Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-28572

Exception for tasks.required_untrusted_task_found and trusted_task_trusted Conforma Violations

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • MCE 2.8.4
    • Installer
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • None

      When attempting to release MCE 2.8.4 to PROD I hit this conforma violation 

      ✕ [Violation] tasks.required_untrusted_task_found
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/provider-credential-controller-mce-28@sha256:bf0ccde1c56f02d4537078926c7d014e3075d4a506829bea9425866ad51852c1
  Reason: Required task "rpms-signature-scan" is required and present but not from a trusted task
  Term: rpms-signature-scan
  Title: All required tasks are from trusted tasks
  Description: Ensure that the all required tasks are resolved from trusted tasks. To exclude this rule add
  "tasks.required_untrusted_task_found:rpms-signature-scan" to the `exclude` section of the policy configuration.
  Solution: Make sure all required tasks in the build pipeline are resolved from trusted tasks.

✕ [Violation] trusted_task.trusted
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/provider-credential-controller-mce-28@sha256:bf0ccde1c56f02d4537078926c7d014e3075d4a506829bea9425866ad51852c1
  Reason: Untrusted version of PipelineTask "rpms-signature-scan" (Task "rpms-signature-scan") was included in build chain
  comprised of: rpms-signature-scan. Please upgrade the task version to:
  sha256:00417785ba16344c10e8682bf58eeb6ef058cedd88ae2d86bb14ced220135374
  Term: rpms-signature-scan
  Title: Tasks are trusted
  Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
  first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
  creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
  fallback when Trusted Artifacts are not enabled. In this case, **all** Tasks in the build Pipeline must be trusted. To exclude
  this rule add "trusted_task.trusted:rpms-signature-scan" to the `exclude` section of the policy configuration.
  Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
  trusted. Otherwise, ensure **all** Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
  when newer versions are made available.

      I need an exception put in for it

              rh-ee-ngraham Nathaniel Graham
              rh-ee-ngraham Nathaniel Graham
              Matthew Smigielski Matthew Smigielski
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: