Fix the conversion too.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
sigstore · Jun 6, 2022 · b0124b9 · b0124b9
1 parent 60a0347
commit b0124b9
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go b/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go
@@ -103,7 +103,7 @@ func (authority *Authority) ConvertTo(ctx context.Context, sink *v1beta1.Authori
 			URL: authority.Keyless.URL.DeepCopy(),
 		}
 		for _, id := range authority.Keyless.Identities {
-			sink.Keyless.Identities = append(sink.Keyless.Identities, v1beta1.Identity{Issuer: id.Issuer, Subject: id.Subject})
+			sink.Keyless.Identities = append(sink.Keyless.Identities, v1beta1.Identity{Issuer: id.Issuer, Subject: id.Subject, IssuerRegExp: id.IssuerRegExp, SubjectRegExp: id.SubjectRegExp})
 		}
 		if authority.Keyless.CACert != nil {
 			sink.Keyless.CACert = &v1beta1.KeyRef{}
@@ -175,7 +175,7 @@ func (authority *Authority) ConvertFrom(ctx context.Context, source *v1beta1.Aut
 			URL: source.Keyless.URL.DeepCopy(),
 		}
 		for _, id := range source.Keyless.Identities {
-			authority.Keyless.Identities = append(authority.Keyless.Identities, Identity{Issuer: id.Issuer, Subject: id.Subject})
+			authority.Keyless.Identities = append(authority.Keyless.Identities, Identity{Issuer: id.Issuer, Subject: id.Subject, IssuerRegExp: id.IssuerRegExp, SubjectRegExp: id.SubjectRegExp})
 		}
 		if source.Keyless.CACert != nil {
 			authority.Keyless.CACert = &KeyRef{}

diff --git a/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion_test.go b/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion_test.go
@@ -47,6 +47,23 @@ func TestConversionRoundTripV1alpha1(t *testing.T) {
 				},
 			},
 		},
+	}, {name: "key and keyless, regexp",
+		in: &ClusterImagePolicy{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "test-cip",
+			},
+			Spec: ClusterImagePolicySpec{
+				Images: []ImagePattern{{Glob: "*"}},
+				Authorities: []Authority{
+					{Key: &KeyRef{
+						SecretRef: &v1.SecretReference{Name: "mysecret"}}},
+					{Keyless: &KeylessRef{
+						Identities: []Identity{{SubjectRegExp: "subjectregexp", IssuerRegExp: "issuerregexp"}},
+						CACert:     &KeyRef{KMS: "kms", Data: "data", SecretRef: &v1.SecretReference{Name: "secret"}},
+					}},
+				},
+			},
+		},
 	}, {name: "source and attestations",
 		in: &ClusterImagePolicy{
 			ObjectMeta: metav1.ObjectMeta{