mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
ef06833613
* add new attribute ".verifyImages.attestations.attestors" Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update CRDs Signed-off-by: ShutingZhao <shuting@nirmata.com> * support multiple subjects for attestations Signed-off-by: ShutingZhao <shuting@nirmata.com> * - fix entries check; - refactors code Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * - allow both attestors and attestations; - make attestations.attestor optional Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the invalid test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix empty attestor Signed-off-by: ShutingZhao <shuting@nirmata.com> * add cleanup steps Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update api/kyverno/v1/image_verification_types.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> |
||
|---|---|---|
| .. | ||
| 01-assert.yaml | ||
| 01-manifests.yaml | ||
| 02-script.yaml | ||
| 03-errors.yaml | ||
| 99-cleanup.yaml | ||
| pod.yaml | ||
| README.md | ||
Description
Verify image attestations with the given predicateType and attestors. The image has multiple signatures for different predicateTypes.
Expected Behavior
Given the defined predicateType, the matching attestor entries must greater than or equal to the count specified in the rule. This test has one valid attestor which is less than the specified count, so the pod creation should be blocked.