Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added generateForEach() skelton in /pkg/engine/generation.go
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> remove some enhancement mistakes and added getData() in /api/kyverno/v1/commontypes for forEachGeneration Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> refactor: make tls cert func not depending on cert controller (#4820) * refactor: make tls cert func not depending on cert controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fmt Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: non leader controllers management (#4831) upgrade controller-runtime dependency (#4829) Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: call depth in logging package and global logger support for call depth (#4834) * upgrade controller-runtime dependency Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * reset global logger in logging package Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add description to globallogger Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push only relevant changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix extension checks (#4836) * fix extension checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> refactor: leader controllers management (#4832) * refactor: leader controllers management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rename Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix start Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove dead code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Update PSa images dsecription (#4840) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> chore: bump a couple of deps (#4842) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: use a dedicated policy metrics controller (#4818) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: add config support to webhook controller (#4838) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> refactor: make cert manager a real controller (#4792) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> fix: replace AbsPath with RequestURI to support query params (#4849) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> e2e test for mutate policy (#3383) Signed-off-by: slayer321 <sachin.maurya7666@gmail.com> Signed-off-by: slayer321 <sachin.maurya7666@gmail.com> reverted wrong changes in generation.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> docs: add debug instructions (#4843) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Add workflow to detect and report on image vulns (#4850) * update version drop-down Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Add workflow to detect and report on image vulnerabilities Signed-off-by: Chip Zoller <chipzoller@gmail.com> * pin deps Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> chore: add launch.json for vscode debugging (#4856) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> feature: use cert extension oid as key (#4854) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix test output numbering (#4853) Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> docs: add section in helm docs to install with argocd (#4878) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: hardening policy validation for generate cloneList (#4881) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> fix: background scan labels (#4865) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Fix result colour (#4885) Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Signed-off-by: Anant Vijay <anantvijay3@gmail.com> fix: non watchable resources in report controller (#4888) * fix: non watchable resources in report controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix events Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: auto gen enabled when using names (#4863) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> refactor: manage webhooks with webhook controller (#4846) * refactor: add config support to webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add client config to webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * migrate verify webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: move policy webhooks management in webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policy validating webhook config Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watch policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate resource webhook management in webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutating webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * auto update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * auto update and wildcard policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policy readiness Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: can't use v1 admission Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * reduce reconcile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watchdog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * health check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * runtime utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * runtime utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watchdog check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove delete from mutating webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> chore: add argocd lab (#4884) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: reduce webhook controller logs (#4897) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: remove unnecessary dependencies from tls package (#4903) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: openapi controller part 1 (#4901) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: don't specify rules when aggregationRule is set (#4867) Fixes #4866 Signed-off-by: James Callahan <jamescallahan@bitgo.com> Signed-off-by: James Callahan <jamescallahan@bitgo.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: clean background scan reports (#4908) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: openapi controller part 2 (#4910) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: openapi controller discovery (#4912) * refactor: openapi controller part 2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rename Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rename 2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: openapi controller discovery Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> chore: signing helm releases (#4801) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: use constants defined in openapi controller (#4919) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> chore: update controller-tools to v0.10.0 (#4918) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> add filter for validation policies when ValidationFailureActionOverrides is used (#4809) Signed-off-by: Sandesh More <sandesh.more@infracloud.io> Signed-off-by: Sandesh More <sandesh.more@infracloud.io> [Cleanup] Disable PolicySkipped events (#4913) * remove skip events Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * update conditions Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * improve conditions Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * remove redundant function Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> chore: bump a couple of deps (#4925) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: make cert renewer private and add server name support (#4904) * fix: remove unnecessary dependencies from tls package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: make cert renewer private and add server name support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: panic when bad variable substitution (#4928) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> chore: add COSIGN_REPOSITORY env to ko-publish-dev step (#4922) fix: set operation in context when necessary (#4940) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: probes should work in debug mode (#4926) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> fix: consider generateName when matching resources (#4945) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Fix background scan with request.operation (#4947) * update version drop-down Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Add workflow to detect and report on image vulnerabilities Signed-off-by: Chip Zoller <chipzoller@gmail.com> * pin deps Signed-off-by: Chip Zoller <chipzoller@gmail.com> * bump JasonEtco/create-an-issue Signed-off-by: Chip Zoller <chipzoller@gmail.com> * bump versions in drop-downs Signed-off-by: Chip Zoller <chipzoller@gmail.com> * fix background mode scan with request.operation Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Revert "bump versions in drop-downs" This reverts commit 5fcea048dd455ba055cc960d491987c70f080936. * Revert "bump JasonEtco/create-an-issue" This reverts commit f0d44c7aca759a7c294602f40030711a7a0309db. Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Update issue templates and scan for vulns action (#4952) * update version drop-down Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Add workflow to detect and report on image vulnerabilities Signed-off-by: Chip Zoller <chipzoller@gmail.com> * pin deps Signed-off-by: Chip Zoller <chipzoller@gmail.com> * bump JasonEtco/create-an-issue Signed-off-by: Chip Zoller <chipzoller@gmail.com> * bump versions in drop-downs Signed-off-by: Chip Zoller <chipzoller@gmail.com> * fix background mode scan with request.operation Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Revert "bump versions in drop-downs" This reverts commit 5fcea048dd455ba055cc960d491987c70f080936. * Revert "bump JasonEtco/create-an-issue" This reverts commit f0d44c7aca759a7c294602f40030711a7a0309db. * update version drop-downs Signed-off-by: Chip Zoller <chipzoller@gmail.com> * bump action version Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> fix: don't report ready until certs are valid (#4934) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Added support to specify key signature algorithm in verifyImages (#4855) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io> chore: bump a few deps (#4943) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> fix: admission reports printer (#4950) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Fixed issue-4530: Added separate attestor type for secrets and KMS (#4733) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Vyankatesh <vyankateshkd@gmail.com> chore: Push and sign install manifests to GHCR (#4895) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Stefan Prodan <@stefanprodan> Co-authored-by: Charles-Edouard Brétéché <@eddycharly> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> fix: missing watchers in resource report controller (#4967) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: improve banned types management in reports (#4953) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: don't produce empty admission reports (#4966) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: add user info in admission request logs (#4969) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: missing autogen rules in status (#4971) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: config reloading not working correctly (#4951) * fix: config reloading not working correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: Add container registry setting on Helm Chart (#4281) To make the customization of the container registries easier, eg. a custom private registry, this change adds a new property on the images configuration to allow setting a custom image registry without needing to customize the repository of the image. Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com> chore: add myself in approvers (#4990) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> docs: add resource exclusions note in helm docs (#4989) * docs: add resource exclusions note in helm docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: add policy-reporter to argocd lab (#4988) * feat: add policy-reporter to argocd lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> feat: add startup probes support (#4896) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: treydock <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: treydock <tdockendorf@osc.edu> feat: add metrics server and kube-prometheus-stack to argocd lab (#4995) * feat: add policy-reporter to argocd lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add metrics server and kube-prometheus-stack to argocd lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * typo Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: webhooks not registering when using name override (#4992) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: skip admission in dry run requests (#4994) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix principal and role variables are not substituted (#5000) refactor: add update status helper (#4985) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> updates with case insensitivity guarantee (#4954) * updates with case insensitivity guarantee Signed-off-by: Chip Zoller <chipzoller@gmail.com> * fix syntax Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: use default retry with retryfunc for a conflict (#4973) DefaultRetry is the recommended retry for a conflict where multiple clients are making changes to the same resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> fix: update policy status (#5006) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: don't process non background policies in background scan (#5008) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: global anchor warning (#4962) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> fix: policy not denied when kinds set is empty (#5016) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> remove RBACInfo check (#5015) validate patchJSON6902 (#4469) * validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * test: validateJSON6902 tests Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> * test: validate patchJSON6902 Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com> Signed-off-by: Shivansh Yadav <yadavshivansh@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Enable adding annotations to configmaps in the helm chart (#4984) * fix: add user info in admission request logs (#4969) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Brian Provenzano <bproven@gmail.com> * fix: missing autogen rules in status (#4971) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Brian Provenzano <bproven@gmail.com> * fix: config reloading not working correctly (#4951) * fix: config reloading not working correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Brian Provenzano <bproven@gmail.com> * enable adding annotations to configmaps in the helm chart Signed-off-by: Brian Provenzano <bproven@gmail.com> * add entry to artifacthub.io release notes in Chart.yaml Signed-off-by: Brian Provenzano <bproven@gmail.com> * change name of annotation keys; codegen the readme docs Signed-off-by: Brian Provenzano <bproven@gmail.com> * feat: Add container registry setting on Helm Chart (#4281) To make the customization of the container registries easier, eg. a custom private registry, this change adds a new property on the images configuration to allow setting a custom image registry without needing to customize the repository of the image. Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com> Signed-off-by: Brian Provenzano <bproven@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Brian Provenzano <bproven@gmail.com> Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Samuel Torres <samuelpirestorres@gmail.com> fix: add more infos in reports printers (#5027) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Fixed issue-4655: verifyImages is executed before mutate (#4996) Signed-off-by: Pratik Shah <pratik@infracloud.io> fix: Attempt to fix the CI failure, extract CI job push-sign-install-manifest (#5035) * extract CI job push-sign-install-manifest Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix indent Signed-off-by: ShutingZhao <shuting@nirmata.com> * update env Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> fix: lower default qps/burst (#5034) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> feat: make shutdown more graceful (#5031) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Enhanced Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> added applyRules() in /pkg/background/generate/generate.go Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> fix: lease log message (#5030) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix env (#5046) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> feat: add controller logger helper (#5029) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> feat: add image verification support to background scan (#5047) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> fix: account for policy/rule deletion in aggregated reports (#5048) * fix: account for policy/rule deletion in aggregated reports Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * reduce delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: go routines not gracefully shut down in controllers (#5022) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> fix: do not update reports when they are identical (#5056) * fix: do not update reports when they are identical Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: detection of kyverno going down (#5055) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: setup max procs with correct logger (#5059) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: image verification reports missing in admission mode (#5037) * fix: image verification reports missing in admission mode Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: configure idle timeout in server (#5062) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: add webhook server logger (#5063) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> added apiCalls support in kyverno-apply command (#4938) Signed-off-by: Sandesh More <sandesh.more@infracloud.io> Signed-off-by: Sandesh More <sandesh.more@infracloud.io> fix: make reponse order predictable (#5079) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> make response order predictable feat: add simple conformance tests (#5073) * feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: use correct logger in webhook controller (#5083) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> test: add best practices policies in conformance tests (#5082) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: handle resource cleanup when policy is deleted (#5021) * fix: handle delete UR when policy is deleted Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix cleanup Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * use selector to list the update request Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> ci: Use the Docker login action for GHCR auth (#5091) Use the `docker/login-action` action and the default `GITHUB_TOKEN` for setting up the GHCR credentials for Flux and Cosign to be able to push OCI artifacts to ` ghcr.io/kyverno/manifests/kyverno`. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> fix: allow delete of target resource with synchronize false (#5081) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> feat: add flag to configure the number of background scan workers (#5088) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> refactor: simplify variables regex (#5075) * feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * separate workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix the bug Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improvements Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improvements Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: variables regex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: use correct side effects in validating webhooks (#5080) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> ci: Fix install manifests publishing with Flux (#5110) - use the correct version to tag artifacts - add only the generated install.yaml to the artifact contents Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com> Added forEachGetResourceInfoForDataAndClone() in pkg/background/generate/generate.go Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> docs: separate dev and user docs (#5114) * docs: separate dev and user docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: enable/disable Debug mode which shows entire AdmissionReview payload (#5024) * work in progress PR Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add custom request struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass debug mode option through constructor and replace logger with klogr Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * make changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add another test case Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * removed unused function Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> clean conformance (#5089) * clean conformance Signed-off-by: Chip Zoller <chipzoller@gmail.com> * adjust names Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> [Feature] create command line option to set failurePolicy globally (#4991) * add forceFailurePolicyIgnore flag Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * cleanup code Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * add logging Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * resolve merge conflicts Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * fix codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: conformance tests (#5118) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Remove old version of golang.org/x/sys (#5125) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> feat: add categories support to our CRDs (#5112) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> feat: oci pull/push support for policie(s) (#5026) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Add AGE in printer columns of CRDs (#5119) * Add AGE in printer columns of CRDs Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix finalizers mutation with patchesJson6902 (#5132) * fix finalizers mutation with patchesJson6902 Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> chore: remove old docs (#5130) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: remove policy mutation for auto-gen rules (#5123) * feat: remove policy mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> fix: mutation policy inconsistent patching for ephemeralContainers (#5121) * fix: mutation policy consistent patching for ephemeralContainers Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Extended applyRules() in generate.go Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> reset resource version on update (#5157) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> skip generating events on empty rule response (#5158) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Fixed issue-5102: Show rule count and type in output (#5106) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io> finished applyRules() function Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> Renamed applyRules() to applyForEachGenerateRules() in term of