Releases: mxab/nacp
Releases · mxab/nacp
v0.7.0
Great contribution from @ncode
Token Resolution & Context Passing
Hooks can now resolve Nomad tokens (with optional policy extraction) and pass the accessor ID, client IP, and other metadata through mutators and validators.
New configuration flag resolveToken enables token resolution for specific hooks to avoid unnecessary overhead when not required.
Enhanced support for use cases like CIDR-based validation, custom ACL logic, and extended audit logging.
See CHANGELOG.md for more on this breaking change
Contributors
ncode
Assets 12
v0.6.0
v0.5.0
What's Changed
This release introduces the first version of the notary projects's image verification via NACP.
It allows either via the notation or OPA validator to verify the signature of the images specified in you job's task config.
Demo
notation-demo.mp4
Opa rule:
errors contains msg if {
some g, t
input.TaskGroups[g].Tasks[t].Driver == "docker"
image := input.TaskGroups[g].Tasks[t].Config.image
# check
not notation_verify_image(image)
msg := sprintf("TaskGroup %d Task %d image is invalid (image %s)", [g, t, image])
}Full Changelog: v0.4.1...v0.5.0
Contributors
mxab
