Alauda DevOps Pipelines Docs
  • English

    • VerificationPolicy [tekton.dev/v1alpha1]

    tekton.dev group

    VerificationPolicy defines the rules to verify Tekton resources. VerificationPolicy can config the mapping from resources to a list of public keys, so when verifying the resources we can use the corresponding public keys.

    v1alpha1 version
    spec object required

    Spec holds the desired state of the VerificationPolicy.

    authorities []object required

    The Authority block defines the keys for validating signatures.

    key object

    Key contains the public key to validate the resource.

    data string

    Data contains the inline public key.

    hashAlgorithm string

    HashAlgorithm always defaults to sha256 if the algorithm hasn't been explicitly set

    kms string

    KMS contains the KMS url of the public key Supported formats differ based on the KMS system used. One example of a KMS url could be: gcpkms://projects/[PROJECT]/locations/[LOCATION]>/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[KEY_VERSION] For more examples please refer https://docs.sigstore.dev/cosign/kms_support. Note that the KMS is not supported yet.

    secretRef object

    SecretRef sets a reference to a secret with the key.

    name string

    name is unique within a namespace to reference a secret resource.

    namespace string

    namespace defines the space within which the secret name must be unique.

    name string required

    Name is the name for this authority.

    mode string

    Mode controls whether a failing policy will fail the taskrun/pipelinerun, or only log the warnings enforce - fail the taskrun/pipelinerun if verification fails (default) warn - don't fail the taskrun/pipelinerun if verification fails but log warnings

    resources []object required

    ResourcePattern defines the pattern of the resource source

    pattern string required

    Pattern defines a resource pattern. Regex is created to filter resources based on Pattern Example patterns: GitHub resource: https://github.com/tektoncd/catalog.git, https://github.com/tektoncd/* Bundle resource: gcr.io/tekton-releases/catalog/upstream/git-clone, gcr.io/tekton-releases/catalog/upstream/* Hub resource: https://artifacthub.io/*,