Skip to content

Commit

Permalink
Merge pull request #1656 from binbin-li/template-result
Browse files Browse the repository at this point in the history 
chore: rephrase failure result in constraint template
  • Loading branch information
@binbin-li
binbin-li authored Jul 26, 2024
2 parents c10fab6 + 6f92077 commit b8f0e29
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 18 deletions.
8 changes: 4 additions & 4 deletions docs/design/Config Policy Provider Refactor.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ spec:
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
failed_verify(subject_validation[1].nestedReports)
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
libs:
- |
Expand Down Expand Up @@ -309,7 +309,7 @@ spec:
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
failed_verify(subject_validation[1].nestedReports)
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
libs:
- |
Expand Down Expand Up @@ -367,7 +367,7 @@ spec:
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
failed_verify(subject_validate[1])
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
libs:
- |
Expand Down Expand Up @@ -466,7 +466,7 @@ spec:
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
failed_verify(subject_validate[1])
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
# check if there is an invalid subject
Expand Down
10 changes: 5 additions & 5 deletions library/default/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
- target: admission.k8s.gatekeeper.sh
rego: |
package ratifyverification
# Get data from Ratify
remote_data := response {
images := [img | img = input.review.object.spec.containers[_].image]
Expand All @@ -26,23 +26,23 @@ spec:
violation[{"msg": msg}] {
general_violation[{"result": msg}]
}
# Check if there are any system errors
general_violation[{"result": result}] {
err := remote_data.system_error
err != ""
result := sprintf("System error calling external data provider: %s", [err])
}
# Check if there are errors for any of the images
general_violation[{"result": result}] {
count(remote_data.errors) > 0
result := sprintf("Error validating one or more images: %s", remote_data.errors)
}
# Check if the success criteria is true
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
subject_validation[1].isSuccess == false
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
2 changes: 1 addition & 1 deletion library/multi-tenancy-validation/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,5 @@ spec:
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
subject_validation[1].isSuccess == false
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
12 changes: 6 additions & 6 deletions library/notation-issuer-validation/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
- target: admission.k8s.gatekeeper.sh
rego: |
package notationissuervalidation
# Get data from Ratify
remote_data := response {
images := [img | img = input.review.object.spec.containers[_].image]
Expand All @@ -32,25 +32,25 @@ spec:
violation[{"msg": msg}] {
general_violation[{"result": msg}]
}
# Check if there are any system errors
general_violation[{"result": result}] {
err := remote_data.system_error
err != ""
result := sprintf("System error calling external data provider: %s", [err])
}
# Check if there are errors for any of the images
general_violation[{"result": result}] {
count(remote_data.errors) > 0
result := sprintf("Error validating one or more images: %s", remote_data.errors)
}
# Check if the success criteria is true
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
subject_validation[1].isSuccess == false
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
# Check that signature result for Issuer exists
Expand All @@ -62,7 +62,7 @@ spec:
count(issuer_results) == 0
result := sprintf("Subject %s has no signatures for certificate with Issuer: %s", [subject_results[0], input.parameters.issuer])
}
# Check for valid signature
general_violation[{"result": result}] {
subject_results := remote_data.responses[_]
Expand Down
3 changes: 1 addition & 2 deletions library/notation-nested-validation/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
subject_validation := remote_data.responses[_]
subject_result := subject_validation[1]
failed_verify(subject_result)
result := sprintf("Subject failed verification: %s", [subject_validation[0]])
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
}
failed_verify(reports) if {
Expand Down Expand Up @@ -85,4 +85,3 @@ spec:
]
number := count(sigs)
}

0 comments on commit b8f0e29

Please sign in to comment.