mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
07877ef37a
* feat:add usage of flux auth package for creating keychain
for every oci provider, we will create a client from flux and use its login() method
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add registry checking
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: update azure keychain to return anonymous kc
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: remove google keychain
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: kubeconfig redefined
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: fix kubeconfig flag being double defined
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated comments (#7902)
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#7918)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#7919)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1)
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* refactor validating admission policies (#7835)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: update default keychain in registry to be empty (#7906)
* feat: update default keychain to be empty
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: update registryCredentialHelpers description
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: rename vap to its full name (#7929)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix(chart): only create ServiceMonitor if cluster supports it (#7926)
* fix: only create ServiceMonitor if cluster supports it
Adds an additional check to the ServiceMonitor template to ensure that
the cluster supports the `monitoring.coreos.com/v1` API version.
Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>
* add IITS Consulting as adopter from Google Form (#7932)
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* Adding other folder's subfolders to workflows/conformance.yaml's tests array (#7927)
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
* feat: add create metrics-config cli command (#7782)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump svenstaro/upload-release-action from 2.6.1 to 2.7.0 (#7940)
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](2b9d2847a9...1beeb572c1)
---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* test: add tests for ghcr private repository (#7791)
* chore: organize constants better (#7941)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: move cert.kyverno.io/managed-by label in constants (#7942)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: rename --compact to --detailed-results in CLI (#7937)
* fix: rename --compact to --detailed-results in CLI
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* rename compact arg
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: move more constants (#7944)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add `create values` cli command (#7779)
* feat: add cli command
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add create values cli command
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* Removed usage of `replacements` from goreleaser.yml file (#7833)
* Changed goreleaser.yml file
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
* Changed syntax
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
* Small indent fix
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
---------
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* add 1.10.2 (#7947)
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* chore: move cache enabled label (#7949)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7952)
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.24.0...v1.25.0)
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* doc: add feature flag guidelines (#7951)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: move kyverno.io/verify-images constant (#7955)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add ttl controller (#7821)
* added the ttl controller
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fixed label and vars
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added logger
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* applied fixes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* removed comments
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* more lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* applied changes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* minor fixes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix logger, separate parse logic
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added kuttl tests, validation utilities
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* commented code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* renamed tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix test
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* created log.go
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix log.go
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added README.md refactor code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added validation webhook
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* label-validation fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added flag, updated verbs
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* updated verbs
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* updated helm chart
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* test fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* linter
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* imporoved webhook validation
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* linter fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* webhook names and path constants
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* constant label
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix label selector
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl test fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* helm docs
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix controller logger
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: manager logger
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix failure policy
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* move kuttl tests in separate job
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove rbac steps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove configmaps from core cluster role
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix logger
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rename flag
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix error
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix linter
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: rename ttl controller package (#7957)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: move ttl formats to constants (#7958)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: Add support for server-side-apply in generate rules (#7705)
* feat: Add support for server-side-apply in generate rules
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
* chore: run make codegen-all
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* chore: Remove unnecessary file I got from copy/paste
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
---------
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* refactor: ttl label validation (#7960)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github.com/google/go-containerregistry (#7961)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.1-0.20230425172351-b7c6e9dc3944 to 0.16.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/commits/v0.16.1)
