chore: demo notation image check

mxab · Jan 16, 2024 · 6706583 · 6706583
1 parent d710aa2
commit 6706583
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 39 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -10,8 +10,8 @@
             "request": "launch",
             "mode": "auto",
             "program": "cmd/nacp/nacp.go",
-            "args": ["-config=nacp.conf.hcl"],
-            "cwd": "${workspaceFolder}/misc/hashitalk_deploy2023/demos"
+            "args": ["-config=notation.conf.hcl"],
+            "cwd": "${workspaceFolder}/example/notation"
         }
     ]
 }
diff --git a/example/notation/delete_test_certs.sh b/example/notation/delete_test_certs.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+# https://notaryproject.dev/docs/user-guides/installation/uninstall/#remove-the-test-key-and-self-signed-certificate
+echo "Deleting test certs on macOS"
+NAME="wabbit-networks.io"
+
+
+notation key delete $NAME
+notation cert delete --type ca --store ${NAME} ${NAME}.crt
+
+#echo "rm \"${NOTATION_DIR}/localkeys/${NAME}.key\""
+
+
+rm "${HOME}/Library/Application Support/notation/localkeys/${NAME}.key"
+rm "${HOME}/Library/Application Support/notation/localkeys/${NAME}.crt"
diff --git a/example/notation/demo.nomad b/example/notation/demo.nomad
@@ -1,14 +1,17 @@
+variable "image" {
+  type = string
+}
 job "demo" {
 
-    group "demo" {
-        count = 1
+  group "demo" {
+    count = 1
 
-        task "demo" {
-            driver = "docker"
+    task "demo" {
+      driver = "docker"
 
-            config {
-                image = "localhost:5001/net-monitor:v1"
-            }
-        }
+      config {
+        image = var.image
+      }
     }
+  }
 }
diff --git a/example/notation/notation.conf.hcl b/example/notation/notation.conf.hcl
@@ -1,16 +1,15 @@
-validator "opa" "costcenter_opa_validator" {
+validator "opa" "verify_image" {
 
-    opa_rule {
-        query = <<EOH
+  opa_rule {
+    query    = <<EOH
         errors = data.image_verification.errors
         EOH
-        filename = "notation.rego"
-
-        notation {
-            repo_plain_http = true
-            trust_store_dir = "/Users/max/Library/Application Support/notation/truststore"
-            trust_policy_file = "/Users/max/Library/Application Support/notation/trustpolicy.json"
-        }
-    }
+    filename = "notation.rego"
+  }
+  notation {
+    repo_plain_http   = true
+    trust_store_dir   = "/Users/max/Library/Application Support/notation"
+    trust_policy_file = "/Users/max/Library/Application Support/notation/trustpolicy.json"
+  }
 
 }
diff --git a/example/notation/registry.nomad b/example/notation/registry.nomad
@@ -1,28 +1,28 @@
 job "registry" {
 
-    type = "service"
+  type = "service"
 
-    group "registry" {
+  group "registry" {
 
-        network {
-            port "registry" {
-                static = 5001
-                to = 5000
+    network {
+      port "registry" {
+        static = 5001
+        to     = 5000
 
-            }
-        }
+      }
+    }
 
-        task "registry" {
+    task "registry" {
 
-            driver = "docker"
+      driver = "docker"
 
-            config  {
-                image = "registry"
-                ports = ["registry"]
-            }
-            env {
-                REGISTRY_STORAGE_DELETE_ENABLED = "true"
-            }
-        }
+      config {
+        image = "registry"
+        ports = ["registry"]
+      }
+      env {
+        REGISTRY_STORAGE_DELETE_ENABLED = "true"
+      }
     }
+  }
 }