1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Commit graph

1009 commits

Author SHA1 Message Date
Jim Bugwadia
a1b49f72a3
fix gofmt and golint issues (#667)
* fix gofmt and golint issues

* add keys to structs

* fix compile error

* fix clusterrolebinding creation

* fix test
2020-02-03 13:38:24 -08:00
Shivkumar Dudhani
2bba55e211
substitute variable values on a copy of policy rule (#669) 2020-02-03 11:59:34 -08:00
shravan
4471117d42 644 removing more deadcode related to previous commit 2020-02-03 18:58:31 +05:30
shravan
0d4b256d13 644 updating changes with revised understanding of issue, also removed alot of deadcode to make changes 2020-02-03 18:51:18 +05:30
shravan
3b37a61f5d Revert "644 untested prototype changes"
This reverts commit 4021453760.
2020-02-01 20:48:06 +05:30
shravan
1da17a58f5 658 untested changes 2020-01-31 13:16:08 +05:30
shubham
c93a37d944 updated error message 2020-01-30 21:50:41 +05:30
shravan
4021453760 644 untested prototype changes 2020-01-30 16:12:26 +05:30
shubham
2b12f2a780 setting proper error message in policy validation for userinfo not allowed when background mode is set to true 2020-01-30 00:22:28 +05:30
shravan
c4a8efbd7b Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-29 14:34:15 +05:30
shravan
1c06353172 Merge branch 'master' into 522_validate_policy_resource_data 2020-01-29 14:33:21 +05:30
shravan
6762207fa7 Merge branch 'master' into 536_extend_cli 2020-01-29 14:26:44 +05:30
shuting
3343d73b76 linter fix (#657) 2020-01-27 08:58:53 -08:00
shravan
b7129263c9 536 revised error handling 2020-01-26 19:52:40 +05:30
shravan
33e55a78e0 536 corrected helper text 2020-01-26 19:44:18 +05:30
shravan
a4e06a6ba1 536 fixing compilation issues 2020-01-26 19:42:09 +05:30
shravan
5a63b85368 536 conforming to plugin author guidelines 2020-01-26 19:21:58 +05:30
shravan
de08e2415c 536 circle ci changes 2020-01-26 11:17:04 +05:30
shravan
ee21060aaa made kube config optional, validates policeis on apply, added cluster flag 2020-01-26 10:47:58 +05:30
shravan
94f8721a6e 536 apply on cluster now supports significantly more resource types 2020-01-25 22:38:54 +05:30
shravan
78edfd2f7d Merge branch '522_validate_policy_resource_data' into 536_extend_cli 2020-01-25 17:57:16 +05:30
shravan
5f62d108b9 536 minor cli ui changes 2020-01-25 17:57:01 +05:30
shravan
865eb57812 resolving merge conflicts 2020-01-25 16:38:12 +05:30
shravan
e1b9a13590 resolving merge conflicts 2020-01-25 14:55:36 +05:30
shravan
78cae242c5 522 restructured files 2020-01-25 14:53:12 +05:30
shubham
7a34378648 Adding log level 4 to "Loading variable" logs in context.go line no 124 and 139 (#648)
Type at pkg/policyviolation/namespacedev.go
2020-01-24 16:29:51 -08:00
Shivkumar Dudhani
f4406bbefc
linter fixes (#656)
* cleanup phase 1

* linter fixes phase 2

* linter fixes

* linter fixes
2020-01-24 16:27:51 -08:00
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655)
* cleanup phase 1

