Charles-Edouard Brétéché
|
fc694bc24c
|
feat: add kyverno json support to validation rule (#10763)
* feat: add kyverno json support to validation rule
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v2beta1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* validation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* engine handler
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* context functions
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* better bindings
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-08-02 08:24:30 +00:00 |
|
Charles-Edouard Brétéché
|
e004d8ae8d
|
chore: bump chainsaw (#10687)
* chore: bump chainsaw
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* bump
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v0.2.8-beta.1
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* v0.2.8-beta.2
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* beta 3
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* cli
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-07-31 15:50:20 +00:00 |
|
Mariam Fahmy
|
734f1df059
|
fix: check the resource namespace (#10738)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-07-26 21:45:54 +08:00 |
|
Mariam Fahmy
|
716611b7ea
|
fix: return all the exceptions that match the incoming resource (#10722)
* fix: return all the exceptions that match the incoming resource
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: modify log messages
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-07-25 17:36:19 +00:00 |
|
Mariam Fahmy
|
f3c9be9d0f
|
chore: rename deprecated chainsaw tests (#10668)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-07-17 04:52:38 +00:00 |
|
Mariam Fahmy
|
b0cef72df1
|
feat: support exclude block in generating VAPs (#10215)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-07-16 18:06:58 +03:00 |
|
Mariam Fahmy
|
35494bd8bb
|
feat add chainsaw tests for pod security and exceptions (#10664)
* feat add chainsaw tests for pod security and exceptions
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: enable ProcMountType in the kind config
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-07-16 12:14:47 +00:00 |
|
Mariam Fahmy
|
5b715420a3
|
fix: truncate event messages to 1024 chars (#10636)
* fix: truncate event messages to 1024 chars
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* add chainsaw test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
|
2024-07-10 14:31:32 +00:00 |
|
Mariam Fahmy
|
ad6ee93e3b
|
fix: CEL policies aren't applied to deleted resources (#10611)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-07-04 22:16:36 +05:30 |
|
Mariam Fahmy
|
418bf25659
|
feat: add chainsaw tests for validate policies (part 3) (#10546)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-06-26 14:07:03 +00:00 |
|
Mariam Fahmy
|
565f4b5427
|
feat: add chainsaw tests for validate policies (part 2) (#10545)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-06-26 11:37:32 +00:00 |
|
Mariam Fahmy
|
340009f55f
|
feat: add chainsaw tests for validate policies (#10544)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-06-26 10:39:54 +00:00 |
|
shuting
|
88ae60ea9d
|
fix: correctly validate patterns for old and new objects (#10310)
* fix: correctly validate patterns for old and new objects
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* test: add new scenario to the existing test
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: indention
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: chainsaw tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
|
2024-06-25 14:11:34 +00:00 |
|
Charles-Edouard Brétéché
|
28db48573a
|
feat: remove old reports from helm chart and disable cleanup jobs by default (#10533)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-06-25 13:34:26 +00:00 |
|
Husni Alhamdani
|
cd6988d1e2
|
fix: reset mutable fields orphandownstream (#10478)
* fix: reset mutable fields orphandownstream
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
* fix: reset mutable fields orphandownstream
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
* fix: reset mutable fields orphandownstream
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
---------
Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
|
2024-06-25 09:24:35 +00:00 |
|
Mariam Fahmy
|
e892a0531e
|
chore: add tests that use spec.webhookConfiguration (#10526)
* chore: add tests that use spec.webhookConfiguration
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix chainsaw tests
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-06-24 13:40:50 +00:00 |
|
Mariam Fahmy
|
b7bf894fe9
|
chore: use v2 for exceptions in chainsaw tests (#10529)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-06-24 11:54:57 +00:00 |
|
Mariam Fahmy
|
61e78fd968
|
chore: add tests that use spec.mutateExistingOnPolicyUpdate (#10514)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-06-20 10:27:42 +00:00 |
|
Mariam Fahmy
|
88d1063647
|
chore: use mutateExistingOnPolicyUpdate under mutate rule in chainsaw tests (#10507)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-06-19 18:16:46 +02:00 |
|
Charles-Edouard Brétéché
|
6e1def1004
|
feat: remove v1alpha2 group/version (#10500)
* feat: remove v1alpha2 group
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-06-19 08:08:15 +00:00 |
|
Vishal Choudhary
|
334594c128
|
feat: add support for cosign experimental OCI 1.1 signatures (#10228)
* feat: add support for cosign experimental OCI 1.1 signatures
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: remove unrelated changes
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: linter
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: requested changes
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-06-18 23:03:53 +00:00 |
|
Vishal Choudhary
|
c305fbc070
|
feat: add custom sigstore conformance tests (#10473)
* feat: add custom sigstore conformance tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: debug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: debug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: debug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: debug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add custom sigstore values back
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: remove debug
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
|
2024-06-14 13:53:06 +00:00 |
|
Charles-Edouard Brétéché
|
46b9a6e3e2
|
test: add cleanup v2 chainsaw tests (#10476)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-06-14 13:19:48 +00:00 |
|
Charles-Edouard Brétéché
|
f26acfb36a
|
chore: add chainsaw test for controllers leader election (#10416)
* chore: add chainsaw test for reports controller leader election
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* other controllers
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-06-10 15:57:29 +00:00 |
|
Mariam Fahmy
|
c391fba64c
|
fix: get ns labels in the cluster mode when using the CLI (#10348)
* fix: get ns labels in the cluster mode when using the CLI
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: fix chainsaw test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* Update .vscode/launch.json
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
|
2024-06-04 10:44:44 +00:00 |
|
