fix: mutation code #7095

eddycharly · 2023-05-04T07:17:08Z

Explanation

This PR fixes mutation code by adding an option to iterate over foreach lists in Ascending or Descending order.

This is necessary because we can't determine the correct order automatically and in some cases the order is important.
If one wants to remove multiple elements from an array for example, it has to be done in Descending order because this preserves elements index.

Let's say you have an array [ 0, 1, 2 ] and want to remove the first and last elements.
If you produce json patches to remove element at index 0 and element at index 2 this is not going to work because when you remove element at index 0, element at index 2 is now at index 1.
By iterating in descending order, you can produce json patches to remove element at index 2 first, then remove element at index 0. This time it will work as expected because removing element at index 2 does not shift element at index 0.

Fixes #7051

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

codecov · 2023-05-04T07:27:02Z

Codecov Report

Merging #7095 (d1b67c8) into main (9cac369) will decrease coverage by 0.03%.
The diff coverage is 11.76%.

@@            Coverage Diff             @@
##             main    #7095      +/-   ##
==========================================
- Coverage   34.19%   34.17%   -0.03%     
==========================================
  Files         221      221              
  Lines       21454    21467      +13     
==========================================
  Hits         7337     7337              
- Misses      13400    13413      +13     
  Partials      717      717

Impacted Files	Coverage Δ
api/kyverno/v1/common_types.go	`21.00% <ø> (ø)`
api/kyverno/v1/zz_generated.deepcopy.go	`3.25% <0.00%> (-0.02%)`	⬇️
pkg/engine/handlers/mutation/common.go	`0.00% <0.00%> (ø)`
pkg/engine/mutate/patch/patchesUtils.go	`94.84% <100.00%> (ø)`

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly · 2023-05-04T11:55:34Z

/cherry-pick release-1.10

chipzoller · 2023-05-04T12:25:41Z

Needs docs

chipzoller

Needs docs issue and a better initial explanation for when and how to use this new field (scenarios).

eddycharly · 2023-05-04T12:36:28Z

@chipzoller I created the docs issue and updated the explanation with an example.

realshuting

Looks good overall! Needs a second eye from @chipzoller for kuttl tests.

Minor things to address:

pkg/engine/handlers/mutation/common.go

test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/README.md

test/conformance/kuttl/mutate/policy/cornercases/foreach-remove-elements/policy.yaml

...ce/kuttl/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/pod-assert.yaml

test/conformance/kuttl/mutate/refactor/k10-minimum-retention/policy.yaml

chipzoller

(test approval only)

* fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: mutation code * kuttl tests * fix * fix --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

chipzoller · 2023-05-06T11:37:57Z

I tested this and see that for the case where multiple elements are removed, the policies.kyverno.io/last-applied-patches annotation just states the first.

policies.kyverno.io/last-applied-patches: |
      rule-name.policy-name.kyverno.io: removed /spec/volumes/0

chipzoller · 2023-05-06T15:00:11Z

We also need to revisit this. The test that we put together isn't realistic since it has volumes but no volumeMounts. In trying to model this with the changes now on main, I can't make such a policy work. This seems to be what's needed to fully address this type of use case.

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: policy-name
spec:
  # schemaValidation: false
  background: false
  rules:
    - name: rule-name
      match:
        any:
          - resources:
              kinds:
                - Pod
      context:
      - name: hostpathvolnames
        variable:
          jmesPath: request.object.spec.volumes[?hostPath].name
          default: []
      mutate:
        foreach:
          - list: request.object.spec.volumes[]
            order: Descending
            preconditions:
              all:
              - key: hostPath
                operator: AnyIn
                value: "{{ element.keys(@) }}"
            patchesJson6902: |-
              - path: /spec/volumes/{{elementIndex}}
                op: remove
          - list: request.object.spec.containers[]
            foreach:
            - list: element.volumeMounts
              order: Descending
              preconditions:
                all:
                - key: "{{element.name}}"
                  operator: AnyIn
                  value: "{{ hostpathvolnames }}"
              patchesJson6902: |-
                - path: /spec/containers/{{elementIndex0}}/volumeMounts/{{elementIndex1}}
                  op: remove

In addition to removing volumes which are of type hostPath, Kyverno has to iterate over all containers and per container iterate over all volumeMounts[] to remove any of the references to hostPath volumes.

chipzoller · 2023-05-06T15:31:31Z

It works!

