From 42f95f6afd7e1a945f4eb6e66868ebc2dd280b00 Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Wed, 13 Dec 2023 03:29:33 +0000 Subject: [PATCH 1/6] adding version --- api/v1beta1/store_types.go | 6 ++++-- api/v1beta1/verifier_types.go | 7 +++++-- .../crds/store-customresourcedefinition.yaml | 8 +++++++- .../verifier-customresourcedefinition.yaml | 9 ++++++++- charts/ratify/templates/store.yaml | 1 + charts/ratify/templates/verifier.yaml | 4 ++++ config/config.go | 5 +++++ ...g.ratify.deislabs.io_certificatestores.yaml | 2 +- .../config.ratify.deislabs.io_stores.yaml | 6 ++++++ .../config.ratify.deislabs.io_verifiers.yaml | 7 +++++++ pkg/controllers/store_controller.go | 11 +++++++---- pkg/controllers/verifier_controller.go | 18 ++++++++++-------- 12 files changed, 65 insertions(+), 19 deletions(-) diff --git a/api/v1beta1/store_types.go b/api/v1beta1/store_types.go index c9de67757..738189094 100644 --- a/api/v1beta1/store_types.go +++ b/api/v1beta1/store_types.go @@ -23,10 +23,12 @@ import ( // StoreSpec defines the desired state of Store type StoreSpec struct { - // Important: Run "make" to regenerate code after modifying this file + // Important: Run "make install-crds" to regenerate code after modifying this file // Name of the store - Name string `json:"name,omitempty"` + Name string `json:"name"` + // Version of the store plugin + Version string `json:"version"` // Plugin path, optional Address string `json:"address,omitempty"` // OCI Artifact source to download the plugin from, optional diff --git a/api/v1beta1/verifier_types.go b/api/v1beta1/verifier_types.go index 41668b09c..509aafa85 100644 --- a/api/v1beta1/verifier_types.go +++ b/api/v1beta1/verifier_types.go @@ -26,10 +26,13 @@ type VerifierSpec struct { // Important: Run "make" to regenerate code after modifying this file // Name of the verifier - Name string `json:"name,omitempty"` + Name string `json:"name"` + + // Version of the verifier plugin + Version string `json:"version"` // The type of artifact this verifier handles - ArtifactTypes string `json:"artifactTypes,omitempty"` + ArtifactTypes string `json:"artifactTypes"` // # Optional. URL/file path Address string `json:"address,omitempty"` diff --git a/charts/ratify/crds/store-customresourcedefinition.yaml b/charts/ratify/crds/store-customresourcedefinition.yaml index cfef6bbcf..7f7a19190 100644 --- a/charts/ratify/crds/store-customresourcedefinition.yaml +++ b/charts/ratify/crds/store-customresourcedefinition.yaml @@ -15,7 +15,7 @@ spec: scope: Cluster versions: - deprecated: true - deprecationWarning: v1alpha1 of the eraser API has been deprecated. Please migrate + deprecationWarning: v1alpha1 of the Store API has been deprecated. Please migrate to v1beta1. name: v1alpha1 schema: @@ -108,6 +108,12 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object + version: + description: Version of the store plugin + type: string + required: + - name + - version type: object status: description: StoreStatus defines the observed state of Store diff --git a/charts/ratify/crds/verifier-customresourcedefinition.yaml b/charts/ratify/crds/verifier-customresourcedefinition.yaml index f5da1f4d0..837138dfe 100644 --- a/charts/ratify/crds/verifier-customresourcedefinition.yaml +++ b/charts/ratify/crds/verifier-customresourcedefinition.yaml @@ -15,7 +15,7 @@ spec: scope: Cluster versions: - deprecated: true - deprecationWarning: v1alpha1 of the eraser API has been deprecated. Please migrate + deprecationWarning: v1alpha1 of the Verifier API has been deprecated. Please migrate to v1beta1. name: v1alpha1 schema: @@ -114,6 +114,13 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object + version: + description: Version of the verifier plugin + type: string + required: + - artifactTypes + - name + - version type: object status: description: VerifierStatus defines the observed state of Verifier diff --git a/charts/ratify/templates/store.yaml b/charts/ratify/templates/store.yaml index 0af78a2d8..665a75c73 100644 --- a/charts/ratify/templates/store.yaml +++ b/charts/ratify/templates/store.yaml @@ -7,6 +7,7 @@ metadata: helm.sh/hook-weight: "5" spec: name: oras + version: 1.0.0 parameters: {{- if .Values.oras.useHttp }} useHttp: true diff --git a/charts/ratify/templates/verifier.yaml b/charts/ratify/templates/verifier.yaml index 5682d1df5..93b9c5c81 100644 --- a/charts/ratify/templates/verifier.yaml +++ b/charts/ratify/templates/verifier.yaml @@ -9,6 +9,7 @@ metadata: helm.sh/hook-weight: "5" spec: name: notation + version: 1.0.0 artifactTypes: application/vnd.cncf.notary.signature parameters: verificationCertStores: @@ -49,6 +50,7 @@ metadata: helm.sh/hook-weight: "5" spec: name: cosign + version: 1.0.0 artifactTypes: application/vnd.dev.cosign.artifact.sig.v1+json parameters: key: /usr/local/ratify-certs/cosign/cosign.pub @@ -64,6 +66,7 @@ metadata: helm.sh/hook-weight: "5" spec: name: vulnerabilityreport + version: 1.0.0 artifactTypes: application/sarif+json parameters: {{- if .Values.vulnerabilityreport.notaryProjectSignatureRequired }} @@ -103,6 +106,7 @@ metadata: name: verifier-sbom spec: name: sbom + version: 2.0.0-alpha.1 artifactTypes: application/spdx+json parameters: {{- if gt (len .Values.sbom.disallowedPackages) 0 }} diff --git a/config/config.go b/config/config.go index 92a31f2c6..901a0eb74 100644 --- a/config/config.go +++ b/config/config.go @@ -140,6 +140,11 @@ func GetDefaultPluginPath() string { return defaultPluginsPath } +// returns default plugin version of 1.0.0 +func GetDefaultPluginVersion() string { + return "1.0.0" +} + // GetLoggerConfig returns logger configuration from config file at specified path. func GetLoggerConfig(configFilePath string) (logger.Config, error) { config, err := Load(configFilePath) diff --git a/config/crd/bases/config.ratify.deislabs.io_certificatestores.yaml b/config/crd/bases/config.ratify.deislabs.io_certificatestores.yaml index ffd466817..abafa948b 100644 --- a/config/crd/bases/config.ratify.deislabs.io_certificatestores.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_certificatestores.yaml @@ -111,7 +111,7 @@ spec: format: date-time type: string properties: - description: provider specific parameters of the each individual certificate + description: provider specific properties of the each individual certificate type: object x-kubernetes-preserve-unknown-fields: true required: diff --git a/config/crd/bases/config.ratify.deislabs.io_stores.yaml b/config/crd/bases/config.ratify.deislabs.io_stores.yaml index d64f7109a..b042b8483 100644 --- a/config/crd/bases/config.ratify.deislabs.io_stores.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_stores.yaml @@ -109,6 +109,12 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object + version: + description: Version of the store plugin + type: string + required: + - name + - version type: object status: description: StoreStatus defines the observed state of Store diff --git a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml index 6d10254a0..59dee5771 100644 --- a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml @@ -115,6 +115,13 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object + version: + description: Version of the verifier plugin + type: string + required: + - artifactTypes + - name + - version type: object status: description: VerifierStatus defines the observed state of Verifier diff --git a/pkg/controllers/store_controller.go b/pkg/controllers/store_controller.go index a12b89af4..306a46614 100644 --- a/pkg/controllers/store_controller.go +++ b/pkg/controllers/store_controller.go @@ -94,14 +94,17 @@ func storeAddOrReplace(spec configv1beta1.StoreSpec, fullname string) error { if err != nil { return fmt.Errorf("unable to convert store spec to store config, err: %w", err) } - // factory only support a single version of configuration today - // when we support multi version store CRD, we will also pass in the corresponding config version so factory can create different version of the object - storeConfigVersion := "1.0.0" + + if len(spec.Version) == 0 { + spec.Version = config.GetDefaultPluginVersion() + logrus.Infof("Version was empty, setting to default version: %v", spec.Version) + } + if spec.Address == "" { spec.Address = config.GetDefaultPluginPath() logrus.Infof("Address was empty, setting to default path %v", spec.Address) } - storeReference, err := sf.CreateStoreFromConfig(storeConfig, storeConfigVersion, []string{spec.Address}) + storeReference, err := sf.CreateStoreFromConfig(storeConfig, spec.Version, []string{spec.Address}) if