Vishal Choudhary
|
f4482c4699
|
chore: add condition checking to notary attestation verify chainsaw tests (#10288)
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
|
2024-05-30 21:26:44 +00:00 |
|
Vishal Choudhary
|
47adea6f1c
|
feat: add support for background scanning of existing resource in image verification (#10287)
* feat: add support for background scanning of existing resource in image verification
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: change rule response type to image verify
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: fix nilptr reference
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
|
2024-05-24 09:41:04 +00:00 |
|
Mariam Fahmy
|
57b2c5fe4f
|
fix: add a copy method to the policy context (#10236)
* fix: add a copy method to the policy context
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: add a CLI test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: remove mutate changes
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-21 15:29:09 +00:00 |
|
shuting
|
e58d7120c6
|
fix: sort webhookconfig.operations (#10274)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
|
2024-05-21 13:22:08 +00:00 |
|
Mariam Fahmy
|
5534ac335a
|
fix flake test in VAPs (#10263)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-20 11:03:47 +00:00 |
|
Vishal Choudhary
|
3af0e461f0
|
fix: deepcopy patched resource in foreach mutate (#10252)
* fix: deepcopy patched resource to avoid indirect reversal of its elements
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy elements while reversing
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy resources inside foreach
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
|
2024-05-20 14:45:21 +08:00 |
|
Mariam Fahmy
|
900bf48ecf
|
fix: skip generating VAPs in case namespace's name contains wildcards (#10205)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-10 14:19:10 +00:00 |
|
Mariam Fahmy
|
6fec52436a
|
fix: generate VAPs that match all resources when kinds is set to * (#10208)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-09 06:46:10 +00:00 |
|
Mariam Fahmy
|
60e347bedb
|
feat: support generating VAPs in case of matching resources in specific namespaces (#9981)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
|
2024-05-08 11:09:47 +00:00 |
|
Mariam Fahmy
|
3fa6a8d34e
|
fix: add resourceNames field in the generated VAPs (#10187)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-07 12:19:12 +00:00 |
|
Mariam Fahmy
|
f291407ca9
|
fix: skip generating VAPs for policies that match multiple resources with a namespace/object selector (#10181)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-06 21:52:22 +08:00 |
|
Khaled Emara
|
21602a1e1f
|
fix(polex): multiple polexes with conditions (#9994)
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-06 10:28:39 +00:00 |
|
Mariam Fahmy
|
8805620574
|
fix: add CONNECT operation in the webhook config for pod/exec subresource (#9855)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-06 09:51:46 +00:00 |
|
Mariam Fahmy
|
cd33b84a62
|
fix: add pods/ephemeralcontainers to the generated VAPs (#10162)
* fix: add pods/ephemeralcontainers to the generated VAPs
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: remove an extra space
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-05-06 08:29:55 +00:00 |
|
Vishal Choudhary
|
c403a498a3
|
fix: add error check in jmespath type conversion in context variables (#10152)
* fix: add error check in jmespath type conversion in context variables
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix(lint): new line in tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: properly update path variable
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: remove log statemet
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
|
2024-05-01 04:30:34 +00:00 |
|
Khaled Emara
|
c9d821ee72
|
fix: shared policy context needs to be copied (#10139)
* fix: shared policy context needs to be copied
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(e2e): concurrent PSS execution
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
* test(e2e): wait for pss policies to be ready
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
---------
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
|
2024-04-30 14:05:33 +00:00 |
|
shuting
|
96ffbadd77
|
fix: sort pod controllers for autogen rule (#10140)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
|
2024-04-30 12:26:12 +00:00 |
|
Mariam Fahmy
|
798950f72c
|
fix: return skip when celPreconditions/matchConditions aren't met (#9940)
* fix: return skip when cel preconditions aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix test
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix: return skip when matchConditions in VAPs aren't met
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-04-22 13:49:25 +00:00 |
|
Mariam Fahmy
|
ea64529e63
|
fix: evaluate namespaceObject for Kyverno policies in the CLI (#9977)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-04-19 10:55:41 +00:00 |
|
Mariam Fahmy
|
e91b80a600
|
fix: evaluate namespaceObject for VAPs in the CLI (#9978)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-04-19 10:20:03 +00:00 |
|
Vishal Choudhary
|
83f2846572
|
feat: add TSA cert chain support in cosign (#9961)
* feat: add TSA cert chain support in cosign
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add chainsaw test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add unit test
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: unit tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
|
2024-03-30 20:50:07 +00:00 |
|
Vishal Choudhary
|
93eac3f7a4
|
fix: deferred loader panic when mutate and generate policies are applied (#9935)
* fix: deferred loader panic when mutate and generate policies are applied
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: update policies
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* remove clusterrolebinding
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: copy only json context
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: polctx
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
|
2024-03-29 14:37:15 +01:00 |
|
Mariam Fahmy
|
8369ab6ee1
|
chore: run codegen-fix-tests (#9942)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
|
2024-03-26 21:48:08 +05:30 |
|
Khaled Emara
|
429e84be10
|
fix(globalcontext): panics and validation (#9903)
|
2024-03-14 16:12:39 +00:00 |
|
Vishal Choudhary
|
f2833861f8
|
fix: properly update policy context after preexisting resource in violation check (#9893)
* fix: properly update policy context after preexisting resource in violation check
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: remove all copy function usages
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* chore: nit
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* refactor context resource swap
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* feat: chainsaw tests
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: test:
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* fix: logger panic
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix: copy cover policycontext
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
|
2024-03-13 16:24:53 +00:00 |
|