dependabot[bot]
ffe107c287
chore(deps): bump github.com/notaryproject/notation-go ( #11940 )
...
Bumps [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go ) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/notaryproject/notation-go/releases )
- [Changelog](https://github.com/notaryproject/notation-go/blob/main/RELEASE_CHECKLIST.md )
- [Commits](https://github.com/notaryproject/notation-go/compare/v1.2.1...v1.3.0 )
---
updated-dependencies:
- dependency-name: github.com/notaryproject/notation-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-17 10:57:19 +00:00
Charles-Edouard Brétéché
7351501ef6
feat(cli,apply): load validating policies ( #11933 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-17 09:53:17 +00:00
shuting
97ed53f6bb
feat: register webhook configurations for validatingpolicies ( #11892 )
...
* feat: add spec.webhookConfiguration
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: refactor build webhook for kyverno policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update yamls
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add listers
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: update api
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: remove matchPolicy
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update crd yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add short name
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update deepcopy
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: upadte spec
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix description
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add missing files
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: register webhook for validatingpolicies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: fix import
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* chore: update manifests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
---------
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-01-17 11:33:47 +02:00
Mariam Fahmy
782641d3ff
fix the result column for Kyverno test ( #11842 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-16 15:29:30 +00:00
abhashsolanki18
d2e6759115
fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash ( #11834 )
...
* fix:[Bug] [CLI] CEL scanning a namespace yaml object makes Kyverno crash
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* Fix nil pointer dereference in namespace handling for ValidatingAdmissionPolicy.
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* added test for namespace resource
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed test
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed test
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
* fixed test, combined binding and policy
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
---------
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
2025-01-16 13:39:24 +00:00
Jim Bugwadia
6ac985e7f5
Update ADOPTERS.md ( #11936 )
...
add kubriX platform as an official adopter!
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2025-01-16 07:38:15 +00:00
Vishal Choudhary
9b5db4253b
feat: update annotations of kyverno images ( #11935 )
...
* feat: update annotations of kyverno images
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* Update Makefile
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update Makefile
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update Makefile
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update Makefile
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update Makefile
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Update Makefile
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---------
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2025-01-16 06:19:34 +00:00
dependabot[bot]
d48652e591
chore(deps): bump github.com/notaryproject/notation-core-go from 1.1.0 to 1.2.0 ( #11926 )
...
Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/notaryproject/notation-core-go/releases )
- [Commits](https://github.com/notaryproject/notation-core-go/compare/v1.1.0...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/notaryproject/notation-core-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-01-15 16:35:31 +00:00
Mariam Fahmy
0bb5b19a35
chore: add 1.13.1 and 1.13.2 to issue templates ( #11930 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 14:28:27 +00:00
Mariam Fahmy
2016f82600
chore: use v1 of VAPs in the tests ( #11929 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 14:08:35 +00:00
Mariam Fahmy
a72868bd6f
chore: move CEL package to admissionpolicy package ( #11931 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-15 13:04:18 +00:00
Charles-Edouard Brétéché
a50911d8b5
refactor: cleanup cli apply functions ( #11928 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-15 12:19:57 +02:00
dependabot[bot]
72f932c3bc
chore(deps): bump sigs.k8s.io/kustomize/api from 0.18.0 to 0.19.0 ( #11925 )
...
Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize ) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases )
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.18.0...api/v0.19.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-15 09:22:14 +01:00
Frank Jogeleit
c0d7df709a
Implement Object type checking based on OpenAPI v3 schema ( #11919 )
...
* Implement Object type checking based on OpenAPI v3 schema
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* Fix conflicting resource name
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
* make typeName an configurable argument
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---------
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-14 15:36:09 +00:00
Charles-Edouard Brétéché
6af7ab8905
feat: add CEL variables type checking ( #11920 )
...
* feat: add CEL variables support
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add CEL variables type checking
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* more types
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* provider
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-14 15:57:55 +01:00
Mariam Fahmy
4678078c3d
feat: add auditAnnotation in CEL Compiler ( #11918 )
...
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-01-14 13:16:29 +00:00
Charles-Edouard Brétéché
9177c57b21
feat: add CEL variables support ( #11913 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-14 09:41:18 +00:00
dependabot[bot]
34bc3994a3
chore(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 ( #11911 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.69.2 to 1.69.4.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.69.2...v1.69.4 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-14 08:04:48 +00:00
Charles-Edouard Brétéché
616cb93bc4
feat: add validating policy compiler ( #11906 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-13 13:56:36 +01:00
dependabot[bot]
e7c372a398
chore(deps): bump github.com/fluxcd/pkg/oci from 0.43.0 to 0.43.1 ( #11903 )
...
Bumps [github.com/fluxcd/pkg/oci](https://github.com/fluxcd/pkg ) from 0.43.0 to 0.43.1.
- [Commits](https://github.com/fluxcd/pkg/compare/oci/v0.43.0...oci/v0.43.1 )
---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/oci
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 11:13:49 +00:00
dependabot[bot]
ab94b8511c
chore(deps): bump github.com/cyphar/filepath-securejoin ( #11901 )
...
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin ) from 0.3.6 to 0.4.0.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases )
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md )
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 11:44:38 +01:00
dependabot[bot]
e2e45f2503
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 ( #11902 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.1...v5.6.2 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 08:07:39 +00:00
Charles-Edouard Brétéché
bdc55fbc93
feat: add context cel lib to get config map ( #11898 )
...
