mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
kyverno/pkg/policy
History
Riko Kudo 5f5cda9fee
Yaml signing and verification (#4235) 
* enable YAML verification using k8s-manifest-sigstore

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

comment out role and rolebinding for dryrun

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix log message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

change default value of dryrun option

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

support gpg signature

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* upgrade manifest sigstore version and support multi sigs

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix validate.manifest rule

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd and add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

set cosign experimental env when keyless verification

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* improve default ignoreFields

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* add unit-test for k8smanifest

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update install yaml

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version and support one or more signatures

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

add unit-test for k8smanifest multi-signature

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix manifest verify policy and move dryrun rbac to dryrun dir

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version and resolve conflict

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

enable YAML verification using k8s-manifest-sigstore

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

comment out role and rolebinding for dryrun

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

upgrade manifest sigstore version and support multi sigs

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix validate.manifest rule

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd and add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version and support one or more signatures

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy and move dryrun rbac to dryrun dir

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* remove generic name

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix sonatype-lift issue and unit-test error

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix gofumpt error

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update manifest rule to use attestor

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* remove unused value

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* resolve conflict

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix install.yaml

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix to set COSIGN_EXPERIMENTAL env variable when keyless verification

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix misspell

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* enable kyverno cli in validate.manifests rule (#3)

* enable kyverno cli in validate.manifests rule

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version and improve error handling for better result output

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update crds and deepcopy

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update unit test

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* change to use spec.rules.exclude.subjects instead of skipUsers (#4)

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix yaml signing sigstore (#5)

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* add a comment for dryrun option field

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* enable to include ClusterPolicy/Policy in match resource

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix log style and env variable settings

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* simplify manifest verify func

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix func name

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix sonatype warning

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix default ignoreFields

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix yaml signing sigstore rbac (#6)

* fix dryrun rbac to have minimal permissions

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix lint error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix unit-test error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix gofumpt error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix log style

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* updated CRD documentation

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* resolve go.mod conflicts

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* updated helm stuff

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 10:14:54 -07:00
..
common chore: enable gofmt and gofumpt linters (#3931) 2022-05-17 06:19:03 +00:00
generate chore: make kyverno informers and listers import aliases consistent (#3958) 2022-05-18 04:02:31 +00:00
mutate chore: make kyverno api import aliases consistent (#3939) 2022-05-17 13:12:43 +02:00
validate Yaml signing and verification (#4235) 2022-08-30 10:14:54 -07:00
actions.go chore: make kyverno informers and listers import aliases consistent (#3958) 2022-05-18 04:02:31 +00:00
allowed_vars_test.go skip var checks in attestations (#3876) 2022-05-11 09:31:48 +00:00
apply.go Fix merging JSON patches (#4202) 2022-07-11 09:26:31 +05:30
background.go chore: make kyverno api import aliases consistent (#3939) 2022-05-17 13:12:43 +02:00
background_test.go redo variable validation (#2647) 2021-11-03 11:16:55 -07:00
common.go refactor: introduce wildcard utils package (#4406) 2022-08-25 05:23:01 +00:00
existing.go feat: Opentelemetry support for metrics and traces (#3910) 2022-07-11 17:49:47 +00:00
metrics.go feat: Opentelemetry support for metrics and traces (#3910) 2022-07-11 17:49:47 +00:00
on_update_policy_test.go Load mutate.targets via dclient (#3797) 2022-05-06 05:46:36 +00:00
policy_controller.go feat: use tombstone helper (#4273) 2022-08-03 16:17:07 +00:00
report.go feature: added new type of event, PolicySkipped (#4251) 2022-07-28 14:01:50 +08:00
updaterequest.go Added appropriate logging levels to log.Info() calls wherever necessary (#4341) 2022-08-18 13:24:59 +00:00
utils.go chore: make kyverno api import aliases consistent (#3939) 2022-05-17 13:12:43 +02:00
utils_test.go tests: add unit tests for utils functions (#3857) 2022-05-10 13:45:48 +00:00
validate.go Yaml signing and verification (#4235) 2022-08-30 10:14:54 -07:00
validate_test.go refactor: match and exclude conflict validation (#3454) 2022-03-23 17:04:17 +05:30