Documentation
¶
Overview ¶
Package oci implements the source.Fetcher for KindOCIRepository via oras-go. Generic provider only — IRSA / Workload Identity is out of scope for offline flate.
File map:
fetcher.go — Fetcher type, Fetch entry, authIdentity fetch.go — fetch workhorse, cache-hit gate, artifact composer auth.go — TLS, registry-config, credential-store resolution resolve.go — OCI ref parsing, semver tag picking, revision shape marker.go — .flate-digest / .flate-verified slot markers cosign.go — cosign signature verification layer.go — spec.layerSelector copy/extract
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Fetcher ¶
type Fetcher struct {
Cache *source.Cache
RegistryConfig string
Secrets source.SecretGetter
}
Fetcher is the Fetcher implementation for KindOCIRepository. RegistryConfig is the global --registry-config docker-style config.json path used when no per-repo SecretRef is set. Secrets is the per-repo source.SecretGetter (typically the orchestrator-provided Store.GetByName), required when any OCIRepository has spec.secretRef pointing at a kubernetes.io/dockerconfigjson Secret.
func (*Fetcher) Fetch ¶
func (f *Fetcher) Fetch(ctx context.Context, repo *manifest.OCIRepository) (*store.SourceArtifact, error)
Fetch implements source.TypedFetcher[*manifest.OCIRepository]. The typed signature is wrapped via source.Wrap at orchestrator registration — a payload mismatch returns ErrInput once at the adapter site rather than panicking here.
Fetch resolves credentials, TLS, and proxy from the CR's *SecretRef fields, then hands off to fetch() — the workhorse in fetch.go that owns slot lifecycle, oras Copy, cosign verification, layer extraction, and marker writes.
Source Files