From b1367fd497bbe4d138bf9bd15543c099884736b6 Mon Sep 17 00:00:00 2001
From: shuting <shuting@nirmata.com>
Date: Thu, 17 Nov 2022 19:55:02 +0800
Subject: [PATCH] fix the entry length validation for the verify image rule
 (#5384)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 api/kyverno/v1/image_verification_test.go  | 22 ++++++++++++++++++++++
 api/kyverno/v1/image_verification_types.go |  2 --
 pkg/policy/validate.go                     |  7 -------
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/api/kyverno/v1/image_verification_test.go b/api/kyverno/v1/image_verification_test.go
index 731695fafe..71f3f1964a 100644
--- a/api/kyverno/v1/image_verification_test.go
+++ b/api/kyverno/v1/image_verification_test.go
@@ -180,6 +180,28 @@ func Test_ImageVerification(t *testing.T) {
 				}
 			},
 		},
+		{
+			name: "multiple entries",
+			subject: ImageVerification{
+				ImageReferences: []string{"*"},
+				Attestors: []AttestorSet{
+					{
+						Entries: []Attestor{
+							{
+								Keys: &StaticKeyAttestor{
+									PublicKeys: "key1",
+								},
+							},
+							{
+								Keys: &StaticKeyAttestor{
+									PublicKeys: "key2",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 
 	for _, test := range testCases {
diff --git a/api/kyverno/v1/image_verification_types.go b/api/kyverno/v1/image_verification_types.go
index 71e454e7c5..c4e1ab5eb6 100644
--- a/api/kyverno/v1/image_verification_types.go
+++ b/api/kyverno/v1/image_verification_types.go
@@ -256,8 +256,6 @@ func validateAttestorSet(as *AttestorSet, path *field.Path) (errs field.ErrorLis
 
 	if len(as.Entries) == 0 {
 		errs = append(errs, field.Invalid(path, as, "An entry is required"))
-	} else if len(as.Entries) > 1 {
-		errs = append(errs, field.Invalid(path, as, "Only one entry is currently supported"))
 	}
 
 	entriesPath := path.Child("entries")
diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go
index 63eda46aba..b40edab168 100644
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@@ -293,13 +293,6 @@ func Validate(policy kyvernov1.PolicyInterface, client dclient.Interface, mock b
 				}
 			}
 
-			if rule.HasVerifyImages() {
-				verifyImagePath := rulePath.Child("verifyImages")
-				for index, i := range rule.VerifyImages {
-					errs = append(errs, i.Validate(verifyImagePath.Index(index))...)
-				}
-			}
-
 			if len(errs) != 0 {
 				return warnings, errs.ToAggregate()
 			}