support pattern based multiple resource specification in verify-resource

[hirokuni-kitahara]

Description Users may consider specifying multiple resources for the command kubectl sigstore verify-resource by using pattern based argument as well as kubectl get command.

To support this kind of input argument, several features like the following will be added to verify-resource command as an enhancement.

Features

• [ ] support pattern based argument in verify-resource command (e.g. verify-resource cm -n sample-ns )
• [ ] handle some errors that occurred during multiple verification correctly
• [ ] known changes by system can be ignored properly (e.g. spec.clusterIPs[0] in Service is automatically added )
• [ ] print a full verification result for all specified resources
• [ ] enable to output the result as JSON/YAML
• [ ] the number of image pulls is minimized during single execution

Expected

$ kubectl sigstore verify-resource cm -n sample-ns -i some-manifest-image:latest
NAME               INSCOPE   VERIFIED   SIGNER                    ERROR                                       AGE
signed-cm-a        true      true       sample-signer@gmail.com                                               2h
signed-cm-b        true      true       sample-signer@gmail.com                                               3h
kube-root-ca.crt   true      false                                YAML manifest not found for this resource   17d

# enable JSON output
$ kubectl sigstore verify-resource cm -n sample-ns -i some-manifest-image:latest --output json
{
    "results":
        [
            {
                "object": { ... },
                "result": { ... },
                "error": { ... }
            },
            { ... },
            { ... }
        ]
}

[hirokuni-kitahara]

Close this issue and will create some more intuitive issues.