Documentation
¶
Index ¶
- Constants
- Variables
- func CalculateSHA256Sum(file string) (string, error)
- type Attestation
- type Catalog
- type Contract
- func (c *Contract) AddResourceFile(resourceFile, version string) error
- func (c *Contract) GetPublicKey() (string, error)
- func (c *Contract) Print() ([]byte, error)
- func (c *Contract) Save() error
- func (c *Contract) SaveAs(file string) error
- func (c *Contract) SignResources(fn ResourceSignFn) error
- func (c *Contract) VerifyResources(ctx context.Context, fn ResourceVerifySignatureFn) error
- type Repository
- type ResourceSignFn
- type ResourceVerifySignatureFn
- type Resources
- type TektonResource
Constants ¶
const ( // Version current contract version. Version = "v1" // Filename default contract file name. Filename = "catalog.yaml" // Resources default file name. ResourcesName = "resources.tar.gz" // SignatureExtension. SignatureExtension = "sig" )
Variables ¶
var ErrAttestationPublicKeyEmpty = errors.New("public-key is empty")
ErrAttestationPublicKeyEmpty marks the public-key is not yet set.
var ErrTektonResourceUnsupported = errors.New("tekton resource not supported")
ErrTektonResourceUnsupported marks the resource as not supported, as in it's not a Kubernetes CRD, or not a Tekton API on supported versions, etc.
Functions ¶
func CalculateSHA256Sum ¶
CalculateSHA256Sum calculates the SHA256 sum of the informed file.
Types ¶
type Attestation ¶
type Attestation struct {
// PublicKey path to the public key file, KMS URI or Kubernetes Secret.
PublicKey string `json:"publicKey"`
}
Attestation holds the attributes needed for the software supply chain security.
type Catalog ¶
type Catalog struct {
Repository *Repository `json:"repository"` // repository long description
Attestation *Attestation `json:"attestation"` // software supply provenance
Resources *Resources `json:"resources"` // inventory of Tekton resources
}
Catalog describes the contents of a repository part of a "catalog" of Tekton resources, including repository metadata, inventory of Tekton resources, test-cases and more.
type Contract ¶
type Contract struct {
Version string `json:"version"` // contract version
Catalog Catalog `json:"catalog"` // tekton resources catalog
// contains filtered or unexported fields
}
Contract contains a versioned catalog.
func NewContractEmpty ¶
func NewContractEmpty() *Contract
NewContractEmpty instantiates a new Contract{} with empty attributes.
func NewContractFromData ¶
NewContractFromData instantiates a new Contract{} from a YAML payload.
func NewContractFromFile ¶
NewContractFromFile instantiates a new Contract{} from a YAML file.
func NewContractFromURL ¶
NewContractFromURL instantiates a new Contract{} from a URL.
func (*Contract) AddResourceFile ¶
AddResourceFile adds a resource file on the contract, making sure it's a Tekton resource file and uses the "kind" to guide on which attribute the resource will be appended.
func (*Contract) GetPublicKey ¶
GetPublicKey accessor to the attestation's public-key, emits error when not set.
func (*Contract) SignResources ¶
func (c *Contract) SignResources(fn ResourceSignFn) error
SignResources runs the informed function against each catalog resource, the expected signature file created is updated on "this" contract instance.
func (*Contract) VerifyResources ¶
func (c *Contract) VerifyResources(ctx context.Context, fn ResourceVerifySignatureFn) error
VerifyResources runs the informed function against each catalog resource, when error is returned the signature verification process fail.
type Repository ¶
type Repository struct {
// Description long description text.
Description string `json:"description"`
}
Repository contains the general repository information, including metadata to categorize and describe the repository contents, objective, ecosystem, etc.
type ResourceSignFn ¶
ResourceSignFn function to perform the resource (file) signature. Parameters:
- resource-file: resource file location to be signed
- signature-file: where the signature file should be stored
type ResourceVerifySignatureFn ¶
ResourceVerifySignatureFn function to perform the signature verification. Parameters:
- context: shared context
- resource-file: the resource file
- signature-file: the respective signature file
type Resources ¶
type Resources struct {
// Tasks List of Tekton Tasks.
Tasks []*TektonResource `json:"tasks"`
// Pipelines List of Tekton Pipelines.
Pipelines []*TektonResource `json:"pipelines"`
// StepActions List of Tekton StepActions.
StepActions []*TektonResource `json:"stepactions"`
}
Resources inventory of all Tekton resources managed by the repository.
type TektonResource ¶
type TektonResource struct {
// Name Tekton resource name, the Task or Pipeline actual name.
Name string `json:"name"`
// Version Tekton resource version.
Version string `json:"version"`
// Filename starting from the repository root, the relative path to the resource file.
Filename string `json:"filename"`
// Checksum ".filename"'s SHA256 sum, validates resource payload after network transfer.
Checksum string `json:"checksum"`
// Signature Tekton resource signature, either the signature payload, or relative
// location to the signature file. By default, it uses the ".filename" attributed
// followed by ".sig" extension.
Signature string `json:"signature"`
}
TektonResource contains a Tekton resource reference, as in a Task or Pipeline.
Source Files