From cddf46a2e677e4adaa048e21bc9db37f468325b8 Mon Sep 17 00:00:00 2001
From: Noah Birrer <noah@defenseunicorns.com>
Date: Tue, 24 Oct 2023 20:18:59 +0000
Subject: [PATCH] feat: enable `require-image-signature` policy as `audit`

---
 chart/templates/kyverno-policies/values.yaml | 2 +-
 tests/test-values.yaml                       | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/chart/templates/kyverno-policies/values.yaml b/chart/templates/kyverno-policies/values.yaml
index 1c18f0624a..30bbc918e6 100644
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -160,7 +160,7 @@ policies:
 
   # Kyverno Beta feature - https://kyverno.io/docs/writing-policies/verify-images/
   require-image-signature:
-    enabled: false
+    enabled: true
     validationFailureAction: audit
 
   require-istio-on-namespaces:
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index 1355c4c43e..79a46a3861 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -411,6 +411,8 @@ kyvernoPolicies:
           - 'kyverno-policies-bbtest/test: required'
           - kyverno-policies-bbtest/required
       require-image-signature:
+        enabled: true
+        validationFailureAction: enforce
         parameters:
           require:
           - imageReferences:
@@ -424,6 +426,8 @@ kyvernoPolicies:
                     MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
                     5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
                     -----END PUBLIC KEY-----
+            mutateDigest: false
+            verifyDigest: false 
           - imageReferences:
             - "registry1.dso.mil/ironbank/*"
             attestors:
-- 
GitLab