* linter fixes phase 2
2020-01-24 12:05:53 -08:00
shravan
81ea5ba157 253 fixing circle ci issues 2020-01-24 23:40:05 +05:30
shravan
12076f6183 Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-24 23:32:15 +05:30
shravan
4bd3603e5d 253 fixing build issues 2020-01-24 23:25:39 +05:30
shravan
53a795e414 resolving merge conflicts 2020-01-24 23:24:20 +05:30
Shivkumar Dudhani
1171ac691b
cleanup phase 1 (#653) 2020-01-24 09:37:12 -08:00
shravan
1b707f10a0 522 added ability to override default openAPI document 2020-01-24 22:27:21 +05:30
shravan
aec7a78822 522 adding swagger doc directly to repo instead of getting it from the internet 2020-01-24 21:31:38 +05:30
shravan
d5778e3815 522 add missing circle ci change from previous revision 2020-01-24 21:12:36 +05:30
shravan
29bb74c537 522 more missing changes from circleci 2020-01-24 21:09:04 +05:30
shravan
db95002828 522 missing circle ci change 2020-01-24 21:01:56 +05:30
shravan
dfedd86505 522 resolving circle ci 2020-01-24 20:59:14 +05:30
shravan
b2e2dd8a0f 522 now supports all possible kinds 2020-01-24 20:22:33 +05:30
shravan
a959c4969e 522 revising setting of global state 2020-01-24 18:53:51 +05:30
shravan
a3bcde6f1e adding tests 2020-01-24 15:45:56 +05:30
shravan
56b54e6484 522 fixing bugs discovered from writing tests 2020-01-24 14:33:40 +05:30
shravan
fa7c522b5c 522 minor changes from tests 2020-01-24 09:51:40 +05:30
shravan
a90999417e 522 added kind prefix 2020-01-23 22:12:01 +05:30
shravan
af68f77b62 522 untested changes 2020-01-23 20:45:25 +05:30
shravan
be8527be47 revised 522 changes 2020-01-23 20:19:58 +05:30
shravan
344af84ec5 adding patch validation formutation 2020-01-23 18:03:37 +05:30
shravan
00da200c59 fixing cli output printing issues 2020-01-17 21:28:53 +05:30
shravan
2e60df0cb3 removing uneeded log statements 2020-01-17 09:55:04 +05:30
shravan
fc8153724e added map of kind to list api from swagger document 2020-01-17 09:51:13 +05:30
shravan
d0da7a8ed4 Merge branch 'master' into 536_extend_cli 2020-01-17 09:50:11 +05:30
Shuting Zhao
24f3659b03 update debug info log level 2020-01-16 14:37:01 -08:00
Shuting Zhao
5d3d27cafd report violation for mutation failure only, not block the creation 2020-01-16 14:29:44 -08:00
Shuting Zhao
ba8030bec0 change to use validationFailureAction for the mutation failure action 2020-01-16 11:57:28 -08:00
shravan
f41b7124ac fixing merge issues 2020-01-17 00:09:39 +05:30
shravan
79999c4948 extended cli 2020-01-17 00:05:15 +05:30
Shuting Zhao
7e59e8e484 mutation failure to not block resource creation 2020-01-15 21:46:58 -08:00
Shuting Zhao
77a6408f30 pass in patchedResource inside the same mutation rule 2020-01-15 18:15:48 -08:00
Shuting Zhao
b26ed89880 - set failurepolicy of webhookconfiguraitons to ignore; - disable auto-gen on policy disabllow_default_namespace 2020-01-15 18:01:50 -08:00
shravan
1b417f42dd changed validating webhook configuration names 2020-01-15 20:29:02 +05:30
shravan
520e675155 Merge branch 'master' into 253_ValidationInMutationFlag_v2 2020-01-15 19:45:16 +05:30
Shuting Zhao
fbe6ea2f24 fix annotation path error if applied to pod controller 2020-01-14 15:57:02 -08:00
Shivkumar Dudhani
cadd8f6b1b
check for multiple variables in a expression & serviceAccount variables (#610)
* check for multiple variables in a expression & serviceAccount variables

* update the regex matcher
2020-01-13 18:56:11 -08:00
Shivkumar Dudhani
dabe592d46
fix the bugs and add pre-condition checks (#606)
* fix the bugs and add pre-condition checks

* add precondition documentation
2020-01-13 11:21:14 -08:00
Shuting Zhao
cca5dd31b6 pass in original resource to validation if patches from mutation is nil 2020-01-13 10:15:52 -08:00
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
shuting
0f398e631d
Merge pull request #599 from nirmata/542_feature
flag to use FQDN as CommonName in CSR
2020-01-10 18:38:18 -08:00
Shuting Zhao
4eff0e9a8c fix build error 2020-01-10 18:31:43 -08:00
Shuting Zhao
f618bbcff3 pass in ctx to mutation and generation 2020-01-10 18:25:16 -08:00
Shuting Zhao
4c83ab8b52 add more unit tests 2020-01-10 17:15:44 -08:00
Shuting Zhao
eb0390d0ed remove managedResource 2020-01-10 13:34:45 -08:00
Shuting Zhao
ac0404bd6c Merge branch 'master' into add_testscenario 2020-01-10 12:00:04 -08:00
Shuting Zhao
434ed20857 report violation in generate when path not present 2020-01-10 11:59:05 -08:00
shivkumar dudhani
3f965a245b add check for clone 2020-01-10 08:01:18 -08:00
Shuting Zhao
2eb0e49306 fix build error 2020-01-09 17:53:27 -08:00
Shuting Zhao
5a44ab3e16 generate violation in validate when substitute path not present 2020-01-09 17:44:11 -08:00
Shuting Zhao
f78ca61859 generate violation in mutation when substitute path not present 2020-01-09 12:24:37 -08:00
Shuting Zhao
731fdb3e07 validate paths in variable substitution is present 2020-01-09 12:23:05 -08:00
Shuting Zhao
d0a1acbac4 fix build error 2020-01-08 16:56:41 -08:00
Shuting Zhao
e3123e96b6 Merge branch 'master' into add_testscenario 2020-01-08 16:48:15 -08:00
shivkumar dudhani
1e5f871665 lowercase the cmdline arg 2020-01-08 16:40:19 -08:00
Shuting Zhao
5924bcae40 remove duplicate structure definition 2020-01-08 10:44:41 -08:00
Shuting Zhao
472fa29fce move mutation to subpackage pkg/engine/mutate 2020-01-07 17:06:17 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594)
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
2020-01-07 15:13:57 -08:00
Shuting Zhao
08491df046 Merge commit 'ffd2179b0332738a088b362e94147a981f0d02ed' into 600_bug
# Conflicts:
#	pkg/webhooks/mutation.go
2020-01-07 14:17:25 -08:00
Shuting Zhao
259c8839e5 remove duplicate import pkg 2020-01-07 11:33:18 -08:00
Shuting Zhao
cafc3883a4 - fix validation to process on patched resource; - format code 2020-01-07 11:32:52 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587)
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
2020-01-07 10:33:28 -08:00
Shuting Zhao
c97b3ce5b0 fetch annotation from resource annotation map 2020-01-06 19:24:24 -08:00
Shuting Zhao
dcc3179b09 remove dclient from pvbuilder 2020-01-06 18:53:36 -08:00
Shuting Zhao
ecbbd04bc5 - remove policy violation created on owner and related logic; - use generic call to create violation info 2020-01-06 17:07:11 -08:00
shivkumar dudhani
38dcb2e94f flag to use FQDN as CommonName in CSR 2020-01-06 16:12:53 -08:00
Shuting Zhao
9194251a38 fix pod controller annotation to "none" 2020-01-06 14:41:25 -08:00
Shuting Zhao
77955ff212 change the policy action to operate on it's own validationFailureAction 2020-01-06 14:41:02 -08:00
Shuting Zhao
f5411c1c76 update policymutation_test 2020-01-03 15:19:33 -08:00
Shuting Zhao
dce1e0555a move helper to pkg/utils 2020-01-03 10:41:47 -08:00
Shuting Zhao
0c9053d50d register resource webhook in policy control loop 2020-01-02 20:25:30 -08:00
Shuting Zhao
956cb0559a - register resource webhook when policy controller starts; - add debug log 2020-01-02 19:12:45 -08:00
Shuting Zhao
b5192dc559 remove old crd namespacedpolicyviolation 2020-01-02 15:33:57 -08:00
Shuting Zhao
b493600754 remove omitemptu on pocliy.spec and policy.spec.rules 2020-01-02 12:17:47 -08:00
Shuting Zhao
d36934fe11 Merge commit '5b8ab3842b43a72cc675b93b8b72e290adfca1d2' into 518_pod_controller
# Conflicts:
#	pkg/api/kyverno/v1/types.go
#	pkg/engine/mutation.go
#	pkg/engine/mutation_test.go
#	pkg/engine/validation.go
#	pkg/policy/existing.go
2020-01-02 10:32:17 -08:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549)
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
2019-12-30 17:08:50 -08:00
Shuting Zhao
56c03f712a only generate rule on policy creation 2019-12-27 15:57:43 -08:00
Shuting Zhao
bae2865550 - add =() to volumes; - update error msg 2019-12-27 14:59:12 -08:00
Shuting Zhao
340dee24bc Merge branch 'master' into 544_documentation
# Conflicts:
#	pkg/engine/overlay_test.go
2019-12-27 13:04:07 -08:00
Shuting Zhao
f2a0f0e3dc replace annotation match by regexp 2019-12-27 12:57:06 -08:00
Shuting Zhao
eb6ab9d2d8 fix rule mis-application 2019-12-26 19:05:12 -08:00
Shuting Zhao
076196688e skip process existing pod if annotation present 2019-12-26 18:41:14 -08:00
Shuting Zhao
f0d943e970 Merge branch 'master' into 518_pod_controller 2019-12-26 15:35:23 -08:00
Shuting Zhao
54ecb7738a - insert annotation to podTemplate; - skip apply rule on pod if annotation exists 2019-12-26 15:34:19 -08:00
Shivkumar Dudhani
085856baa1
add event source and format event messages (#565) 2019-12-26 11:50:41 -08:00
Shuting Zhao
b5255893e3 update autogen annotation for pod controllers 2019-12-26 10:09:49 -08:00
Shuting Zhao
a8aa83573b fix merge error 2019-12-20 19:08:26 -08:00
Shuting Zhao
1f0187e8ea Merge commit 'f1330ede8234eb4d449eb9ec72b41c627488350d' into 518_pod_controller 2019-12-20 19:06:35 -08:00
Shuting Zhao
8be4db3de3 Merge branch '529_query' into 518_pod_controller 2019-12-20 18:55:08 -08:00
Shuting Zhao
cc87ea7339 add unit test 2019-12-20 18:53:44 -08:00
Shuting Zhao
74b85d8143 generate rule for pod controllers 2019-12-20 18:53:29 -08:00
Shuting Zhao
e3a8cabe8d add omitempty to types 2019-12-20 18:51:07 -08:00
shivkumar dudhani
d04f49b5d8 fix message string 2019-12-17 17:16:50 -08:00
shivkumar dudhani
2a56a8e043 remove duplicate functions 2019-12-17 16:37:52 -08:00
shivkumar dudhani
a86aa06e28 Merge branch 'master' into 529_query 2019-12-17 16:36:58 -08:00
shivkumar dudhani
615f1ae940 Merge branch 'master' into 529_query 2019-12-17 16:22:00 -08:00
shivkumar dudhani
38987d50c3 store context values as single JSON document using merge patches. 2019-12-17 16:06:13 -08:00
Shuting Zhao
0d71e4a669 remove condition check while generating mutation patch as conditions are verified in the first iteration 2019-12-16 18:26:38 -08:00
shuting
4149d706e8
Merge pull request #558 from nirmata/428_quantity
implement quantity comparison
2019-12-16 15:53:09 -08:00
Shivkumar Dudhani
39e08aa1fc
76 cache invalidate (#557)
* invalidate local cache of registererd resources

