signature

package
v0.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 4, 2024 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Index

Constants

View Source
const (
	DomainName          = "eksa.aws.com"
	SignatureAnnotation = "signature"
	ExcludesAnnotation  = "excludes"
)

Variables

View Source
var (
	PublicKey  string
	EksaDomain Domain
)
View Source
var (
	AlwaysExcluded = []string{
		".status",
		".metadata.creationTimestamp",
		".metadata.generation",
		".metadata.managedFields",
		".metadata.uid",
		".metadata.resourceVersion",
		".spec.minControllerVersion",
	}
	GojqTemplate = template.Must(template.New("gojq_query").Funcs(
		template.FuncMap{
			"StringsJoin": strings.Join,
			"Escape": func(in string) string {
				return strings.ReplaceAll(in, ".", "\\\\.")
			},
		}).Parse(`
del({{ StringsJoin .Excludes ", "}}) | (.metadata.annotations | objects) |= with_entries(select(.key | test("^{{ Escape .Domain.Name }}/(?:includes|excludes)$") ))
`))
)

Functions

func GetDigest

func GetDigest(manifest Manifest, domain Domain) (digest [32]byte, yml []byte, err error)

func GetMetadataInformation

func GetMetadataInformation(manifest Manifest, domain Domain) (signature string, excludes []string, err error)

func ValidateSignature

func ValidateSignature(manifest Manifest, domain Domain) (valid bool, digest [32]byte, yml []byte, err error)

See ./testdata/sign_file.sh for a shell script implementation. This here differs in that it normalizes quoting while the shell script doesnt (yet).

Types

type Domain

type Domain struct {
	Name   string
	Pubkey string
}

type GojqParams

type GojqParams struct {
	Excludes []string
	Domain   Domain
}

type Manifest

type Manifest = metav1.ObjectMetaAccessor

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL