mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity
kyverno/pkg/engine
History
Riko Kudo 5f5cda9fee
Yaml signing and verification (#4235) 
* enable YAML verification using k8s-manifest-sigstore

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

comment out role and rolebinding for dryrun

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix log message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

change default value of dryrun option

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

support gpg signature

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* upgrade manifest sigstore version and support multi sigs

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix validate.manifest rule

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd and add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

set cosign experimental env when keyless verification

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* improve default ignoreFields

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* add unit-test for k8smanifest

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update install yaml

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version and support one or more signatures

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

add unit-test for k8smanifest multi-signature

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix manifest verify policy and move dryrun rbac to dryrun dir

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version and resolve conflict

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

enable YAML verification using k8s-manifest-sigstore

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

comment out role and rolebinding for dryrun

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

upgrade manifest sigstore version and support multi sigs

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix validate.manifest rule

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd and add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version and support one or more signatures

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy and move dryrun rbac to dryrun dir

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* remove generic name

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix sonatype-lift issue and unit-test error

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix gofumpt error

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update manifest rule to use attestor

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* remove unused value

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* resolve conflict

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix install.yaml

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix to set COSIGN_EXPERIMENTAL env variable when keyless verification

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix misspell

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* enable kyverno cli in validate.manifests rule (#3)

* enable kyverno cli in validate.manifests rule

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version and improve error handling for better result output

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update crds and deepcopy

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update unit test

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* change to use spec.rules.exclude.subjects instead of skipUsers (#4)

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix yaml signing sigstore (#5)

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* add a comment for dryrun option field

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* enable to include ClusterPolicy/Policy in match resource

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix log style and env variable settings

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* simplify manifest verify func

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix func name

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix sonatype warning

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix default ignoreFields

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix yaml signing sigstore rbac (#6)

* fix dryrun rbac to have minimal permissions

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix lint error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix unit-test error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix gofumpt error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix log style

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* updated CRD documentation

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* resolve go.mod conflicts

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* updated helm stuff

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 10:14:54 -07:00
..
anchor chore: enable gofmt and gofumpt linters (#3931) 2022-05-17 06:19:03 +00:00
common refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
context refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
jmespath refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
jsonutils refactor: move common utils (#3553) 2022-04-05 13:02:43 +00:00
mutate refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
operator chore: enable gofmt and gofumpt linters (#3931) 2022-05-17 06:19:03 +00:00
resources Yaml signing and verification (#4235) 2022-08-30 10:14:54 -07:00
response refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
utils use failurePolicy to block or allow requests, on policy errors (#4183) 2022-08-02 20:24:02 +05:30
validate use failurePolicy to block or allow requests, on policy errors (#4183) 2022-08-02 20:24:02 +05:30
variables refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
wildcards refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
apiPath.go feat: add raw api call support (#3820) 2022-08-23 18:52:54 +02:00
apiPath_test.go feat: add raw api call support (#3820) 2022-08-23 18:52:54 +02:00
attestation_test.go add applyRules to control whether one or all rules are applied (#4196) 2022-07-29 15:02:26 +08:00
background.go chore: fix golangcilint timeout (#4388) 2022-08-24 21:08:24 +08:00
forceMutate.go chore: make kyverno api import aliases consistent (#3939) 2022-05-17 13:12:43 +02:00
forceMutate_test.go refactor: engine context (#3563) 2022-04-09 11:52:50 +00:00
generation.go chore: make kyverno api import aliases consistent (#3939) 2022-05-17 13:12:43 +02:00
imageVerify.go refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
imageVerify_test.go Fix PEM delimiter parse (#4331) 2022-08-12 10:06:14 +00:00
imageVerifyMetadata.go chore: enable gofmt and gofumpt linters (#3931) 2022-05-17 06:19:03 +00:00
imageVerifyValidate.go Added appropriate logging levels to log.Info() calls wherever necessary (#4341) 2022-08-18 13:24:59 +00:00
jsonContext.go feat: add raw api call support (#3820) 2022-08-23 18:52:54 +02:00
k8smanifest.go Yaml signing and verification (#4235) 2022-08-30 10:14:54 -07:00
k8smanifest_test.go Yaml signing and verification (#4235) 2022-08-30 10:14:54 -07:00
loadtargets.go refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
loadtargets_test.go Load mutate.targets via dclient (#3797) 2022-05-06 05:46:36 +00:00
mutation.go add applyRules to control whether one or all rules are applied (#4196) 2022-07-29 15:02:26 +08:00
mutation_test.go use failurePolicy to block or allow requests, on policy errors (#4183) 2022-08-02 20:24:02 +05:30
policyContext.go chore: make dclient import aliases consistent (#3951) 2022-05-17 14:40:51 +00:00
utils.go refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
utils_test.go handle subresources (#3841) 2022-05-09 18:50:50 -07:00
validation.go Yaml signing and verification (#4235) 2022-08-30 10:14:54 -07:00
validation_test.go [Bugbash] Kceu22 bugbash/fix staticcheck warnings (#3917) 2022-05-14 22:04:35 +01:00