bad rebase.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

pkg/cosign/kubernetes/webhook/validation.go

@@ -36,7 +36,7 @@ import (
 	"github.com/sigstore/sigstore/pkg/signature"
 )
 
-func valid(ctx context.Context, ref name.Reference, rekorClient *client.Rekor, keys []*crypto.PublicKey, opts ...ociremote.Option) ([]oci.Signature, error) {
+func valid(ctx context.Context, ref name.Reference, rekorClient *client.Rekor, keys []crypto.PublicKey, opts ...ociremote.Option) ([]oci.Signature, error) {
 	if len(keys) == 0 {
 		// If there are no keys, then verify against the fulcio root.
 		sps, err := validSignaturesWithFulcio(ctx, ref, fulcioroots.Get(), nil /* rekor */, nil /* no identities */, opts...)

test/e2e_test_cluster_image_policy.sh

@@ -135,10 +135,10 @@ kubectl apply -f ./test/testdata/cosigned/e2e/cip-keyless-with-identities.yaml
 sleep 5
 echo '::endgroup::'
 
-# This has correct issuer/subject, so not work
+# This has correct issuer/subject, so should work
 echo '::group:: test job success with identities'
 if ! kubectl create -n demo-keyless-signing job demo-identities-works --image=${demoimage} ; then
-  echo Failed to create Job in namespace without label!
+  echo Failed to create Job in namespace with matching issuer/subject!
   exit 1
 else
   echo Succcessfully created Job with signed image keyless
@@ -171,11 +171,6 @@ mv cosign.key cosign-colocated-signing.key
 mv cosign.pub cosign-colocated-signing.pub
 echo '::endgroup::'
 
-echo '::group:: Create and label new namespace for verification'
-kubectl create namespace demo-key-signing
-kubectl label namespace demo-key-signing cosigned.sigstore.dev/include=true
-echo '::endgroup::'
-
 echo '::group:: Deploy ClusterImagePolicy With Key Signing'
 yq '. | .spec.authorities[0].key.data |= load_str("cosign-colocated-signing.pub")' \
   ./test/testdata/cosigned/e2e/cip-key.yaml | \