Skip to content

fix: Kyverno cli apply duplicate result counts #7945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 8, 2023
Merged

fix: Kyverno cli apply duplicate result counts #7945

merged 7 commits into from
Aug 8, 2023

Conversation

hackeramitkumar
Copy link
Contributor

@hackeramitkumar hackeramitkumar commented Jul 31, 2023
edited by realshuting
Loading

Explanation

Here for kyverno apply after getting a engine response we are updating rc ( a struct which contains results status count) .

But we are are doing the same thing here for the same response

So we have to remove the repeated logic from kyverno_policies_types.go .

Related issue

Closes #6115 .

Milestone of this PR

What type of PR is this

/kind bug

Proposed Changes

Proof Manifests

Cluster Policies

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: disallow-latest-tag
  annotations:
    policies.kyverno.io/category: Best Practices
    policies.kyverno.io/description: >-
      The ':latest' tag is mutable and can lead to unexpected errors if the
      image changes. A best practice is to use an immutable tag that maps to
      a specific version of an application pod.
spec:
  validationFailureAction: audit
  rules:
  - name: validate-image-tag
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "Using a mutable image tag e.g. 'latest' is not allowed."
      pattern:
        spec:
          containers:
          - image: "!*:latest"
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: drop-all-capabilities
  annotations:
    policies.kyverno.io/scored: "false"
spec:
  validationFailureAction: audit
  rules:
    - name: require-drop-all
      match:
        any:
        - resources:
            kinds:
              - Pod
      preconditions:
        all:
        - key: "{{ request.operation }}"
          operator: NotEquals
          value: DELETE
      validate:
        message: >-
          Containers must drop `ALL` capabilities.
        foreach:
          - list: request.object.spec.[ephemeralContainers, initContainers, containers][]
            deny:
              conditions:
                all:
                - key: ALL
                  operator: AnyNotIn
                  value: "{{ element.securityContext.capabilities.drop || '' }}"

Resources

apiVersion: v1
kind: Pod
metadata:
  name: test-require-image-tag-fail
  labels:
    app: app
spec:
  containers:
  - name: nginx
    image: nginx
---
apiVersion: v1
kind: Pod
metadata:
  name: test-validate-image-tag-ignore
  labels:
    app: app
spec:
  containers:
  - name: nginx
    image: nginx:latest

Run the kyverno apply for these policies and resources in debug mode and add a breakpoint here ->
here

And then check the rc objects.
Before the changes :

Pass:  2,
Fail:  2,
Skip:  16,
Error: 0,
Warn:  4,

After the changes :

Pass:  1,
Fail:  1,
Skip:  8,
Error: 0,
Warn:  2,

Checklist

  • I have read the contributing guidelines.
  • I have read the PR documentation guide and followed the process including adding proof manifests to this PR.
  • This is a bug fix and I have added unit tests that prove my fix is effective.
  • This is a feature and I have added CLI tests that are applicable.
  • My PR needs to be cherry picked to a specific release branch which is .
  • My PR contains new or altered behavior to Kyverno and
    • CLI support should be added and my PR doesn't contain that functionality.
    • I have added or changed the documentation myself in an existing PR and the link is:
    • I have raised an issue in kyverno/website to track the documentation update and the link is:

Further Comments

@codecov
Copy link

codecov bot commented Jul 31, 2023
edited
Loading

Codecov Report

Merging #7945 (1986fa2) into main (bf21fbf) will decrease coverage by 0.03%.
The diff coverage is 78.94%.

@@            Coverage Diff             @@
##             main    #7945      +/-   ##
==========================================
- Coverage   33.17%   33.15%   -0.03%     
==========================================
  Files         244      244              
  Lines       23000    22972      -28     
==========================================
- Hits         7631     7617      -14     
+ Misses      14573    14562      -11     
+ Partials      796      793       -3
Files Changed Coverage Δ
cmd/cli/kubectl-kyverno/utils/common/common.go 8.23% <62.50%> (-0.61%) ⬇️
cmd/cli/kubectl-kyverno/apply/apply_command.go 33.11% <100.00%> (-1.47%) ⬇️
...ctl-kyverno/utils/common/kyverno_policies_types.go 55.39% <100.00%> (+0.46%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@MariamFahmy98 MariamFahmy98 requested a review from eddycharly July 31, 2023 20:20
MariamFahmy98
MariamFahmy98 reviewed Jul 31, 2023
View reviewed changes
cmd/cli/kubectl-kyverno/apply/apply_command_test.go Outdated
@@ -89,7 +89,7 @@ func Test_Apply(t *testing.T) {
Summary: preport.PolicyReportSummary{
Pass: 1,
Fail: 1,
Skip: 8,
Skip: 0,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe Skip is 8 not zero due to the auto-gen rules.

We have 2 policies, each has 1 rule and 2 auto-gen rules and we have 2 resources.
The 2 auto-gen rules are skipped for both resources so we have 4 skipped rules per policy.
Therefore the total nu. of skipped rules is equal to 8.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @MariamFahmy98 ,
I will check it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, when a resource and rule don't match it counts as a skip, this is a bug IMHO.

