mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
07877ef37a
* feat:add usage of flux auth package for creating keychain
for every oci provider, we will create a client from flux and use its login() method
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add registry checking
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: update azure keychain to return anonymous kc
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: remove google keychain
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: kubeconfig redefined
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: fix kubeconfig flag being double defined
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* updated comments (#7902)
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#7918)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#7919)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1)
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* refactor validating admission policies (#7835)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* feat: update default keychain in registry to be empty (#7906)
* feat: update default keychain to be empty
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: update registryCredentialHelpers description
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: rename vap to its full name (#7929)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* fix(chart): only create ServiceMonitor if cluster supports it (#7926)
* fix: only create ServiceMonitor if cluster supports it
Adds an additional check to the ServiceMonitor template to ensure that
the cluster supports the `monitoring.coreos.com/v1` API version.
Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>
* add IITS Consulting as adopter from Google Form (#7932)
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* Adding other folder's subfolders to workflows/conformance.yaml's tests array (#7927)
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
* feat: add create metrics-config cli command (#7782)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump svenstaro/upload-release-action from 2.6.1 to 2.7.0 (#7940)
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](2b9d2847a9...1beeb572c1)
---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
* test: add tests for ghcr private repository (#7791)
* chore: organize constants better (#7941)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: move cert.kyverno.io/managed-by label in constants (#7942)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: rename --compact to --detailed-results in CLI (#7937)
* fix: rename --compact to --detailed-results in CLI
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* rename compact arg
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: move more constants (#7944)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add `create values` cli command (#7779)
* feat: add cli command
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add create values cli command
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* Removed usage of `replacements` from goreleaser.yml file (#7833)
* Changed goreleaser.yml file
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
* Changed syntax
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
* Small indent fix
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
---------
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* add 1.10.2 (#7947)
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
* chore: move cache enabled label (#7949)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7952)
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.24.0...v1.25.0)
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* doc: add feature flag guidelines (#7951)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
* chore: move kyverno.io/verify-images constant (#7955)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: add ttl controller (#7821)
* added the ttl controller
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fixed label and vars
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added logger
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* applied fixes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* removed comments
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* more lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* applied changes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* minor fixes
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix logger, separate parse logic
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added kuttl tests, validation utilities
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* commented code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* renamed tests
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix test
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* created log.go
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix log.go
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added README.md refactor code
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added validation webhook
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* label-validation fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* added flag, updated verbs
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* updated verbs
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* updated helm chart
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* test fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* linter
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* imporoved webhook validation
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* linter fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix codegen
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* webhook names and path constants
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* constant label
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix label selector
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl test fix
