Skip to content

Commit

Permalink
Added generateForEach() skelton in /pkg/engine/generation.go
Browse files Browse the repository at this point in the history 
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

remove some enhancement mistakes and added getData() in /api/kyverno/v1/commontypes for forEachGeneration

Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>

refactor: make tls cert func not depending on cert controller (#4820)

* refactor: make tls cert func not depending on cert controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fmt

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* clean

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: non leader controllers management (#4831)

upgrade controller-runtime dependency (#4829)

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: call depth in logging package and global logger support for call depth (#4834)

* upgrade controller-runtime dependency

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* reset global logger in logging package

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* add description to globallogger

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* push only relevant changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix extension checks (#4836)

* fix extension checks

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

refactor: leader controllers management (#4832)

* refactor: leader controllers management

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix start

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix deps

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove dead code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Update PSa images dsecription (#4840)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

chore: bump a couple of deps (#4842)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: use a dedicated policy metrics controller (#4818)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: add config support to webhook controller (#4838)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

refactor: make cert manager a real controller (#4792)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

fix: replace AbsPath with RequestURI to support query params (#4849)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

e2e test for mutate policy (#3383)

Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>

Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>

reverted wrong changes in generation.go

Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>

docs: add debug instructions (#4843)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Add workflow to detect and report on image vulns (#4850)

* update version drop-down

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add workflow to detect and report on image vulnerabilities

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* pin deps

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

chore: add launch.json for vscode debugging (#4856)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

feature: use cert extension oid as key (#4854)

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix test output numbering (#4853)

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

docs: add section in helm docs to install with argocd (#4878)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: hardening policy validation for generate cloneList (#4881)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

fix: background scan labels (#4865)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

Fix result colour (#4885)

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

fix: non watchable resources in report controller (#4888)

* fix: non watchable resources in report controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix events

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: auto gen enabled when using names (#4863)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

refactor: manage webhooks with webhook controller (#4846)

* refactor: add config support to webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: add client config to webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* migrate verify webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: move policy webhooks management in webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policy validating webhook config

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watch policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: migrate resource webhook management in webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* mutating webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* auto update

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* auto update and wildcard policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policy readiness

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: can't use v1 admission

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* reduce reconcile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watchdog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* health check

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* runtime utils

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* runtime utils

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watchdog check

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove delete from mutating webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

chore: add argocd lab (#4884)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: reduce webhook controller logs (#4897)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: remove unnecessary dependencies from tls package (#4903)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: openapi controller part 1 (#4901)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: don't specify rules when aggregationRule is set (#4867)

Fixes #4866

Signed-off-by: James Callahan <jamescallahan@bitgo.com>

Signed-off-by: James Callahan <jamescallahan@bitgo.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: clean background scan reports (#4908)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: openapi controller part 2 (#4910)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: openapi controller discovery (#4912)

* refactor: openapi controller part 2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename 2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: openapi controller discovery

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

chore: signing helm releases (#4801)

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: use constants defined in openapi controller (#4919)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

chore: update controller-tools to v0.10.0 (#4918)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

add filter for validation policies when ValidationFailureActionOverrides is used (#4809)

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

[Cleanup] Disable PolicySkipped events (#4913)

* remove skip events

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* update conditions

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* improve conditions

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* remove redundant function

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

chore: bump a couple of deps (#4925)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: make cert renewer private and add server name support (#4904)

* fix: remove unnecessary dependencies from tls package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: make cert renewer private and add server name support

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: panic when bad variable substitution (#4928)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

chore: add COSIGN_REPOSITORY env to ko-publish-dev step (#4922)

fix: set operation in context when necessary (#4940)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: probes should work in debug mode (#4926)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

fix: consider generateName when matching resources (#4945)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Fix background scan with request.operation (#4947)

* update version drop-down

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add workflow to detect and report on image vulnerabilities

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* pin deps

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump JasonEtco/create-an-issue

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump versions in drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix background mode scan with request.operation

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Revert "bump versions in drop-downs"

This reverts commit 5fcea048dd455ba055cc960d491987c70f080936.

* Revert "bump JasonEtco/create-an-issue"

This reverts commit f0d44c7aca759a7c294602f40030711a7a0309db.

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Update issue templates and scan for vulns action (#4952)

* update version drop-down

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add workflow to detect and report on image vulnerabilities

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* pin deps

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump JasonEtco/create-an-issue

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump versions in drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix background mode scan with request.operation

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Revert "bump versions in drop-downs"

This reverts commit 5fcea048dd455ba055cc960d491987c70f080936.

* Revert "bump JasonEtco/create-an-issue"

This reverts commit f0d44c7aca759a7c294602f40030711a7a0309db.

* update version drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump action version

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>

fix: don't report ready until certs are valid (#4934)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Added support to specify key signature algorithm in verifyImages (#4855)

Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Pratik Shah <pratik@infracloud.io>

chore: bump a few deps (#4943)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

fix: admission reports printer (#4950)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Fixed issue-4530: Added separate attestor type for secrets and KMS (#4733)

Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>

chore: Push and sign install manifests to GHCR (#4895)

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Stefan Prodan <@stefanprodan>
Co-authored-by: Charles-Edouard Brétéché <@eddycharly>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

fix: missing watchers in resource report controller (#4967)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: improve banned types management in reports (#4953)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: don't produce empty admission reports (#4966)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: add user info in admission request logs (#4969)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: missing autogen rules in status (#4971)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: config reloading not working correctly (#4951)

* fix: config reloading not working correctly

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: Add container registry setting on Helm Chart (#4281)

To make the customization of the container registries easier, eg.
a custom private registry, this change adds a new property on the
images configuration to allow setting a custom image registry
without needing to customize the repository of the image.

Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>

chore: add myself in approvers (#4990)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

docs: add resource exclusions note in helm docs (#4989)

* docs: add resource exclusions note in helm docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: add policy-reporter to argocd lab (#4988)

* feat: add policy-reporter to argocd lab

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>

feat: add startup probes support (#4896)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: treydock <tdockendorf@osc.edu>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: treydock <tdockendorf@osc.edu>

feat: add metrics server and kube-prometheus-stack to argocd lab (#4995)

* feat: add policy-reporter to argocd lab

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add metrics server and kube-prometheus-stack to argocd lab

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* typo

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: webhooks not registering when using name override (#4992)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: skip admission in dry run requests (#4994)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix principal and role variables are not substituted (#5000)

refactor: add update status helper (#4985)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

updates with case insensitivity guarantee (#4954)

* updates with case insensitivity guarantee

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix syntax

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: use default retry with retryfunc for a conflict (#4973)

DefaultRetry is the recommended retry for a conflict
where multiple clients are making changes to the same resource

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

fix: update policy status (#5006)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: don't process non background policies in background scan (#5008)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: global anchor warning (#4962)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

fix: policy not denied when kinds set is empty (#5016)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

remove RBACInfo check (#5015)

validate patchJSON6902 (#4469)

* validate patchJSON6902

Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com>

* validate patchJSON6902

Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com>

* test: validateJSON6902 tests

Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com>

* validate patchJSON6902

Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com>

* test: validate patchJSON6902

Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com>

Signed-off-by: Shivansh-yadav13 <yadavshivansh@gmail.com>
Signed-off-by: Shivansh Yadav <yadavshivansh@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

Enable adding annotations to configmaps in the helm chart (#4984)

* fix: add user info in admission request logs (#4969)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* fix: missing autogen rules in status (#4971)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* fix: config reloading not working correctly (#4951)

* fix: config reloading not working correctly

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

* enable adding annotations to configmaps in the helm chart

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* add entry to artifacthub.io release notes in Chart.yaml

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* change name of annotation keys; codegen the readme docs

Signed-off-by: Brian Provenzano <bproven@gmail.com>

* feat: Add container registry setting on Helm Chart (#4281)

To make the customization of the container registries easier, eg.
a custom private registry, this change adds a new property on the
images configuration to allow setting a custom image registry
without needing to customize the repository of the image.

Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Brian Provenzano <bproven@gmail.com>
Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Samuel Torres <samuelpirestorres@gmail.com>

fix: add more infos in reports printers (#5027)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

Fixed issue-4655: verifyImages is executed before mutate (#4996)

Signed-off-by: Pratik Shah <pratik@infracloud.io>

fix: Attempt to fix the CI failure, extract CI job push-sign-install-manifest (#5035)

* extract CI job push-sign-install-manifest

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix indent

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update env

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

fix: lower default qps/burst (#5034)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

feat: make shutdown more graceful (#5031)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Enhanced

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

added applyRules() in /pkg/background/generate/generate.go

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

fix: lease log message (#5030)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix env (#5046)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

feat: add controller logger helper (#5029)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

feat: add image verification support to background scan (#5047)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Created configuration file for Openssf scorecard (#4778)

Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

fix: account for policy/rule deletion in aggregated reports (#5048)

* fix: account for policy/rule deletion in aggregated reports

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* reduce delay

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: go routines not gracefully shut down in controllers (#5022)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

fix: do not update reports when they are identical (#5056)

* fix: do not update reports when they are identical

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: detection of kyverno going down (#5055)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: setup max procs with correct logger (#5059)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: image verification reports missing in admission mode (#5037)

* fix: image verification reports missing in admission mode

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: configure idle timeout in server (#5062)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: add webhook server logger (#5063)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

added apiCalls support in kyverno-apply command (#4938)

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

fix: make reponse order predictable (#5079)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

make response order predictable

feat: add simple conformance tests (#5073)

* feat: add simple conformance tests
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: use correct logger in webhook controller (#5083)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

test: add best practices policies in conformance tests (#5082)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: handle resource cleanup when policy is deleted (#5021)

* fix: handle delete UR when policy is deleted

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* fix cleanup

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* use selector to list the update request

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

ci: Use the Docker login action for GHCR auth (#5091)

Use the `docker/login-action` action and the default `GITHUB_TOKEN` for setting up the GHCR credentials for Flux and Cosign to be able to push OCI artifacts to ` ghcr.io/kyverno/manifests/kyverno`.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

fix: allow delete of target resource with synchronize false (#5081)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

feat: add flag to configure the number of background scan workers (#5088)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

refactor: simplify variables regex (#5075)

* feat: add simple conformance tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* gh action

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* separate workflow

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix the bug

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix cli test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* improvements

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* improvements

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: variables regex

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: use correct side effects in validating webhooks (#5080)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

ci: Fix install manifests publishing with Flux (#5110)

- use the correct version to tag artifacts
- add only the generated install.yaml to the artifact contents

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

Added forEachGetResourceInfoForDataAndClone() in pkg/background/generate/generate.go

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

docs: separate dev and user docs (#5114)

* docs: separate dev and user docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: enable/disable Debug mode which shows entire AdmissionReview payload (#5024)

* work in progress PR

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* add custom request struct

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* pass debug mode option through constructor and replace logger with klogr

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* make changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add another test case

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* removed unused function

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

clean conformance (#5089)

* clean conformance

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* adjust names

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

[Feature] create command line option to set failurePolicy globally (#4991)

* add forceFailurePolicyIgnore flag

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* cleanup code

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* add logging

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* resolve merge conflicts

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* fix codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: conformance tests (#5118)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Remove old version of golang.org/x/sys (#5125)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

feat: add categories support to our CRDs (#5112)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

feat: oci pull/push support for policie(s) (#5026)

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Add AGE in printer columns of CRDs (#5119)

* Add AGE in printer columns of CRDs

Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix finalizers mutation with patchesJson6902 (#5132)

* fix finalizers mutation with patchesJson6902

Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>

chore: remove old docs (#5130)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: remove policy mutation for auto-gen rules (#5123)

* feat: remove policy mutation code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* changelog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

fix: mutation policy inconsistent patching for ephemeralContainers (#5121)