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: fix cleanup controller debug in vscode (#7963)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: ttl cleanup controller events processing (#7964)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* test: add test to cleanup the same resource twice (#7965)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: ttl manager stop informer on error (#7966)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump slsa-framework/slsa-github-generator (#7968)
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0)
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add basic structure for image verify cache (#7890)
* feat: add interface for image verify cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add basic client for cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add ttl to client
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add flags and flag setup
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: added a default image verify cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add propogation of cache to image verifier
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add useCache to image verification types
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: add ivcache to image verifier
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add logger to cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* typo: DisabledImageVerfiyCache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* typo: DisabledImageVerfiyCache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Update cmd/internal/flag.go
Signed-off-by: shuting <shutting06@gmail.com>
* feat: add use cache to v2beta1 crd
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: change public attribute TTL to private
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: replace nil in test with disabled cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: convert ttl time to time.Duration
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: update opts to use time.Duration
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat:add policy version and remove delete functions
by adding policy version, old entries will automatically become outdated and we will not have to remove them manually
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: remove clear and update get and set to take interface as input
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* style: fix lint issue
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* Fixes kyverno cli container reorder (#7943)
* added combine rule response
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added kyverno test cli tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added kyverno test cli tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* small nits
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added ; in between the err messages
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed fixed rulename and ruletype
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
---------
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 (#7975)
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.0...v0.15.1)
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump golang.org/x/text from 0.11.0 to 0.12.0 (#7976)
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.11.0...v0.12.0)
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#7977)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/crypto/compare/v0.11.0...v0.12.0)
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix:Add Missing Severity Cases in SeverityFromString Function (#7974)
Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Co-authored-by: shuting <shuting@nirmata.com>
* feat(chart) Allow podSecurityContext and securityContext for webhooksCleanup (#7970)
Fixes #7962
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: Fixed issue with AddVariable that prevented certain variables (#7981)
When using a label or annotation with quoted dots, AddVariable was splitting inside the quote causing it to be improperly parsed and replaced
Signed-off-by: mvaal <mvaal@expediagroup.com>
* fix: Kyverno cli apply duplicate result counts (#7945)
* removed repeated logic from kyverno_policies_types
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
fixed unit tests
* fixed unit tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* updated common.go logic
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* remove skip response logic from common.go
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* remove skip response logic from common.go
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* fixed conflict
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
---------
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix: return err in load data (#7982)
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix, enhancement (#7988)
* fix, enhancement
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix: improve lint
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: update auth pkg
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore: fix go mod
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: updated CLI keychains
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore update fluxcd/pkg/auth@0.31.1
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: mvaal <mvaal@expediagroup.com>
Co-authored-by: Amit kumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Alexej Disterhoft <github@disterhoft.de>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Pradyot Ranjan <99216956+prady0t@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: UgOrange <lichanghao.orange@bytedance.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Marcus Vaal <mvaal@expediagroup.com>
198 lines
5.6 KiB
Go
198 lines
5.6 KiB
Go
package registryclient
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"runtime"
|
|
"time"
|
|
|
|
"github.com/google/go-containerregistry/pkg/authn"
|
|
"github.com/google/go-containerregistry/pkg/authn/github"
|
|
"github.com/google/go-containerregistry/pkg/name"
|
|
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
|
|
"github.com/kyverno/kyverno/pkg/tracing"
|
|
"github.com/sigstore/cosign/v2/pkg/oci/remote"
|
|
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
corev1listers "k8s.io/client-go/listers/core/v1"
|
|
"sigs.k8s.io/release-utils/version"
|
|
)
|
|
|
|
var (
|
|
defaultKeychain = AnonymousKeychain
|
|
defaultTransport = &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
DialContext: (&net.Dialer{
|
|
// By default we wrap the transport in retries, so reduce the
|
|
// default dial timeout to 5s to avoid 5x 30s of connection
|
|
// timeouts when doing the "ping" on certain http registries.
|
|
Timeout: 5 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
}).DialContext,
|
|
ForceAttemptHTTP2: true,
|
|
MaxIdleConns: 100,
|
|
IdleConnTimeout: 90 * time.Second,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
}
|
|
|
|
userAgent = fmt.Sprintf("cosign/%s (%s; %s)", version.GetVersionInfo().GitVersion, runtime.GOOS, runtime.GOARCH)
|
|
)
|
|
|
|
// Client provides registry related objects.
|
|
type Client interface {
|
|
// Keychain provides the configured credentials
|
|
Keychain() authn.Keychain
|
|
|
|
// getTransport provides transport object.
|
|
getTransport() http.RoundTripper
|
|
|
|
// FetchImageDescriptor fetches Descriptor from registry with given imageRef
|
|
// and provides access to metadata about remote artifact.
|
|
FetchImageDescriptor(context.Context, string) (*gcrremote.Descriptor, error)
|
|
|
|
// BuildRemoteOption builds remote.Option based on client.
|
|
BuildRemoteOption(context.Context) remote.Option
|
|
}
|
|
|
|
type client struct {
|
|
keychain authn.Keychain
|
|
transport http.RoundTripper
|
|
}
|
|
|
|
type config struct {
|
|
keychain []authn.Keychain
|
|
transport *http.Transport
|
|
tracing bool
|
|
}
|
|
|
|
// Option is an option to initialize registry client.
