[cosigned] Enforce authority key errors #1642
Labels
enhancement
New feature or request
Comments
|
@DennyHoang I am not sure. Why don't we attempt to parse the content of KeyRef.Data into a ecdsa.PublicKey when creating/update the ClusterImagePolicy resource ? That way we won't need to parse it when validating every single PodSpec. |
|
Closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
With the implementation of #1623, we currently only warn on errors and do not actually error out when there are issues with getting and using authority keys so that it does not introduce breaking behavior.
When we enforce the new clusterimagepolicy resource and the authority keys, we should update these lines to add to
errsinstead of a Warn log.Tracking that we should enforce fail on errors once full migration to using clusterimagepolicy is done.
cc: @hectorj2f @vaikas
The text was updated successfully, but these errors were encountered: