fix the entry length validation for the verify image rule (#5384)

Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2022-11-17 19:55:02 +08:00 · 2022-11-17 19:55:02 +08:00 · b1367fd497
commit b1367fd497
parent 6fe8a4ae07
3 changed files with 22 additions and 9 deletions
--- a/api/kyverno/v1/image_verification_test.go
+++ b/api/kyverno/v1/image_verification_test.go
@ -180,6 +180,28 @@ func Test_ImageVerification(t *testing.T) {
 				}
 			},
 		},
+		{
+			name: "multiple entries",
+			subject: ImageVerification{
+				ImageReferences: []string{"*"},
+				Attestors: []AttestorSet{
+					{
+						Entries: []Attestor{
+							{
+								Keys: &StaticKeyAttestor{
+									PublicKeys: "key1",
+								},
+							},
+							{
+								Keys: &StaticKeyAttestor{
+									PublicKeys: "key2",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 	}

 	for _, test := range testCases {
--- a/api/kyverno/v1/image_verification_types.go
+++ b/api/kyverno/v1/image_verification_types.go
@ -256,8 +256,6 @@ func validateAttestorSet(as *AttestorSet, path *field.Path) (errs field.ErrorLis

 	if len(as.Entries) == 0 {
 		errs = append(errs, field.Invalid(path, as, "An entry is required"))
-	} else if len(as.Entries) > 1 {
-		errs = append(errs, field.Invalid(path, as, "Only one entry is currently supported"))
 	}

 	entriesPath := path.Child("entries")
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@ -293,13 +293,6 @@ func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock b
 				}
 			}

-			if rule.HasVerifyImages() {
-				verifyImagePath := rulePath.Child("verifyImages")
-				for index, i := range rule.VerifyImages {
-					errs = append(errs, i.Validate(verifyImagePath.Index(index))...)
-				}
-			}
-
 			if len(errs) != 0 {
 				return warnings, errs.ToAggregate()
 			}