* update client in initContainer

* update message
2019-12-16 12:55:44 -08:00
Shuting Zhao
35adbbe0df convert type boolean to string in /metadata/annotation 2019-12-13 18:04:19 -08:00
Shuting Zhao
5ced2409a3 update test 2019-12-13 13:30:24 -08:00
Shuting Zhao
0969aa9bf9 implement quantity comparison 2019-12-13 13:17:22 -08:00
shivkumar dudhani
793d878b18 correct webhook endpoint 2019-12-13 11:13:58 -08:00
shivkumar dudhani
c4da72ad3e fix indentation in logs 2019-12-13 09:49:09 -08:00
Shuting Zhao
625e45c847 remove duplicate code 2019-12-12 18:55:40 -08:00
shivkumar dudhani
0bd05fd227 missing update 2019-12-12 18:48:53 -08:00
shivkumar dudhani
5659f2fbcf merge master 2019-12-12 18:44:52 -08:00
shivkumar dudhani
8414681e60 support variable substitution in overlay mutation 2019-12-12 18:25:54 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
shivkumar dudhani
745727fd70 add missing files 2019-12-12 16:35:37 -08:00
shivkumar dudhani
a19785261d Merge branch '524_bug' into v1.1.0 2019-12-12 16:25:50 -08:00
shivkumar dudhani
b5de11fc0e refactor engine packages for validate & generate 2019-12-12 15:02:59 -08:00
shivkumar dudhani
507c43ddca update test 2019-12-12 10:55:10 -08:00
shivkumar dudhani
8b1e084691 update tests 2019-12-12 10:47:25 -08:00
shivkumar dudhani
7c9bc6fecf variable substitution 2019-12-12 10:19:45 -08:00
Shuting Zhao
2c783cfe02 rename namespacedpolicyviolation: update code 2019-12-11 16:09:05 -08:00
Shuting Zhao
a107ad7ac8 rename namespacedpolicyviolation: update codegen 2019-12-11 16:07:39 -08:00
shivkumar dudhani
4c55fe00bc Merge branch 'v1.1.0' into 524_bug 2019-12-11 11:21:31 -08:00
shivkumar dudhani
75eee39d7d remove fix for 535 2019-12-11 11:18:38 -08:00
shivkumar dudhani
ad54683f71 CR fixes 2019-12-11 11:15:13 -08:00
shuting
f06b19bb14
Merge pull request #525 from nirmata/421_test_webhook
421 test webhook
2019-12-11 11:13:37 -08:00
shivkumar dudhani
12edc56613 initial commit 2019-12-11 09:45:22 -08:00