-
Notifications
You must be signed in to change notification settings - Fork 798
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Add imageExtractors support for trimming image scheme #6055
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
Happy to work on this if approved. |
Could we do that with jmespath ? |
I guess we need to add the prefix back when mutating the resource though. |
I like the idea of adding an optional @bdun1013 - would that work? However, we would still need to address @eddycharly's question on how to handle mutate digest, when the image reference is transformed. |
@JimBugwadia Adding an optional In regards to image digest mutation, we could add a caveat that if |
Signed-off-by: bdunnigan <bdunnigan@clarityinnovates.com>
Sounds good. We should also be able to add a validation check for that. I've assigned the issue to you - let us know if you need any help. |
Signed-off-by: bdunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
@JimBugwadia @eddycharly #6183 should be good to go. |
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Abhishek Sawan <sawanabhi157@gmail.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Abhishek Sawan <sawanabhi157@gmail.com>
Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: bdunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Problem Statement
I would like to verify a KubeVirt Containerized Data Importer DataVolume's source image from a registry using the Verify Images Policy.
A DataVolume's spec.source.registry.url is "the url of the registry source (starting with the scheme: docker, oci-archive)". The scheme (docker://) is the problem when verifying the DataVolume custom resource using this feature.
For example, with this ClusterPolicy in place:
applying the example registry image DataVolume
produces the following error:
Solution Description
I would like to see the the image extractor code updated to trim the scheme for an image if the image has a scheme. If the image value parses to a URI, then trim the scheme and return the rest of the image value.
Alternatives
Alternatives to trimming the scheme could be:
docker://
from the image string if it starts withdocker://
rules.imageExtractors.trimPrefix
to the ClusterPolicy spec and optional trim that prefix it is there for the imageAdditional Context
No response
Slack discussion
No response
Research
The text was updated successfully, but these errors were encountered: