add sample constraint with image profile

Signed-off-by: Hirokuni-Kitahara1 <[email protected]>

Author: hirokuni-kitahara

shield/pkg/shield/request_handler.go

@@ -222,7 +222,7 @@ func RequestHandler(req admission.Request, paramObj *k8smnfconfig.ParameterObjec
 				for _, res := range imageVerifyResults {
 					if res.InScope && !res.Verified {
 						imageAllow = false
-						imageMessage = fmt.Sprintf("Image signature verification is required, but failed to verify signature: image: %s, reason: %s", res.ImageRef, res.FailReason)
+						imageMessage = "Image signature verification is required, but failed to verify signature: " + res.FailReason
 						break
 					}
 				}

webhook/gatekeeper-constraint/example/constraint-deplyoment.yaml

@@ -0,0 +1,26 @@
+
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: ManifestIntegrityConstraint
+metadata:
+  name: deployment-constraint
+spec:
+  match:
+    kinds:
+      - apiGroups: ["apps"]
+        kinds: ["Deployment"] 
+    namespaces:
+    - "sample-ns"
+  parameters:
+    constraintName: deployment-constraint
+    inScopeObjects:
+    - name: sample-deploy
+    signers:
+    - [email protected]
+    ignoreFields:
+    - objects:
+      - kind: Deployment
+      fields:
+      - spec.replicas
+    imageProfile:
+      match:
+      - "sample-registry/sample-image:*"