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: policy-name
spec:
  # schemaValidation: false
  background: false
  rules:
    - name: rule-name
      match:
        any:
          - resources:
              kinds:
                - Pod
      context:
      - name: hostpathvolnames
        variable:
          jmesPath: request.object.spec.volumes[?hostPath].name
          # default: []
      preconditions:
        all:
        - key: "{{ length(hostpathvolnames) }}"
          operator: GreaterThan
          value: 0
      mutate:
        foreach:
          - list: request.object.spec.volumes[]
            order: Descending
            preconditions:
              all:
              - key: hostPath
                operator: AnyIn
                value: "{{ element.keys(@) }}"
            patchesJson6902: |-
              - path: /spec/volumes/{{elementIndex}}
                op: remove
          - list: request.object.spec.containers[]
            foreach:
            - list: element.volumeMounts
              order: Descending
              preconditions:
                all:
                - key: "{{element.name}}"
                  operator: AnyIn
                  value: "{{ hostpathvolnames }}"
              patchesJson6902: |-
                - path: /spec/containers/{{elementIndex0}}/volumeMounts/{{elementIndex1}}
                  op: remove

Test with

apiVersion: v1
kind: Pod
metadata:
  name: busybox
spec:
  containers:
  - name: busybox
    image: busybox:1.35
    volumeMounts:
      - mountPath: /foo
        name: socket
      - mountPath: /bar
        name: vault-secret
      - mountPath: /baz
        name: bar
  - name: nginx
    image: busybox:1.35
    volumeMounts:
      - mountPath: /foo
        name: socket
  volumes:
  - name: socket
    hostPath:
      path: "/var/run/foo"
  - name: vault-secret
    emptyDir:
      medium: Memory
  - name: bar
    hostPath:
      path: "/var/run/bar"

chipzoller · 2023-05-06T16:26:52Z

Adding to policy library here: kyverno/policies#600

realshuting · 2023-05-08T06:58:52Z

I tested this and see that for the case where multiple elements are removed, the policies.kyverno.io/last-applied-patches annotation just states the first.
policies.kyverno.io/last-applied-patches: |
      rule-name.policy-name.kyverno.io: removed /spec/volumes/0

We only record the last entry of generated patches - "last-applied-patches".

* fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* moved to oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * linting error fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added error checking Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added final build Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added predicate fetching Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added checks in statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed continuous checking if predicate is found Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changed notaryv2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * run codegen all Signed-off-by: Jim Bugwadia <jim@nirmata.com> * changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * commented cert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added variable support to certs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * renamed notaryV2 to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * deprecated predicate types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * disallow keys and keyless under attestors if type is set to notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * gcr crane implementation init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * using remote puller and pusher Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * implemented notation repository interface Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated notary implementation and fixed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed oras Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added image verify test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * check image attestation notary Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for extract statements Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove status from policy webhooks (#6939) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: split chart values in readme per component (#6936) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: incorrect json patch validation (#6941) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add verbosity level in helm chart values (#6940) * feat: add verbosity level in helm chart values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: match on ephemeral containers (#6963) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: refine event permissions in default roles (#6957) * remove the event delete permission Signed-off-by: ShutingZhao <shuting@nirmata.com> * add '- events.k8s.io/v1' Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add kuttl test for ephemeral containers (#6966) * Move Sam to Emeritus status Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add kuttl test for ephemeral containers Signed-off-by: Chip Zoller <chipzoller@gmail.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> * refactor: restructure cli test command (#6942) * refactor: restructure cli test command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add credential helpers flags (#6974) * feat: add credential helpers flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#6976) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@1f0aa58...e5f4313) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Support for Context vars in cleanup (#6084) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump actions/setup-python from 4.5.0 to 4.6.0 (#6981) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@d27e3f3...57ded4d) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 3.1.2 to 3.1.3 (#6982) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@40a12dc...894ff02) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix background variables validation (#6978) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: restrict default permissions (#6972) * restrict admission permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * restrict background permissions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * kuttl README (#6984) * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Context in CleanupPolicySpec Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added context.go file with loadVariable() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added loadAPIData() in context.go and called from handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added conditionals for not supported context variables Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted versions in CRDs Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reverted CRDs to v0.11.1 Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Imported fmt in handlers.go Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Removed duplicate import Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * make verify-codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Updated kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Fixed kuttl failure Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * moved policy check to validation Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Reused functions Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added kuttl test Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added more configMap Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * removed unecessary check Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * auto codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * updated codegen Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Renamed ApplyJMESPath() to applyJMESPath() Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> * Added Readme in context-cleanup-pod Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> --------- Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#6989) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@7df0ce3...b2c19fb) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/notaryproject/notation-core-go (#6987) Bumps [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) from 1.0.0-rc.2 to 1.0.0-rc.3. - [Release notes](https://github.com/notaryproject/notation-core-go/releases) - [Commits](notaryproject/notation-core-go@v1.0.0-rc.2...v1.0.0-rc.3) --- updated-dependencies: - dependency-name: github.com/notaryproject/notation-core-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: new access checks for background policies (#6970) * switch to use sar for access checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * update helm config Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix username Signed-off-by: ShutingZhao <shuting@nirmata.com> * update msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sa name Signed-off-by: ShutingZhao <shuting@nirmata.com> * update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kind image to 1.27.1 (#6993) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: bump k8s deps to 1.27 (#6868) * feat: bump k8s deps to 1.27 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump k8s 1.27.1 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com> * fix: disable autogen in foreach mutation with json patches (#6996) * fix: disable autogen in foreach mutation with json patches Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: add server ip config to cleanup controller (#6999) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add features section in helm values (#6935) * feat: add features section in helm values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * configs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * overrides Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add reports cleanup jobs to prevent outage (#6960) * feat: add reports cleanup jobs to prevent outage Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * security cotnext Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * feat: add registry credential helpers feature (#7002) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: improve instrumented clients (#7006) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: record configmap resource version to not reload when version didn't change (#7007) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#7012) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9e9de22...204a51a) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add Red Hat ACM to the Adopters list (#7016) Red Hat ACM is useful for distributed kyverno policies across a managed fleet of clusters. Adding to adopters file with a link that describes details of using the ACM policy generator with Kyverno. Signed-off-by: Gus Parvin <gparvin@redhat.com> * fix: helm template with metricsRefreshInterval (#7019) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add support for Kubernetes API server POST (#6948) * allow POST for Kubernetes API calls Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt and undo local changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix codegen and unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and extends docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * feat: update built-in resource schemas (#7014) * feat: update built-in resource schemas Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix unit test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: use github.com/evanphx/json-patch/v5 (#7015) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#7025) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b2c19fb...8662eab) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add DE-CIX as adopter of kyverno (#7027) Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> * refactor: engine patchers (#7030) * refactor: engine patchers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#7033) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8662eab...f3feb00) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add Saxo Bank and Velux as adopters (#7036) Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update development doc (#7037) Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix: generate policy validation to prevent endless loop (#7026) * refactor policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add loop check for generate Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove deletionTimestamp checks (#7039) * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> * add back source check Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove deletionTimestamp check Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#7055) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.90.1...v2.100.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: add background scan interval log (#7065) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: flaky github action (#7068) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: engine response policy (#7063) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add opt-in setting to deploy v3 chart (#7066) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * require generate.apiVersion (#7080) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove excluded groups from matching (#7083) * fix: remove excluded groups from matching Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add config inclusions support (#7082) * feat: add config inclusions support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: add makefile target for kwok (#7097) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#7099) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f3feb00...29b1f65) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](zgosalvez/github-actions-ensure-sha-pinned-actions@21991ce...555a30d) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](kubernetes-sigs/kustomize@kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](oras-project/oras-go@v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](kubernetes-sigs/kustomize@api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * fixed error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * undo mistake Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod conflict fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated checks Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed verifying wrong ref Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated cert in tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added warning when predicate type is used Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@894ff02...eaaf4be) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@204a51a...03d0fec) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](kubernetes/apimachinery@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](kubernetes/cli-runtime@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@03d0fec...dd6b2e2) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](kubernetes/pod-security-admission@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](kubernetes/kube-aggregator@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed mistake in assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](svenstaro/upload-release-action@7319e47...58d5258) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixed api version in kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go sum update Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated admission controller assert Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated image Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed admission controller changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com> Signed-off-by: Gus Parvin <gparvin@redhat.com> Signed-off-by: Raul Garcia Sanchez <info@raulgarcia.de> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Md Sahil <85174511+MdSahil-oss@users.noreply.github.com> Co-authored-by: Gus Parvin <gparvin@redhat.com> Co-authored-by: Raúl Garcia Sanchez <info@raulgarcia.de> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>

