mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/pkg
History
Vishal Choudhary 1ef9b876e1
fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 
* feat: allow changes to preexisting resources that violate a validate foreach, cel or pss policy

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: do old object verification as create operation

this fixes the case where we are checking request.operation in a deny condition

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update the json context in set operation

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: typo

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update error message

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add match and exclude check

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: match exclude in if

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add option to disable validation of old object

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: unit tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update readme

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: conflicts

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: ci

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: nil ptr error

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: old obj verification in assert

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: codegen

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw test for assert

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: cleanup

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: chainsaw tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: pss

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: common functions for allow existing violations

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: types

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: typos

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: pss old resource

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: chainsaw test for PSS

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: use old objects

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: more merge changes

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: e2e matrxix

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: refactor and dont return error when old obj validation fails

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: return resp when not matched

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: add logs and return skip when old object validation fails

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update validate_resource.go

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update validate_pss.go

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* Update validate_assert.go

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
2024-09-06 06:42:56 +00:00
..
auth fix: add the resource name to the SubjectAccessReview (#10221) 2024-08-07 12:46:44 +00:00
autogen feat: remove yaml markers (#11015) 2024-09-05 11:13:16 +00:00
background feat: foreach support for clone (#10888) 2024-08-29 11:59:22 +00:00
breaker rename package: d4f --> breaker (#10863) 2024-08-15 10:53:20 +00:00
client fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
clients feat: bump to k8s 1.31 (#10938) 2024-08-28 17:09:58 +00:00
config feat: delete webhook configurations after kyverno is uninstalled (#10782) 2024-09-04 10:59:59 +00:00
controllers fix: range through all resources to build webhook (#10748) 2024-09-05 11:42:40 +00:00
cosign feat: add support for signature algorithm in cosign cert and kms verification (#10086) 2024-09-05 06:57:44 +00:00
engine fix: allow changes to preexisting resources that violate a validate foreach, cel or pss policy (#10033) 2024-09-06 06:42:56 +00:00
event chore: remove v1alpha1 of VAPs and use v1beta1 (#10955) 2024-08-29 15:31:25 +00:00
exceptions chore: use v2 clients for policy exceptions (#10530) 2024-06-24 16:36:55 +00:00
globalcontext feat(gctx): retry logic (#10796) 2024-08-21 19:32:58 +00:00
images feat: add support for sigstore bundle verification (#10567) 2024-08-16 11:36:48 +00:00
imageverifycache fix: properly use useCache field in image verification policies (#10709) 2024-08-19 14:26:07 +00:00
informers feat: delete webhook configurations after kyverno is uninstalled (#10782) 2024-09-04 10:59:59 +00:00
leaderelection Remove dependency on github.com/pkg/errors (#6165) 2023-02-01 14:38:04 +08:00
logging chore(log): add caller (#10874) 2024-08-16 14:08:55 +00:00
metrics feat: bump to k8s 1.31 (#10938) 2024-08-28 17:09:58 +00:00
notary feat: fix notary tests (#10579) 2024-07-02 14:18:29 +00:00
policy fix: add auth check to the admission controller for generate policies (#10963) 2024-09-04 11:26:24 +00:00
policycache feat: show violations and mutations as warning (#10214) 2024-09-05 10:02:00 +00:00
profiling refactor: introduce cmd internal package (#5404) 2022-11-18 22:21:15 +08:00
pss fix: concurrent map read and map write when applying a validate.podSecurity rule (#11012) 2024-09-04 17:05:10 +00:00
registryclient fix: use gcr crane opts while fetching image descriptors (#9838) 2024-03-04 08:14:00 +00:00
tls chore: set cert renewal time to 15 days before expiration (#8567) 2023-12-06 13:37:01 +00:00
toggle fix: display a message when the controller has no permissions for VAPs (#8776) 2023-11-01 21:52:03 +08:00
tracing feat: bump to k8s 1.31 (#10938) 2024-08-28 17:09:58 +00:00
userinfo refactor: reduce userinfos deps and add unit tests (#6524) 2023-03-10 09:09:19 +00:00
utils feat: delete webhook configurations after kyverno is uninstalled (#10782) 2024-09-04 10:59:59 +00:00
validatingadmissionpolicy feat: enable custom data in policy reports using properties (#10933) 2024-09-03 17:36:07 +00:00
validation feat:Add support for condition validation across multiple image verification attestations or context entry (#9960) 2024-09-05 10:33:37 +00:00
version fix: use golang builtin version management (#7654) 2023-06-30 23:27:06 +00:00
webhooks fix: unsupported defaults in api (#11021) 2024-09-05 14:48:47 +00:00