Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-52829

Applying ClusterImagePolicy makes duplicate entry into the policy.json

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • OCP Node Sprint 274 (blue)
    • 1
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

          Applying ClusterImagePolicy makes duplicate entry into the policy.json

      Version-Release number of selected component (if applicable):

          4.18

      How reproducible:

          100%

      Steps to Reproduce:

      1. After enabling techpreview featureset, create clusterimagepolicy:

apiVersion: config.openshift.io/v1alpha1
kind: ClusterImagePolicy
metadata:
  name: p1
spec:
  scopes:
    - quay.io/rhn_support_dpateriy
  policy:
    rootOfTrust:
      policyType: PublicKey
      publicKey:
        keyData: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFTkRTTVNaMHN2eXNTdjNadFRtbnQvT2Yvay81NgpSTGZSa0gvTEo4RTN1WlRFem0vUDh2RW11Y2greVRKWldQeUZIYTFnWUdKaG9lNGtVZjZnd2hxSWhnPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
    signedIdentity:
      matchPolicy: MatchRepoDigestOrExact


2. The policy.json on the node has duplicate entries:

 "quay.io/rhn_support_dpateriy": [
        {
          "type": "sigstoreSigned",
          "keyData": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFTkRTTVNaMHN2eXNTdjNadFRtbnQvT2Yvay81NgpSTGZSa0gvTEo4RTN1WlRFem0vUDh2RW11Y2greVRKWldQeUZIYTFnWUdKaG9lNGtVZjZnd2hxSWhnPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==",
          "signedIdentity": {
            "type": "matchRepoDigestOrExact"
          }
        }
      ]
    },




      "quay.io/rhn_support_dpateriy": [
        {
          "type": "sigstoreSigned",
          "keyData": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFTkRTTVNaMHN2eXNTdjNadFRtbnQvT2Yvay81NgpSTGZSa0gvTEo4RTN1WlRFem0vUDh2RW11Y2greVRKWldQeUZIYTFnWUdKaG9lNGtVZjZnd2hxSWhnPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==",
          "signedIdentity": {
            "type": "matchRepoDigestOrExact"
          }
        }
      ]
    },

    

      Actual results:

          The /etc/containers/policy.json has duplicate entries.

      Expected results:

          It should only have a single entry

      Additional info:

              qiwan233 Qi Wang
              rhn-support-dpateriy Divyam Pateriya
              None
              None
              Sergio Regidor de la Rosa Sergio Regidor de la Rosa
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: