESPath function Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove time.Layout (not supported in Go 1.16) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Modify time_since() for 3 arguments Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add tests for functions_test.go Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Timestamp literals and tabulated tests Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove layout map and default to RFC3339 Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2021-11-17 21:17:17 +01:00
Jose Armesto	1ff16ba5d4	Do not log error when resource is not namespaced (#2730 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-11-17 15:09:00 +01:00

... 6 7 8 9 10 ...

4190 commits