err != nil || storeReference == nil { logrus.Error(err, "store factory failed to create store from store config") diff --git a/pkg/controllers/verifier_controller.go b/pkg/controllers/verifier_controller.go index f8f6ff829..9f1ba9941 100644 --- a/pkg/controllers/verifier_controller.go +++ b/pkg/controllers/verifier_controller.go @@ -102,15 +102,18 @@ func verifierAddOrReplace(spec configv1beta1.VerifierSpec, objectName string, na logrus.Error(err, "unable to convert crd specification to verifier config") return fmt.Errorf("unable to convert crd specification to verifier config, err: %w", err) } - // verifier factory only support a single version of configuration today - // when we support multi version verifier CRD, we will also pass in the corresponding config version so factory can create different version of the object - verifierConfigVersion := "1.0.0" // TODO: move default values to defaulting webhook in the future #413 + + if len(spec.Version) == 0 { + spec.Version = config.GetDefaultPluginVersion() + logrus.Infof("Version was empty, setting to default version: %v", spec.Version) + } + if spec.Address == "" { spec.Address = config.GetDefaultPluginPath() logrus.Infof("Address was empty, setting to default path: %v", spec.Address) } - referenceVerifier, err := vf.CreateVerifierFromConfig(verifierConfig, verifierConfigVersion, []string{spec.Address}, namespace) + referenceVerifier, err := vf.CreateVerifierFromConfig(verifierConfig, spec.Version, []string{spec.Address}, namespace) if err != nil || referenceVerifier == nil { logrus.Error(err, "unable to create verifier from verifier config") @@ -156,10 +159,9 @@ func (r *VerifierReconciler) SetupWithManager(mgr ctrl.Manager) error { // Historically certStore defined in trust policy only contains name which means the CertStore cannot be uniquely identified // If verifierNamesapce is not empty, this method returns the default cert store namespace else returns the ratify deployed namespace -func getCertStoreNamespace(verifierNamesapce string) (string, error) { - // first, check if we can use the verifier namespace - if verifierNamesapce != "" { - return verifierNamesapce, nil +func getCertStoreNamespace(verifierNamespace string) (string, error) { + if verifierNamespace != "" { + return verifierNamespace, nil } // next, return the ratify deployed namespace From 9f4ca7495334313a306bf75bfa3fb76ad1516920 Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Wed, 13 Dec 2023 04:32:37 +0000 Subject: [PATCH 2/6] make optional --- api/v1beta1/store_types.go | 2 +- api/v1beta1/verifier_types.go | 4 ++-- charts/ratify/crds/store-customresourcedefinition.yaml | 1 - charts/ratify/crds/verifier-customresourcedefinition.yaml | 1 - config/crd/bases/config.ratify.deislabs.io_stores.yaml | 1 - config/crd/bases/config.ratify.deislabs.io_verifiers.yaml | 1 - 6 files changed, 3 insertions(+), 7 deletions(-) diff --git a/api/v1beta1/store_types.go b/api/v1beta1/store_types.go index 738189094..6687e1b75 100644 --- a/api/v1beta1/store_types.go +++ b/api/v1beta1/store_types.go @@ -28,7 +28,7 @@ type StoreSpec struct { // Name of the store Name string `json:"name"` // Version of the store plugin - Version string `json:"version"` + Version string `json:"version,omitempty"` // Plugin path, optional Address string `json:"address,omitempty"` // OCI Artifact source to download the plugin from, optional diff --git a/api/v1beta1/verifier_types.go b/api/v1beta1/verifier_types.go index 509aafa85..6de3cd1a9 100644 --- a/api/v1beta1/verifier_types.go +++ b/api/v1beta1/verifier_types.go @@ -23,13 +23,13 @@ import ( // VerifierSpec defines the desired state of Verifier type VerifierSpec struct { - // Important: Run "make" to regenerate code after modifying this file + // Important: Run "make install-crds" to regenerate code after modifying this file // Name of the verifier Name string `json:"name"` // Version of the verifier plugin - Version string `json:"version"` + Version string `json:"version,omitempty"` // The type of artifact this verifier handles ArtifactTypes string `json:"artifactTypes"` diff --git a/charts/ratify/crds/store-customresourcedefinition.yaml b/charts/ratify/crds/store-customresourcedefinition.yaml index 7f7a19190..e20bb1bdb 