github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 23:37:01 +00:00
Code Issues Projects Releases Wiki Activity
115,151 Commits 42 Branches 7,905 Tags 1.3 GiB
master
Commit Graph

163 Commits

Author SHA1 Message Date
Jiahui Feng
33c3fe3f74 differentiate kinds of expressions. 2023-03-20 12:13:21 -07:00
Max Smythe
e5fd204c33
Custom match criteria (#116350) 
* Add custom match conditions for CEL admission

This PR is based off of, and dependent on the following PR:

https://github.com/kubernetes/kubernetes/pull/116261

Signed-off-by: Max Smythe <smythe@google.com>

* run `make update`

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Update compatibility test data

Signed-off-by: Max Smythe <smythe@google.com>

* Revert "Update compatibility test data"

This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.

* Allow params during validation; make match conditions optional

Signed-off-by: Max Smythe <smythe@google.com>

* Add conditional ignoring of matcher CEL expression validation on update

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Add more validation tests

Signed-off-by: Max Smythe <smythe@google.com>

* Short-circuit CEL matcher when no matchers specified

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Address review comments

Signed-off-by: Max Smythe <smythe@google.com>

---------

Signed-off-by: Max Smythe <smythe@google.com>
 2023-03-15 17:23:15 -07:00
Igor Velichkovich
5e5b3029f3
Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen
 2023-03-14 20:28:26 -07:00
Jiahui Feng
deb467261c generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh 2023-03-13 19:44:28 -07:00
Jiahui Feng
68ac7acbce [API REVIEW] ValidatingAdmissionPolicyStatus 2023-03-07 15:43:34 -08:00
Jiahui Feng
1fff4949bd generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh 2023-03-10 09:03:49 -08:00
Jiahui Feng
d8be7aa9ca implement message expression. 2023-03-08 17:36:11 -08:00
Jiahui Feng
f4ee476a3c [API REVIEW] Validation.MessageExpression 2023-03-08 16:18:42 -08:00
Kubernetes Prow Robot
48e4052fc0
Merge pull request #114902 from TommyStarK/pkg-apis/replace-deprecated-pointer-function 
pkg/apis: Replace deprecated pointer function
 2023-03-09 21:34:15 -08:00
Joe Betz
932a4d9724 Generate code 2023-03-06 21:51:33 -05:00
Joe Betz
d221ddb89a Implement validationActions and auditAnnotations 2023-03-06 21:51:27 -05:00
Cici Huang
244c63a2e6 Apply resource constraints to ValidatingAdmissionPolicy. 2023-03-06 20:43:59 +00:00
Joe Betz
7bbda746fe Implement secondary authz 2023-03-06 12:08:14 -05:00
Igor Velichkovich
e96ef31187 refactor admission cel validator and compiler to be reusable 2023-03-01 18:46:45 -06:00
TommyStarK
c242e647ae pkg/apis: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-08 13:14:37 +01:00
Cici Huang
40c21dafcd Rename admission cel package to validatingadmissionpolicy 2022-11-10 03:37:30 +00:00
Jordan Liggitt
fc69084bf1
Update workload selector validation 2022-11-07 20:52:02 -05:00
Manjusaka
0843c4dfca
Add extra value validation for matchExpression field in LabelSelector 2022-11-07 20:48:21 -05:00
Kubernetes Prow Robot
595ea32411
Merge pull request #113314 from cici37/celIntegration 
CEL validation in Admission chain
 2022-11-07 17:08:33 -08:00
Cici Huang
19b2df8715 API - make update 
API - Auto update

API - make update

API - make update
 2022-11-07 20:51:52 +00:00
Cici Huang
0486e06261 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 2022-11-07 20:51:51 +00:00
Cici Huang
f8de127789 Rename copy to v1alpha1 2022-11-03 01:19:04 +00:00
Cici Huang
e830e606d5 Copy over admissionregistration v1 to v1alpha1 2022-11-03 01:19:03 +00:00
Tim Hockin
6d4241fe5d
Clarify a few validation messages 2022-09-19 16:14:37 -07:00
Kubernetes Prow Robot
cfb2219ded
Merge pull request #107175 from roycaihw/doc/webhook-rule-validation 
Fix examples of admission registration rules that contain wildcards
 2022-02-09 15:35:44 -08:00
guoyao
d9f99489ee fix duplicate webhook insert operation 
Signed-off-by: guoyao <1015105054@qq.com>
 2022-01-05 08:59:13 +08:00
Haowei Cai
8ddd030cd9 Fix examples of rules with wildcard 2021-12-21 16:46:54 -08:00
Stephen Augustus
481cf6fbe7
generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-08-24 15:47:49 -04:00
Jordan Liggitt
87a4e082ac Change defaulter-gen input to package path 2021-08-14 11:00:18 -04:00
Jordan Liggitt
befffd1565 Drop legacy validation logic for admission registration 2021-08-09 12:37:18 -04:00
Jordan Liggitt
4515889574 Prefer v1 storage versions 2021-03-02 12:06:13 -05:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
James Munnelly
69ddaf194f Fix doc comment typo on validating & mutating webhook resources 2020-11-27 10:41:46 +00:00
Kubernetes Prow Robot
cc14d5f3a1
Merge pull request #94338 from JeremyShih/fix-golint-error-in-admissionregistration 
fixed golint error in pkg/apis/admissionregistration/validation
 2020-09-02 10:37:19 -07:00
Matthew Fenwick
d407129cf7 modify DNS-1123 error messages to indicate that RFC 1123 is not followed exactly 2020-09-02 08:04:04 -04:00
Jeremy Shih
4ee5cdc838 fixed golint error in pkg/apis/admissionregistration 2020-08-31 09:43:51 +08:00
Arghya Sadhu
f6da54511f Fix typo in admission webhook 2019-10-29 19:25:22 +05:30
Jordan Liggitt
eedf063599 Allow v1 review versions in 1.17+ 2019-09-13 13:52:28 -04:00
misakazhou
f0323a2030 Fix broken link to api-conventions doc. 
Signed-off-by: misakazhou <misakazhou@tencent.com>
 2019-08-29 08:35:16 +08:00
Jordan Liggitt
190c926d1f Limit v1 webhooks to None and NoneOnDryRun side effects classes 2019-08-06 20:54:06 -04:00
Jordan Liggitt
649ee4f2d0 Clarify accepted versions skew requirements, update field documentation 2019-08-01 17:17:42 -04:00
Jordan Liggitt
b15aed6409 Generated 2019-07-10 17:38:09 -04:00
Jordan Liggitt
0eeef7c2e6 Add defaulting tests 2019-07-10 17:38:09 -04:00
Jordan Liggitt
2dd7910442 Add mutatingwebhook validation tests 2019-07-10 17:38:09 -04:00
Jordan Liggitt
08b15d32f7 Require webhook names to be unique in v1 2019-07-10 17:38:09 -04:00
Jordan Liggitt
6c3891a25f Remove default admissionReviewVersions in v1, make required in validation 2019-07-10 17:38:09 -04:00
Jordan Liggitt
9dcc722d2e Remove default sideEffects in v1, make required in validation 2019-07-10 17:38:08 -04:00
Jordan Liggitt
7543b2ef55 Change default timeout to 10 seconds 2019-07-10 17:38:08 -04:00
Jordan Liggitt
08433067c3 Change default matchPolicy to Equivalent in v1 2019-07-10 17:38:08 -04:00
Jordan Liggitt
e050590182 Change default failurePolicy to Fail in v1 2019-07-08 09:49:29 -04:00