fix: transfer image verify iamges to kyverno (#11340)

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestation-invalid-attestor/pod.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestation-invalid-attestor/policy.yaml

@@ -18,7 +18,7 @@ spec:
       verifyImages:
       - failureAction: Enforce
         imageReferences:
-        - "ghcr.io/chipzoller/zulu*"
+        - "ghcr.io/kyverno/zulu*"
         attestations:
         - type: https://slsa.dev/provenance/v0.2
           attestors: 

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestation-regexp/pod.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestation-regexp/policy.yaml

@@ -18,7 +18,7 @@ spec:
       verifyImages:
       - failureAction: Enforce
         imageReferences:
-        - "ghcr.io/chipzoller/zulu*"
+        - "ghcr.io/kyverno/zulu*"
         attestations:
         - type: https://slsa.dev/provenance/v0.2
           attestors: 

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/policy.yaml

@@ -32,6 +32,6 @@ spec:
             value: true
         predicateType: https://slsa.dev/provenance/v0.2
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce
   webhookTimeoutSeconds: 30

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/policy.yaml

@@ -32,6 +32,6 @@ spec:
             value: true
         predicateType: cosign.sigstore.dev/attestation/vuln/v1
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce
   webhookTimeoutSeconds: 30

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/pod.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/policy.yaml

@@ -32,6 +32,6 @@ spec:
             value: true
         predicateType: cosign.sigstore.dev/attestation/vuln/v1
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce
   webhookTimeoutSeconds: 30

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-4/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-4/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-4/policy.yaml

@@ -23,5 +23,5 @@ spec:
             value: true
         predicateType: https://slsa.dev/provenance/v0.2
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/policy.yaml

@@ -40,6 +40,6 @@ spec:
             value: true
         predicateType: https://slsa.dev/provenance/v0.2
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce
   webhookTimeoutSeconds: 30

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/pod.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/policy.yaml

@@ -40,6 +40,6 @@ spec:
             value: true
         predicateType: https://slsa.dev/provenance/v0.2
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce
   webhookTimeoutSeconds: 30

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/pod.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/policy.yaml

@@ -39,6 +39,6 @@ spec:
             value: true
         predicateType: https://slsa.dev/provenance/v0.2
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       failureAction: Enforce
   webhookTimeoutSeconds: 30

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-image-invalid-attestor/pod.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-image-invalid-attestor/policy.yaml

@@ -18,7 +18,7 @@ spec:
       verifyImages:
       - failureAction: Enforce
         imageReferences:
-        - "ghcr.io/chipzoller/zulu:*"
+        - "ghcr.io/kyverno/zulu:*"
         attestors:
         - count: 1
           entries:

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14
+  - image: ghcr.io/kyverno/zulu:v0.0.14
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/policy.yaml

@@ -21,7 +21,7 @@ spec:
               url: https://rekor.sigstore.dev
             subject: https://github.com/chipzoller/zulu/.github/workflows/slsa-generic-keyless.yaml@refs/tags/v*
       imageReferences:
-      - ghcr.io/chipzoller/zulu:*
+      - ghcr.io/kyverno/zulu:*
       mutateDigest: true
       required: true
       verifyDigest: true

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu
+  - image: ghcr.io/kyverno/zulu
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu:latest":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu:latest":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu
+  - image: ghcr.io/kyverno/zulu
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/policy.yaml

@@ -21,7 +21,7 @@ spec:
               url: https://rekor.sigstore.dev
             subject: https://github.com/chipzoller/zulu/.github/workflows/slsa-generic-keyless.yaml@refs/tags/v*
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       mutateDigest: false
       required: false
       verifyDigest: false

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/chainsaw-step-02-apply-1.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu
+  - image: ghcr.io/kyverno/zulu
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/chainsaw-step-02-assert-1.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Pod
 metadata:
   annotations:
-    kyverno.io/verify-images: '{"ghcr.io/chipzoller/zulu:latest":"pass"}'
+    kyverno.io/verify-images: '{"ghcr.io/kyverno/zulu:latest":"pass"}'
   name: zulu
   namespace: default
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu
+  - image: ghcr.io/kyverno/zulu
     name: zulu

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/policy.yaml

@@ -21,7 +21,7 @@ spec:
               url: https://rekor.sigstore.dev
             subject: https://github.com/chipzoller/zulu/.github/workflows/slsa-generic-keyless.yaml@refs/tags/v*
       imageReferences:
-      - ghcr.io/chipzoller/zulu*
+      - ghcr.io/kyverno/zulu*
       mutateDigest: false
       required: true
       verifyDigest: false

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/skip-image-reference/bad.yaml

@@ -7,7 +7,7 @@ metadata:
   namespace: exclude-refs
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: test
     resources: {}
   - image: ghcr.io/kyverno/kyverno:latest

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/skip-image-reference/policy.yaml

@@ -55,7 +55,7 @@ spec:
         imageReferences:
         - "ghcr.io/*"
         skipImageReferences:
-        - "ghcr.io/chipzoller*"
+        - "ghcr.io/kyverno*"
         failureAction: Enforce
         attestors:
         - count: 1

test/conformance/chainsaw/verifyImages/clusterpolicy/standard/skip-image-reference/skipped.yaml

@@ -7,7 +7,7 @@ metadata:
   namespace: exclude-refs
 spec:
   containers:
-  - image: ghcr.io/chipzoller/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
+  - image: ghcr.io/kyverno/zulu:v0.0.14@sha256:476b21f1a75dc90fac3579ee757f4607bb5546f476195cf645c54badf558c0db
     name: test
     resources: {}
   dnsPolicy: ClusterFirst