* fix: mutation policy consistent patching for ephemeralContainers

Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Extended applyRules() in generate.go

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

reset resource version on update (#5157)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

skip generating events on empty rule response (#5158)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Fixed issue-5102: Show rule count and type in output (#5106)

Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Pratik Shah <pratik@infracloud.io>

finished applyRules() function

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

Renamed applyRules() to applyForEachGenerateRules() in term of removing namimg confliction from the generate.go file

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

feature: SLSA Level 3 provenance generation for Kyverno images: kyverno init, kyverno and kyvernopre (#4268)

Signed-off-by: zurrehma <zahid.chashma@gmail.com>

Signed-off-by: zurrehma <zahid.chashma@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>

fix: configure klog and global logger to use zapr in json mode (#5144)

* configure klog and global logger to use zapr in json mode

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* make zapr compatible with klog's -v argument

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* remove changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* remove logLevel flag

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

Added and Changed GetData() in common_types.go

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

Add ability to use commands in comments (#5154)

* Add ability to use commands in comments

Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* Fix typo

Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* reset resource version on update (#5157)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* skip generating events on empty rule response (#5158)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* Fixed issue-5102: Show rule count and type in output (#5106)

Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Pratik Shah <pratik@infracloud.io>
Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* feature: SLSA Level 3 provenance generation for Kyverno images: kyverno init, kyverno and kyvernopre (#4268)

Signed-off-by: zurrehma <zahid.chashma@gmail.com>

Signed-off-by: zurrehma <zahid.chashma@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* Pin action to specific hash

Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* Add `/approve`

Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

* fix: configure klog and global logger to use zapr in json mode (#5144)

* configure klog and global logger to use zapr in json mode

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* make zapr compatible with klog's -v argument

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* remove changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* remove logLevel flag

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>

Signed-off-by: Rishit Dagli <rishit.dagli@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Pratik Shah <pratik@infracloud.io>
Signed-off-by: zurrehma <zahid.chashma@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Pratik Shah <pratik@infracloud.io>
Co-authored-by: Zahid Khan <zahid.chashma@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: yinka <holayinkajr@gmail.com>

fix 5151 issue (#5170)

Corrected Kubernetes spelling (#5134)

* Corrected Kubernetes spelling

Signed-off-by: Quirino Gervacio <qgervacio@gmail.com>

* fix codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Quirino Gervacio <qgervacio@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

refactor: support Audit and Enforce validation failure actions (#5152)

* feat: remove policy mutation code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: support Audit and Enforce failure actions

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* typo

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* update changelog

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

feat: run leader election in loop (#5173)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: content type in log (#5177)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

chore: add kind config file (#5178)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: do not cancel context when loosing the lead (#5180)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: check resource version on update notification (#5179)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: use pagination to aggregate reports (#5190)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: remove policyreport package (#5174)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Helm chart: add extraCRDAnnotations value and set ArgoCD sync option by default (#4964)

* fix: add extraCRDAnnotations option to helm chart

set ArgoCD replace sync option by default

Signed-off-by: Edwin Mackenzie-Owen <edwin.mowen@gmail.com>

* fix: add extraCRDAnnotations via codegen

* use template

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Edwin Mackenzie-Owen <edwin.mowen@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: deletion of reports not belonging to kyverno (#5194)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: support disabling schema validation on the patched resource (#5197)

* Support disable schema validation on the patched resource

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api doc

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>

fix: early return in policy validation (#5200)

* fix: early return in policy validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: health check system (#5176)

* refactor: health check system

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* filter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

chore: server side apply in argo lab (#5209)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: too much information for the Policy Rule Execution Latency metric (#5208)

* remove general_rule_latency_type

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove resource_request_operation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove resource_namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove resource_kind

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix linter

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

feat: add policy label to policy reports (#5198)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

[BUG] Fix foreach deletion issue (#5224)

* fix foreach deletion issue

add kuttl tests (#5204)