removing namimg confliction from the generate.go file Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> feature: SLSA Level 3 provenance generation for Kyverno images: kyverno init, kyverno and kyvernopre (#4268) Signed-off-by: zurrehma <zahid.chashma@gmail.com> Signed-off-by: zurrehma <zahid.chashma@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> fix: configure klog and global logger to use zapr in json mode (#5144) * configure klog and global logger to use zapr in json mode Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * make zapr compatible with klog's -v argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove logLevel flag Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Added and Changed GetData() in common_types.go Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> Add ability to use commands in comments (#5154) * Add ability to use commands in comments Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * Fix typo Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * reset resource version on update (#5157) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * skip generating events on empty rule response (#5158) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * Fixed issue-5102: Show rule count and type in output (#5106) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * feature: SLSA Level 3 provenance generation for Kyverno images: kyverno init, kyverno and kyvernopre (#4268) Signed-off-by: zurrehma <zahid.chashma@gmail.com> Signed-off-by: zurrehma <zahid.chashma@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * Pin action to specific hash Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * Add `/approve` Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> * fix: configure klog and global logger to use zapr in json mode (#5144) * configure klog and global logger to use zapr in json mode Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * make zapr compatible with klog's -v argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove logLevel flag Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: zurrehma <zahid.chashma@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Pratik Shah <pratik@infracloud.io> Co-authored-by: Zahid Khan <zahid.chashma@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: yinka <holayinkajr@gmail.com> fix 5151 issue (#5170) Corrected Kubernetes spelling (#5134) * Corrected Kubernetes spelling Signed-off-by: Quirino Gervacio <qgervacio@gmail.com> * fix codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Quirino Gervacio <qgervacio@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> refactor: support Audit and Enforce validation failure actions (#5152) * feat: remove policy mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: support Audit and Enforce failure actions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * typo Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update changelog Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> feat: run leader election in loop (#5173) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: content type in log (#5177) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> chore: add kind config file (#5178) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: do not cancel context when loosing the lead (#5180) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: check resource version on update notification (#5179) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: use pagination to aggregate reports (#5190) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: remove policyreport package (#5174) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Helm chart: add extraCRDAnnotations value and set ArgoCD sync option by default (#4964) * fix: add extraCRDAnnotations option to helm chart set ArgoCD replace sync option by default Signed-off-by: Edwin Mackenzie-Owen <edwin.mowen@gmail.com> * fix: add extraCRDAnnotations via codegen * use template Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Edwin Mackenzie-Owen <edwin.mowen@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: deletion of reports not belonging to kyverno (#5194) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: support disabling schema validation on the patched resource (#5197) * Support disable schema validation on the patched resource Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api doc Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> fix: early return in policy validation (#5200) * fix: early return in policy validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: health check system (#5176) * refactor: health check system Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * filter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> chore: server side apply in argo lab (#5209) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: too much information for the Policy Rule Execution Latency metric (#5208) * remove general_rule_latency_type Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_request_operation Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_kind Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> feat: add policy label to policy reports (#5198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> [BUG] Fix foreach deletion issue (#5224) * fix foreach deletion issue add kuttl tests (#5204) - add kuttl tests - try rekor: {url: "https://rekor.sigstore.dev"} - add rekor{} object to last two policies Signed-off-by: Chip Zoller <chipzoller@gmail.com> add remainder of e2e verifyImages tests (#5229) Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> feat: add grafana dashboard to helm chart (#5230) * feat: add grafana dashboard to helm chart Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * release note Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: treydock <tdockendorf@osc.edu> Fixed description for secret name (#5228) Signed-off-by: Pratik Shah <pratik@infracloud.io> Signed-off-by: Vyankatesh <vyankateshkd@gmail.com> chore: add loki to argocd lab (#5231) * chore: add loki to argocd lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: add loki to argocd lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> [Feature] Pin Dependencies by Hash (#5168) * pin dependencies by hash Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * pin scripts Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: remove /approve from prow actions (#5243) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Fix Keda policy installation issue (#5239) fix generateName mutation (#5146) refactor: move all middlewares in handlers sub package (#5244) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: kyverno Dockerfile base image tag and sha256 hash (#5248) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> feat: separate webhook rules per GVK/rule (#4986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> fix: remove unused code in config (#5242) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> More kuttl tests (#5238) * add remainder of e2e verifyImages tests Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add tests Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add external-metrics test case and scaffolding Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update scaffolding Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add keyed-basic test Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add migrated e2e test for gen role and rolebinding Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add clone-role-and-rolebinding from e2e Signed-off-by: Chip Zoller <chipzoller@gmail.com> * remove timeout param from kuttl-test.yaml Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add tests for external-metrics Policy fix Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> chore: add kuttl in makefile (#5254) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> chore: use conditions in kuttl tests to check ready policies (#5252) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Kuttl updates (#5257) * add remainder of e2e verifyImages tests Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add tests Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add external-metrics test case and scaffolding Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update scaffolding Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add keyed-basic test Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add migrated e2e test for gen role and rolebinding Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add clone-role-and-rolebinding from e2e Signed-off-by: Chip Zoller <chipzoller@gmail.com> * remove timeout param from kuttl-test.yaml Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add tests for external-metrics Policy fix Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update test path Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update README Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: add warning when using deprecated validation failure action (#5219) * fix: add warning when using deprecated validation failure action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> chore: remove old conformance tests files (#5260) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: create cleanup new CRDs (#5233) * create new cleanup CRDs Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * fix package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> refactor: admission response utils (#5234) - refactor: admission response utils - unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: account for error rules in mutation webhook (#5264) * fix: account for error rules in mutation webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: add missing test suite to kuttl (#5268) * fix: add missing test suite to kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix path Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> chore: add kuttl autogen tests (#5253) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> add test instructions (#5271) Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> fix: keep admission warnings (#5269) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: resource schema validation in policies under any/all match (#5246) Signed-off-by: Sandesh More <sandesh.more@infracloud.io> Signed-off-by: Sandesh More <sandesh.more@infracloud.io> refactor: admission metrics (counter and latency) (#5245) * refactor: move all middlewares in handlers sub package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: admission metrics (counter and latency) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * builder Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> feat: add flag to control leader election frequency (#5172) * feat: add flag to control leader election frequency Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> fix: make zapr compatible with klog's -v argument (#5166) * make zapr compatible with klog's -v argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove zap logger's NameKey Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> chore: update kuttl (#5285) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: kuttl test external-service (#5287) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: check policy is ready in kuttl tests (#5286) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: image extractor kuttl tests (#5293) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: allow delete of clone target resource with synchronize false (#5161) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> tests: add kuttl tests for multiple clone generate (#5280) * tests: add kuttl tests for multiple clone generate Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * bump kuttl version v1.13.1 Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix review comments Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * remove cleanup of image-verify tests Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> fix: reduce startup probe delay (#5296) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Update kuttl test scaffolding (#5303) * add test instructions Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update scaffolding Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> fix: set rule response status as skip if precondition failed (#5162) exisiting UpdateRequest gets delete if precondition failed for the matched rule in case of skip rule response. Signed-off-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: Prateek Pandey <prateek.pandey@nirmata.com> fix: add parsing of json pointers to support special chars (#3578 #3616) (#4767) * Added jsonpointer package that supports parsing of paths and JSON pointers that can yield either a JSON pointer string or JMESPath string. * Replaced the use of `strings.Split` and `strings.Join` in places where paths are converted to JMESPaths. Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com> Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> fix: send notification when stoping watching resource in reports system (#5298) * fix: send notification when stoping watching resource in reports system Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rework Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> fix: wrong logger used (#5311) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Fix issue where CLI test command ignores failures (#5189) Closes #5187 The test command was resetting the return value to "pass", even if it was already marked failed, in some cases. This solves by moving the "pass" into an else-if clause. Signed-off-by: Eric Miller <eric.miller@instructure.com> Signed-off-by: Eric Miller <eric.miller@instructure.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> test: add kuttl tests for jmespath special chars (#5310) * Adds tests for fixes in #4767 Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com> Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com> Co-authored-by: shuting <shuting@nirmata.com> allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com> fix: synchronize source resource update to clone list resource (#5317) * fix: synchronize source resource update to clone list target resource Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add kuttl test to verify the clone list synchronized behavior Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor functions parameters Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix the kuttl test description and behavior README Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * Use entire content to compare Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> resolved merge conflict Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> Added conditional for Generate rule in /pkg/background/generate/generate.go Signed-off-by: Md Sahil <Mohdssahil1@gmail.com> Corrected changes in pkg/background/generate/generate.go feat: add cleanupPolicy validation code (#5279) * validate the cleanupPolicy Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * add validation for DELETE permission for cleanupPolicy Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * add separate binary for cleanupPolicy Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * fix linter issues Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> feat: add replicaset and replicationcontroller to autogen (#4975) * fix: missing autogen rules in status Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add replicaset and replicationcontroller to autogen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * merge main Signed-of…
- Loading branch information