feat(policy): allow generic material kinds#2305
Conversation
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
| } | ||
|
|
||
| // if set, it will match any material supported by Chainloop | ||
| // except those not having a direct schema (STRING, ARTIFACT, EVIDENCE), since their format cannot be guessed by the crafter. |
There was a problem hiding this comment.
I am not sure if ARTIFACT should be also permitted since ARTIFACT is at the same level but opposite than EVIDENCE.
There was a problem hiding this comment.
We want to shift responsibility of handling EVIDENCE to the user because there's no way to verify schema at this point, but at the same time there's no way to validate what the ARTIFACT is, in that way they are similar.
There was a problem hiding this comment.
@jiparis just give it a review, I am ok either way, thanks
There was a problem hiding this comment.
This can be a long discussion. I think that we are giving Evidence and Artifact a semantic that is orthogonal to material kinds. For example, following that convention, a CycloneDX material can be and Evidence at the same time.
Since we are not yet in that stage of the discussion (but I think we will soon), I would just allow EVIDENCE at this point (and maybe STRING), clearly stating in the docs that Artifact is not supported because it's usually an arbitrary format (a binary, a tar.gz ...), whereas Evidences are only supported if they have a JSON format.
| 11 | ||
| ] | ||
| }]; | ||
| // CONTAINER, HELM_CHART are excluded, but we might implement custom policies for them in the future. |
There was a problem hiding this comment.
This comment is not valid anymore. You can remove it (we support policies for both)
| } | ||
|
|
||
| // if set, it will match any material supported by Chainloop | ||
| // except those not having a direct schema (STRING, ARTIFACT, EVIDENCE), since their format cannot be guessed by the crafter. |
There was a problem hiding this comment.
This can be a long discussion. I think that we are giving Evidence and Artifact a semantic that is orthogonal to material kinds. For example, following that convention, a CycloneDX material can be and Evidence at the same time.
Since we are not yet in that stage of the discussion (but I think we will soon), I would just allow EVIDENCE at this point (and maybe STRING), clearly stating in the docs that Artifact is not supported because it's usually an arbitrary format (a binary, a tar.gz ...), whereas Evidences are only supported if they have a JSON format.
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
Allows policy definition for
STRING, EVIDENCEkinds and fixes issue with policy devel eval where these kinds could not be tested before.It should be noted in custom policy documentation that those kinds are now valid.