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* helm docs
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix controller logger
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: manager logger
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix failure policy
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* move kuttl tests in separate job
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove rbac steps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove configmaps from core cluster role
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix logger
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rename flag
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* kuttl
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix error
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix linter
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: rename ttl controller package (#7957)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore: move ttl formats to constants (#7958)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* feat: Add support for server-side-apply in generate rules (#7705)
* feat: Add support for server-side-apply in generate rules
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
* chore: run make codegen-all
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
* chore: Remove unnecessary file I got from copy/paste
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
---------
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* refactor: ttl label validation (#7960)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump github.com/google/go-containerregistry (#7961)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.1-0.20230425172351-b7c6e9dc3944 to 0.16.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/commits/v0.16.1)
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: fix cleanup controller debug in vscode (#7963)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: ttl cleanup controller events processing (#7964)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* test: add test to cleanup the same resource twice (#7965)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: ttl manager stop informer on error (#7966)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* chore(deps): bump slsa-framework/slsa-github-generator (#7968)
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0)
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add basic structure for image verify cache (#7890)
* feat: add interface for image verify cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add basic client for cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add ttl to client
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add flags and flag setup
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: added a default image verify cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add propogation of cache to image verifier
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add useCache to image verification types
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: add ivcache to image verifier
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: add logger to cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* typo: DisabledImageVerfiyCache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* typo: DisabledImageVerfiyCache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* Update cmd/internal/flag.go
Signed-off-by: shuting <shutting06@gmail.com>
* feat: add use cache to v2beta1 crd
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* bug: change public attribute TTL to private
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: replace nil in test with disabled cache
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* fix: convert ttl time to time.Duration
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: update opts to use time.Duration
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat:add policy version and remove delete functions
by adding policy version, old entries will automatically become outdated and we will not have to remove them manually
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: remove clear and update get and set to take interface as input
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* style: fix lint issue
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* Fixes kyverno cli container reorder (#7943)
* added combine rule response
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added kyverno test cli tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added kyverno test cli tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* small nits
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* added ; in between the err messages
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* removed fixed rulename and ruletype
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
---------
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 (#7975)
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.0...v0.15.1)
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump golang.org/x/text from 0.11.0 to 0.12.0 (#7976)
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.11.0...v0.12.0)
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#7977)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/crypto/compare/v0.11.0...v0.12.0)
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix:Add Missing Severity Cases in SeverityFromString Function (#7974)
Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Co-authored-by: shuting <shuting@nirmata.com>
* feat(chart) Allow podSecurityContext and securityContext for webhooksCleanup (#7970)
Fixes #7962
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix: Fixed issue with AddVariable that prevented certain variables (#7981)
When using a label or annotation with quoted dots, AddVariable was splitting inside the quote causing it to be improperly parsed and replaced
Signed-off-by: mvaal <mvaal@expediagroup.com>
* fix: Kyverno cli apply duplicate result counts (#7945)
