mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
Cloud Native Policy Management
7642 commits 15 branches 540 tags 276 MiB
Go 98.5%
Makefile 0.7%
Shell 0.4%
Smarty 0.4%
Find a file
Vishal Choudhary 1ef9b876e1
fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 
* feat: allow changes to preexisting resources that violate a validate foreach, cel or pss policy

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: do old object verification as create operation

this fixes the case where we are checking request.operation in a deny condition

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update the json context in set operation

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: typo

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update error message

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add match and exclude check

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: match exclude in if

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add option to disable validation of old object

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: unit tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update readme

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: conflicts

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: ci

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: nil ptr error

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: old obj verification in assert

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: codegen

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw test for assert

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: cleanup

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: pss

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: common functions for allow existing violations

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: types

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: typos

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: pss old resource

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw test for PSS

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: use old objects

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: more merge changes

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: e2e matrxix

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: refactor and dont return error when old obj validation fails

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: return resp when not matched

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add logs and return skip when old object validation fails

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update validate_resource.go

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update validate_pss.go

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update validate_assert.go

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2024-09-06 06:42:56 +00:00
.devcontainer chore(deps): bump ubuntu from 2e863c4 to 8a37d68 in /.devcontainer (#10885) 2024-08-19 11:29:41 +00:00
.github fix: attempt to fix the trivy scan (#11018) 2024-09-05 08:12:15 +00:00
.vscode chore: add --reportsServiceAccountName in launch.json (#10943) 2024-08-28 20:49:10 +00:00
api fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
charts fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
cmd fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
config fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
data feat: update built-in resource schemas (#7014) 2023-04-27 05:11:31 +00:00
docs fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
ext chore: bump k8s libs to 0.30 (#10285) 2024-06-04 15:09:44 +08:00
hack chore: reduce the number of e2e partitions (#11009) 2024-09-04 14:26:10 +00:00
img upload logo (#1560) 2021-02-08 13:09:37 -08:00
litmuschaos [Chore] Bump to Go 1.20 (#6683) 2023-04-03 11:40:47 +00:00
pkg fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
scripts chore: remove v1alpha1 of VAPs and use v1beta1 (#10955) 2024-08-29 15:31:25 +00:00
test fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
.chainsaw.yaml chore: bump chainsaw (#10345) 2024-05-30 09:01:23 +00:00
.codeclimate.yml remove arm from goreleaser (#903) 2020-06-04 11:45:37 -07:00
.directory Implemented validation across same yaml 2019-06-20 18:21:55 +03:00
.gitignore Unit tests for Pod Security Admission Integrations (#8585) 2023-12-26 22:28:08 +08:00
.golangci.yml feat: bump to k8s 1.31 (#10938) 2024-08-28 17:09:58 +00:00
.goreleaser.yml include time and hash in build info (#10474) 2024-06-24 11:15:39 +00:00
.ko.yaml feat: template background controller (#6157) 2023-01-31 17:12:34 +01:00
.krew.yaml Remove s390X (#4063) 2022-06-03 08:11:12 +00:00
.nancy-ignore extend timestamp (#10679) 2024-07-19 16:59:28 +08:00
ADOPTERS.md updating adopters list - adding InfraCloud (#10577) 2024-07-03 05:28:18 +00:00
CHANGELOG.md feat: remove reports chunking (#10597) 2024-07-04 08:10:16 +00:00
CODE_OF_CONDUCT.md update governance (#10669) 2024-07-17 07:09:46 +00:00
CODEOWNERS adding @YTGhost to codeowners (#10944) 2024-08-28 14:50:28 +00:00
CONTRIBUTING.md update governance (#10669) 2024-07-17 07:09:46 +00:00
CONTRIBUTORS.md adding myself in the contributors list (#10149) 2024-05-11 11:33:01 +00:00
DEVELOPMENT.md Updated the outdated example mentioned in Development.md file with latest one (#10706) 2024-07-24 07:18:39 +00:00
go.mod chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#11017) 2024-09-05 08:54:33 +00:00
go.sum chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#11017) 2024-09-05 08:54:33 +00:00
GOVERNANCE.md update governance (#10669) 2024-07-17 07:09:46 +00:00
LICENSE Create LICENSE 2019-06-05 23:00:32 -04:00
MAINTAINERS.md move Chip Zoller to emeritus (#10882) 2024-08-22 20:33:37 +00:00
Makefile chore: add e2e matrix codegen and verification (#10986) 2024-09-03 00:11:29 +00:00
OWNERS.md chore: add myself in approvers (#4990) 2022-10-15 23:55:00 +00:00
README.md update governance (#10669) 2024-07-17 07:09:46 +00:00
ROADMAP.md Update ROADMAP.md (#10420) 2024-06-10 11:12:31 +00:00
SECURITY-INSIGHTS.yml [Feature] Security Improvements based on CLOMonitor Checks (#9395) 2024-01-19 10:50:17 +00:00
SECURITY.md change security to point to org repo (#10716) 2024-07-25 07:40:38 +00:00
sonar-project.properties Integrate Sonarcloud and Nancy github action (#3491) 2022-09-14 07:25:14 +00:00

README.md

Kyverno Tweet

Cloud Native Policy Management 🎉

Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices OpenSSF Scorecard SLSA 3 Artifact HUB codecov FOSSA Status

logo

Kyverno is a policy engine designed for cloud native platform engineering teams. It enables security, automation, compliance, and governance using policy-as-code. Kyverno can validate, mutate, generate, and cleanup configurations using Kubernetes admission controls, background scans, and source code respository scans. Kyverno policies can also be used to verify OCI images, for software supply chain security. Kyverno policies can be managed as Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

Open Source Security Index - Fastest Growing Open Source Security Projects

📙 Documentation

Kyverno installation and reference documents are available at [kyverno.io] (https://kyverno.io).

👉 Quick Start

👉 Installation

👉 Sample Policies

🙋‍♂️ Getting Help

We are here to help!

👉 For feature requests and bugs, file an issue.

👉 For discussions or questions, join the Kyverno Slack channel.

👉 For community meeting access, see mailing list.

👉 To get follow updates star this repository.

Contributing

Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:

✔ Read and agree to the Contribution Guidelines.

✔ Browse through the GitHub discussions.

✔ Read Kyverno design and development details on the GitHub Wiki.

✔ Check out the good first issues list. Add a comment with /assign to request assignment of the issue.

✔ Check out the Kyverno Community page for other ways to get involved.

Software Bill of Materials

All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX JSON format. SBOMs for Kyverno images are stored in a separate repository at ghcr.io/kyverno/sbom. More information on this is available at Fetching the SBOM for Kyverno.

Contributors

Kyverno is built and maintained by our growing community of contributors!

Made with contributors-img.

License

Copyright 2024, the Kyverno project. All rights reserved. Kyverno is licensed under the Apache License 2.0.

Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.