Alauda DevOps Pipelines Docs
简体中文

VerificationPolicy [tekton.dev/v1alpha1]

tekton.dev group

VerificationPolicy defines the rules to verify Tekton resources. VerificationPolicy can config the mapping from resources to a list of public keys, so when verifying the resources we can use the corresponding public keys.

v1alpha1 version
spec object required

Spec holds the desired state of the VerificationPolicy.

authorities []object required

The Authority block defines the keys for validating signatures.

key object

Key contains the public key to validate the resource.

data string

Data contains the inline public key.

hashAlgorithm string

HashAlgorithm always defaults to sha256 if the algorithm hasn't been explicitly set

kms string

KMS contains the KMS url of the public key Supported formats differ based on the KMS system used. One example of a KMS url could be: gcpkms://projects/[PROJECT]/locations/[LOCATION]>/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[KEY_VERSION] For more examples please refer https://docs.sigstore.dev/cosign/kms_support. Note that the KMS is not supported yet.

secretRef object

SecretRef sets a reference to a secret with the key.

name string

name is unique within a namespace to reference a secret resource.

namespace string

namespace defines the space within which the secret name must be unique.

name string required

Name is the name for this authority.

mode string

Mode controls whether a failing policy will fail the taskrun/pipelinerun, or only log the warnings enforce - fail the taskrun/pipelinerun if verification fails (default) warn - don't fail the taskrun/pipelinerun if verification fails but log warnings

resources []object required

ResourcePattern defines the pattern of the resource source

pattern string required

Pattern defines a resource pattern. Regex is created to filter resources based on Pattern Example patterns: GitHub resource: https://github.com/tektoncd/catalog.git, https://github.com/tektoncd/* Bundle resource: gcr.io/tekton-releases/catalog/upstream/git-clone, gcr.io/tekton-releases/catalog/upstream/* Hub resource: https://artifacthub.io/*,