fix: broken cosign authentication for registries

sse-secure-systems · Mar 9, 2022 · d15ad66 · d15ad66
1 parent eba2562
commit d15ad66
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/connaisseur/validators/cosign/cosign_validator.py b/connaisseur/validators/cosign/cosign_validator.py
@@ -226,10 +226,12 @@ def __invoke_cosign(self, image: str, key: str):
             *(["--k8s-keychain"] if self.k8s_keychain else []),
             image,
         ]
+        env = self.__get_envs()
+        env.update(env_vars)
 
         with subprocess.Popen(  # nosec
             cmd,
-            env=self.__get_envs().update(env_vars),
+            env=env,
             stdin=subprocess.PIPE,
             stdout=subprocess.PIPE,
             stderr=subprocess.PIPE,

diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: connaisseur
 description: Helm chart for Connaisseur - a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster.
 type: application
-version: 1.3.0
-appVersion: 2.5.0
+version: 1.3.1
+appVersion: 2.5.1
 keywords:
   - container image
   - signature

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,7 +1,7 @@
 # configure Connaisseur deployment
 deployment:
   replicasCount: 3
-  image: securesystemsengineering/connaisseur:v2.5.0
+  image: securesystemsengineering/connaisseur:v2.5.1
   imagePullPolicy: IfNotPresent
   # imagePullSecrets contains an optional list of Kubernetes Secrets, in Connaisseur namespace,
   # that are needed to access the registry containing Connaisseur image.