Once the plugin is built with its core functionality it can be extended with image signature verification.

This story encompasses the following actions.

• implement signature verification functionality
• add plugin configuration options for

• • signature image registry, repository, and tag
  • disabling signature verification
  • trusted public OpenPGP keys

furthermore:

• manually create a test signature image and push it to the CI registry. the signature image can use the graph-data image that exists on CI registry: "docker://registry.svc.ci.openshift.org/cincinnati-ci-public/cincinnati-graph-data:6420f7fbf3724e1e5e329ae8d1e2985973f60c14"
• implement a plugin-scope test that uses the test image from CI registry