Documentation
¶
Index ¶
- func GenerateMessageFromRawObj(rawObj []byte, filter, mutableAttrs string) string
- type ConcreteSignPolicyEvaluator
- type GeneralSignature
- type HelmVerifier
- type ResourceVerifier
- func (self *ResourceVerifier) IsPatchWithScopeKey(orgObj, rawObj []byte, scope string) bool
- func (self *ResourceVerifier) MatchMessage(message, reqObj []byte, protectAttrs, unprotectAttrs, enforcerNamespace string, ...) (bool, string)
- func (self *ResourceVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext) (*SigVerifyResult, error)
- type SigVerifyResult
- type SignPolicyEvaluator
- type SignatureType
- type VerifierInterface
- type VerifyType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ConcreteSignPolicyEvaluator ¶
type ConcreteSignPolicyEvaluator struct {
// contains filtered or unexported fields
}
func (*ConcreteSignPolicyEvaluator) Eval ¶
func (self *ConcreteSignPolicyEvaluator) Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, protectAttrs, unprotectAttrs []*protect.AttrsPattern) (*common.SignPolicyEvalResult, error)
func (*ConcreteSignPolicyEvaluator) GetResourceSignature ¶
func (self *ConcreteSignPolicyEvaluator) GetResourceSignature(ref *common.ResourceRef, reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, protectAttrs, unprotectAttrs []*protect.AttrsPattern) *GeneralSignature
type GeneralSignature ¶
type GeneralSignature struct {
SignType SignatureType
// contains filtered or unexported fields
}
type HelmVerifier ¶
type HelmVerifier struct {
VerifyType VerifyType
Namespace string
CertPoolPath string
KeyringPath string
}
func (*HelmVerifier) Verify ¶
func (self *HelmVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext) (*SigVerifyResult, error)
type ResourceVerifier ¶
type ResourceVerifier struct {
VerifyType VerifyType
Namespace string
CertPoolPath string
KeyringPath string
}
func (*ResourceVerifier) IsPatchWithScopeKey ¶
func (self *ResourceVerifier) IsPatchWithScopeKey(orgObj, rawObj []byte, scope string) bool
func (*ResourceVerifier) MatchMessage ¶
func (self *ResourceVerifier) MatchMessage(message, reqObj []byte, protectAttrs, unprotectAttrs, enforcerNamespace string, signType SignatureType) (bool, string)
func (*ResourceVerifier) Verify ¶
func (self *ResourceVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext) (*SigVerifyResult, error)
type SigVerifyResult ¶
type SigVerifyResult struct {
Error *common.CheckError
Signer *common.SignerInfo
}
type SignPolicyEvaluator ¶
type SignPolicyEvaluator interface {
Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, protectAttrs, unprotectAttrs []*protect.AttrsPattern) (*common.SignPolicyEvalResult, error)
}
func NewSignPolicyEvaluator ¶
func NewSignPolicyEvaluator(config *config.EnforcerConfig, policy *policy.SignPolicy, plugins map[string]bool) (SignPolicyEvaluator, error)
type SignatureType ¶
type SignatureType string
const ( SignatureTypeUnknown SignatureType = "" SignatureTypeResource SignatureType = "Resource" SignatureTypeApplyingResource SignatureType = "ApplyingResource" SignatureTypePatch SignatureType = "Patch" SignatureTypeHelm SignatureType = "Helm" )
type VerifierInterface ¶
type VerifierInterface interface {
Verify(sig *GeneralSignature, reqc *common.ReqContext) (*SigVerifyResult, error)
}
func NewVerifier ¶
func NewVerifier(verifyType VerifyType, signType SignatureType, enforcerNamespace, certPoolPath, keyringPath string) VerifierInterface
type VerifyType ¶
type VerifyType string
const ( VerifyTypeX509 VerifyType = "x509" VerifyTypePGP VerifyType = "pgp" )
Source Files
Click to show internal directories.
Click to hide internal directories.