Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow matching on any artifact name #917

Merged
merged 1 commit into from
Sep 8, 2023
Merged

Allow matching on any artifact name #917

merged 1 commit into from
Sep 8, 2023

Conversation

jhrozek
Copy link
Contributor

@jhrozek jhrozek commented Sep 8, 2023

Changes the artifact ingestor to match any artifact name if the artifact
name is not specified in the rule at all. To allow not specifying the
artifact name, changes the artifact_signature rule_type to no longer
require name in the rule parameters.

@jhrozek
Allow matching on any artifact name
b68e67b 
Changes the artifact ingestor to match any artifact name if the artifact
name is not specified in the rule at all. To allow not specifying the
artifact name, changes the artifact_signature rule_type to no longer
require name in the rule parameters.
@jhrozek
Copy link
Contributor Author

jhrozek commented Sep 8, 2023

@lukehinds 👀
To test this, you need to recreate the rule_type:

medic rule_type list --provider=github
medic rule_type delete -I 3 # substitute for a number from the list

and then delete the policy you were using and use one instead that does not specify a name for artifact matching. Here's one I used for testing:

# sample policy for validating artifact signatures
version: v1
type: pipeline-policy
name: jakub-github-policy-artifact
context:
  group: Root Group
  organization: jakubtestorg
  provider: github
artifact:
  - context: github
    rules:
      - type: artifact_signature
        params:
          tags: [main]
        def:
          is_signed: true
          is_verified: true
          is_bundle_verified: true

@jhrozek jhrozek linked an issue Sep 8, 2023 that may be closed by this pull request
Ensure that the artifact policy can match all tags and all artifacts (suspect that the current policy requires a name at least) #806
Closed
@jhrozek jhrozek merged commit 8abbd1b into mindersec:main Sep 8, 2023
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JAORMX JAORMX JAORMX approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jhrozek @JAORMX