mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
6428 commits 17 branches 550 tags 289 MiB
Commit graph

6428 commits

This branch
This branch
All branches
Author SHA1 Message Date
Charles-Edouard Brétéché
b333c312ec
fix: cli tests scenarios_to_cli/other (#8116) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 23:02:47 +00:00
Charles-Edouard Brétéché
f64d8d1eec
fix: cel-variables kuttl test (#8113) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 17:30:06 +00:00
Charles-Edouard Brétéché
e7b7dc4b9d
fix: cli logs not working (#8110) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 16:17:20 +00:00
Mariam Fahmy
072ebeacdb
refactor: create cel package for compiling expressions (#8108) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-24 14:06:37 +00:00
Charles-Edouard Brétéché
23b7bd4644
chore: add otel collector to dev lab (#8106) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 13:04:01 +00:00
Charles-Edouard Brétéché
59c2a5d813
fix: reduce tls package dependencies (#8107) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 11:52:57 +00:00
Mariam Fahmy
10172ae8e0
feat: support variables for CEL in Kyverno policies (#8103) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 10:00:27 +00:00
Charles-Edouard Brétéché
967536db7d
chore: add kind config with kubelet and apiserver tracing (#8105) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 09:10:02 +00:00
Ved Ratan
780f1c1e09
[Feat]: added ttl-metrics (#8096) 
* added ttl-metrics

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* applied changes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added gvr in labels

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
 2023-08-24 10:32:46 +02:00
Charles-Edouard Brétéché
3c09d902fd
fix: context propagation in tracing (#8104) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-24 14:45:58 +08:00
AdamKorcz
da3531a0c0
chore: add mocks to mutate fuzzer (#8102) 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2023-08-23 21:45:01 +00:00
Dhananjay Kumar Sharma
04bc4ed7c6
Migrated scenario based tests to CLI (#8055) 
* migrated scenarios to cli and resolved conflicts

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Modified Makefile

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update Makefile

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Create patchedresource.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update kyverno-test.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Delete test/cli/scenarios_to_cli/other /scenario_mutate_validate_qos directory

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update kyverno-test.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Create patchedresource.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update policy.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* Update policy.yaml

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Dhananjay Kumar Sharma <dhananjaykumarsharma3339@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-23 15:55:39 +00:00
Mariam Fahmy
333845677a
fix: check if client is set in CEL validations (#8099) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-23 17:22:37 +02:00
Mariam Fahmy
e1783e7375
refactor CEL validation in Kyverno policies (#8098) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-23 13:28:40 +00:00
Charles-Edouard Brétéché
87728f1771
refactor: background controller permissions (#8083) 
* fix: reduce background controller permissions

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* debug

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-23 12:29:56 +00:00
dependabot[bot]
2d434c6f97
chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.0 (#8094) 
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.1 to 0.16.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.1...v0.16.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-08-23 08:42:38 +00:00
dependabot[bot]
58b5d65c85
chore(deps): bump slsa-framework/slsa-github-generator (#8093) 
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-23 16:11:32 +08:00
AdamKorcz
af33cd98c8
chore: improve performance of engine fuzzers (#8090) 
Signed-off-by: AdamKorcz <adam@adalogics.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-22 22:35:06 +00:00
Charles-Edouard Brétéché
11ef5758e4
fix: mutate existing kuttl tests (#8088) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-22 16:50:26 +00:00
Charles-Edouard Brétéché
c8433bf048
fix: generate/clusterpolicy kuttl tests (#8087) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-22 16:06:04 +00:00
Charles-Edouard Brétéché
52971c372a
fix: generate/validation kuttl tests (#8085) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-22 23:29:53 +08:00
Charles-Edouard Brétéché
4058b0794e
fix: crash when applying unquoted null (#8081) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-22 12:05:08 +00:00
Mariam Fahmy
19b1944bc3
chore: replace usage of v1beta1 with v1alpha1 for cel subrule (#8082) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-22 11:33:33 +00:00
Charles-Edouard Brétéché
db2f47b8b5
fix: allow mutation of policy reports (#8080) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-22 09:44:25 +00:00
Alok N
cf5ec3df58
feat: use kyverno/action-install-cli action for conformance workflow (#8072) 
* feat: use kyverno/action-install-cli for conformance workflow

* Update .github/workflows/conformance.yaml

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-21 22:26:37 +02:00
Charles-Edouard Brétéché
67151888d8
chore: add support for different kind config (#8079) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-21 13:56:57 +00:00
Charles-Edouard Brétéché
794dc782bd
fix: stop hidding flags in the cli (#8077) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-21 11:16:05 +00:00
Mariam Fahmy
cb1433b70b
chore: replace usage of v1alpha1 with v1beta1 for cel subrule (#8075) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-21 10:38:31 +00:00
Mariam Fahmy
96adc301e5
feat: support namespaceObject variable in CEL expressions (#8071) 
* feat: support namespaceObject variable in CEL expressions

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix a bug

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-08-21 08:04:59 +00:00
Charles-Edouard Brétéché
ce4beb0e92
feat: support wildcard in subjects statements (#8068) 
* feat: support wildcard in subjects statements

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* sa tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-20 20:46:42 -04:00
Charles-Edouard Brétéché
d7771cb835
fix: image pull policy missing (#8067) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-18 15:01:04 +00:00
Charles-Edouard Brétéché
6a817731ed
chore: bump a couple of deps (#8066) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-18 10:59:46 +00:00
anushkamittal2001
72ccc55d78
Refactor Kyverno CLI (#7995) 
* Initial changes for cli refactoring

Signed-off-by: anushkamittal2001 <anushka@nirmata.com>

* Invoke engine in the correct order

Signed-off-by: anushkamittal2001 <anushka@nirmata.com>

* Refactor apply_command.go

Signed-off-by: anushkamittal2001 <anushka@nirmata.com>

* Resolve lint errors

Signed-off-by: anushkamittal2001 <anushka@nirmata.com>

* Removed unnecessary leading newline

Signed-off-by: anushkamittal2001 <anushka@nirmata.com>

---------

Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-18 10:28:47 +00:00
Charles-Edouard Brétéché
bdad59cfc8
chore: bump a couple of deps (#8064) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-18 09:08:50 +00:00
Charles-Edouard Brétéché
a3403131d6
feat: add match conditions support in webhooks (#8042) 
* feat: add match conditions support in webhooks

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chart

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* release notes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* changelog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix configmap

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* warning

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-18 08:32:15 +00:00
Charles-Edouard Brétéché
57a0f81040
feat: use k8s 1.28 libs (#8037) 
* feat: use k8s 1.28 libs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix validating admission policies

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix a typo

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-08-18 03:54:05 +00:00
AdamKorcz
0a56049466
test: move OSS-Fuzz build script from cncf-fuzzing (#8057) 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2023-08-17 16:37:09 +00:00
Charles-Edouard Brétéché
a10b272df0
chore: bump a couple of deps (#8054) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-17 14:42:49 +00:00
AdamKorcz
c0f329e473
chore: use fuzzers own cfg variable (#8056) 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2023-08-17 16:09:08 +02:00
Charles-Edouard Brétéché
2e842ec6a3
fix: server name without port to generated certificate (#8053) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-17 18:35:00 +05:30
Charles-Edouard Brétéché
0d9255ed5a
chore: use k8s 1.27 by default (#8052) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-17 16:50:06 +05:30
dependabot[bot]
2c6dd0504b
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#8045) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-17 08:42:14 +00:00
dependabot[bot]
41ac6f2d07
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#8048) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-17 07:54:36 +00:00
Charles-Edouard Brétéché
1abf2cb51a
chore: remove tests for k8s v1.24 (#8043) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-17 12:05:35 +08:00
Chip Zoller
757ec3fe1a
update (#8041) 
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
 2023-08-16 18:00:11 +00:00
AdamKorcz
98f57df5ae
feat: add fuzzers from cncf-fuzzing (#8027) 
* feat: add fuzzers from cncf-fuzzing

Signed-off-by: AdamKorcz <adam@adalogics.com>

* linter fixes

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
 2023-08-16 16:42:37 +00:00
Chandan DK
20bf9f235f
fix: apply command doesn't consider git and non-git paths together (#7832) (#7885) 
* fix: apply command doesn't consider git and non-git paths together

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* fix: reorder if block to check err

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

* test: add unit tests to check both git and non git paths are applied irrespective of their order

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

---------

Signed-off-by: Chandan-DK <chandandk468@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-08-16 16:03:42 +00:00
Charles-Edouard Brétéché
7ea68ba290
fix: image logger (#8040) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-08-16 12:49:21 +00:00
Charles-Edouard Brétéché
703b63d151
chore: bump codegen tools (#8038) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-16 12:03:14 +00:00
Charles-Edouard Brétéché
78dfd297bb
chore: add 1.28 to issue template (#8039) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-08-16 16:55:29 +05:30