Copy link
Contributor Author

@hackeramitkumar hackeramitkumar Aug 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eddycharly @MariamFahmy98 Can you please check the logic that I have implemented for fixing the duplicate results counts??

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hackeramitkumar can you explain your changes ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hackeramitkumar can you explain your changes ?

@eddycharly Currently we are processing the VerifyImageResponse and validateImageResponse in the kyverno_Policies_types.go .
And as a result, it updates the common.ResultCounts values here. And then we return this rc along with responses to the ApplyPolicyOnPath func(). And in that function, we are again updating the counts for the engine responses here .
So as a result we are counting few results twice.

So we can remove duplicate logic from kyverno apply. And we will update the resultsCounts in kyverno_policies_types only here and in apply_command.go and we will process the skipResponses only here (Not update skip results counts because we have already done this in common.go )

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to look deeper, i don't know the CLI code well enough, will check later today and let you know.

@eddycharly
Copy link
Member

@hackeramitkumar can you add proof manifests please ?
looks correct otherwise.

@eddycharly eddycharly added this to the Kyverno Release 1.11.0 milestone Aug 4, 2023
@hackeramitkumar
Copy link
Contributor Author

@hackeramitkumar can you add proof manifests please ? looks correct otherwise.

@eddycharly I have added the manifests. Please let me know if any changes are required??

@eddycharly
Copy link
Member

@hackeramitkumar LGTM, thanks !

Can you resolve conflicts ?

@hackeramitkumar
removed repeated logic from kyverno_policies_types
8b512a0 
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

fixed unit tests
@hackeramitkumar
fixed unit tests
72a4b69 
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
@hackeramitkumar
updated common.go logic
b4c794c 
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
@hackeramitkumar
remove skip response logic from common.go
116b9d3 
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
@hackeramitkumar
remove skip response logic from common.go
2cc3ce2 
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
@hackeramitkumar
fixed conflict
30d4d08 
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
@hackeramitkumar
Copy link
Contributor Author

@hackeramitkumar LGTM, thanks !

Can you resolve conflicts ?

@eddycharly Done ...

@realshuting realshuting enabled auto-merge (squash) August 8, 2023 07:04
@realshuting realshuting merged commit 9e6ff00 into kyverno:main Aug 8, 2023
vishal-chdhry pushed a commit to vishal-chdhry/kyverno that referenced this pull request Aug 9, 2023
@hackeramitkumar @realshuting @vishal-chdhry
fix: Kyverno cli apply duplicate result counts (kyverno#7945)
e652973 
* removed repeated logic from kyverno_policies_types

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

fixed unit tests

* fixed unit tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* updated common.go logic

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* fixed conflict

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

---------

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
vishal-chdhry pushed a commit to vishal-chdhry/kyverno that referenced this pull request Aug 20, 2023
@hackeramitkumar @realshuting @vishal-chdhry
fix: Kyverno cli apply duplicate result counts (kyverno#7945)
4dd0b55 
* removed repeated logic from kyverno_policies_types

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

fixed unit tests

* fixed unit tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* updated common.go logic

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* fixed conflict

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

---------

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
realshuting added a commit that referenced this pull request Sep 7, 2023
@vishal-chdhry @hackeramitkumar
@realshuting @dependabot @MariamFahmy98 @nobbs @chipzoller @prady0t @eddycharly @VedRatan @mikebryant @JimBugwadia @UgOrange @treydock @mvaalexp
feat: add custom keychains using fluxcd/oci/auth package (#7908)
07877ef 
* feat:add usage of flux auth package for creating keychain

for every oci provider, we will create a client from flux and use its login() method

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add registry checking

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: update azure keychain to return anonymous kc

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: remove google keychain

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: kubeconfig redefined

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: fix kubeconfig flag being double defined

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* updated comments (#7902)

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

* chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#7918)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.56.2...v1.57.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#7919)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.8.0...v5.8.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>

* refactor validating admission policies (#7835)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: update default keychain in registry to be empty (#7906)

* feat: update default keychain to be empty

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update registryCredentialHelpers description

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: rename vap to its full name (#7929)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix(chart): only create ServiceMonitor if cluster supports it (#7926)

* fix: only create ServiceMonitor if cluster supports it

Adds an additional check to the ServiceMonitor template to ensure that
the cluster supports the `monitoring.coreos.com/v1` API version.

Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>

* add IITS Consulting as adopter from Google Form (#7932)

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Adding other folder's subfolders to workflows/conformance.yaml's tests array (#7927)

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>

* feat: add create metrics-config cli command (#7782)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump svenstaro/upload-release-action from 2.6.1 to 2.7.0 (#7940)

Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](svenstaro/upload-release-action@2b9d284...1beeb57)

---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>

* test: add tests for ghcr private repository (#7791)

* chore: organize constants better (#7941)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: move cert.kyverno.io/managed-by label in constants (#7942)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: rename --compact to --detailed-results in CLI (#7937)

* fix: rename --compact to --detailed-results in CLI

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* rename compact arg

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: move more constants (#7944)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add `create values` cli command (#7779)

* feat: add  cli command

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add create values cli command

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Removed usage of `replacements` from goreleaser.yml file (#7833)

* Changed goreleaser.yml file

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>

* Changed syntax

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>

* Small indent fix

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>

---------

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* add 1.10.2 (#7947)

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* chore: move cache enabled label (#7949)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7952)

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* doc: add feature flag guidelines (#7951)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* chore: move kyverno.io/verify-images constant (#7955)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add ttl controller (#7821)

* added the ttl controller

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fixed label and vars

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added logger

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* applied fixes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* removed comments

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* more lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* applied changes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* minor fixes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix logger, separate parse logic

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added tests

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added kuttl tests, validation utilities

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* commented code

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* renamed tests

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix test

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* created log.go

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix log.go

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added README.md refactor code

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added validation webhook

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* label-validation fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added flag, updated verbs

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* updated verbs

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* updated helm chart

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* test fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* linter

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* imporoved webhook validation

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* linter fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* webhook names and path constants

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* constant label

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix label selector

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl test fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* helm docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix controller logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: manager logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix failure policy

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move kuttl tests in separate job

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove rbac steps

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove configmaps from core cluster role

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename flag

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix error

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: rename ttl controller package (#7957)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: move ttl formats to constants (#7958)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: Add support for server-side-apply in generate rules (#7705)

* feat: Add support for server-side-apply in generate rules

Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>

* chore: run make codegen-all

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

* chore: Remove unnecessary file I got from copy/paste

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

---------

Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

* refactor: ttl label validation (#7960)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump github.com/google/go-containerregistry (#7961)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.1-0.20230425172351-b7c6e9dc3944 to 0.16.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/commits/v0.16.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: fix cleanup controller debug in vscode (#7963)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: ttl cleanup controller events processing (#7964)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* test: add test to cleanup the same resource twice (#7965)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: ttl manager stop informer on error (#7966)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump slsa-framework/slsa-github-generator (#7968)

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](slsa-framework/slsa-github-generator@v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add basic structure for image verify cache (#7890)

* feat: add interface for image verify cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add basic client for cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add ttl to client

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add flags and flag setup

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: added a default image verify cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add propogation of cache to image verifier

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add useCache to image verification types

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: add ivcache to image verifier

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add logger to cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* typo: DisabledImageVerfiyCache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* typo: DisabledImageVerfiyCache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* Update cmd/internal/flag.go

Signed-off-by: shuting <shutting06@gmail.com>

* feat: add use cache to v2beta1 crd

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: change public attribute TTL to private

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: replace nil in test with disabled cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: convert ttl time to time.Duration

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update opts to use time.Duration

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat:add policy version and remove delete functions

by adding policy version, old entries will automatically become outdated and we will not have to remove them manually

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: remove clear and update get and set to take interface as input

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* style: fix lint issue

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Fixes kyverno cli container reorder  (#7943)

* added combine rule response

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* added kyverno test cli tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* added kyverno test cli tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* small nits

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* added ; in between the err messages

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* removed fixed rulename and ruletype

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

---------

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 (#7975)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.15.0...v0.15.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/text from 0.11.0 to 0.12.0 (#7976)

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#7977)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0.
- [Commits](golang/crypto@v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix:Add Missing Severity Cases in SeverityFromString Function (#7974)

Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Co-authored-by: shuting <shuting@nirmata.com>

* feat(chart) Allow podSecurityContext and securityContext for webhooksCleanup (#7970)

Fixes #7962

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: Fixed issue with AddVariable that prevented certain variables (#7981)

When using a label or annotation with quoted dots, AddVariable was splitting inside the quote causing it to be improperly parsed and replaced

Signed-off-by: mvaal <mvaal@expediagroup.com>

* fix: Kyverno cli apply duplicate result counts  (#7945)

* removed repeated logic from kyverno_policies_types

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

fixed unit tests

* fixed unit tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* updated common.go logic

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* fixed conflict

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

---------

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

* fix: return err in load data (#7982)

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

* fix, enhancement (#7988)

* fix, enhancement

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix: improve lint

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update auth pkg

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* chore: fix go mod

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: updated CLI keychains

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* chore update fluxcd/pkg/auth@0.31.1

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: mvaal <mvaal@expediagroup.com>
Co-authored-by: Amit kumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Alexej Disterhoft <github@disterhoft.de>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Pradyot Ranjan <99216956+prady0t@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: UgOrange <lichanghao.orange@bytedance.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Marcus Vaal <mvaal@expediagroup.com>
@Chandan-DK Chandan-DK mentioned this pull request Dec 15, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

@eddycharly eddycharly Awaiting requested review from eddycharly

@MariamFahmy98 MariamFahmy98 Awaiting requested review from MariamFahmy98

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Kyverno Release 1.11.0
Development

Successfully merging this pull request may close these issues.

[Bug] [CLI] Bypass verifyImage with container order in a Pod
4 participants
@hackeramitkumar @eddycharly @realshuting @MariamFahmy98