Commits on Jan 3, 2023

1. Feature: Create an interface for downstream CIP integrations. …

   🎁 This change factors a new small library `./pkg/policy` which is intended to streamline incorporating CIP validation into downstream tooling.
   
   For a (much) more verbose explanation see [here](ko-build/ko#356 (comment)), but the general idea behind this is to allow CIP's to gate consumption of images in other contexts, for example the base
   images in build tools such as `ko` or `kaniko`.  The idea is to enable the tool providers to bake-in default policies for default base images, and optionally expose configuration to let users write policies to authorize base images prior
   to consumption.
   
   For example, I might write the following `.ko.yaml`:
   ```yaml
   verification:
     noMatchPolicy: deny
     policies:
     - data: |
         # inline policy
     - url: https://github.com/foo/bar/blobs/main/POLICY.yaml
   ```
   
   With this library, it is likely <100 LoC to add base image policy verification to `ko`, and significantly simplifies our own `policy-tester` which has spaghetti code replicating some of this functionality.
   
   /kind feature
   
   Signed-off-by: Matt Moore <[email protected]>

   

   mattmoor committed Jan 3, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 214c2dd
   • Browse repository at this point

   Copy the full SHA

   214c2dd View commit details

   Browse the repository at this point in the history

2. Incorporate review feedback from vaikas …

   Signed-off-by: Matt Moore <[email protected]>

   

   mattmoor committed Jan 3, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 766d824
   • Browse repository at this point

   Copy the full SHA

   766d824 View commit details

   Browse the repository at this point in the history