signature

package
v0.1.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 8, 2022 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Index

Constants

View Source
const (
	PublicKey           = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnP0Yo+ZxzPUEfohcG3bbJ8987UT4f0tj+XVBjS/s35wkfjrxTKrVZQpz3ta3zi5ZlgXzd7a20B1U1Py/TtPsxw=="
	DomainName          = "eksa.aws.com"
	SignatureAnnotation = "signature"
	ExcludesAnnotation  = "excludes"
)

Variables

View Source
var (
	AlwaysExcluded = []string{".status", ".metadata.creationTimestamp", ".metadata.generation", ".metadata.managedFields", ".metadata.uid", ".metadata.resourceVersion"}
	GojqTemplate   = template.Must(template.New("gojq_query").Funcs(
		template.FuncMap{
			"StringsJoin": strings.Join,
			"Escape": func(in string) string {
				return strings.ReplaceAll(in, ".", "\\\\.")
			},
		}).Parse(`
del({{ StringsJoin .Excludes ", "}}) | (.metadata.annotations | objects) |= with_entries(select(.key | test("^{{ Escape .Domain.Name }}/(?:includes|excludes)$") ))
`))
)
View Source
var EksaDomain = Domain{Name: DomainName, Pubkey: PublicKey}

Functions

func GetDigest

func GetDigest(manifest Manifest, domain Domain) (digest [32]byte, yml []byte, err error)

func GetMetadataInformation

func GetMetadataInformation(manifest Manifest, domain Domain) (signature string, excludes []string, err error)

func ValidateSignature

func ValidateSignature(manifest Manifest, domain Domain) (valid bool, digest [32]byte, yml []byte, err error)

See ./testdata/sign_file.sh for a shell script implementation. This here differs in that it normalizes quoting while the shell script doesnt (yet).

Types

type Domain

type Domain struct {
	Name   string
	Pubkey string
}

type GojqParams

type GojqParams struct {
	Excludes []string
	Domain   Domain
}

type Manifest

type Manifest = metav1.ObjectMetaAccessor

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL