trustpolicy.yaml

apiVersion: notation.nirmata.io/v1alpha1
kind: TrustPolicy
metadata:
  name: tp-test-notation
spec:
  version: '1.0'
  trustPolicyName: tp-test-notation
  trustPolicies:
  - name: aws-signer-tp
    registryScopes:
    - "844333597536.dkr.ecr.us-west-2.amazonaws.com/kyverno-demo"
    signatureVerification:
      level: strict
      override: {}
    trustStores:
    - signingAuthority:aws-signer-ts
    trustedIdentities:
    - "arn:aws:signer:us-west-2:844333597536:/signing-profiles/kyvernodemo"
---
apiVersion: notation.nirmata.io/v1alpha1
kind: TrustPolicy
metadata:
  name: tp-test-notation-fail
spec:
  version: '1.0'
  trustPolicyName: tp-test-notation-fail
  trustPolicies:
  - name: aws-signer-tp
    registryScopes:
    - "*"
    signatureVerification:
      level: strict
      override: {}
    trustStores:
    - signingAuthority:aws-signer-ts-fail
    trustedIdentities:
    - "arn:aws:signer:us-west-2:844333597536:/signing-profiles/kyvernodemo"