Add status to ClusterImagePolicy + TrustRoot CRDs

[vaikas]

Summary

Add Status to CRDs. Also add some more failure testing and ensure they show up in status.
Fixes: #456

Release Note

🎁 Add Status to ClusterImagePolicy as well as TrustRoot CRDs.

Documentation

[hectorj2f]

make docs is missing the new fields

[codecov-commenter]

Codecov Report

Merging #533 (7c0045a) into main (90daaac) will decrease coverage by 0.38%.
The diff coverage is 38.46%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #533      +/-   ##
==========================================
- Coverage   54.79%   54.41%   -0.38%     
==========================================
  Files          42       45       +3     
  Lines        4559     4723     +164     
==========================================
+ Hits         2498     2570      +72     
- Misses       1856     1949      +93     
+ Partials      205      204       -1     

Impacted Files	Coverage Δ
...g/apis/policy/v1alpha1/clusterimagepolicy_types.go	0.00% <0.00%> (ø)
pkg/apis/policy/v1alpha1/trustroot_lifecycle.go	0.00% <0.00%> (ø)
pkg/apis/policy/v1alpha1/trustroot_types.go	0.00% <0.00%> (ø)
...pis/policy/v1beta1/clusterimagepolicy_lifecycle.go	0.00% <0.00%> (ø)
...kg/apis/policy/v1beta1/clusterimagepolicy_types.go	0.00% <0.00%> (ø)
pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go	13.39% <37.50%> (+1.14%)	⬆️
...is/policy/v1alpha1/clusterimagepolicy_lifecycle.go	41.66% <41.66%> (ø)
pkg/apis/policy/v1beta1/zz_generated.deepcopy.go	19.76% <41.66%> (+0.80%)	⬆️
pkg/reconciler/trustroot/trustroot.go	50.00% <50.00%> (+0.71%)	⬆️
...econciler/clusterimagepolicy/clusterimagepolicy.go	59.33% <65.00%> (+5.03%)	⬆️
... and 7 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[vaikas]

ko failed to install on the test failure:

Installing ko @ v0.12.0 for Linux
+ sudo tar xzf - -C /usr/local/bin ko
+ curl -fsL https://github.com/ko-build/ko/releases/download/v0.12.0/ko_0.12.0_Linux_x86_64.tar.gz

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
Error: Process completed with exit code 2.

[hectorj2f]

Should we add a status for the url's failure or success operation when fetching a policy ?

[vaikas]

We already do on line 82 (if inlinePolicies fail) we mark that failed and the error will be reflected in the status just like if any inline policy fails. Splitting out whether it's CM or URL makes things way more complicated and I see no benefit to the user for it.

[hectorj2f]

I thought we wanted to give more descriptive errors about what it could go wrong with a policy.

[hectorj2f]

Do we want to add a new status to register any issue when deleting a cip https://github.com/sigstore/policy-controller/pull/533/files#diff-993c349b6a7980667de0868f0e1c1fb43da04c80bafb462c89249ab478a76a61R155 ?

[vaikas]

Hm. That link doesn't take me anywhere except the full diff :) Assuming you mean FinalizeKind, once the finalizer has been slapped on, I am fairly certain you can't update the object anymore. But, I could be wrong. I'll look at doing that in a followup, ok?

[hectorj2f]

Sure. FinalizeKind is optional, and if implemented by the reconciler will be called when the resource's deletion timestamp is set I am not sure what means to set the deletion timestmap.

[hectorj2f]

Overall it looks good to me 💪🏻 , I added some comments.