From 626dbd90e3b8debd602fc3dd47b86fa4eb7a8fe7 Mon Sep 17 00:00:00 2001 From: Luiz Carvalho Date: Tue, 3 Sep 2024 08:52:08 -0400 Subject: [PATCH] Document oddity of using includes with imageRef Ref: EC-781 Signed-off-by: Luiz Carvalho --- docs/modules/ROOT/pages/configuration.adoc | 58 +++++++++++++++++++++- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/configuration.adoc b/docs/modules/ROOT/pages/configuration.adoc index cb03efba5..144945869 100644 --- a/docs/modules/ROOT/pages/configuration.adoc +++ b/docs/modules/ROOT/pages/configuration.adoc @@ -167,8 +167,7 @@ JSON:: If both `volatileConfig` and `config` are used, they are both processed by the EC CLI as if they were merged together. -With `volatileConfig` you can also specify an inclusion or exclusion for a particular image -reference. For example: +With `volatileConfig` you can also specify an exclusion for a particular image reference. For example: [tabs] ==== @@ -214,6 +213,61 @@ JSON:: ---- ==== +Although unusual, it is also possible to specify an inclusion for an image reference. In the +example below, the `java` and `test` packages are executed for the image matching the reference, +while for all other image references only the `java` package is executed. + +[tabs] +==== +YAML:: ++ +[source,yaml] +---- +sources: + - policy: + - oci::quay.io/enterprise-contract/ec-release-policy:latest + data: + - git::https://github.com/enterprise-contract/ec-policies//example/data + volatileConfig: + include: + - value: java + - value: test + imageRef: sha256:4e388ab32b10dc8dbc7e28144f552830adc74787c1e2c0824032078a79f227fb +---- +JSON:: ++ +[source,json] +---- +{ + "sources": [ + { + "policy": [ + "oci::quay.io/enterprise-contract/ec-release-policy:latest" + ], + "data": [ + "git::https://github.com/enterprise-contract/ec-policies//example/data" + ], + "volatileConfig": { + "include": [ + { + "value": "java" + }, + { + "value": "test", + "imageRef": "sha256:4e388ab32b10dc8dbc7e28144f552830adc74787c1e2c0824032078a79f227fb" + } + ] + } + } + ] +} +---- +==== + +NOTE: In the example above, omitting the `java` entry would cause an error when verifying any image +for which its reference is different than the one mentioned in the `test` package inclusion. This is +because no rules will be executed for such images. + == Examples The examples here are shown as the contents of `config.policy` formatted as