From e1d82692f692436a983ed5ca6c11039ace119990 Mon Sep 17 00:00:00 2001 From: Shahram Kalantari Date: Tue, 3 Sep 2024 09:22:54 +1000 Subject: [PATCH 1/3] feat: add refreshInterval to the helm chart Values --- charts/ratify/templates/akv-key-management-provider.yaml | 3 +++ charts/ratify/values.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/charts/ratify/templates/akv-key-management-provider.yaml b/charts/ratify/templates/akv-key-management-provider.yaml index 831496792..b28233e58 100644 --- a/charts/ratify/templates/akv-key-management-provider.yaml +++ b/charts/ratify/templates/akv-key-management-provider.yaml @@ -8,6 +8,9 @@ metadata: helm.sh/hook-weight: "5" spec: type: azurekeyvault + {{- if .Values.azurekeyvault.refreshInterval }} + refreshInterval: {{ .Values.azurekeyvault.refreshInterval }} + {{ end }} parameters: {{- if .Values.azurekeyvault.vaultURI }} vaultURI: {{ .Values.azurekeyvault.vaultURI }} diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index f1206dc10..2bc52a02d 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -76,6 +76,7 @@ azurekeyvault: tenantId: certificates: [] keys: [] + refreshInterval: oras: useHttp: false From 5d08645c5b2e31f2878dce00b78513c9f9a04e04 Mon Sep 17 00:00:00 2001 From: Shahram Kalantari Date: Tue, 3 Sep 2024 09:50:19 +1000 Subject: [PATCH 2/3] chore: add description for refreshInterval in the charts README.ms file --- charts/ratify/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 84b52b238..2bfbcd602 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -135,7 +135,8 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t | azurekeyvault.vaultURI | Vault URI for Azure Key Vault | `` | | azurekeyvault.tenantId | Tenant ID of the configured Azure Key Vault resource | `` | | azurekeyvault.certificates | An array of certificate objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | -| azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | +| azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | +| azurekeyvault.refreshInterval | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m | `` | | notationCert | **DEPRECATED** Please switch to `notationCerts` to specify an array of verification certificates. Public certificate/certificate chain used to create inline certstore used by Notation verifier. | `` | | akvCertConfig.enabled | **DEPRECATED** Please use `azurekeyvault.enabled` instead. Enables/disables Azure Key Vault certificate store. If you are using a custom chart, certificate store should be referenced through a Verifier CR. References in ConfigMap will not be correctly resolved. | `false` | | akvCertConfig.vaultURI | **DEPRECATED** Please use `azurekeyvault.vaultURI` instead. Vault URI for AKV configured | `` | From 285108f31aab32d162841a04a6e553fe71932d72 Mon Sep 17 00:00:00 2001 From: Shahram Kalantari Date: Tue, 3 Sep 2024 15:20:58 +1000 Subject: [PATCH 3/3] chore: address comments --- charts/ratify/README.md | 2 +- charts/ratify/templates/akv-key-management-provider.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 2bfbcd602..135f3ed0e 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -136,7 +136,7 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t | azurekeyvault.tenantId | Tenant ID of the configured Azure Key Vault resource | `` | | azurekeyvault.certificates | An array of certificate objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | | azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | -| azurekeyvault.refreshInterval | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m | `` | +| azurekeyvault.refreshInterval | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m. If it's not set, the refresh functionality will be disabled. | `` | | notationCert | **DEPRECATED** Please switch to `notationCerts` to specify an array of verification certificates. Public certificate/certificate chain used to create inline certstore used by Notation verifier. | `` | | akvCertConfig.enabled | **DEPRECATED** Please use `azurekeyvault.enabled` instead. Enables/disables Azure Key Vault certificate store. If you are using a custom chart, certificate store should be referenced through a Verifier CR. References in ConfigMap will not be correctly resolved. | `false` | | akvCertConfig.vaultURI | **DEPRECATED** Please use `azurekeyvault.vaultURI` instead. Vault URI for AKV configured | `` | diff --git a/charts/ratify/templates/akv-key-management-provider.yaml b/charts/ratify/templates/akv-key-management-provider.yaml index b28233e58..132c14fef 100644 --- a/charts/ratify/templates/akv-key-management-provider.yaml +++ b/charts/ratify/templates/akv-key-management-provider.yaml @@ -10,7 +10,7 @@ spec: type: azurekeyvault {{- if .Values.azurekeyvault.refreshInterval }} refreshInterval: {{ .Values.azurekeyvault.refreshInterval }} - {{ end }} + {{- end }} parameters: {{- if .Values.azurekeyvault.vaultURI }} vaultURI: {{ .Values.azurekeyvault.vaultURI }}