Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrDecryptParamsMissing is returned if there is missing decryption parameters ErrDecryptParamsMissing = errors.New("Necessary DecryptParameters not present") )
Functions ¶
func Image ¶
func Image(ctx context.Context, policyContext *signature.PolicyContext, destRef, srcRef types.ImageReference, options *Options) (copiedManifest []byte, retErr error)
Image copies image from srcRef to destRef, using policyContext to validate source image admissibility. It returns the manifest which was written to the new copy of the image.
Types ¶
type ImageListSelection ¶
type ImageListSelection int
ImageListSelection is one of CopySystemImage, CopyAllImages, or CopySpecificImages, to control whether, when the source reference is a list, copy.Image() copies only an image which matches the current runtime environment, or all images which match the supplied reference, or only specific images from the source reference.
const ( // CopySystemImage is the default value which, when set in // Options.ImageListSelection, indicates that the caller expects only one // image to be copied, so if the source reference refers to a list of // images, one that matches the current system will be selected. CopySystemImage ImageListSelection = iota // CopyAllImages is a value which, when set in Options.ImageListSelection, // indicates that the caller expects to copy multiple images, and if // the source reference refers to a list, that the list and every image // to which it refers will be copied. If the source reference refers // to a list, the target reference can not accept lists, an error // should be returned. CopyAllImages // CopySpecificImages is a value which, when set in // Options.ImageListSelection, indicates that the caller expects the // source reference to be either a single image or a list of images, // and if the source reference is a list, wants only specific instances // from it copied (or none of them, if the list of instances to copy is // empty), along with the list itself. If the target reference can // only accept one image (i.e., it cannot accept lists), an error // should be returned. CopySpecificImages )
type Options ¶
type Options struct { RemoveSignatures bool // Remove any pre-existing signatures. SignBy will still add a new signature. SignBy string // If non-empty, asks for a signature to be added during the copy, and specifies a key ID, as accepted by signature.NewGPGSigningMechanism().SignDockerManifest(), SignPassphrase string // Passphare to use when signing with the key ID from `SignBy`. SignIdentity reference.Named // Identify to use when signing, defaults to the docker reference of the destination ReportWriter io.Writer SourceCtx *types.SystemContext DestinationCtx *types.SystemContext ProgressInterval time.Duration // time to wait between reports to signal the progress channel Progress chan types.ProgressProperties // Reported to when ProgressInterval has arrived for a single artifact+offset. // Preserve digests, and fail if we cannot. PreserveDigests bool // manifest MIME type of image set by user. "" is default and means use the autodetection to the the manifest MIME type ForceManifestMIMEType string ImageListSelection ImageListSelection // set to either CopySystemImage (the default), CopyAllImages, or CopySpecificImages to control which instances we copy when the source reference is a list; ignored if the source reference is not a list Instances []digest.Digest // if ImageListSelection is CopySpecificImages, copy only these instances and the list itself // If OciEncryptConfig is non-nil, it indicates that an image should be encrypted. // The encryption options is derived from the construction of EncryptConfig object. // Note: During initial encryption process of a layer, the resultant digest is not known // during creation, so newDigestingReader has to be set with validateDigest = false OciEncryptConfig *encconfig.EncryptConfig // OciEncryptLayers represents the list of layers to encrypt. // If nil, don't encrypt any layers. // If non-nil and len==0, denotes encrypt all layers. // integers in the slice represent 0-indexed layer indices, with support for negative // indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer. OciEncryptLayers *[]int // OciDecryptConfig contains the config that can be used to decrypt an image if it is // encrypted if non-nil. If nil, it does not attempt to decrypt an image. OciDecryptConfig *encconfig.DecryptConfig // A weighted semaphore to limit the amount of concurrently copied layers and configs. Applies to all copy operations using the semaphore. If set, MaxParallelDownloads is ignored. ConcurrentBlobCopiesSemaphore *semaphore.Weighted // MaxParallelDownloads indicates the maximum layers to pull at the same time. Applies to a single copy operation. A reasonable default is used if this is left as 0. Ignored if ConcurrentBlobCopiesSemaphore is set. MaxParallelDownloads uint // When OptimizeDestinationImageAlreadyExists is set, optimize the copy assuming that the destination image already // exists (and is equivalent). Making the eventual (no-op) copy more performant for this case. Enabling the option // is slightly pessimistic if the destination image doesn't exist, or is not equivalent. OptimizeDestinationImageAlreadyExists bool // Download layer contents with "nondistributable" media types ("foreign" layers) and translate the layer media type // to not indicate "nondistributable". DownloadForeignLayers bool }
Options allows supplying non-default configuration modifying the behavior of CopyImage.
Click to show internal directories.
Click to hide internal directories.