* removed repeated logic from kyverno_policies_types
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
fixed unit tests
* fixed unit tests
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* updated common.go logic
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* remove skip response logic from common.go
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* remove skip response logic from common.go
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
* fixed conflict
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
---------
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix: return err in load data (#7982)
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
* fix, enhancement (#7988)
* fix, enhancement
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* lint
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
---------
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
* fix: improve lint
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: update auth pkg
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore: fix go mod
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* feat: updated CLI keychains
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
* chore update fluxcd/pkg/auth@0.31.1
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---------
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: mvaal <mvaal@expediagroup.com>
Co-authored-by: Amit kumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Alexej Disterhoft <github@disterhoft.de>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Pradyot Ranjan <99216956+prady0t@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: UgOrange <lichanghao.orange@bytedance.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Marcus Vaal <mvaal@expediagroup.com>
145 lines
3.7 KiB
Go
145 lines
3.7 KiB
Go
package registryclient
|
|
|
|
import (
|
|
"context"
|
|
"net/url"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"github.com/fluxcd/pkg/oci/auth/aws"
|
|
"github.com/fluxcd/pkg/oci/auth/azure"
|
|
"github.com/fluxcd/pkg/oci/auth/gcp"
|
|
"github.com/google/go-containerregistry/pkg/authn"
|
|
"github.com/google/go-containerregistry/pkg/name"
|
|
corev1listers "k8s.io/client-go/listers/core/v1"
|
|
)
|
|
|
|
var (
|
|
acrRE = regexp.MustCompile(`.*\.azurecr\.io|.*\.azurecr\.cn|.*\.azurecr\.de|.*\.azurecr\.us`)
|
|
ecrPattern = regexp.MustCompile(`(^[a-zA-Z0-9][a-zA-Z0-9-_]*)\.dkr\.ecr(-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.amazonaws\.com(\.cn)?$`)
|
|
)
|
|
|
|
const (
|
|
mcrHostname = "mcr.microsoft.com"
|
|
tokenUsername = "<token>"
|
|
|
|
ServiceECR = "ecr"
|
|
ServiceECRPublic = "ecr-public"
|
|
proxyEndpointScheme = "https://"
|
|
programName = "docker-credential-ecr-login"
|
|
ecrPublicName = "public.ecr.aws"
|
|
ecrPublicEndpoint = proxyEndpointScheme + ecrPublicName
|
|
)
|
|
|
|
type autoRefreshSecrets struct {
|
|
lister corev1listers.SecretNamespaceLister
|
|
imagePullSecrets []string
|
|
}
|
|
|
|
func NewAutoRefreshSecretsKeychain(lister corev1listers.SecretNamespaceLister, imagePullSecrets ...string) (authn.Keychain, error) {
|
|
return &autoRefreshSecrets{
|
|
lister: lister,
|
|
imagePullSecrets: imagePullSecrets,
|
|
}, nil
|
|
}
|
|
|
|
func (kc *autoRefreshSecrets) Resolve(resource authn.Resource) (authn.Authenticator, error) {
|
|
inner, err := generateKeychainForPullSecrets(kc.lister, kc.imagePullSecrets...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return inner.Resolve(resource)
|
|
}
|
|
|
|
type anonymuskc struct{}
|
|
|
|
var AnonymousKeychain authn.Keychain = anonymuskc{}
|
|
|
|
func (anonymuskc) Resolve(_ authn.Resource) (authn.Authenticator, error) {
|
|
return authn.Anonymous, nil
|
|
}
|
|
|
|
type azurekeychain struct{}
|
|
|
|
var AzureKeychain authn.Keychain = azurekeychain{}
|
|
|
|
func (azurekeychain) Resolve(resource authn.Resource) (authn.Authenticator, error) {
|
|
if !isACRRegistry(resource.RegistryStr()) {
|
|
return authn.Anonymous, nil
|
|
}
|
|
|
|
ref, err := name.ParseReference(resource.String())
|
|
if err != nil {
|
|
return authn.Anonymous, nil
|
|
}
|
|
|
|
azClient := azure.NewClient()
|
|
auth, err := azClient.Login(context.TODO(), true, resource.String(), ref)
|
|
if err != nil {
|
|
return authn.Anonymous, nil
|
|
}
|
|
return auth, nil
|
|
}
|
|
|
|
func isACRRegistry(input string) bool {
|
|
serverURL, err := url.Parse("https://" + input)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if serverURL.Hostname() == mcrHostname {
|
|
return true
|
|
}
|
|
matches := acrRE.FindStringSubmatch(serverURL.Hostname())
|
|
return len(matches) != 0
|
|
}
|
|
|
|
type awskeychain struct{}
|
|
|
|
var AWSKeychain authn.Keychain = awskeychain{}
|
|
|
|
func (awskeychain) Resolve(resource authn.Resource) (authn.Authenticator, error) {
|
|
if !isAWSRegistry(resource.RegistryStr()) {
|
|
return authn.Anonymous, nil
|
|
}
|
|
awsClient := aws.NewClient()
|
|
auth, err := awsClient.Login(context.TODO(), true, resource.String())
|
|
if err != nil {
|
|
return authn.Anonymous, nil
|
|
}
|
|
return auth, nil
|
|
}
|
|
|
|
func isAWSRegistry(input string) bool {
|
|
input = strings.TrimPrefix(input, proxyEndpointScheme)
|
|
serverURL, err := url.Parse(proxyEndpointScheme + input)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if serverURL.Hostname() == ecrPublicName {
|
|
return true
|
|
}
|
|
matches := ecrPattern.FindStringSubmatch(serverURL.Hostname())
|
|
return len(matches) >= 3
|
|
}
|
|
|
|
type gcpkeychain struct{}
|
|
|
|
var GCPKeychain authn.Keychain = gcpkeychain{}
|
|
|
|
func (gcpkeychain) Resolve(resource authn.Resource) (authn.Authenticator, error) {
|
|
if !gcp.ValidHost(resource.RegistryStr()) {
|
|
return authn.Anonymous, nil
|
|
}
|
|
|
|
ref, err := name.ParseReference(resource.String())
|
|
if err != nil {
|
|
return authn.Anonymous, nil
|
|
}
|
|
|
|
gcpClient := gcp.NewClient()
|
|
auth, err := gcpClient.Login(context.TODO(), true, resource.String(), ref)
|
|
if err != nil {
|
|
return authn.Anonymous, nil
|
|
}
|
|
return auth, nil
|
|
}
|