fix(tls): allowing TLS when crd-manager disabled #1954
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JoupainMD
requested review from
akashsinghal,
binbin-li,
jimmyraywv,
luisdlp,
susanshi and
toddysm
as code owners
LS when crd-manager disabled Signed-off-by: Jordan Langue <[email protected]>
JoupainMD
force-pushed
the
fix_tls_without_crdmanager
branch
from
5d43b1e to
ebdd72d
Compare
Codecov ReportAttention: Patch coverage is
|
|
@JoupainMD thanks for the fix! I'm just curious what's the user scenario that crd-manager is off. |
today, our use case is to use ratify as a external_data provider for Gatekeeper, to enforce notation signature on docker images. We use ratify with a config file loaded via a ConfigMap, we don't plan on using CRD to be honest as it is more painful for us than useful (the simple ConfigMap is ok today). We could have use CRD too but it would have mean giving specific accesses to the ratify service account to create / update CRD and we try to keep it really simple. |
binbin-li
approved these changes
Nov 28, 2024
|
Hi @akashsinghal , do we have an issue to track kmpprovider support for configmap? |
there is an issue tracking CLI, #1300. Probably we can address both in the issue since configMap is similar to the config for CLI |
junczhu
pushed a commit
to junczhu/ratify
that referenced
this pull request
Dec 10, 2024
Signed-off-by: Jordan Langue <[email protected]>
junczhu
pushed a commit
to junczhu/ratify
that referenced
this pull request
Dec 10, 2024
…-project#1876) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 (ratify-project#1877) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump vscode/devcontainers/go from `bdecb4c` to `46f85d1` in /.devcontainer (ratify-project#1879) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl cache Signed-off-by: Juncheng Zhu <[email protected]> feat: crl cache 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: crl provider Signed-off-by: Juncheng Zhu <[email protected]> feat: added interfaces Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: crl refactor Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier Signed-off-by: Juncheng Zhu <[email protected]> feat: kmp revocationfactory refactor Signed-off-by: Juncheng Zhu <[email protected]> chore: bump up go version to 1.22.8 (ratify-project#1880) Signed-off-by: Binbin Li <[email protected]> Signed-off-by: Binbin Li <[email protected]> chore: Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 (ratify-project#1878) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: design proposal for tag and digest co-existing [ISSUE 1657] (ratify-project#1793) docs: add CRL Design (ratify-project#1789) Signed-off-by: Juncheng Zhu <[email protected]> docs: Create proposal for verifying 'last-n' artifacts only. (ratify-project#1797) Signed-off-by: Susan Shi <[email protected]> docs: nVersionCount support for KMP design doc (ratify-project#1831) Signed-off-by: Joshua Duffney <[email protected]> ci: retry trivy db update upon failure (ratify-project#1881) Signed-off-by: Binbin Li <[email protected]> chore: Bump anchore/sbom-action from 0.17.4 to 0.17.5 (ratify-project#1882) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ci: fix tagging in publish-ghcr workflow (ratify-project#1884) Signed-off-by: Binbin Li <[email protected]> ci: retry trivy download-db on failure (ratify-project#1883) Signed-off-by: Binbin Li <[email protected]> chore: migrate azure-sdk-for-go/containerregistry to the latest release (ratify-project#1829) Signed-off-by: Shahram Kalantari <[email protected]> chore: Bump github/codeql-action from 3.26.13 to 3.27.0 (ratify-project#1887) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: crl fetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: update bytesFetcher Signed-off-by: Juncheng Zhu <[email protected]> feat: crl provider Signed-off-by: Juncheng Zhu <[email protected]> feat: refactor the interface Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: update charts (ratify-project#1892) Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump actions/checkout from 4.2.1 to 4.2.2 (ratify-project#1893) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/setup-go from 5.0.2 to 5.1.0 (ratify-project#1894) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/apimachinery from 0.28.14 to 0.28.15 (ratify-project#1896) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `26f9b99` to `3a03fc0` in /httpserver (ratify-project#1899) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/client-go from 0.28.14 to 0.28.15 (ratify-project#1897) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.5 to 0.17.6 (ratify-project#1903) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: allow service account annotations (ratify-project#1907) Signed-off-by: Maneesh Singh <[email protected]> feat: add interface for testing Signed-off-by: Juncheng Zhu <[email protected]> feat: implemented interface Signed-off-by: Juncheng Zhu <[email protected]> feat: implemented interface Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases 2 Signed-off-by: Juncheng Zhu <[email protected]> test: working on test cases 3 Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <[email protected]> refactor: add cache constructor into fetcher constructor 3 Signed-off-by: Juncheng Zhu <[email protected]> test: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <[email protected]> test: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 1 Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github.com/aws/aws-sdk-go-v2 from 1.32.2 to 1.32.3 (ratify-project#1912) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.41 to 1.17.42 (ratify-project#1911) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/AzureAD/microsoft-authentication-library-for-go from 1.2.2 to 1.2.3 (ratify-project#1910) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.6 to 0.17.7 (ratify-project#1915) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (ratify-project#1916) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: support enabled status for kmp keys/certs (ratify-project#1874) Signed-off-by: Joshua Duffney <[email protected]> ci: add cron job to cache trivy db (ratify-project#1918) Signed-off-by: Binbin Li <[email protected]> fix: fix the conditional check on update-trivy-cache job (ratify-project#1919) Signed-off-by: Binbin Li <[email protected]> feat: add support for crl basic functionality with built-in cache (ratify-project#1890) Signed-off-by: Juncheng Zhu <[email protected]> Co-authored-by: Binbin Li <[email protected]> chore: Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (ratify-project#1920) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.0 to 3.27.1 (ratify-project#1922) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.42 to 1.17.44 (ratify-project#1923) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `0ca97f4` to `4cfe4a9` in /httpserver (ratify-project#1925) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.1 to 3.27.3 (ratify-project#1926) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: support alibaba cloud rrsa store auth provider (ratify-project#1909) Signed-off-by: dahu.kdh <[email protected]> feat: kmprevocationfactory impl 3 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 3 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 4 Signed-off-by: Juncheng Zhu <[email protected]> feat: kmprevocationfactory impl 5 Signed-off-by: Juncheng Zhu <[email protected]> chore: kmprevocationfactory reform Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 2 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 3 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 4 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 5 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 6 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 7 Signed-off-by: Juncheng Zhu <[email protected]> feat: update implementations 8 Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github/codeql-action from 3.27.3 to 3.27.4 (ratify-project#1929) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump alpine from `beefdbd` to `1e42bbe` (ratify-project#1937) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `4cfe4a9` to `147f428` in /httpserver (ratify-project#1936) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `3a03fc0` to `d71f4b2` in /httpserver (ratify-project#1935) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aliyun/credentials-go from 1.3.10 to 1.3.11 (ratify-project#1934) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.44 to 1.17.45 (ratify-project#1933) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 4.6.0 to 5.0.2 (ratify-project#1932) Signed-off-by: dependabot[bot] <[email protected]> chore: Replace deprecated autorest SDK with azidentity (ratify-project#1904) Signed-off-by: Shahram Kalantari <[email protected]> chore: Bump step-security/harden-runner from 2.10.1 to 2.10.2 (ratify-project#1938) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.2 to 5.0.4 (ratify-project#1939) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.4 to 5.0.7 (ratify-project#1946) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.4 to 3.27.5 (ratify-project#1945) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.7 to 0.17.8 (ratify-project#1948) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.45 to 1.17.46 (ratify-project#1953) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> fix: add missing pod annotations and labels to deployment spec (ratify-project#1949) Signed-off-by: akashsinghal <[email protected]> chore: revert changes in AKV KMP provider Signed-off-by: Juncheng Zhu <[email protected]> chore: add more comments Signed-off-by: Juncheng Zhu <[email protected]> chore: add more comments and fix Signed-off-by: Juncheng Zhu <[email protected]> chore: update logging Signed-off-by: Juncheng Zhu <[email protected]> chore: update test Signed-off-by: Juncheng Zhu <[email protected]> chore: update test 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: limited changes 3 Signed-off-by: Juncheng Zhu <[email protected]> chore: more changes applied Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github.com/sigstore/rekor from 1.3.6 to 1.3.7 (ratify-project#1952) Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Susan Shi <[email protected]> Signed-off-by: Binbin Li <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: bump up golangci-lint version (ratify-project#1961) Signed-off-by: Binbin Li <[email protected]> fix(tls): allowing TLS when crd-manager disabled (ratify-project#1954) Signed-off-by: Jordan Langue <[email protected]> chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.28.3 to 1.28.6 (ratify-project#1957) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `d71f4b2` to `6cd937e` in /httpserver (ratify-project#1960) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: fix go-lint Signed-off-by: Juncheng Zhu <[email protected]> chore: improve codecov Signed-off-by: Juncheng Zhu <[email protected]> chore: fix golint Signed-off-by: Juncheng Zhu <[email protected]> chore: remove the CRL Cache in truststore Signed-off-by: Juncheng Zhu <[email protected]> chore: renaming func Signed-off-by: Juncheng Zhu <[email protected]> chore: fix 1 Signed-off-by: Juncheng Zhu <[email protected]> chore: fix 2 Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github/codeql-action from 3.27.5 to 3.27.6 (ratify-project#1963) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: add more test case Signed-off-by: Juncheng Zhu <[email protected]> chore: fix golint Signed-off-by: Juncheng Zhu <[email protected]> chore: fix codecov Signed-off-by: Juncheng Zhu <[email protected]> chore: fix context reference Signed-off-by: Juncheng Zhu <[email protected]> chore: fix golint Signed-off-by: Juncheng Zhu <[email protected]> build: add image signing for all release images (ratify-project#1947) Signed-off-by: Akash Singhal <[email protected]> chore: Bump golang from `73f06be` to `574185e` in /httpserver (ratify-project#1973) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
junczhu
added a commit
to junczhu/ratify
that referenced
this pull request
Dec 18, 2024
Signed-off-by: Juncheng Zhu <[email protected]> chore: update config Signed-off-by: Juncheng Zhu <[email protected]> feat: update crl config Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github/codeql-action from 3.27.3 to 3.27.4 (ratify-project#1929) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump alpine from `beefdbd` to `1e42bbe` (ratify-project#1937) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `4cfe4a9` to `147f428` in /httpserver (ratify-project#1936) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `3a03fc0` to `d71f4b2` in /httpserver (ratify-project#1935) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aliyun/credentials-go from 1.3.10 to 1.3.11 (ratify-project#1934) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.44 to 1.17.45 (ratify-project#1933) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 4.6.0 to 5.0.2 (ratify-project#1932) Signed-off-by: dependabot[bot] <[email protected]> chore: Replace deprecated autorest SDK with azidentity (ratify-project#1904) Signed-off-by: Shahram Kalantari <[email protected]> chore: Bump step-security/harden-runner from 2.10.1 to 2.10.2 (ratify-project#1938) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.2 to 5.0.4 (ratify-project#1939) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.4 to 5.0.7 (ratify-project#1946) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.4 to 3.27.5 (ratify-project#1945) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.7 to 0.17.8 (ratify-project#1948) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.45 to 1.17.46 (ratify-project#1953) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> fix: add missing pod annotations and labels to deployment spec (ratify-project#1949) Signed-off-by: akashsinghal <[email protected]> chore: Bump github.com/sigstore/rekor from 1.3.6 to 1.3.7 (ratify-project#1952) Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Susan Shi <[email protected]> Signed-off-by: Binbin Li <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: bump up golangci-lint version (ratify-project#1961) Signed-off-by: Binbin Li <[email protected]> fix(tls): allowing TLS when crd-manager disabled (ratify-project#1954) Signed-off-by: Jordan Langue <[email protected]> chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.28.3 to 1.28.6 (ratify-project#1957) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `d71f4b2` to `6cd937e` in /httpserver (ratify-project#1960) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.5 to 3.27.6 (ratify-project#1963) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> build: add image signing for all release images (ratify-project#1947) Signed-off-by: Akash Singhal <[email protected]> chore: Bump golang from `73f06be` to `574185e` in /httpserver (ratify-project#1973) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: update dev image release guidance (ratify-project#1974) Signed-off-by: Akash Singhal <[email protected]> feat: Implementation of KMP CRL revocation factory with cache (ratify-project#1900) Signed-off-by: Juncheng Zhu <[email protected]> Co-authored-by: Binbin Li <[email protected]> Co-authored-by: Susan Shi <[email protected]> chore: Bump alpine from `1e42bbe` to `21dc606` (ratify-project#1972) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump google.golang.org/grpc from 1.68.0 to 1.68.1 (ratify-project#1971) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/cache from 4.1.2 to 4.2.0 (ratify-project#1967) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.7 to 5.1.1 (ratify-project#1966) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/notaryproject/notation-core-go from 1.2.0-rc.1 to 1.2.0-rc.2 (ratify-project#1970) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/setup-go from 5.1.0 to 5.2.0 (ratify-project#1979) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.6 to 3.27.7 (ratify-project#1978) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: bump K8s versions (ratify-project#1975) Signed-off-by: Akash Singhal <[email protected]> chore: bump makefile tool dependency version (ratify-project#1976) Signed-off-by: Akash Singhal <[email protected]> chore: bump up golang.org/x/crypto pkg to fix vuln (ratify-project#1981) Signed-off-by: Juncheng Zhu <[email protected]> chore: Bump github/codeql-action from 3.27.7 to 3.27.9 (ratify-project#1983) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.8 to 0.17.9 (ratify-project#1988) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/sigstore/sigstore from 1.8.10 to 1.8.11 (ratify-project#1986) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/notaryproject/notation-go from 1.3.0-rc.1 to 1.3.0-rc.2 (ratify-project#1987) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: bump GK support to 3.18 (ratify-project#1980) Signed-off-by: Akash Singhal <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
What this PR does / why we need it:
Allowing usage of TLS when
--enable-crd-manageris not set.Type of change
How Has This Been Tested?
I have created a self signed certificate using the following commands:
Then test using the following args:
docker run -p 6001:6001 -v ${PWD}/server.crt:/usr/local/tls/tls.crt -v ${PWD}/server.key:/usr/local/tls/tls.key -v ${PWD}/config.json:/app/config/config.json ratify --http :6001 -c /app/config/config.json --cert-dir="/usr/local/tls" --debugIt looks like RATIFY_CERT_ROTATION feature flags is not taken into account also when you don't use the
--enable-crd-managerarg.