Ratify helm chart should provide way to override notation trusted identities

[mannbiher]

What would you like to be added?

Provide way to override notation trusted identities in helm chart. Currently it is set to *.
https://github.com/ratify-project/ratify/blob/dev/charts/ratify/templates/verifier.yaml#L40

          trustedIdentities:
            - "*"

Values could have notation.trustedIdentities property.

notation:
  enabled: true
  trustedIdentities:
  - arn:aws:signer:us-west-2:1234567890:/signing-profiles/my-account-signer

Anything else you would like to add?

The feature is required as we use AWS signer and want to verify signature created only by our account specific AWS signer. The current workaround is disable the helm chart notation verifier and create one outside helm chart with required trusted identities.

Are you willing to submit PRs to contribute to this feature?

• Yes, I am willing to implement it.

[FeynmanZhou]

Hi @mannbiher , I assume you can override the * with your aws signer identity in trustedIdentities, without additional development. Is there anything fails?

[susanshi]

Hi @FeynmanZhou, It can be be done today ( by maintaining custom charts), but would be a better user experience if Ratify can expose this in the default chart.