* feat: add context cel lib to get config map
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* function name
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix type
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 14:19:50 +00:00
Frank Jogeleit
032d428b12
feat: setup validating policy cel environment ( #11897 )
...
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2025-01-10 13:54:04 +00:00
Charles-Edouard Brétéché
4e84edff68
feat: add support for loading validating policies in the cli ( #11883 )
...
* feat: add support for loading validating policies in the cli
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* copy data
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* legacy loader
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 10:43:48 +00:00
Charles-Edouard Brétéché
af82c1cc73
chore: bump a couple of deps ( #11890 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 09:52:08 +00:00
Charles-Edouard Brétéché
1d03b932a4
refactor: get policy helper ( #11891 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-10 09:30:54 +00:00
Charles-Edouard Brétéché
cc85831dbe
chore: bump a couple of deps ( #11879 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 16:53:05 +01:00
dependabot[bot]
befc4d694d
chore(deps): bump github.com/google/cel-go from 0.22.0 to 0.22.1 ( #11880 )
...
Bumps [github.com/google/cel-go](https://github.com/google/cel-go ) from 0.22.0 to 0.22.1.
- [Release notes](https://github.com/google/cel-go/releases )
- [Commits](https://github.com/google/cel-go/compare/v0.22.0...v0.22.1 )
---
updated-dependencies:
- dependency-name: github.com/google/cel-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-09 16:26:26 +01:00
Charles-Edouard Brétéché
f8d02e2695
chore: bump a couple of deps ( #11878 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 13:29:52 +01:00
Charles-Edouard Brétéché
8be679cdfb
feat: bump kube deps to 1.32 ( #11877 )
2025-01-09 19:51:43 +08:00
Charles-Edouard Brétéché
25ac400481
chore: bump a couple of deps ( #11876 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 10:05:22 +00:00
shuting
ce62379d9c
chore: bump go-git to 5.13.0 ( #11860 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-01-09 09:27:02 +00:00
raffis
306a2e47d9
fix(reports-controller): add a flag to disable reports sanity checks ( #11867 )
...
* fix(reports-controller): remove crd sanity check
Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>
* feat: add a flag to disable reports sanity checks
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
* feat: add changelog
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---------
Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-09 17:03:23 +08:00
Jim Bugwadia
0e5ac8bd49
Add Tigera to Kyverno ADOPTERS.md ( #11874 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2025-01-09 08:20:35 +00:00
dependabot[bot]
b9f576bfca
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 ( #11837 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.6.0 to 5.6.1.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.0...v5.6.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-09 05:30:42 +00:00
Charles-Edouard Brétéché
3369a03844
feat: add validating policy crd in helm chart ( #11870 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-01-09 13:04:54 +08:00
Charles-Edouard Brétéché
47e99166a5
feat: add kyverno vap API ( #11790 )
...
* feat: add kyverno vap API
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* add context lib
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-01-08 15:56:36 +00:00
Charles-Edouard Brétéché
823661e4af
fix: sorting in fix test command ( #11869 )
2025-01-08 13:30:15 +00:00
Rokibul Hasan
236ac9c216
Add flag for JSON output in policy reports ( #11840 )
...
* Add flag for JSON output in policy reports
Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
* make codegen-docs-all
Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
---------
Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-07 06:22:11 +00:00
Damien Degois
c282f71212
remove policy exception dependancy from globalcontext and add some tests ( #11788 )
...
Signed-off-by: Damien Degois <damien@degois.info>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-03 16:16:37 +00:00
Damien Degois
e0fe6ec59a
fix global context error message logic error ( #11815 )
...
following same file line 91 and github.com/kyverno/kyverno/pkg/globalcontext/store#35
the proper handling should be `!ok`
Signed-off-by: Damien Degois <damien@degois.info>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-03 11:47:07 +00:00
Sandesh More
37c73f9314
Fix: Policy with failureActionOverrides not applying desired failure actions in desired namespaces ( #11811 )
...
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
Co-authored-by: sandesh more <samore@purestorage.com>
2025-01-03 10:50:49 +00:00
Mohd Uzair
d84fc7b4e1
fix panic when rules are empty ( #11821 )
...
Signed-off-by: MUzairS15 <muzair.shaikh810@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2025-01-03 09:51:44 +00:00
Rokibul Hasan
5573e5cded
Fix panic in background controller when updating Generate rule ( #11835 )
...
Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
2025-01-03 08:45:06 +00:00
dependabot[bot]
25032e363f
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure ( #11791 )
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.11.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.11 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-30 13:45:42 +00:00
shuting
1743f71a9a
chore: bump x/net 0/33/0 ( #11825 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-30 08:59:27 +00:00
shuting
9e9110e91a
chore: bump python to 3.13.1 ( #11800 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-20 12:43:06 +00:00
Vishal Choudhary
53eba82a7a
fix: cleanup unwanted files ( #11803 )
2024-12-20 12:00:30 +00:00
dependabot[bot]
7dfbd4a031
chore(deps): bump helm/kind-action from 1.10.0 to 1.11.0 ( #11774 )
...
Bumps [helm/kind-action](https://github.com/helm/kind-action ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/helm/kind-action/releases )
- [Commits](0025e74a8c...ae94020eaf
2024-12-20 10:26:37 +00:00