- add kuttl tests
- try rekor: {url: "https://rekor.sigstore.dev"}
- add rekor{} object to last two policies

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

add remainder of e2e verifyImages tests (#5229)

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

feat: add grafana dashboard to helm chart (#5230)

* feat: add grafana dashboard to helm chart

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* release note

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: treydock <tdockendorf@osc.edu>

Fixed description for secret name (#5228)

Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>

chore: add loki to argocd lab (#5231)

* chore: add loki to argocd lab

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: add loki to argocd lab

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

[Feature] Pin Dependencies by Hash (#5168)

* pin dependencies by hash

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* pin scripts

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: remove /approve from prow actions (#5243)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Fix Keda policy installation issue (#5239)

fix generateName mutation (#5146)

refactor: move all middlewares in handlers sub package (#5244)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: kyverno Dockerfile base image tag and sha256 hash (#5248)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

feat: separate webhook rules per GVK/rule (#4986)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

fix: remove unused code in config (#5242)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

More kuttl tests (#5238)

* add remainder of e2e verifyImages tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add external-metrics test case and scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add keyed-basic test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add migrated e2e test for gen role and rolebinding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add clone-role-and-rolebinding from e2e

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* remove timeout param from kuttl-test.yaml

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add tests for external-metrics Policy fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

chore: add kuttl in makefile (#5254)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

chore: use conditions in kuttl tests to check ready policies (#5252)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

Kuttl updates (#5257)

* add remainder of e2e verifyImages tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add tests

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add external-metrics test case and scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add keyed-basic test

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add migrated e2e test for gen role and rolebinding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add clone-role-and-rolebinding from e2e

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* remove timeout param from kuttl-test.yaml

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add tests for external-metrics Policy fix

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update test path

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update README

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: add warning when using deprecated validation failure action (#5219)

* fix: add warning when using deprecated validation failure action

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

chore: remove old conformance tests files (#5260)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: create cleanup new CRDs (#5233)

* create new cleanup CRDs

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

* fix package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

refactor: admission response utils (#5234)

- refactor: admission response utils
- unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: account for error rules in mutation webhook (#5264)

* fix: account for error rules in mutation webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: add missing test suite to kuttl (#5268)

* fix: add missing test suite to kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix path

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

chore: add kuttl autogen tests (#5253)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

add test instructions (#5271)

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

fix: keep admission warnings (#5269)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: resource schema validation in policies under any/all match (#5246)

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

refactor: admission metrics (counter and latency) (#5245)

* refactor: move all middlewares in handlers sub package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: admission metrics (counter and latency)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* builder

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

feat: add flag to control leader election frequency (#5172)

* feat: add flag to control leader election frequency

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* changelog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

fix: make zapr compatible with klog's -v argument (#5166)

* make zapr compatible with klog's -v argument

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* remove zap logger's NameKey

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

chore: update kuttl (#5285)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: kuttl test external-service (#5287)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: check policy is ready in kuttl tests (#5286)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: image extractor kuttl tests (#5293)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: allow delete of clone target resource with synchronize false (#5161)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

tests: add kuttl tests for multiple clone generate (#5280)

* tests: add kuttl tests for multiple clone generate

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* bump kuttl version v1.13.1

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* fix review comments

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* remove cleanup of image-verify tests

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

fix: reduce startup probe delay (#5296)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

Update kuttl test scaffolding (#5303)

* add test instructions

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update scaffolding

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

fix: set rule response status as skip if precondition failed (#5162)

exisiting UpdateRequest gets delete if precondition
failed for the matched rule in case of skip rule response.

Signed-off-by: Prateek Pandey <prateek.pandey@nirmata.com>

Signed-off-by: Prateek Pandey <prateek.pandey@nirmata.com>

fix: add parsing of json pointers to support special chars (#3578 #3616) (#4767)

* Added jsonpointer package that supports parsing of paths and JSON pointers that can yield either a JSON pointer string or JMESPath string.
* Replaced the use of `strings.Split` and `strings.Join` in places where paths are converted to JMESPaths.

Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com>

Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

fix: send notification when stoping watching resource in reports system (#5298)

* fix: send notification when stoping watching resource in reports system

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add kuttl test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rework

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix: wrong logger used (#5311)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Fix issue where CLI test command ignores failures (#5189)

Closes #5187

The test command was resetting the return value to "pass", even if it
was already marked failed, in some cases. This solves by moving the
"pass" into an else-if clause.

Signed-off-by: Eric Miller <eric.miller@instructure.com>

Signed-off-by: Eric Miller <eric.miller@instructure.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

test: add kuttl tests for jmespath special chars (#5310)

* Adds tests for fixes in #4767

Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com>

Signed-off-by: Tobias Dahlberg <tobias.dahlberg@sinch.com>
Co-authored-by: shuting <shuting@nirmata.com>

allow list with policies in test (#5227)

Signed-off-by: bakito <github@bakito.ch>

Signed-off-by: bakito <github@bakito.ch>
Co-authored-by: shuting <shuting@nirmata.com>

fix: synchronize source resource update to clone list resource (#5317)

* fix: synchronize source resource update to clone list target resource

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* add kuttl test to verify the clone list synchronized behavior

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* refactor functions parameters

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* fix the kuttl test description and behavior README

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* Use entire content to compare

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

resolved merge conflict

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

Added conditional for Generate rule in /pkg/background/generate/generate.go

Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>

Corrected changes in pkg/background/generate/generate.go

feat: add cleanupPolicy validation code (#5279)

* validate the cleanupPolicy

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

* add validation for DELETE permission for cleanupPolicy

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

* add separate binary for cleanupPolicy

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

* fix linter issues

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>

Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

feat: add replicaset and replicationcontroller to autogen (#4975)

* fix: missing autogen rules in status

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add replicaset and replicationcontroller to autogen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* merge main

Signed-of…
  • Loading branch information
@MdSahil-oss
MdSahil-oss committed Dec 28, 2022
1 parent 13ce3f5 commit ce3326a
Show file tree
Hide file tree
Showing 1,645 changed files with 169,836 additions and 51,211 deletions.
7 changes: 7 additions & 0 deletions .github/ISSUE_TEMPLATE/VULN-TEMPLATE.md
View file
@@ -0,0 +1,7 @@
---
title: Vulnerabilities detected
labels: security
---
High or critical vulnerabilities detected. Scan results are below:

{{ env.RESULTS }}
10 changes: 9 additions & 1 deletion .github/ISSUE_TEMPLATE/bug-cli.yaml
View file
Expand Up @@ -24,7 +24,15 @@ body:
- 1.7.1
- 1.7.2
- 1.7.3
- 1.7.4
- 1.7.5
- 1.8.0
- 1.8.1
- 1.8.2
- 1.8.3
- 1.8.4
- 1.8.5
- 1.9.0
validations:
required: true
- type: textarea
Expand Down Expand Up @@ -96,4 +104,4 @@ body:
- label: I have read and followed the [troubleshooting guide](https://kyverno.io/docs/troubleshooting/).
required: true
- label: I have searched other issues in this repository and mine is not recorded.
required: true
required: true
10 changes: 9 additions & 1 deletion .github/ISSUE_TEMPLATE/bug-other.yaml
View file
Expand Up @@ -23,7 +23,15 @@ body:
- 1.7.1
- 1.7.2
- 1.7.3
- 1.7.4
- 1.7.5
- 1.8.0
- 1.8.1
- 1.8.2
- 1.8.3
- 1.8.4
- 1.8.5
- 1.9.0
validations:
required: true
- type: textarea
Expand Down Expand Up @@ -54,4 +62,4 @@ body:
- label: I have read and followed the documentation AND the [troubleshooting guide](https://kyverno.io/docs/troubleshooting/).
required: true
- label: I have searched other issues in this repository and mine is not recorded.
required: true
required: true
14 changes: 12 additions & 2 deletions .github/ISSUE_TEMPLATE/bug-webhook.yaml
View file
Expand Up @@ -23,7 +23,15 @@ body:
- 1.7.1
- 1.7.2
- 1.7.3
- 1.7.4
- 1.7.5
- 1.8.0
- 1.8.1
- 1.8.2
- 1.8.3
- 1.8.4
- 1.8.5
- 1.9.0
validations:
required: true
- type: dropdown
Expand All @@ -38,6 +46,7 @@ body:
- 1.23.x
- 1.24.x
- 1.25.x
- 1.26.x
validations:
required: true
- type: dropdown
Expand All @@ -62,12 +71,13 @@ body:
id: kyverno-rule
attributes:
label: Kyverno Rule Type
description: What Kyverno rule type?
description: What Kyverno rule/policy type?
options:
- Validate
- Mutate
- Generate
- verifyImages
- Cleanup
- Other
validations:
required: true
Expand Down Expand Up @@ -143,4 +153,4 @@ body:
- label: I have read and followed the documentation AND the [troubleshooting guide](https://kyverno.io/docs/troubleshooting/).
required: true
- label: I have searched other issues in this repository and mine is not recorded.
required: true
required: true
12 changes: 12 additions & 0 deletions .github/dependabot.yaml
View file
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: gomod
directory: /
schedule:
interval: daily
rebase-strategy: disabled
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
rebase-strategy: disabled
8 changes: 4 additions & 4 deletions .github/workflows/cli.yaml
View file
Expand Up @@ -23,18 +23,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0

