How to set a public key to provider cache?

Question

How to set a public key to provider cache?

jacckyyy opened this issue 2 years ago · 9 comments

When I have deployed the provider, template and constraint, but I encounter an error (response: {"errors": null, "responses": null, "status_code": 400, "system_error": "key is not found in provider cache"}) when trying to deploy the example yaml file. How can I set the public key in the cache? thanks..

houdini91 commented 9 months ago

UP + 1

Answer 1 · 2023-04-10T06:39:55.000Z

Hi @jacckyyy,

Actually I have no idea where is key is not found in provider cache throwing from. Could please share the steps you have followed, full logs, HTTP response, and some kind of other stuff to reproduce this? Thanks.

Answer 2 · 2023-04-10T11:05:57.000Z

Hi @Dentrax,
I'm sorry, my previous description was too brief. My steps were based on the article in the following link.

https://github.com/sigstore/cosign-gatekeeper-provider

Starting with the installation of gatekeeper, and installed cosign-gatekeeper-provider,

finally confirmed the deployment of ConstraintTemplate and Contraint policy.

However, at the last step, when I verified the signature using the example in the policy/example, I got the following error message regardless of whether I signed with cosign or not.

It seems that the provider did not set the public key. I don't know what the problem is with this part? Did I miss anything? Thanks... Orz

Answer 3 · 2023-04-10T14:47:42.000Z

+1
getting the same error response

Answer 4 · 2024-03-21T05:27:58.000Z

Hitting the same issue with gatekeeper 3.14.0. @Dentrax Could it be something not working with Gatekeeper internal cache? I tried disabling it and still getting the same error. It seems gatekeeper is not even calling the external provider when printing that error.

Answer 5 · 2024-03-21T05:39:06.000Z

The error comes from this line https://github.com/open-policy-agent/frameworks/blob/359cf1b785c9f630f61f58366e685918153c5357/constraint/pkg/externaldata/cache.go#L103

Answer 6 · 2024-03-21T07:01:04.000Z

https://github.com/open-policy-agent/frameworks/commits?author=nilekhc
@nilekhc @jacckyyy I am also facing the same issue "key is not found in provider response cache" could you please guide us how to resolve it. Thanks

Answer 7 · 2024-03-21T13:29:04.000Z

Maybe related to open-policy-agent/gatekeeper#3132
Maybe Upgrade to >3.15 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.0 will fix

Answer 8 · 2024-03-26T18:16:01.000Z

@houdini91 Thank you! Upgrading Gatekeeper to 3.15 and setting --external-data-provider-response-cache-ttl=0 seems to help address the issue. Not sure why cache needs to be disabled for the provider to work.