Documentation
¶
Index ¶
- Constants
- func CommitSignatureError(verifyCommit bool, gitClient git.Client, revision string, ...) error
- func DeletePGPKey(keyID string) error
- func GetInstalledPGPKeys(kids []string) ([]*appsv1.GnuPGPublicKey, error)
- func HasCriteria(si *v1alpha1.SourceIntegrity, sources ...v1alpha1.ApplicationSource) bool
- func ImportPGPKeys(keyFile string) ([]*appsv1.GnuPGPublicKey, error)
- func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error)
- func InitializeGnuPG() error
- func IsGPGEnabled() bool
- func IsLongKeyID(k string) bool
- func IsSecretKey(keyID string) (bool, error)
- func IsShortKeyID(k string) bool
- func KeyID(k string) (string, error)
- func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error
- func SetPGPTrustLevelById(kids []string, trustLevel string) error
- func SyncKeyRingFromDirectory(basePath string) ([]string, []string, error)
- func ValidatePGPKeys(keyFile string) (map[string]*appsv1.GnuPGPublicKey, error)
- func ValidatePGPKeysFromString(keyData string) (map[string]*appsv1.GnuPGPublicKey, error)
- func VerifyGit(si *v1alpha1.SourceIntegrity, gitClient git.Client, verifiedRevision string) (*v1alpha1.SourceIntegrityCheckResult, string, error)
- func VerifyGnuPGSignature(revision string, validKeys []string, verifyResult string) (condition *appsv1.ApplicationCondition)
- type PGPKeyID
Constants ¶
const ( TrustUnknown = "unknown" TrustNone = "never" TrustMarginal = "marginal" TrustFull = "full" TrustUltimate = "ultimate" )
Key trust values
Variables ¶
This section is empty.
Functions ¶
func CommitSignatureError ¶
func CommitSignatureError(verifyCommit bool, gitClient git.Client, revision string, repo *appsv1.Repository) error
TODO: Remove deprecated https://github.com/argoproj/argo-cd/issues/27695
func DeletePGPKey ¶
DeletePGPKey deletes a key from our GnuPG key ring
func GetInstalledPGPKeys ¶
func GetInstalledPGPKeys(kids []string) ([]*appsv1.GnuPGPublicKey, error)
GetInstalledPGPKeys runs gpg to retrieve public keys from our keyring. If kids is non-empty, limit result to those key IDs
func HasCriteria ¶
func HasCriteria(si *v1alpha1.SourceIntegrity, sources ...v1alpha1.ApplicationSource) bool
HasCriteria determines if any of the sources have some criteria declared
func ImportPGPKeys ¶
func ImportPGPKeys(keyFile string) ([]*appsv1.GnuPGPublicKey, error)
ImportPGPKeys imports one or more keys from a file into the local keyring and optionally signs them with the transient private key for leveraging the trust DB.
func ImportPGPKeysFromString ¶
func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error)
func InitializeGnuPG ¶
func InitializeGnuPG() error
InitializeGnuPG will initialize a GnuPG working directory and also create a transient private key so that the trust DB will work correctly.
func IsGPGEnabled ¶
func IsGPGEnabled() bool
IsGPGEnabled returns true if the GPG feature is enabled
func IsLongKeyID ¶
IsLongKeyID returns true if the string represents a long key ID (aka fingerprint)
func IsSecretKey ¶
IsSecretKey returns true if the keyID also has a private key in the keyring
func IsShortKeyID ¶
IsShortKeyID returns true if the string represents a short key ID
func KeyID ¶
KeyID get the actual correct (short) key ID from either a fingerprint or the key ID. Errors if it is not a valid GnuPG key ID.
func SetPGPTrustLevel ¶
func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error
SetPGPTrustLevel sets the given trust level on specified keys
func SetPGPTrustLevelById ¶
SetPGPTrustLevelById sets the given trust level on keys with specified key IDs
func SyncKeyRingFromDirectory ¶
SyncKeyRingFromDirectory will sync the GPG keyring with files in a directory. This is a one-way sync, with the configuration being the leading information. Files must have a file name matching their Key ID. Keys that are found in the directory but are not in the keyring will be installed to the keyring, files that exist in the keyring but do not exist in the directory will be deleted.
func ValidatePGPKeys ¶
func ValidatePGPKeys(keyFile string) (map[string]*appsv1.GnuPGPublicKey, error)
ValidatePGPKeys validates whether the keys in keyFile are valid PGP keys and can be imported It does so by importing them into a temporary keyring. The returned keys are complete, that is, they contain all relevant information
func ValidatePGPKeysFromString ¶
func ValidatePGPKeysFromString(keyData string) (map[string]*appsv1.GnuPGPublicKey, error)
func VerifyGit ¶
func VerifyGit(si *v1alpha1.SourceIntegrity, gitClient git.Client, verifiedRevision string) (*v1alpha1.SourceIntegrityCheckResult, string, error)
VerifyGit makes sure the git repository satisfies the criteria declared. It returns nil in case there were no relevant criteria, a check result if there were. The verifiedRevision is expected to be either an annotated tag to a resolved commit sha - the revision, its signature is being verified.
func VerifyGnuPGSignature ¶
func VerifyGnuPGSignature(revision string, validKeys []string, verifyResult string) (condition *appsv1.ApplicationCondition)
TODO: Remove deprecated https://github.com/argoproj/argo-cd/issues/27695