github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,481 Commits 1 Branch 31 Tags 1,019 MiB
76a94fd836
Commit Graph

72 Commits

Author SHA1 Message Date
Jiahui Feng
33c3fe3f74 differentiate kinds of expressions. 2023-03-20 12:13:21 -07:00
Max Smythe
e5fd204c33
Custom match criteria (#116350) 
* Add custom match conditions for CEL admission

This PR is based off of, and dependent on the following PR:

https://github.com/kubernetes/kubernetes/pull/116261

Signed-off-by: Max Smythe <smythe@google.com>

* run `make update`

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Update compatibility test data

Signed-off-by: Max Smythe <smythe@google.com>

* Revert "Update compatibility test data"

This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.

* Allow params during validation; make match conditions optional

Signed-off-by: Max Smythe <smythe@google.com>

* Add conditional ignoring of matcher CEL expression validation on update

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Add more validation tests

Signed-off-by: Max Smythe <smythe@google.com>

* Short-circuit CEL matcher when no matchers specified

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Address review comments

Signed-off-by: Max Smythe <smythe@google.com>

---------

Signed-off-by: Max Smythe <smythe@google.com>
 2023-03-15 17:23:15 -07:00
Igor Velichkovich
5e5b3029f3
Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen
 2023-03-14 20:28:26 -07:00
Jiahui Feng
68ac7acbce [API REVIEW] ValidatingAdmissionPolicyStatus 2023-03-07 15:43:34 -08:00
Jiahui Feng
d8be7aa9ca implement message expression. 2023-03-08 17:36:11 -08:00
Joe Betz
d221ddb89a Implement validationActions and auditAnnotations 2023-03-06 21:51:27 -05:00
Cici Huang
244c63a2e6 Apply resource constraints to ValidatingAdmissionPolicy. 2023-03-06 20:43:59 +00:00
Joe Betz
7bbda746fe Implement secondary authz 2023-03-06 12:08:14 -05:00
Igor Velichkovich
e96ef31187 refactor admission cel validator and compiler to be reusable 2023-03-01 18:46:45 -06:00
Cici Huang
40c21dafcd Rename admission cel package to validatingadmissionpolicy 2022-11-10 03:37:30 +00:00
Jordan Liggitt
fc69084bf1
Update workload selector validation 2022-11-07 20:52:02 -05:00
Manjusaka
0843c4dfca
Add extra value validation for matchExpression field in LabelSelector 2022-11-07 20:48:21 -05:00
Kubernetes Prow Robot
595ea32411
Merge pull request #113314 from cici37/celIntegration 
CEL validation in Admission chain
 2022-11-07 17:08:33 -08:00
Cici Huang
0486e06261 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 2022-11-07 20:51:51 +00:00
Tim Hockin
6d4241fe5d
Clarify a few validation messages 2022-09-19 16:14:37 -07:00
Kubernetes Prow Robot
cfb2219ded
Merge pull request #107175 from roycaihw/doc/webhook-rule-validation 
Fix examples of admission registration rules that contain wildcards
 2022-02-09 15:35:44 -08:00
guoyao
d9f99489ee fix duplicate webhook insert operation 
Signed-off-by: guoyao <1015105054@qq.com>
 2022-01-05 08:59:13 +08:00
Haowei Cai
8ddd030cd9 Fix examples of rules with wildcard 2021-12-21 16:46:54 -08:00
Jordan Liggitt
befffd1565 Drop legacy validation logic for admission registration 2021-08-09 12:37:18 -04:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Kubernetes Prow Robot
cc14d5f3a1
Merge pull request #94338 from JeremyShih/fix-golint-error-in-admissionregistration 
fixed golint error in pkg/apis/admissionregistration/validation
 2020-09-02 10:37:19 -07:00
Matthew Fenwick
d407129cf7 modify DNS-1123 error messages to indicate that RFC 1123 is not followed exactly 2020-09-02 08:04:04 -04:00
Jeremy Shih
4ee5cdc838 fixed golint error in pkg/apis/admissionregistration 2020-08-31 09:43:51 +08:00
Jordan Liggitt
eedf063599 Allow v1 review versions in 1.17+ 2019-09-13 13:52:28 -04:00
Jordan Liggitt
190c926d1f Limit v1 webhooks to None and NoneOnDryRun side effects classes 2019-08-06 20:54:06 -04:00
Jordan Liggitt
649ee4f2d0 Clarify accepted versions skew requirements, update field documentation 2019-08-01 17:17:42 -04:00
Jordan Liggitt
b15aed6409 Generated 2019-07-10 17:38:09 -04:00
Jordan Liggitt
2dd7910442 Add mutatingwebhook validation tests 2019-07-10 17:38:09 -04:00
Jordan Liggitt
08b15d32f7 Require webhook names to be unique in v1 2019-07-10 17:38:09 -04:00
Jordan Liggitt
6c3891a25f Remove default admissionReviewVersions in v1, make required in validation 2019-07-10 17:38:09 -04:00
Jordan Liggitt
9dcc722d2e Remove default sideEffects in v1, make required in validation 2019-07-10 17:38:08 -04:00
Chao Xu
70f1b052e3 api 2019-05-30 16:46:00 -07:00
Joe Betz
95fa928ecb Add mutating admission webhook reinvocation 2019-05-30 14:31:09 -07:00
Joe Betz
55ecc45455 split admissionregistration.v1beta1/Webhook into MutatingWebhook and ValidatingWebhook 2019-05-30 14:31:09 -07:00
Jordan Liggitt
b6fa0f5b0f AdmissionRegistration API changes: MatchPolicy 2019-05-28 14:26:06 -04:00
Daniel (Shijun) Qian
5268f69405 fix duplicated imports of k8s code (#77484) 
* fix duplicated imports of api/core/v1

* fix duplicated imports of client-go/kubernetes

* fix duplicated imports of rest code

* change import name to more reasonable
 2019-05-08 10:12:47 -07:00
Mehdy Bohlool
11f37d757f Add port to ServiceResolvers 2019-04-08 00:19:52 -07:00
Mehdy Bohlool
404e2f7a30 Add port to ServiceReference of Admission Webhooks, ConversionWebhooks and AuditSync with defaulter and validator 2019-04-08 00:18:36 -07:00
Mehdy Bohlool
cbe00023c0 Update generated files 2019-03-07 21:00:29 -08:00
Mehdy Bohlool
f7dff4725f Add AdmissionReviewVersions to admissionregistration and default it 2019-03-07 15:02:16 -08:00
Jordan Liggitt
0797d81222 Add scope restrictions to webhook admission rules 2019-03-05 00:30:12 +00:00
Haowei Cai
ad0d523d6e tests 2019-02-26 14:44:31 -08:00
Haowei Cai
1cd9162c15 default and validation 2019-02-26 14:41:43 -08:00
Nguyen Hai Truong
34961dc16c trivial fix typo: resouce -> resource 
Although it is spelling mistakes, it might make an affects while reading.

Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>
 2019-02-15 02:05:28 -08:00
Jordan Liggitt
dc1fa870bf Remove alpha InitializerConfiguration types, Initializers admission plugin 2019-01-23 11:37:39 -05:00
Mehdy Bohlool
e27096cdb4 Update generated files 2018-10-31 14:47:13 -07:00
Mehdy Bohlool
1587d189cb Refactor webhookclientConfig validation of admission and audit registration 2018-10-31 11:14:47 -07:00
Patrick Barker
381d0a5d14 adds dynamic audit api 2018-10-16 06:46:34 -06:00
jennybuckley
2d0ec48f9b Support dry run in admission webhooks 2018-08-22 16:26:47 -07:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00