enterprise

package
v1.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2026 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package enterprise provide glue to Enterprise code.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Enabled

func Enabled() bool

Enabled indicates whether Enterprise features are enabled.

func NewSpdxFrontend added in v1.1.0

func NewSpdxFrontend(_ *zap.Logger, _ SPDXOptions) (FrontendPlugin, SPDXSource, error)

NewSpdxFrontend returns a new Spdx FrontendPlugin.

func NewVEXFrontend added in v1.3.0

NewVEXFrontend returns a new VEX FrontendPlugin.

Types

type AuthProvider added in v1.2.0

type AuthProvider interface {
	// Run starts the background reload loop and blocks until ctx is canceled.
	Run(ctx context.Context) error

	// Middleware returns an HTTP middleware that enforces authentication on the provided handler.
	Middleware(Handler) Handler

	// VerifyCredentials checks if the username/password pair is valid.
	VerifyCredentials(username, password string) bool

	// UsernameFromContext retrieves the authenticated username stored by the middleware.
	UsernameFromContext(ctx context.Context) (string, bool)
}

AuthProvider defines an authentication provider.

func NewAuthProvider added in v1.2.0

func NewAuthProvider(_ *zap.Logger, _ string) (AuthProvider, error)

NewAuthProvider creates a new authentication provider.

type Checksummer added in v1.1.0

type Checksummer interface {
	WriteChecksum(ctx context.Context, w http.ResponseWriter, r *http.Request, reader io.ReadCloser, size int64, filename, suffix string) error
}

Checksummer computes a checksum for a boot asset and writes the result to the HTTP response. The implementation lives behind the enterprise build tag; when enterprise is not enabled the Frontend receives a nil Checksummer and returns 402 for checksum requests.

suffix is the file-extension that triggered checksum mode (e.g. ".sha512", ".sha256", ".md5") and determines both the algorithm and the output filename.

func NewChecksummer added in v1.1.0

func NewChecksummer() Checksummer

NewChecksummer returns nil when enterprise is not enabled.

type FrontendPlugin added in v1.1.0

type FrontendPlugin interface {
	Methods() []string
	Path() string
	Handle(context.Context, http.ResponseWriter, *http.Request, httprouter.Params) error
}

FrontendPlugin is the interface that Enterprise code must implement to extend the frontend.

func NewScannerFrontend added in v1.3.0

func NewScannerFrontend(_ context.Context, _ *errgroup.Group, _ *zap.Logger, _ ScannerOptions) (FrontendPlugin, error)

NewScannerFrontend returns a new Scanner FrontendPlugin.

type Handler added in v1.2.0

type Handler = func(ctx context.Context, w http.ResponseWriter, r *http.Request, p httprouter.Params) error

Handler is the type of HTTP handlers used by the enterprise frontend.

type ReadinessChecker added in v1.3.0

type ReadinessChecker interface {
	// Ready reports nil when the plugin is ready to serve requests, or a
	// non-nil error describing why it is not.
	Ready() error
}

ReadinessChecker is implemented by FrontendPlugin instances whose readiness must factor into the /readyz response. Plugins that do not implement this interface are considered always ready.

type SPDXOptions added in v1.1.0

type SPDXOptions struct {
	ExternalURL             string
	CacheImageSigner        signer.Signer
	SchematicFactory        *schematic.Factory
	ArtifactsManager        *artifacts.Manager
	AssetBuilder            *asset.Builder
	AuthProvider            AuthProvider
	CacheRepository         string
	RemoteOptions           []remote.Option
	RegistryRefreshInterval time.Duration
	CacheInsecure           bool
}

SPDXOptions holds configuration options for the SPDX frontend.

type SPDXSource added in v1.3.0

type SPDXSource interface {
	Build(ctx context.Context, schematicID, versionTag string, arch artifacts.Arch) (io.ReadCloser, error)
}

SPDXSource produces a merged SPDX JSON document for the requested schematic, Talos version and architecture, applying ownership enforcement.

The SPDX builder satisfies this interface and is reused by the scanner frontend so the SBOM extraction and access control live in one place.

type ScannerOptions added in v1.3.0

type ScannerOptions struct {
	VEXSource        VEXSource
	SPDXSource       SPDXSource
	SchematicFactory *schematic.Factory
	AuthProvider     AuthProvider
	DatabaseURL      string
	MetricsNamespace string
	CacheTTL         time.Duration
	CacheCapacity    uint64
}

ScannerOptions holds configuration options for the Scanner frontend.

type VEXOptions added in v1.3.0

type VEXOptions struct {
	Data             string
	MetricsNamespace string
	RemoteOptions    []remote.Option
	VerifyOptions    verify.VerifyOptions
	RefreshInterval  time.Duration
	CacheTTL         time.Duration
	CacheCapacity    uint64
	DataInsecure     bool
}

VEXOptions holds configuration options for the VEX frontend.

type VEXSource added in v1.3.0

type VEXSource interface {
	Build(ctx context.Context, versionTag string) ([]byte, error)
}

VEXSource produces a VEX JSON document for a given Talos version tag.

The VEX builder satisfies this interface and is reused by the scanner frontend to suppress vulnerabilities classified as "fixed"/"not_affected" upstream.

Directories

Path Synopsis
Package errors defines errors used by the enterprise package.
Package errors defines errors used by the enterprise package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL