-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fields in policy CRD #1540
Add fields in policy CRD #1540
Conversation
Signed-off-by: Kavitha Krishnan <krishnanka@vmware.com>
6af1877
to
8e41f74
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesomesauce! Few comments about the datastructures, thanks for splitting out only the API changes.
|
||
// This references a public verification key stored in | ||
// a secret in the cosign-system namespace. | ||
type KeyRef struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider adding a comment stating that exactly one must be specified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
// against which to verify. KeylessRef will contain either the URL to the verifying | ||
// certificate, or it will contain the certificate data inline or in a secret. | ||
type KeylessRef struct { | ||
URL string `json:"url"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto here for the URL
URL *apis.URL json:"url,omitempty"
Codecov Report
@@ Coverage Diff @@
## main #1540 +/- ##
==========================================
- Coverage 26.49% 26.44% -0.05%
==========================================
Files 126 126
Lines 7214 7214
==========================================
- Hits 1911 1908 -3
- Misses 5093 5095 +2
- Partials 210 211 +1
Continue to review full report at Codecov.
|
Signed-off-by: Kavitha Krishnan <krishnanka@vmware.com>
// A KeyRef must specify only one of SecretRef, Data or KMS | ||
type KeyRef struct { | ||
// +optional | ||
SecretRef *v1.SecretReference `json:"secretref,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does allow for the namespace to be specified. I personally like this flexibility, and we can validate if a particular instance does not allow for per-namespace secrets. Just jotting it down, because in the api working group we had talked about the problem of having to manage secrets in many namespaces and decided that the way around that would be restrict that they live in a single namespace to reduce management headaches. This allows us to do both 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Woot! Couple of nits. Thanks for the quick turnaround!
@kkavitha looks like there's a few style issues also, just a heads up. |
Signed-off-by: Kavitha Krishnan <krishnanka@vmware.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for getting this done. Let's get it in so we can start sharding the remaining work. We can always change things if during implementation we find some oopses here.
❤️ Awesome work! |
* Add fields in policy CRD Signed-off-by: Kavitha Krishnan <krishnanka@vmware.com> * [1417] Update policy type Signed-off-by: Kavitha Krishnan <krishnanka@vmware.com> * Fix lint errors;incorporate PR feedback Signed-off-by: Kavitha Krishnan <krishnanka@vmware.com>
Summary
This PR adds fields to the policy CRD
Additional doc: https://docs.google.com/document/d/1gBLEOOHWOmvHVsoJbgGU74GdwA6CGxMRp3MAeEB50l4/edit#heading=h.kvgjd3pmidrj
Ticket Link
Fixes #1417
cc: @mattmoor @hectorj2f @vaikas