support pattern based multiple resource specification in verify-resource
Closed this issue · 1 comments
hirokuni-kitahara commented
Description
Users may consider specifying multiple resources for the command kubectl sigstore verify-resource
by using pattern based argument as well as kubectl get command.
To support this kind of input argument, several features like the following will be added to verify-resource
command as an enhancement.
Features
- support pattern based argument in verify-resource command (e.g.
verify-resource cm -n sample-ns
) - handle some errors that occurred during multiple verification correctly
- known changes by system can be ignored properly (e.g.
spec.clusterIPs[0]
in Service is automatically added ) - print a full verification result for all specified resources
- enable to output the result as JSON/YAML
- the number of image pulls is minimized during single execution
Expected
$ kubectl sigstore verify-resource cm -n sample-ns -i some-manifest-image:latest
NAME INSCOPE VERIFIED SIGNER ERROR AGE
signed-cm-a true true sample-signer@gmail.com 2h
signed-cm-b true true sample-signer@gmail.com 3h
kube-root-ca.crt true false YAML manifest not found for this resource 17d
# enable JSON output
$ kubectl sigstore verify-resource cm -n sample-ns -i some-manifest-image:latest --output json
{
"results":
[
{
"object": { ... },
"result": { ... },
"error": { ... }
},
{ ... },
{ ... }
]
}
hirokuni-kitahara commented
Close this issue and will create some more intuitive issues.