Documentation
¶
Index ¶
- type ApplicationSnapshotImage
- func (a *ApplicationSnapshotImage) Attestations() []attestation.Attestation
- func (a *ApplicationSnapshotImage) BuildInput(_ context.Context) (map[string]any, []byte, error)
- func (a *ApplicationSnapshotImage) FetchAttestationsWithoutVerification(ctx context.Context) error
- func (a *ApplicationSnapshotImage) FetchImageConfig(ctx context.Context) error
- func (a *ApplicationSnapshotImage) FetchImageFiles(ctx context.Context) error
- func (a *ApplicationSnapshotImage) FetchParentImageConfig(ctx context.Context) error
- func (a *ApplicationSnapshotImage) ImageReference(ctx context.Context) string
- func (a *ApplicationSnapshotImage) ResolveDigest(ctx context.Context) (string, error)
- func (a *ApplicationSnapshotImage) SetImageURL(url string) error
- func (a *ApplicationSnapshotImage) Signatures() []signature.EntitySignature
- func (a *ApplicationSnapshotImage) ValidateAttestationSignature(ctx context.Context) error
- func (a ApplicationSnapshotImage) ValidateAttestationSyntax(ctx context.Context) error
- func (a *ApplicationSnapshotImage) ValidateImageAccess(ctx context.Context) error
- func (a *ApplicationSnapshotImage) ValidateImageSignature(ctx context.Context) error
- func (a *ApplicationSnapshotImage) WriteInputFile(ctx context.Context) (string, []byte, error)
- type Input
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApplicationSnapshotImage ¶
type ApplicationSnapshotImage struct {
Evaluators []evaluator.Evaluator
// contains filtered or unexported fields
}
ApplicationSnapshotImage represents the structure needed to evaluate an Application Snapshot Image
func NewApplicationSnapshotImage ¶
func NewApplicationSnapshotImage(ctx context.Context, component app.SnapshotComponent, p policy.Policy, snap app.SnapshotSpec) (*ApplicationSnapshotImage, error)
NewApplicationSnapshotImage returns an ApplicationSnapshotImage struct with reference, checkOpts, and evaluator ready to use.
func (*ApplicationSnapshotImage) Attestations ¶
func (a *ApplicationSnapshotImage) Attestations() []attestation.Attestation
Attestations returns the value of the attestations field of the ApplicationSnapshotImage struct
func (*ApplicationSnapshotImage) BuildInput ¶ added in v0.9.40
BuildInput constructs the OPA input as a Go map and JSON bytes without disk I/O. The JSON marshal/unmarshal round-trip ensures correct types for OPA (e.g. numbers as float64, consistent key ordering).
func (*ApplicationSnapshotImage) FetchAttestationsWithoutVerification ¶ added in v0.9.42
func (a *ApplicationSnapshotImage) FetchAttestationsWithoutVerification(ctx context.Context) error
FetchAttestationsWithoutVerification fetches attestations from the registry without performing signature verification. This is used when --skip-att-sig-check is enabled but we still need the attestation data for policy evaluation.
func (*ApplicationSnapshotImage) FetchImageConfig ¶
func (a *ApplicationSnapshotImage) FetchImageConfig(ctx context.Context) error
func (*ApplicationSnapshotImage) FetchImageFiles ¶
func (a *ApplicationSnapshotImage) FetchImageFiles(ctx context.Context) error
func (*ApplicationSnapshotImage) FetchParentImageConfig ¶
func (a *ApplicationSnapshotImage) FetchParentImageConfig(ctx context.Context) error
func (*ApplicationSnapshotImage) ImageReference ¶
func (a *ApplicationSnapshotImage) ImageReference(ctx context.Context) string
func (*ApplicationSnapshotImage) ResolveDigest ¶
func (a *ApplicationSnapshotImage) ResolveDigest(ctx context.Context) (string, error)
func (*ApplicationSnapshotImage) SetImageURL ¶
func (a *ApplicationSnapshotImage) SetImageURL(url string) error
func (*ApplicationSnapshotImage) Signatures ¶
func (a *ApplicationSnapshotImage) Signatures() []signature.EntitySignature
func (*ApplicationSnapshotImage) ValidateAttestationSignature ¶
func (a *ApplicationSnapshotImage) ValidateAttestationSignature(ctx context.Context) error
ValidateAttestationSignature verifies and collects in-toto attestations attached to the image.
func (ApplicationSnapshotImage) ValidateAttestationSyntax ¶
func (a ApplicationSnapshotImage) ValidateAttestationSyntax(ctx context.Context) error
ValidateAttestationSyntax validates the attestations against known JSON schemas, errors out if there are no attestations to check to prevent successful syntax check of no inputs, must invoke [ValidateAttestationSignature] or [FetchAttestationsWithoutVerification] to prefill the attestations.
func (*ApplicationSnapshotImage) ValidateImageAccess ¶
func (a *ApplicationSnapshotImage) ValidateImageAccess(ctx context.Context) error
ValidateImageAccess executes the remote.Head method on the ApplicationSnapshotImage image ref
func (*ApplicationSnapshotImage) ValidateImageSignature ¶
func (a *ApplicationSnapshotImage) ValidateImageSignature(ctx context.Context) error
ValidateImageSignature verifies the image signature. For images with Sigstore bundles (OCI referrers) the new bundle path is used; otherwise the legacy tag-based path is used.
func (*ApplicationSnapshotImage) WriteInputFile ¶
WriteInputFile writes the JSON from the attestations to input.json in a random temp dir
type Input ¶
type Input struct {
Attestations []attestationData `json:"attestations"`
Image image `json:"image"`
AppSnapshot app.SnapshotSpec `json:"snapshot"`
ComponentName string `json:"component_name,omitempty"`
PolicySpec ecc.EnterpriseContractPolicySpec `json:"policy_spec,omitempty"`
}
Source Files