Documentation ¶
Index ¶
- func CheckAuthorization(ctx context.Context, cs content.Store, desc ocispec.Descriptor, ...) error
- func DecryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, ...) (ocispec.Descriptor, bool, error)
- func DecryptLayer(dc *encconfig.DecryptConfig, dataReader io.Reader, desc ocispec.Descriptor, ...) (ocispec.Descriptor, io.Reader, digest.Digest, error)
- func EncryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, ...) (ocispec.Descriptor, bool, error)
- func GetImageDecryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc
- func GetImageEncryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc
- func HasEncryptedLayer(ctx context.Context, layerInfos []ocispec.Descriptor) bool
- func IsEncryptedDiff(ctx context.Context, mediaType string) bool
- func WithAuthorizationCheck(dc *encconfig.DecryptConfig) containerd.NewContainerOpts
- func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt
- func WithUnpackConfigApplyOpts(opt diff.ApplyOpt) containerd.UnpackOpt
- func WithUnpackOpts(opts []containerd.UnpackOpt) containerd.RemoteOpt
- type LayerFilter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckAuthorization ¶
func CheckAuthorization(ctx context.Context, cs content.Store, desc ocispec.Descriptor, dc *encconfig.DecryptConfig) error
CheckAuthorization checks whether a user has the right keys to be allowed to access an image (every layer) It takes decrypting of the layers only as far as decrypting the asymmetrically encrypted data The decryption is only done for the current platform
func DecryptImage ¶
func DecryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, cc *encconfig.CryptoConfig, lf LayerFilter) (ocispec.Descriptor, bool, error)
DecryptImage decrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest
func DecryptLayer ¶
func DecryptLayer(dc *encconfig.DecryptConfig, dataReader io.Reader, desc ocispec.Descriptor, unwrapOnly bool) (ocispec.Descriptor, io.Reader, digest.Digest, error)
DecryptLayer decrypts the layer using the DecryptConfig and creates a new OCI Descriptor. The caller is expected to store the returned plain data and OCI Descriptor
func EncryptImage ¶
func EncryptImage(ctx context.Context, cs content.Store, desc ocispec.Descriptor, cc *encconfig.CryptoConfig, lf LayerFilter) (ocispec.Descriptor, bool, error)
EncryptImage encrypts an image; it accepts either an OCI descriptor representing a manifest list or a single manifest
func GetImageDecryptConverter ¶ added in v1.1.2
func GetImageDecryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc
GetImageDecryptConverter returns a converter function for image decryption
func GetImageEncryptConverter ¶ added in v1.1.2
func GetImageEncryptConverter(cc *encconfig.CryptoConfig, lf LayerFilter) converter.ConvertFunc
GetImageEncryptConverter returns a converter function for image encryption
func HasEncryptedLayer ¶
func HasEncryptedLayer(ctx context.Context, layerInfos []ocispec.Descriptor) bool
HasEncryptedLayer returns true if any LayerInfo indicates that the layer is encrypted
func IsEncryptedDiff ¶
IsEncryptedDiff returns true if mediaType is a known encrypted media type.
func WithAuthorizationCheck ¶
func WithAuthorizationCheck(dc *encconfig.DecryptConfig) containerd.NewContainerOpts
WithAuthorizationCheck checks the authorization of keys used for encrypted containers be checked upon creation of a container
func WithDecryptedUnpack ¶
WithDecryptedUnpack allows to pass parameters the 'layertool' needs to the applier
func WithUnpackConfigApplyOpts ¶
func WithUnpackConfigApplyOpts(opt diff.ApplyOpt) containerd.UnpackOpt
WithUnpackConfigApplyOpts allows to pass an ApplyOpt
func WithUnpackOpts ¶
func WithUnpackOpts(opts []containerd.UnpackOpt) containerd.RemoteOpt
WithUnpackOpts is used to add unpack options to the unpacker.
Types ¶
type LayerFilter ¶
type LayerFilter func(desc ocispec.Descriptor) bool
LayerFilter allows to select Layers by certain criteria
Directories ¶
Path | Synopsis |
---|---|
Package parsehelpers provides parse helpers for CLI applications.
|
Package parsehelpers provides parse helpers for CLI applications. |