kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00

Author	SHA1	Message	Date
shuting	01cc42e78a	fix: add auth check to the admission controller for generate policies (#10963 ) * fix: add auth check to the admission controller for generate policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: enable auth check if sync=true Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: restict to list/get permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-09-04 11:26:24 +00:00
Jim Bugwadia	f06399200c	remove wildcard permissions (#10785 ) * remove wildcard permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix background controller perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove secrets perm Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reports-controller role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add wildcard check and limit generate policy checks based on `synchronize` Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix wildcard check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update default QPS and burst for better performance and to prevent test failure Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-20 11:55:32 +03:00
shuting	bd71af3291	feat: support `foreach` for `generate.data` (#10875 ) * chore: refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add foreach for generate.daya to api Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: refactor generator Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation -2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: support foreach.data Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: context variables Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add a chainsaw test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: sync on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: enable new chainsaw tests in CI Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: validate targets scope for ns-policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove unreasonable test Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-19 06:55:19 +00:00
shuting	a7900ff40c	require generate.apiVersion (#7080 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-05-03 10:33:29 +00:00
shuting	6249ab70e8	fix: block generate policies when lack of permission to operate downstream resources (#6610 ) * debug Signed-off-by: ShutingZhao <shuting@nirmata.com> * return on errors only Signed-off-by: ShutingZhao <shuting@nirmata.com> * update clusterrolebinding Signed-off-by: ShutingZhao <shuting@nirmata.com> * update clusterrolebinding Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix ns Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-03-22 13:14:57 +00:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Shuting Zhao	cdc5190c56	update nirmata/kyverno to kyverno/kyverno	2020-10-07 11:12:31 -07:00
shivkumar dudhani	b1063a95e1	refactor & validate operations for generate rules in PolicyValidation	2020-03-11 18:14:23 -07:00

8 commits