Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add best practices policies in CEL expressions #925

Merged
merged 69 commits into from
Jun 3, 2024
Merged

feat: add best practices policies in CEL expressions #925

merged 69 commits into from
Jun 3, 2024

Commits on Mar 6, 2024

  1. copy restrict-node-port 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    747b0e8 View commit details
    Browse the repository at this point in the history

  2. convert restrict-node-port to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    9a4eca2 View commit details
    Browse the repository at this point in the history

  3. move resource files to test folders to avoid cross referencing 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    c87dea8 View commit details
    Browse the repository at this point in the history

  4. copy require-labels 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    66550fb View commit details
    Browse the repository at this point in the history

  5. convert require-labels to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    a19e614 View commit details
    Browse the repository at this point in the history

  6. copy restrict-service-external-ips 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    793c146 View commit details
    Browse the repository at this point in the history

Commits on Mar 7, 2024

  1. convert restrict-service-external-ips to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    7a0fc6a View commit details
    Browse the repository at this point in the history

  2. copy require-ro-rootfs 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    2466c52 View commit details
    Browse the repository at this point in the history

  3. convert require-ro-rootfs to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    8ca2823 View commit details
    Browse the repository at this point in the history

  4. copy restrict-image-registries 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    cc534a2 View commit details
    Browse the repository at this point in the history

  5. convert restrict-image-registries to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    70c4712 View commit details
    Browse the repository at this point in the history

  6. copy disallow-latest-tag 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    9cbc613 View commit details
    Browse the repository at this point in the history

  7. convert disallow-latest-tag to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    7266245 View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2024

  1. copy disallow-default-namespace 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    56680c9 View commit details
    Browse the repository at this point in the history

  2. convert disallow-default-namespace to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    deefeee View commit details
    Browse the repository at this point in the history

  3. copy disallow-helm-tiller 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    c0b203a View commit details
    Browse the repository at this point in the history

  4. convert disallow-helm-tiller to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    2908df9 View commit details
    Browse the repository at this point in the history

Commits on Mar 9, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @Chandan-DK
    Chandan-DK authored Mar 9, 2024
    Configuration menu
    Copy the full SHA
    5291e6d View commit details
    Browse the repository at this point in the history

  2. copy disallow-empty-ingress-host 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 9, 2024
    Configuration menu
    Copy the full SHA
    cc5a3da View commit details
    Browse the repository at this point in the history

  3. set original disallow-empty-ingress-host to Audit 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 9, 2024
    Configuration menu
    Copy the full SHA
    13f8cb5 View commit details
    Browse the repository at this point in the history

  4. convert disallow-empty-ingress-host to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 9, 2024
    Configuration menu
    Copy the full SHA
    b29888f View commit details
    Browse the repository at this point in the history

  5. patch cel policy to set it to Enforce in chainsaw test 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 9, 2024
    Configuration menu
    Copy the full SHA
    1347c26 View commit details
    Browse the repository at this point in the history

Commits on Mar 10, 2024

  1. fix: update semantically wrong chainsaw test resources in original re… 

    …quire-drop-all policy

Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    638431a View commit details
    Browse the repository at this point in the history

  2. copy require-drop-all 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    c1cf234 View commit details
    Browse the repository at this point in the history

  3. convert require-drop-all to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    625ee8e View commit details
    Browse the repository at this point in the history

  4. update workflow to test policies in best-practices-cel folder 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    0283264 View commit details
    Browse the repository at this point in the history

  5. fix duplicate container names in require-probes chainsaw test 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    e206f7c View commit details
    Browse the repository at this point in the history

  6. copy require-probes 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    c3b399e View commit details
    Browse the repository at this point in the history

  7. convert require-probes to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 10, 2024
    Configuration menu
    Copy the full SHA
    13f20c0 View commit details
    Browse the repository at this point in the history

Commits on Mar 14, 2024

  1. require-ro-rootfs: fix selector does not match template labels 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    3405d61 View commit details
    Browse the repository at this point in the history

  2. require-ro-rootfs: fix duplicate container names 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    6f0f536 View commit details
    Browse the repository at this point in the history

  3. disallow-helm-tiller: fix invalid container naming 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    28a0b2b View commit details
    Browse the repository at this point in the history

  4. require-labels: fix selector does not match template labels 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    4deb30c View commit details
    Browse the repository at this point in the history

  5. restrict-image-registries: fix selector does not match template labels 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    1ee5e25 View commit details
    Browse the repository at this point in the history

  6. Merge branch 'main' into convert-best-practices-to-cel

    @Chandan-DK
    Chandan-DK authored Mar 14, 2024
    Configuration menu
    Copy the full SHA
    9527da4 View commit details
    Browse the repository at this point in the history

  7. rename file for clarity 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    e809be1 View commit details
    Browse the repository at this point in the history

  8. copy disallow-cri-sock-mount 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    62fc668 View commit details
    Browse the repository at this point in the history

  9. convert disallow-cri-sock-mount to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    f26b1b2 View commit details
    Browse the repository at this point in the history

  10. remove duplicate expressins in require-drop-all 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    9579075 View commit details
    Browse the repository at this point in the history

  11. rename file for clarity 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    46574a1 View commit details
    Browse the repository at this point in the history

  12. require-drop-cap-net-raw: fix duplicate container names 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    2d25227 View commit details
    Browse the repository at this point in the history

  13. copy require-drop-cap-net-raw 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 14, 2024
    Configuration menu
    Copy the full SHA
    de2993a View commit details
    Browse the repository at this point in the history

Commits on Mar 15, 2024

  1. rename pods to distinguish them 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    057814d View commit details
    Browse the repository at this point in the history

  2. convert require-drop-cap-net-raw to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    618b7c8 View commit details
    Browse the repository at this point in the history

  3. copy require-pod-requests-limits 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    1fc12c0 View commit details
    Browse the repository at this point in the history

  4. convert require-pod-requests-limits to cel 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    fdb9a00 View commit details
    Browse the repository at this point in the history

  5. rename files for clarity 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    ffe9192 View commit details
    Browse the repository at this point in the history

  6. add new line at end of file where not present 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    f3f84ec View commit details
    Browse the repository at this point in the history

  7. calculate digests 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    42808ba View commit details
    Browse the repository at this point in the history

  8. add new lines 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    c13bf5a View commit details
    Browse the repository at this point in the history

  9. update digests 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    6298f7e View commit details
    Browse the repository at this point in the history

  10. remove celPreconditions until it behaves as expected 

    Related to issue kyverno/kyverno#9884

Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    b71dc85 View commit details
    Browse the repository at this point in the history

  11. update digests 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    8bef250 View commit details
    Browse the repository at this point in the history

Commits on Mar 16, 2024

  1. remove wrong test step 

    The update to goodpod01 fails not due to Kyverno blocking it,
but rather because Kubernetes doesn't permit such modifications on pods.

Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 16, 2024
    Configuration menu
    Copy the full SHA
    48675be View commit details
    Browse the repository at this point in the history

Commits on Mar 18, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @chipzoller
    chipzoller authored Mar 18, 2024
    Configuration menu
    Copy the full SHA
    8c6b717 View commit details
    Browse the repository at this point in the history

Commits on Mar 25, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @MariamFahmy98
    MariamFahmy98 authored Mar 25, 2024
    Configuration menu
    Copy the full SHA
    db6f0a4 View commit details
    Browse the repository at this point in the history

  2. use variables to remove duplicate logic 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 25, 2024
    Configuration menu
    Copy the full SHA
    51a0c3e View commit details
    Browse the repository at this point in the history

Commits on Mar 26, 2024

  1. remove unnecessary whitespace in require-ro-rootfs 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    cc3be8a View commit details
    Browse the repository at this point in the history

  2. use namespaceObject variable 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    734f9f2 View commit details
    Browse the repository at this point in the history

Commits on Apr 4, 2024

  1. Combine expressions into 1 rule to generate VAPs 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Apr 4, 2024
    Configuration menu
    Copy the full SHA
    9f493ed View commit details
    Browse the repository at this point in the history

Commits on Apr 19, 2024

  1. copy kyverno tests for disallow-default-namespace 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed Apr 19, 2024
    Configuration menu
    Copy the full SHA
    8e133b7 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into convert-best-practices-to-cel

    @Chandan-DK
    Chandan-DK authored Apr 19, 2024
    Configuration menu
    Copy the full SHA
    bc57d09 View commit details
    Browse the repository at this point in the history

Commits on May 15, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @JimBugwadia
    JimBugwadia authored May 15, 2024
    Configuration menu
    Copy the full SHA
    044a419 View commit details
    Browse the repository at this point in the history

Commits on May 16, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @MariamFahmy98
    MariamFahmy98 authored May 16, 2024
    Configuration menu
    Copy the full SHA
    bb48b70 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into convert-best-practices-to-cel

    @MariamFahmy98
    MariamFahmy98 authored May 16, 2024
    Configuration menu
    Copy the full SHA
    6a71ee2 View commit details
    Browse the repository at this point in the history

Commits on May 22, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @MariamFahmy98
    MariamFahmy98 authored May 22, 2024
    Configuration menu
    Copy the full SHA
    cad31da View commit details
    Browse the repository at this point in the history

Commits on May 30, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @MariamFahmy98
    MariamFahmy98 authored May 30, 2024
    Configuration menu
    Copy the full SHA
    3cda1d5 View commit details
    Browse the repository at this point in the history

  2. fix issue caused in cel policies tests due to chainsaw templating 

    Signed-off-by: Chandan-DK <[email protected]>
    @Chandan-DK
    Chandan-DK committed May 30, 2024
    Configuration menu
    Copy the full SHA
    d6ad7cd View commit details
    Browse the repository at this point in the history

Commits on Jun 3, 2024

  1. Merge branch 'main' into convert-best-practices-to-cel

    @MariamFahmy98
    MariamFahmy98 authored Jun 3, 2024
    Configuration menu
    Copy the full SHA
    8ca2e18 View commit details
    Browse the repository at this point in the history