Edoardo Tenani
Edoardo Tenani
Thanks for the suggestion. I'll leave this open to see if there is other feedback but the workaround makes sense.
@gpop63 can you please solve the conflicts and merge this?
I took a look, my initial hypothesis was that the GCP SDK library in use by `cosign` is not up to date and lacks that functionality. I say `cosign` as...
Upon further investigation, `cosign` has a Google provider called `google-workload-identity` ([link](https://github.com/sigstore/cosign/blob/main/pkg/providers/google/google.go#L30)) So my new hypothesis is that Kyverno is not selecting this provider when using cosign. @developer-guy may you test...
> Also, worth noting that the Kyverno build is currently using disable_gcp tag based on prior guidance - could that have any impact? I don't see any use of this...
I've been looking at OICD authentication flow is it correct the one to document is the Basic/Authentication flow? Am I correct saying that IDP redirects to fulcio, which then uses...
Ok for me. Happy to cut the release. What changes are needed to make the `1.2.0` release? What are the deadlines? These are the changes since last release: https://github.com/ansible-collections/community.sops/compare/1.1.0...main
[Release 1.2.0](https://github.com/ansible-collections/community.sops/releases/tag/1.2.0) done.
@tommyers-elastic May you have a look at this comment: > @kaiyan-sheng suggested adding the cloudsql metadata under gcp not under labels but the stackdriver metadata only allows access to ECS...