support pattern based multiple resource specification in verify-resource

Question

support pattern based multiple resource specification in verify-resource

Closed this issue 3 years ago · 1 comments

Description
Users may consider specifying multiple resources for the command kubectl sigstore verify-resource by using pattern based argument as well as kubectl get command.

To support this kind of input argument, several features like the following will be added to verify-resource command as an enhancement.

Features

support pattern based argument in verify-resource command (e.g. verify-resource cm -n sample-ns )
handle some errors that occurred during multiple verification correctly
known changes by system can be ignored properly (e.g. spec.clusterIPs[0] in Service is automatically added )
print a full verification result for all specified resources
enable to output the result as JSON/YAML
the number of image pulls is minimized during single execution

Expected

$ kubectl sigstore verify-resource cm -n sample-ns -i some-manifest-image:latest
NAME               INSCOPE   VERIFIED   SIGNER                    ERROR                                       AGE
signed-cm-a        true      true       sample-signer@gmail.com                                               2h
signed-cm-b        true      true       sample-signer@gmail.com                                               3h
kube-root-ca.crt   true      false                                YAML manifest not found for this resource   17d

# enable JSON output
$ kubectl sigstore verify-resource cm -n sample-ns -i some-manifest-image:latest --output json
{
    "results":
        [
            {
                "object": { ... },
                "result": { ... },
                "error": { ... }
            },
            { ... },
            { ... }
        ]
}

Answer 1 · 2021-06-30T07:58:47.000Z

Close this issue and will create some more intuitive issues.