|
|
type Option = func(*config) error
|
|
|
|
// New creates a new Client with options
|
|
func New(options ...Option) (Client, error) {
|
|
cfg := &config{
|
|
transport: defaultTransport,
|
|
}
|
|
for _, opt := range options {
|
|
if err := opt(cfg); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
c := &client{
|
|
keychain: defaultKeychain,
|
|
transport: cfg.transport,
|
|
}
|
|
if len(cfg.keychain) > 0 {
|
|
c.keychain = authn.NewMultiKeychain(cfg.keychain...)
|
|
}
|
|
if cfg.tracing {
|
|
c.transport = tracing.Transport(cfg.transport, otelhttp.WithFilter(tracing.RequestFilterIsInSpan))
|
|
}
|
|
return c, nil
|
|
}
|
|
|
|
// New creates a new Client with options
|
|
func NewOrDie(options ...Option) Client {
|
|
c, err := New(options...)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return c
|
|
}
|
|
|
|
// WithKeychainPullSecrets provides initialize registry client option that allows to use pull secrets.
|
|
func WithKeychainPullSecrets(lister corev1listers.SecretNamespaceLister, imagePullSecrets ...string) Option {
|
|
return func(c *config) error {
|
|
kc, err := NewAutoRefreshSecretsKeychain(lister, imagePullSecrets...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
c.keychain = append(c.keychain, kc)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// WithCredentialProviders initialize registry client option by using registries credentials
|
|
func WithCredentialProviders(credentialProviders ...string) Option {
|
|
return func(c *config) error {
|
|
var chains []authn.Keychain
|
|
helpers := sets.New(credentialProviders...)
|
|
if helpers.Has("default") {
|
|
chains = append(chains, authn.DefaultKeychain)
|
|
}
|
|
if helpers.Has("google") {
|
|
chains = append(chains, GCPKeychain)
|
|
}
|
|
if helpers.Has("amazon") {
|
|
chains = append(chains, AWSKeychain)
|
|
}
|
|
if helpers.Has("azure") {
|
|
chains = append(chains, AzureKeychain)
|
|
}
|
|
if helpers.Has("github") {
|
|
chains = append(chains, github.Keychain)
|
|
}
|
|
c.keychain = append(c.keychain, chains...)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// WithAllowInsecureRegistry initialize registry client option that allows to use insecure registries.
|
|
func WithAllowInsecureRegistry() Option {
|
|
return func(c *config) error {
|
|
c.transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} //nolint:gosec
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// WithLocalKeychain provides initialize keychain with the default local keychain.
|
|
func WithLocalKeychain() Option {
|
|
return func(c *config) error {
|
|
c.keychain = append(c.keychain, authn.DefaultKeychain)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// WithTracing enables tracing in the http client.
|
|
func WithTracing() Option {
|
|
return func(c *config) error {
|
|
c.tracing = true
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// BuildRemoteOption builds remote.Option based on client.
|
|
func (c *client) BuildRemoteOption(ctx context.Context) remote.Option {
|
|
return remote.WithRemoteOptions(
|
|
gcrremote.WithAuthFromKeychain(c.keychain),
|
|
gcrremote.WithTransport(c.transport),
|
|
gcrremote.WithContext(ctx),
|
|
gcrremote.WithUserAgent(userAgent),
|
|
)
|
|
}
|
|
|
|
// FetchImageDescriptor fetches Descriptor from registry with given imageRef
|
|
// and provides access to metadata about remote artifact.
|
|
func (c *client) FetchImageDescriptor(ctx context.Context, imageRef string) (*gcrremote.Descriptor, error) {
|
|
parsedRef, err := name.ParseReference(imageRef)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to parse image reference: %s, error: %v", imageRef, err)
|
|
}
|
|
desc, err := gcrremote.Get(parsedRef, gcrremote.WithAuthFromKeychain(c.keychain), gcrremote.WithContext(ctx))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to fetch image reference: %s, error: %v", imageRef, err)
|
|
}
|
|
return desc, nil
|
|
}
|
|
|
|
func (c *client) Keychain() authn.Keychain {
|
|
return c.keychain
|
|
}
|
|
|
|
func (c *client) getTransport() http.RoundTripper {
|
|
return c.transport
|
|
}
|