100644 --- a/charts/ratify/crds/store-customresourcedefinition.yaml +++ b/charts/ratify/crds/store-customresourcedefinition.yaml @@ -113,7 +113,6 @@ spec: type: string required: - name - - version type: object status: description: StoreStatus defines the observed state of Store diff --git a/charts/ratify/crds/verifier-customresourcedefinition.yaml b/charts/ratify/crds/verifier-customresourcedefinition.yaml index 837138dfe..4942a3d22 100644 --- a/charts/ratify/crds/verifier-customresourcedefinition.yaml +++ b/charts/ratify/crds/verifier-customresourcedefinition.yaml @@ -120,7 +120,6 @@ spec: required: - artifactTypes - name - - version type: object status: description: VerifierStatus defines the observed state of Verifier diff --git a/config/crd/bases/config.ratify.deislabs.io_stores.yaml b/config/crd/bases/config.ratify.deislabs.io_stores.yaml index b042b8483..da9d345c0 100644 --- a/config/crd/bases/config.ratify.deislabs.io_stores.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_stores.yaml @@ -114,7 +114,6 @@ spec: type: string required: - name - - version type: object status: description: StoreStatus defines the observed state of Store diff --git a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml index 59dee5771..206034f47 100644 --- a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml @@ -121,7 +121,6 @@ spec: required: - artifactTypes - name - - version type: object status: description: VerifierStatus defines the observed state of Verifier From 3a0209a647ed558aed42a6be3e7b70715493f7c4 Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Thu, 14 Dec 2023 00:23:38 +0000 Subject: [PATCH 3/6] updating crd --- charts/ratify/crds/store-customresourcedefinition.yaml | 8 ++++---- charts/ratify/crds/verifier-customresourcedefinition.yaml | 6 +++--- charts/ratify/templates/verifier.yaml | 2 +- charts/ratify/values.yaml | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/ratify/crds/store-customresourcedefinition.yaml b/charts/ratify/crds/store-customresourcedefinition.yaml index e20bb1bdb..d89da8b93 100644 --- a/charts/ratify/crds/store-customresourcedefinition.yaml +++ b/charts/ratify/crds/store-customresourcedefinition.yaml @@ -92,6 +92,9 @@ spec: name: description: Name of the store type: string + version: + description: Version of the store plugin + type: string parameters: description: Parameters of the store type: object @@ -107,10 +110,7 @@ spec: source, optional type: object x-kubernetes-preserve-unknown-fields: true - type: object - version: - description: Version of the store plugin - type: string + type: object required: - name type: object diff --git a/charts/ratify/crds/verifier-customresourcedefinition.yaml b/charts/ratify/crds/verifier-customresourcedefinition.yaml index 4942a3d22..764e96066 100644 --- a/charts/ratify/crds/verifier-customresourcedefinition.yaml +++ b/charts/ratify/crds/verifier-customresourcedefinition.yaml @@ -98,6 +98,9 @@ spec: name: description: Name of the verifier type: string + version: + description: Version of the verifier plugin + type: string parameters: description: Parameters for this verifier type: object @@ -114,9 +117,6 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object - version: - description: Version of the verifier plugin - type: string required: - artifactTypes - name diff --git a/charts/ratify/templates/verifier.yaml b/charts/ratify/templates/verifier.yaml index 93b9c5c81..8604849e7 100644 --- a/charts/ratify/templates/verifier.yaml +++ b/charts/ratify/templates/verifier.yaml @@ -106,7 +106,7 @@ metadata: name: verifier-sbom spec: name: sbom - version: 2.0.0-alpha.1 + version: 2.0.0-alpha.2 artifactTypes: application/spdx+json parameters: {{- if gt (len .Values.sbom.disallowedPackages) 0 }} diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index 9aff78369..fabac6bdb 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -1,7 +1,7 @@ image: - repository: ghcr.io/deislabs/ratify - crdRepository: ghcr.io/deislabs/ratify-crds - tag: v1.1.0 + repository: hcr.io/susanshi/ratify-dev + crdRepository: ghcr.io/susanshi/ratify-crds-dev + tag: dev.20231213.9f4ca74 pullPolicy: IfNotPresent nameOverride: "" From b49768a9ed5a522f3784909d6240a36db0ef18d2 Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Thu, 14 Dec 