- name: Unshallow
run: git fetch --prune --unshallow

- name: Set up Go
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ~1.18.6
go-version: ~1.19.4

- name: Cache Go modules
uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3
uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
with:
path: |
~/.cache/go-build
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codecov.yaml
View file
Expand Up @@ -20,20 +20,20 @@ jobs:
os: [ubuntu-latest]
steps:
- name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0

- name: Unshallow
run: git fetch --prune --unshallow

- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ~1.18.6
go-version: ~1.19.4

- name: Generate Code Coverage Report
run: make code-cov-report

- name: Upload Report to Codecov
uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2.1.0
uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1
with:
file: ./coverage.out
fail_ci_if_error: true
Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/comment-commands.yaml
View file
@@ -0,0 +1,21 @@
name: "Issue and PR comment commands"
on:
issue_comment:
types: [created, edited]

permissions:
issues: write
pull-requests: write

jobs:
execute:
runs-on: ubuntu-latest
steps:
- uses: jpmcb/prow-github-actions@f4d01dd4b13f289014c23fe5a19878a2479cb35b
with:
prow-commands: '/assign
/unassign
/lgtm
/milestone'
github-token: "${{ secrets.GITHUB_TOKEN }}"

45 changes: 45 additions & 0 deletions .github/workflows/conformance.yaml
View file
@@ -0,0 +1,45 @@
name: Conformance tests
on:
pull_request:
branches:
- 'main'
- 'release*'

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
run-conformance:
strategy:
fail-fast: false
matrix:
k8s-version: [v1.24.7, v1.25.3, v1.26.0]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Setup go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ~1.19.4
- name: Prepare environment
run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version }}
make kind-create-cluster kind-deploy-kyverno
- name: Wait for Kyverno to start
run: sleep 60
- name: Test with kuttl
run: make test-kuttl
- name: Debug failure
if: failure()
run: |
kubectl get mutatingwebhookconfigurations,validatingwebhookconfigurations
kubectl -n kyverno get pod
kubectl -n kyverno describe pod | grep -i events -A10
kubectl -n kyverno logs deploy/kyverno --all-containers -p || true
kubectl -n kyverno logs deploy/kyverno --all-containers
kubectl -n kyverno logs deploy/kyverno-cleanup-controller --all-containers -p || true
kubectl -n kyverno logs deploy/kyverno-cleanup-controller --all-containers
89 changes: 0 additions & 89 deletions .github/workflows/e2e-autogen-internals.yaml
View file

This file was deleted.

0 comments on commit ce3326a

Please sign in to comment.