Documentation
¶
Index ¶
Constants ¶
View Source
const ( DefaultRekorURL string = "https://rekor.sigstore.dev" DefaultTLogVerify bool = true DefaultCTLogVerify bool = true DefaultTrustPolicyConfigVersion string = "1.0.0" )
View Source
const GlobalWildcardCharacter = '*'
Variables ¶
View Source
var SupportedTrustPolicyConfigVersions = []string{DefaultTrustPolicyConfigVersion}
Functions ¶
This section is empty.
Types ¶
type Extension ¶
type Extension struct {
SignatureExtension []cosignExtensionList `json:"signatures,omitempty"`
TrustPolicy string `json:"trustPolicy,omitempty"`
}
Extension is the structure for the verifier result extensions contains a list of signature verification results where each entry corresponds to a single signature verified
type KeylessConfig ¶
type KeylessConfig struct {
CTLogVerify *bool `json:"ctLogVerify,omitempty"`
CertificateIdentity string `json:"certificateIdentity,omitempty"`
CertificateIdentityRegExp string `json:"certificateIdentityRegExp,omitempty"`
CertificateOIDCIssuer string `json:"certificateOIDCIssuer,omitempty"`
CertificateOIDCIssuerRegExp string `json:"certificateOIDCIssuerRegExp,omitempty"`
}
type LegacyExtension ¶
type LegacyExtension struct {
SignatureExtension []cosignExtension `json:"signatures,omitempty"`
}
LegacyExtension is the structure for the verifier result extensions used for backwards compatibility with the legacy cosign verifier
type PluginConfig ¶
type PluginConfig struct {
Name string `json:"name"`
Type string `json:"type,omitempty"`
ArtifactTypes string `json:"artifactTypes"`
KeyRef string `json:"key,omitempty"`
RekorURL string `json:"rekorURL,omitempty"`
NestedReferences []string `json:"nestedArtifactTypes,omitempty"`
TrustPolicies []TrustPolicyConfig `json:"trustPolicies,omitempty"`
}
type TrustPolicies ¶
type TrustPolicies struct {
// contains filtered or unexported fields
}
func CreateTrustPolicies ¶
func CreateTrustPolicies(configs []TrustPolicyConfig, verifierName string) (*TrustPolicies, error)
CreateTrustPolicies creates a set of trust policies from the given configuration
func (*TrustPolicies) GetScopedPolicy ¶
func (tps *TrustPolicies) GetScopedPolicy(reference string) (TrustPolicy, error)
GetScopedPolicy returns the policy that applies to the given reference TODO: add link to scopes docs when published
type TrustPolicy ¶
type TrustPolicy interface {
GetName() string
GetKeys(ctx context.Context, namespace string) (map[PKKey]keymanagementprovider.PublicKey, error)
GetScopes() []string
GetCosignOpts(context.Context) (cosign.CheckOpts, error)
}
func CreateTrustPolicy ¶
func CreateTrustPolicy(config TrustPolicyConfig, verifierName string) (TrustPolicy, error)
CreateTrustPolicy creates a trust policy from the given configuration returns an error if the configuration is invalid reads the public keys from the file path
type TrustPolicyConfig ¶
type TrustPolicyConfig struct {
Version string `json:"version"`
Name string `json:"name"`
Scopes []string `json:"scopes"`
Keys []KeyConfig `json:"keys,omitempty"`
Keyless KeylessConfig `json:"keyless,omitempty"`
TLogVerify *bool `json:"tLogVerify,omitempty"`
RekorURL string `json:"rekorURL,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.