* types added Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret fetching and client creation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * validate target resource scope & namespace settings (#7098) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutation code (#7095) * fix: mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy loading of context vars (#7071) * lazy loading of context vars Signed-off-by: Jim Bugwadia <jim@nirmata.com> * gofumpt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * moved to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * removed errors Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * RegistryClientLoader Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Feature] Add kuttl tests with policy exceptions disabled (#7117) * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * typo fix and README changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Conditions message (#7113) * add message to conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extend tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#7123) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](zgosalvez/github-actions-ensure-sha-pinned-actions@21991ce...555a30d) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.14.1 to 0.14.2 (#7121) Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](kubernetes-sigs/kustomize@kyaml/v0.14.1...kyaml/v0.14.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/kyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump oras.land/oras-go/v2 from 2.0.2 to 2.1.0 (#7102) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](oras-project/oras-go@v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add condition msg to v2beta1 (#7126) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: print container flags and their values (#7127) * add condition msg to v2beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * print flags settings Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the container flag genWorker from the admission controller (#7132) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#7103) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove the duplicate entry (#7125) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 (#7120) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.3. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](kubernetes-sigs/kustomize@api/v0.13.2...api/v0.13.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update background scan logging messages (#7142) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update chart with v2 to v3 migration guidance. (#7144) * add Saxo Bank and Velux as adopters Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update chart README and validations Signed-off-by: Chip Zoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * add Controller Internals info (#7147) Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/kustomize/api from 0.13.3 to 0.13.4 (#7150) Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.3 to 0.13.4. - [Release notes](https://github.com/kubernetes-sigs/kustomize/releases) - [Commits](kubernetes-sigs/kustomize@api/v0.13.3...api/v0.13.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/kustomize/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#7149) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](golang/crypto@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Added `omit-events` flag to allow disabling of event emission (#7010) * added comma seperated flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * reason added in logs Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added requested changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * kuttl test init Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated kuttl tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed flawed behavior Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated test location and added readme Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * omit events Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: let reports controller quit when loosing the lead (#7153) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump slsa-framework/slsa-github-generator (#7160) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: bump otel deps (#7152) * chore: bump otel deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 (#7172) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/docker/distribution (#7171) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](distribution/distribution@v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#7177) Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/zapr/releases) - [Commits](go-logr/zapr@v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/zapr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Add refactor note (#7169) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fixed typo in the v2 to v3 helm migration guide (#7163) * fixed typo in the v2 to v3 helm migration guide Signed-off-by: Richard Parke <richardparke15@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/distribution/distribution (#7178) Bumps [github.com/distribution/distribution](https://github.com/distribution/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/distribution/distribution/releases) - [Commits](distribution/distribution@v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/distribution/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * tweaks (#7166) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logging feature to helm chart (#7181) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor: hide json context from caller (#7139) * refactor: hide json context from caller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add omit-events feature in helm chart (#7185) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: preconditions in mutate existing rules (#7183) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: use structured jsonpatch instead of byte arrays (#7186) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added secret lister Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * changes from review Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added rclientloader to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * refactor changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added RegistryClientLoaderNewOrDie to policy context Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * CI fixes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic for policy variable validation (#7079) * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * check errors Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: remove policy-reporter from dev lab (#7196) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: cleanup controller metrics name (#7198) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: http request metrics (#7197) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * remove unused code (#7203) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * handle Deny rules where conditions eval to true (#7204) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * [Bug] Enforce message wrong (#7208) * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#7207) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@894ff02...eaaf4be) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#7215) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@204a51a...03d0fec) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: panic in reports controller (#7220) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: mutate existing auth check (#7219) * fix auth check when using variables in ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: do not exclude kube-system service accounts by default (#7225) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * docs: add reports system design doc (#6949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#7227) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.1 to 0.27.2. - [Commits](kubernetes/apimachinery@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/cli-runtime from 0.27.1 to 0.27.2 (#7228) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.27.1 to 0.27.2. - [Commits](kubernetes/cli-runtime@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#7229) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@03d0fec...dd6b2e2) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/pod-security-admission from 0.27.1 to 0.27.2 (#7232) Bumps [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission) from 0.27.1 to 0.27.2. - [Commits](kubernetes/pod-security-admission@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/pod-security-admission dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: match logic misbehave (#7218) * add rule name in ur for mutate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix match logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix the match logic to only apply to the new object, unless it's a delete request Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#7240) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#7239) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/kube-aggregator from 0.27.1 to 0.27.2 (#7241) Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.1 to 0.27.2. - [Commits](kubernetes/kube-aggregator@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.2 (#7242) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.27.1 to 0.27.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.27.1...v0.27.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * passing rclientloader directly Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * lazy evaluate vars in conditions (#7238) * lazy evaluate vars in conditions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unnecessary conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/conditions/03-manifests.yaml Signed-off-by: shuting <shutting06@gmail.com> * Update test/conformance/kuttl/validate/clusterpolicy/standard/variables/lazyload/README.md Signed-off-by: shuting <shutting06@gmail.com> * added error check in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * quote image in error (#7259) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: auto update webhooks not configuring fail endpoint (#7261) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix latest version check (#7263) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.0 (#7270) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](svenstaro/upload-release-action@7319e47...58d5258) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.15.0 (#7272) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.15.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.14.6...v0.15.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add yaml util to check empty document (#7276) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#7274) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Azure to ACR Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * go mod fix Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * NIT Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * adding kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * use pointer Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * global client Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * added kubeclient Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added nil kubeclient check Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factory Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * secrets lister Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factories Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: Richard Parke <richardparke15@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <55502281+MariamFahmy98@users.noreply.github.com> Co-authored-by: rparke <50015370+rparke@users.noreply.github.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com> Co-authored-by: Marc Brugger <github@bakito.ch>

fix: mutation code

bab2d99

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly added cherry-pick-required milestone 1.10.0 labels May 4, 2023

eddycharly added this to the Kyverno Release 1.10.0 milestone May 4, 2023

kuttl tests

c729370

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly added 2 commits May 4, 2023 11:15

fix

95fc705

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

fix

3df77dc

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

eddycharly marked this pull request as ready for review May 4, 2023 11:37

eddycharly requested review from chipzoller, realshuting, MarcelMue and treydock as code owners May 4, 2023 11:37

eddycharly mentioned this pull request May 4, 2023

fix: mutation code #7028

Closed

eddycharly enabled auto-merge (squash) May 4, 2023 11:55

chipzoller requested a review from JimBugwadia May 4, 2023 12:25

chipzoller suggested changes May 4, 2023

View reviewed changes

eddycharly mentioned this pull request May 4, 2023

[Enhancement] Add documentation for foreach traversal order kyverno/website#832

Closed

Merge branch 'main' into fix-mutation-foreach-2

d6580ea

realshuting approved these changes May 5, 2023

View reviewed changes

chipzoller self-requested a review May 5, 2023 10:43

chipzoller approved these changes May 5, 2023

View reviewed changes

Merge branch 'main' into fix-mutation-foreach-2

d1b67c8

eddycharly merged commit b9afce9 into kyverno:main May 5, 2023

gcp-cherry-pick-bot bot mentioned this pull request May 5, 2023

fix: mutation code (cherry-pick #7095) #7107

Merged

eddycharly added the cherry-pick-completed The PR was cherry-picked (or merged) to required release branches label May 9, 2023

eddycharly deleted the fix-mutation-foreach-2 branch May 9, 2023 18:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: mutation code #7095

fix: mutation code #7095

Uh oh!

eddycharly commented May 4, 2023 •

edited

Loading

Uh oh!

codecov bot commented May 4, 2023 •

edited

Loading

Uh oh!

eddycharly commented May 4, 2023

Uh oh!

chipzoller commented May 4, 2023

Uh oh!

chipzoller left a comment

Uh oh!

eddycharly commented May 4, 2023

Uh oh!

realshuting left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chipzoller left a comment

Uh oh!

chipzoller commented May 6, 2023

Uh oh!

chipzoller commented May 6, 2023

Uh oh!

chipzoller commented May 6, 2023 •

edited

Loading

Uh oh!

chipzoller commented May 6, 2023

Uh oh!

realshuting commented May 8, 2023

Uh oh!

Uh oh!

fix: mutation code #7095

fix: mutation code #7095

Uh oh!

Conversation

eddycharly commented May 4, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Explanation

Uh oh!

codecov bot commented May 4, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

eddycharly commented May 4, 2023

Uh oh!

chipzoller commented May 4, 2023

Uh oh!

chipzoller left a comment

Choose a reason for hiding this comment

Uh oh!

eddycharly commented May 4, 2023

Uh oh!

realshuting left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chipzoller left a comment

Choose a reason for hiding this comment

Uh oh!

chipzoller commented May 6, 2023

Uh oh!

chipzoller commented May 6, 2023

Uh oh!

chipzoller commented May 6, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

chipzoller commented May 6, 2023

Uh oh!

realshuting commented May 8, 2023

Uh oh!

Uh oh!

eddycharly commented May 4, 2023 •

edited

Loading

codecov bot commented May 4, 2023 •

edited

Loading

chipzoller commented May 6, 2023 •

edited

Loading