VerificationPolicy [tekton.dev/v1alpha1]

Description: VerificationPolicy defines the rules to verify Tekton resources. VerificationPolicy can config the mapping from resources to a list of public keys, so when verifying the resources we can use the corresponding public keys.
Type: object
Required: spec

Specification

Property	Type	Description
`apiVersion`	`string`	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
`kind`	`string`	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`metadata`	`ObjectMeta`	ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
`spec`	`object`	Spec holds the desired state of the VerificationPolicy.

.spec

Description: Spec holds the desired state of the VerificationPolicy.
Type: object
Required: authoritiesresources

Property	Type	Description
`authorities`	`array`	Authorities defines the rules for validating signatures.
`mode`	`string`	Mode controls whether a failing policy will fail the taskrun/pipelinerun, or only log the warnings enforce - fail the taskrun/pipelinerun if verification fails (default) warn - don't fail the taskrun/pipelinerun if verification fails but log warnings
`resources`	`array`	Resources defines the patterns of resources sources that should be subject to this policy. For example, we may want to apply this Policy from a certain GitHub repo. Then the ResourcesPattern should be valid regex. E.g. If using gitresolver, and we want to config keys from a certain git repo. `ResourcesPattern` can be `https://github.com/tektoncd/catalog.git`, we will use regex to filter out those resources.

.spec.authorities

Description: Authorities defines the rules for validating signatures.
Type: array

.spec.authorities[]

Description: The Authority block defines the keys for validating signatures.
Type: object
Required: name

Property	Type	Description
`key`	`object`	Key contains the public key to validate the resource.
`name`	`string`	Name is the name for this authority.

.spec.authorities[].key

Description: Key contains the public key to validate the resource.
Type: object

Property	Type	Description
`data`	`string`	Data contains the inline public key.
`hashAlgorithm`	`string`	HashAlgorithm always defaults to sha256 if the algorithm hasn't been explicitly set
`kms`	`string`	KMS contains the KMS url of the public key Supported formats differ based on the KMS system used. One example of a KMS url could be: gcpkms://projects/[PROJECT]/locations/[LOCATION]>/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[KEY_VERSION] For more examples please refer https://docs.sigstore.dev/cosign/kms_support. Note that the KMS is not supported yet.
`secretRef`	`object`	SecretRef sets a reference to a secret with the key.

.spec.authorities[].key.secretRef

Description: SecretRef sets a reference to a secret with the key.
Type: object

Property	Type	Description
`name`	`string`	name is unique within a namespace to reference a secret resource.
`namespace`	`string`	namespace defines the space within which the secret name must be unique.

.spec.resources

Description: Resources defines the patterns of resources sources that should be subject to this policy. For example, we may want to apply this Policy from a certain GitHub repo. Then the ResourcesPattern should be valid regex. E.g. If using gitresolver, and we want to config keys from a certain git repo. `ResourcesPattern` can be `https://github.com/tektoncd/catalog.git`, we will use regex to filter out those resources.
Type: array

.spec.resources[]

Description: ResourcePattern defines the pattern of the resource source
Type: object
Required: pattern

Property	Type	Description
`pattern`	`string`	Pattern defines a resource pattern. Regex is created to filter resources based on `Pattern` Example patterns: GitHub resource: https://github.com/tektoncd/catalog.git, https://github.com/tektoncd/* Bundle resource: gcr.io/tekton-releases/catalog/upstream/git-clone, gcr.io/tekton-releases/catalog/upstream/* Hub resource: https://artifacthub.io/*,

API Endpoints

The following API endpoints are available:

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies
- DELETE: delete collection of VerificationPolicy
- GET: list objects of kind VerificationPolicy
- POST: create a new VerificationPolicy
/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies/{name}
- DELETE: delete the specified VerificationPolicy
- GET: read the specified VerificationPolicy
- PATCH: partially update the specified VerificationPolicy
- PUT: replace the specified VerificationPolicy

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies

HTTP method: DELETE
Description: delete collection of VerificationPolicy
HTTP responses

HTTP code	Response body
200 - OK	`Status` schema
401 - Unauthorized	Empty

HTTP method: GET
Description: list objects of kind VerificationPolicy
HTTP responses

HTTP code	Response body
200 - OK	`VerificationPolicyList` schema
401 - Unauthorized	Empty

HTTP method: POST
Description: create a new VerificationPolicy

Query parameters

Parameter	Type	Description
`dryRun`	`string`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldValidation`	`string`	fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Body parameters

Parameter	Type	Description
`body`	`VerificationPolicy` schema	`application/json` formatted

HTTP responses

HTTP code	Response body
200 - OK	`VerificationPolicy` schema
201 - Created	`VerificationPolicy` schema
202 - Accepted	`VerificationPolicy` schema
401 - Unauthorized	Empty

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies/{name}

HTTP method: DELETE
Description: delete the specified VerificationPolicy

Query parameters

Parameter	Type	Description
`dryRun`	`string`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

HTTP responses

HTTP code	Response body
200 - OK	`Status` schema
202 - Accepted	`Status` schema
401 - Unauthorized	Empty

HTTP method: GET
Description: read the specified VerificationPolicy
HTTP responses

HTTP code	Response body
200 - OK	`VerificationPolicy` schema
401 - Unauthorized	Empty

HTTP method: PATCH
Description: partially update the specified VerificationPolicy

Query parameters

Parameter	Type	Description
`dryRun`	`string`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldValidation`	`string`	fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

HTTP responses

HTTP code	Response body
200 - OK	`VerificationPolicy` schema
401 - Unauthorized	Empty

HTTP method: PUT
Description: replace the specified VerificationPolicy

Query parameters

Parameter	Type	Description
`dryRun`	`string`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldValidation`	`string`	fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Body parameters

Parameter	Type	Description
`body`	`VerificationPolicy` schema	`application/json` formatted

HTTP responses

HTTP code	Response body
200 - OK	`VerificationPolicy` schema
201 - Created	`VerificationPolicy` schema
401 - Unauthorized	Empty

#VerificationPolicy [tekton.dev/v1alpha1]

Specification#

.spec#

.spec.authorities#

.spec.authorities[]#

.spec.authorities[].key#

.spec.authorities[].key.secretRef#

.spec.resources#

.spec.resources[]#

API Endpoints#

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies#

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies/{name}#

VerificationPolicy [tekton.dev/v1alpha1]

Specification

.spec

.spec.authorities

.spec.authorities[]

.spec.authorities[].key

.spec.authorities[].key.secretRef

.spec.resources

.spec.resources[]

API Endpoints

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies

/apis/tekton.dev/v1alpha1/namespaces/{namespace}/verificationpolicies/{name}