From e6f3573f00fe93f930b0780dea96b08d79d6043e Mon Sep 17 00:00:00 2001 From: Ville Aikas Date: Mon, 18 Apr 2022 14:23:07 -0700 Subject: [PATCH] bad rebase. Signed-off-by: Ville Aikas --- pkg/cosign/kubernetes/webhook/validation.go | 2 +- test/e2e_test_cluster_image_policy.sh | 9 ++------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/pkg/cosign/kubernetes/webhook/validation.go b/pkg/cosign/kubernetes/webhook/validation.go index 05301eb4047..8ac6644a687 100644 --- a/pkg/cosign/kubernetes/webhook/validation.go +++ b/pkg/cosign/kubernetes/webhook/validation.go @@ -36,7 +36,7 @@ import ( "github.com/sigstore/sigstore/pkg/signature" ) -func valid(ctx context.Context, ref name.Reference, rekorClient *client.Rekor, keys []*crypto.PublicKey, opts ...ociremote.Option) ([]oci.Signature, error) { +func valid(ctx context.Context, ref name.Reference, rekorClient *client.Rekor, keys []crypto.PublicKey, opts ...ociremote.Option) ([]oci.Signature, error) { if len(keys) == 0 { // If there are no keys, then verify against the fulcio root. sps, err := validSignaturesWithFulcio(ctx, ref, fulcioroots.Get(), nil /* rekor */, nil /* no identities */, opts...) diff --git a/test/e2e_test_cluster_image_policy.sh b/test/e2e_test_cluster_image_policy.sh index 4de2f47bff0..079e59a6a07 100755 --- a/test/e2e_test_cluster_image_policy.sh +++ b/test/e2e_test_cluster_image_policy.sh @@ -135,10 +135,10 @@ kubectl apply -f ./test/testdata/cosigned/e2e/cip-keyless-with-identities.yaml sleep 5 echo '::endgroup::' -# This has correct issuer/subject, so not work +# This has correct issuer/subject, so should work echo '::group:: test job success with identities' if ! kubectl create -n demo-keyless-signing job demo-identities-works --image=${demoimage} ; then - echo Failed to create Job in namespace without label! + echo Failed to create Job in namespace with matching issuer/subject! exit 1 else echo Succcessfully created Job with signed image keyless @@ -171,11 +171,6 @@ mv cosign.key cosign-colocated-signing.key mv cosign.pub cosign-colocated-signing.pub echo '::endgroup::' -echo '::group:: Create and label new namespace for verification' -kubectl create namespace demo-key-signing -kubectl label namespace demo-key-signing cosigned.sigstore.dev/include=true -echo '::endgroup::' - echo '::group:: Deploy ClusterImagePolicy With Key Signing' yq '. | .spec.authorities[0].key.data |= load_str("cosign-colocated-signing.pub")' \ ./test/testdata/cosigned/e2e/cip-key.yaml | \