How to set a public key to provider cache?

[jacckyyy]

When I have deployed the provider, template and constraint, but I encounter an error (response: {"errors": null, "responses": null, "status_code": 400, "system_error": "key is not found in provider cache"}) when trying to deploy the example yaml file. How can I set the public key in the cache? thanks..

[Dentrax]

Hi @jacckyyy,

Actually I have no idea where is key is not found in provider cache throwing from. Could please share the steps you have followed, full logs, HTTP response, and some kind of other stuff to reproduce this? Thanks.

[jacckyyy]

Hi @Dentrax, I'm sorry, my previous description was too brief. My steps were based on the article in the following link.

https://github.com/sigstore/cosign-gatekeeper-provider

Starting with the installation of gatekeeper, and installed cosign-gatekeeper-provider,

finally confirmed the deployment of ConstraintTemplate and Contraint policy.

However, at the last step, when I verified the signature using the example in the policy/example, I got the following error message regardless of whether I signed with cosign or not.

It seems that the provider did not set the public key. I don't know what the problem is with this part? Did I miss anything? Thanks... Orz

[mjramer]

+1 getting the same error response

[etiennegrignon-intuit]

Hitting the same issue with gatekeeper 3.14.0. @Dentrax Could it be something not working with Gatekeeper internal cache? I tried disabling it and still getting the same error. It seems gatekeeper is not even calling the external provider when printing that error.

[etiennegrignon-intuit]

The error comes from this line https://github.com/open-policy-agent/frameworks/blob/359cf1b785c9f630f61f58366e685918153c5357/constraint/pkg/externaldata/cache.go#L103

[bsher21]

https://github.com/open-policy-agent/frameworks/commits?author=nilekhc @nilekhc @jacckyyy I am also facing the same issue "key is not found in provider response cache" could you please guide us how to resolve it. Thanks

[houdini91]

UP + 1

[houdini91]

Maybe related to https://github.com/open-policy-agent/gatekeeper/pull/3132 Maybe Upgrade to >3.15 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.0 will fix

[etiennegrignon-intuit]

@houdini91 Thank you! Upgrading Gatekeeper to 3.15 and setting --external-data-provider-response-cache-ttl=0 seems to help address the issue. Not sure why cache needs to be disabled for the provider to work.