Describe the feature
Connaisseur should early exit from verifying signatures if threshold is met
Optional: Is your feature request related to a problem? Please describe.
We have a validator spec with two keys as trustRoots shown below
- name: cosignvalidator
type: cosign
trustRoots:
- name: connaisseur-key-1
key: k8s://connaisseur/connaisseur-secret-1
- name: connaisseur-key-2
key: k8s://connaisseur/connaisseur-secret-2
auth:
secretName: foo-secret # reference a k8s secret in the form required by the validator type (check the docs)
and for the imagePolicy, the threshold is set to be 1
- pattern: "<registry>/<foo>/<bar>/*:*"
validator: cosignvalidator
with:
trustRoot: "*"
threshold: 1
verifyInTransparencyLog: false
However from the logs, seeing that connaisseur verifies signature wrt both keys specified
{"timestamp": "2023-08-22 20:33:20.361542", "message": "COSIGN output of trust root 'connaisseur-key-1' for image'<registry-foo>:<tag-bar>': RETURNCODE: 0; STDOUT: {\"critical\":{\"identity\":{\"docker-reference\":\"<image-name>\"},\"image\":{\"docker-manifest-digest\":\"sha256:<digest>\"},\"type\":\"cosign container image signature\"},\"optional\":null}\n\n{\"critical\":{\"identity\":{\"docker-reference\":\"<foo>"},\"image\":{\"docker-manifest-digest\":\"sha256:<digest>\"},\"type\":\"cosign container image signature\"},\"optional\":null}\n\n; STDERR: **Warning** Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.\n\nVerification for nvcr.io/<foo>:<tag>--\nThe following checks were performed on each of these signatures:\n - The cosign claims were validated\n - The signatures were verified against the specified public key\n"}
{"timestamp": "2023-08-22 20:33:20.403335", "message": "COSIGN output of trust root 'connaisseur-key-1' for image'<registry-foo>:<tag-bar>': RETURNCODE: 0; STDOUT: {\"critical\":{\"identity\":{\"docker-reference\":\"<image-name>\"},\"image\":{\"docker-manifest-digest\":\"sha256:<digest>\"},\"type\":\"cosign container image signature\"},\"optional\":null}\n\n{\"critical\":{\"identity\":{\"docker-reference\":\"<foo>"},\"image\":{\"docker-manifest-digest\":\"sha256:<digest>\"},\"type\":\"cosign container image signature\"},\"optional\":null}\n\n; STDERR: **Warning** Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.\n\nVerification for nvcr.io/<foo>:<tag>--\nThe following checks were performed on each of these signatures:\n - The cosign claims were validated\n - The signatures were verified against the specified public key\n"}
Ideally, I would expect that when a certain threshold is specified, connaisseur should early exit when the threshold is met and not verify wrt all trust roots specified.
Describe the feature
Connaisseur should early exit from verifying signatures if threshold is met
Optional: Is your feature request related to a problem? Please describe.
We have a validator spec with two keys as trustRoots shown below
and for the imagePolicy, the threshold is set to be 1
However from the logs, seeing that connaisseur verifies signature wrt both keys specified
Ideally, I would expect that when a certain threshold is specified, connaisseur should early exit when the threshold is met and not verify wrt all trust roots specified.