2023 23:53:20 +0000 Subject: [PATCH 4/6] adding version to deny template --- charts/ratify/templates/verifier.yaml | 2 +- charts/ratify/values.yaml | 6 +++--- config/samples/config_v1beta1_verifier_sbom_deny.yaml | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/ratify/templates/verifier.yaml b/charts/ratify/templates/verifier.yaml index 8604849e7..93b9c5c81 100644 --- a/charts/ratify/templates/verifier.yaml +++ b/charts/ratify/templates/verifier.yaml @@ -106,7 +106,7 @@ metadata: name: verifier-sbom spec: name: sbom - version: 2.0.0-alpha.2 + version: 2.0.0-alpha.1 artifactTypes: application/spdx+json parameters: {{- if gt (len .Values.sbom.disallowedPackages) 0 }} diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index fabac6bdb..9aff78369 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -1,7 +1,7 @@ image: - repository: hcr.io/susanshi/ratify-dev - crdRepository: ghcr.io/susanshi/ratify-crds-dev - tag: dev.20231213.9f4ca74 + repository: ghcr.io/deislabs/ratify + crdRepository: ghcr.io/deislabs/ratify-crds + tag: v1.1.0 pullPolicy: IfNotPresent nameOverride: "" diff --git a/config/samples/config_v1beta1_verifier_sbom_deny.yaml b/config/samples/config_v1beta1_verifier_sbom_deny.yaml index 0106e40c8..9497d3350 100644 --- a/config/samples/config_v1beta1_verifier_sbom_deny.yaml +++ b/config/samples/config_v1beta1_verifier_sbom_deny.yaml @@ -4,6 +4,7 @@ metadata: name: verifier-sbom spec: name: sbom + version: 2.0.0-alpha.1 artifactTypes: application/spdx+json parameters: disallowedLicenses: From f92e74b88129beebf4ad4e09066ebc08c5becc55 Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Fri, 15 Dec 2023 00:13:50 +0000 Subject: [PATCH 5/6] fix comment --- config/crd/bases/config.ratify.deislabs.io_stores.yaml | 6 +++--- config/crd/bases/config.ratify.deislabs.io_verifiers.yaml | 8 ++++---- pkg/controllers/verifier_controller.go | 3 ++- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/config/crd/bases/config.ratify.deislabs.io_stores.yaml b/config/crd/bases/config.ratify.deislabs.io_stores.yaml index da9d345c0..4f0e9a8ec 100644 --- a/config/crd/bases/config.ratify.deislabs.io_stores.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_stores.yaml @@ -93,6 +93,9 @@ spec: name: description: Name of the store type: string + version: + description: Version of the store plugin + type: string parameters: description: Parameters of the store type: object @@ -109,9 +112,6 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object - version: - description: Version of the store plugin - type: string required: - name type: object diff --git a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml index 206034f47..2895ce4e3 100644 --- a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml @@ -99,6 +99,9 @@ spec: name: description: Name of the verifier type: string + version: + description: Version of the verifier plugin + type: string parameters: description: Parameters for this verifier type: object @@ -114,10 +117,7 @@ spec: source, optional type: object x-kubernetes-preserve-unknown-fields: true - type: object - version: - description: Version of the verifier plugin - type: string + type: object required: - artifactTypes - name diff --git a/pkg/controllers/verifier_controller.go b/pkg/controllers/verifier_controller.go index 9f1ba9941..ee59fb6e0 100644 --- a/pkg/controllers/verifier_controller.go +++ b/pkg/controllers/verifier_controller.go @@ -158,8 +158,9 @@ func (r *VerifierReconciler) SetupWithManager(mgr ctrl.Manager) error { } // Historically certStore defined in trust policy only contains name which means the CertStore cannot be uniquely identified -// If verifierNamesapce is not empty, this method returns the default cert store namespace else returns the ratify deployed namespace +// If verifierNamespace is not empty, this method returns the default cert store namespace else returns the ratify deployed namespace func getCertStoreNamespace(verifierNamespace string) (string, error) { + // first, check if we can use the verifier namespace as the cert store namespace if verifierNamespace != "" { return verifierNamespace, nil } From ec12652fc81f7d376d28a27544f3f1a66c536ad7 Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Tue, 19 Dec 2023 06:22:03 +0000 Subject: [PATCH 6/6] adding comments --- api/v1beta1/store_types.go | 2 +- api/v1beta1/verifier_types.go | 2 +- charts/ratify/crds/store-customresourcedefinition.yaml | 2 +- charts/ratify/crds/verifier-customresourcedefinition.yaml | 2 +- config/crd/bases/config.ratify.deislabs.io_stores.yaml | 4 ++-- config/crd/bases/config.ratify.deislabs.io_verifiers.yaml | 6 +++--- pkg/controllers/store_controller.go | 1 + 7 files changed, 10 insertions(+), 9 deletions(-) diff --git a/api/v1beta1/store_types.go b/api/v1beta1/store_types.go index 6687e1b75..d47eadf11 100644 --- a/api/v1beta1/store_types.go +++ b/api/v1beta1/store_types.go @@ -27,7 +27,7 @@ type StoreSpec struct { // Name of the store Name string `json:"name"` - // Version of the store plugin + // Version of the store plugin. Optional Version string `json:"version,omitempty"` // Plugin path, optional Address string `json:"address,omitempty"` diff --git a/api/v1beta1/verifier_types.go b/api/v1beta1/verifier_types.go index 6de3cd1a9..6f3c6e141 100644 --- a/api/v1beta1/verifier_types.go +++ b/api/v1beta1/verifier_types.go @@ -28,7 +28,7 @@ type VerifierSpec struct { // Name of the verifier Name string `json:"name"` - // Version of the verifier plugin + // Version of the verifier plugin. Optional Version string `json:"version,omitempty"` // The type of artifact this verifier handles diff --git a/charts/ratify/crds/store-customresourcedefinition.yaml b/charts/ratify/crds/store-customresourcedefinition.yaml index d89da8b93..8827fa0b0 100644 --- a/charts/ratify/crds/store-customresourcedefinition.yaml +++ b/charts/ratify/crds/store-customresourcedefinition.yaml @@ -93,7 +93,7 @@ spec: description: Name of the store type: string version: - description: Version of the store plugin + description: Version of the store plugin. Optional type: string parameters: description: Parameters of the store diff --git a/charts/ratify/crds/verifier-customresourcedefinition.yaml b/charts/ratify/crds/verifier-customresourcedefinition.yaml index 764e96066..ccaaddc0e 100644 --- a/charts/ratify/crds/verifier-customresourcedefinition.yaml +++ b/charts/ratify/crds/verifier-customresourcedefinition.yaml @@ -99,7 +99,7 @@ spec: description: Name of the verifier type: string version: - description: Version of the verifier plugin + description: Version of the verifier plugin. Optional type: string parameters: description: Parameters for this verifier diff --git a/config/crd/bases/config.ratify.deislabs.io_stores.yaml b/config/crd/bases/config.ratify.deislabs.io_stores.yaml index 4f0e9a8ec..409dc7d19 100644 --- a/config/crd/bases/config.ratify.deislabs.io_stores.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_stores.yaml @@ -94,8 +94,8 @@ spec: description: Name of the store type: string version: - description: Version of the store plugin - type: string + description: Version of the store plugin. Optional + type: string parameters: description: Parameters of the store type: object diff --git a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml index 2895ce4e3..36584a928 100644 --- a/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml +++ b/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml @@ -100,8 +100,8 @@ spec: description: Name of the verifier type: string version: - description: Version of the verifier plugin - type: string + description: Version of the verifier plugin. Optional + type: string parameters: description: Parameters for this verifier type: object @@ -117,7 +117,7 @@ spec: source, optional type: object x-kubernetes-preserve-unknown-fields: true - type: object + type: object required: - artifactTypes - name diff --git a/pkg/controllers/store_controller.go b/pkg/controllers/store_controller.go index 306a46614..5f0b1e13e 100644 --- a/pkg/controllers/store_controller.go +++ b/pkg/controllers/store_controller.go @@ -95,6 +95,7 @@ func storeAddOrReplace(spec configv1beta1.StoreSpec, fullname string) error { return fmt.Errorf("unable to convert store spec to store config, err: %w", err) } + // if the default version is not suitable, the plugin configuration should specify the desired version if len(spec.Version) == 0 { spec.Version = config.GetDefaultPluginVersion() logrus.Infof("Version was empty, setting to default version: %v", spec.Version)