kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,992 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Jiahui Feng 6b0a70e192 typed variables support. 
Kubernetes-commit: c03579bfa40dcb39e1ffe24c12f933720e4eb204
 2023-10-04 16:39:24 -07:00
Cici Huang 04b26c4697 ValidatingAdmissionPolicy: support namespace access (#118267) 
* Support namespace access from cel expression in validatingadmissionpolicy.

* Whitelist the exposed fields in namespace object and add test

* better handling of cluster-scoped resources.

* [API REVIEW] namespaceObject in Expression doc.

* compatibility with composition.

* generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh

* workaround namespace of namespace is unexpectedly set.

* basic test coverage for namespaceObject.

---------

Co-authored-by: Jiahui Feng <jhf@google.com>

Kubernetes-commit: 13172cba5c0e1c6a076dbda4aeebbccaf658c7f1
 2023-07-15 01:33:59 +00:00
Jiahui Feng 7eadaa66c4 ValidatingAdmissionPolicy: Variable Composition (#118642) 
* [API REVIEW] Variable Composition

* lazy map.

* variable composition implementation.

* check variables during VAP validation.

* generated: ./hack/update-vendor.sh

* generated: UPDATE_COMPATIBILITY_FIXTURE_DATA

(cd staging/src/k8s.io/api/ && env UPDATE_COMPATIBILITY_FIXTURE_DATA=true go test)

* cost calucation.

* tests for cost calculations.

* e2e test for variables.

* fix doc for Validation.Expression.

* generated: ./hack/update-codegen.sh

* fix missing utilruntime import.

* generated: ./hack/update-openapi-spec.sh

Kubernetes-commit: b635f2a401fd03715f6a33c4a19f11c509c0ce03
 2023-07-14 01:49:55 +00:00
Joe Betz f32e391a45 Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables 
Kubernetes-commit: e740f8340eedc89baccd120329b454a860385e2d
 2023-04-28 14:16:56 -04:00
Jiahui Feng fc16fc2926 implmementing type checking 
with multi-type support.

Kubernetes-commit: feb18b3f5f9d443c27dd8cccb6358f271f887744
 2023-03-07 15:49:19 -08:00
Joe Betz 265820879d Implement validationActions and auditAnnotations 
Kubernetes-commit: d221ddb89a5dde5a6f55674dc38aa71cc842d481
 2023-03-06 17:29:28 -05:00
Cici Huang c4a92f1b65 Apply resource constraints to ValidatingAdmissionPolicy. 
Kubernetes-commit: 244c63a2e6c8d859be8f4c6c23fbe1263dbfab0a
 2023-02-14 06:37:57 +00:00
Joe Betz f094db0dd5 Implement secondary authz 
Kubernetes-commit: 7bbda746fee7ae4e50647099b72c02327525ef7a
 2023-03-06 12:08:14 -05:00
Igor Velichkovich 0b1f199d07 refactor admission cel validator and compiler to be reusable 
Kubernetes-commit: e96ef311872ee6429a54e4580528717238a6816b
 2023-02-15 16:08:59 -06:00