mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-12 10:56:54 +00:00
1ef9b876e1
* feat: allow changes to preexisting resources that violate a validate foreach, cel or pss policy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: do old object verification as create operation this fixes the case where we are checking request.operation in a deny condition Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update the json context in set operation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update error message Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add match and exclude check Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: match exclude in if Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add option to disable validation of old object Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update readme Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: conflicts Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nil ptr error Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: old obj verification in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw test for assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: cleanup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pss Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: common functions for allow existing violations Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typos Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pss old resource Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: chainsaw test for PSS Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: use old objects Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: more merge changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: e2e matrxix Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: refactor and dont return error when old obj validation fails Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: return resp when not matched Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add logs and return skip when old object validation fails Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update validate_resource.go Co-authored-by: shuting <shutting06@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update validate_pss.go Co-authored-by: shuting <shutting06@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * Update validate_assert.go Co-authored-by: shuting <shutting06@gmail.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
154 lines
8 KiB
Go
154 lines
8 KiB
Go
/*
|
|
Copyright The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// Code generated by applyconfiguration-gen. DO NOT EDIT.
|
|
|
|
package v1
|
|
|
|
import (
|
|
v1alpha1 "github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1"
|
|
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
|
)
|
|
|
|
// ValidationApplyConfiguration represents an declarative configuration of the Validation type for use
|
|
// with apply.
|
|
type ValidationApplyConfiguration struct {
|
|
FailureAction *v1.ValidationFailureAction `json:"failureAction,omitempty"`
|
|
FailureActionOverrides []ValidationFailureActionOverrideApplyConfiguration `json:"failureActionOverrides,omitempty"`
|
|
AllowExistingViolations *bool `json:"allowExistingViolations,omitempty"`
|
|
Message *string `json:"message,omitempty"`
|
|
Manifests *ManifestsApplyConfiguration `json:"manifests,omitempty"`
|
|
ForEachValidation []ForEachValidationApplyConfiguration `json:"foreach,omitempty"`
|
|
RawPattern *apiextensionsv1.JSON `json:"pattern,omitempty"`
|
|
RawAnyPattern *apiextensionsv1.JSON `json:"anyPattern,omitempty"`
|
|
Deny *DenyApplyConfiguration `json:"deny,omitempty"`
|
|
PodSecurity *PodSecurityApplyConfiguration `json:"podSecurity,omitempty"`
|
|
CEL *CELApplyConfiguration `json:"cel,omitempty"`
|
|
Assert *v1alpha1.Any `json:"assert,omitempty"`
|
|
}
|
|
|
|
// ValidationApplyConfiguration constructs an declarative configuration of the Validation type for use with
|
|
// apply.
|
|
func Validation() *ValidationApplyConfiguration {
|
|
return &ValidationApplyConfiguration{}
|
|
}
|
|
|
|
// WithFailureAction sets the FailureAction field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the FailureAction field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithFailureAction(value v1.ValidationFailureAction) *ValidationApplyConfiguration {
|
|
b.FailureAction = &value
|
|
return b
|
|
}
|
|
|
|
// WithFailureActionOverrides adds the given value to the FailureActionOverrides field in the declarative configuration
|
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
|
// If called multiple times, values provided by each call will be appended to the FailureActionOverrides field.
|
|
func (b *ValidationApplyConfiguration) WithFailureActionOverrides(values ...*ValidationFailureActionOverrideApplyConfiguration) *ValidationApplyConfiguration {
|
|
for i := range values {
|
|
if values[i] == nil {
|
|
panic("nil value passed to WithFailureActionOverrides")
|
|
}
|
|
b.FailureActionOverrides = append(b.FailureActionOverrides, *values[i])
|
|
}
|
|
return b
|
|
}
|
|
|
|
// WithAllowExistingViolations sets the AllowExistingViolations field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the AllowExistingViolations field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithAllowExistingViolations(value bool) *ValidationApplyConfiguration {
|
|
b.AllowExistingViolations = &value
|
|
return b
|
|
}
|
|
|
|
// WithMessage sets the Message field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the Message field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithMessage(value string) *ValidationApplyConfiguration {
|
|
b.Message = &value
|
|
return b
|
|
}
|
|
|
|
// WithManifests sets the Manifests field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the Manifests field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithManifests(value *ManifestsApplyConfiguration) *ValidationApplyConfiguration {
|
|
b.Manifests = value
|
|
return b
|
|
}
|
|
|
|
// WithForEachValidation adds the given value to the ForEachValidation field in the declarative configuration
|
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
|
// If called multiple times, values provided by each call will be appended to the ForEachValidation field.
|
|
func (b *ValidationApplyConfiguration) WithForEachValidation(values ...*ForEachValidationApplyConfiguration) *ValidationApplyConfiguration {
|
|
for i := range values {
|
|
if values[i] == nil {
|
|
panic("nil value passed to WithForEachValidation")
|
|
}
|
|
b.ForEachValidation = append(b.ForEachValidation, *values[i])
|
|
}
|
|
return b
|
|
}
|
|
|
|
// WithRawPattern sets the RawPattern field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the RawPattern field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration {
|
|
b.RawPattern = &value
|
|
return b
|
|
}
|
|
|
|
// WithRawAnyPattern sets the RawAnyPattern field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the RawAnyPattern field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithRawAnyPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration {
|
|
b.RawAnyPattern = &value
|
|
return b
|
|
}
|
|
|
|
// WithDeny sets the Deny field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the Deny field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithDeny(value *DenyApplyConfiguration) *ValidationApplyConfiguration {
|
|
b.Deny = value
|
|
return b
|
|
}
|
|
|
|
// WithPodSecurity sets the PodSecurity field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the PodSecurity field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithPodSecurity(value *PodSecurityApplyConfiguration) *ValidationApplyConfiguration {
|
|
b.PodSecurity = value
|
|
return b
|
|
}
|
|
|
|
// WithCEL sets the CEL field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the CEL field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithCEL(value *CELApplyConfiguration) *ValidationApplyConfiguration {
|
|
b.CEL = value
|
|
return b
|
|
}
|
|
|
|
// WithAssert sets the Assert field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the Assert field is set to the value of the last call.
|
|
func (b *ValidationApplyConfiguration) WithAssert(value v1alpha1.Any) *ValidationApplyConfiguration {
|
|
b.Assert = &value
|
|
return b
|
|
}
|