params

package

v5.27.0 Latest Latest Go to latest Published: Aug 5, 2023 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containers/image

Links

Open Source Insights

Documentation ¶

Index ¶

type OIDCMode
type SigningParameterFile
- func ParseFile(path string) (*SigningParameterFile, error)
type SigningParameterFileFulcio

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OIDCMode ¶

type OIDCMode string

const (
	// OIDCModeStaticToken means the parameter file contains an user-provided OIDC ID token value.
	OIDCModeStaticToken OIDCMode = "staticToken"
	// OIDCModeDeviceGrant specifies the OIDC ID token should be obtained using a device authorization grant (RFC 8628).
	OIDCModeDeviceGrant OIDCMode = "deviceGrant"
	// OIDCModeInteractive specifies the OIDC ID token should be obtained interactively (automatically opening a browser,
	// or interactively prompting the user.)
	OIDCModeInteractive OIDCMode = "interactive"
)

type SigningParameterFile ¶

type SigningParameterFile struct {
	PrivateKeyFile           string `yaml:"privateKeyFile,omitempty"`           // If set, sign using a private key stored in this file.
	PrivateKeyPassphraseFile string `yaml:"privateKeyPassphraseFile,omitempty"` // A file that contains the passprase required for PrivateKeyFile.

	Fulcio *SigningParameterFileFulcio `yaml:"fulcio,omitempty"` // If set, sign using a short-lived key and a Fulcio-issued certificate.

	RekorURL string `yaml:"rekorURL,omitempty"` // If set, upload the signature to the specified Rekor server, and include a log inclusion proof in the signature.
}

SigningParameterFile collects parameters used for creating sigstore signatures.

To consume such a file, most callers should use c/image/pkg/cli/sigstore instead of dealing with this type explicitly using ParseFile.

This type is exported primarily to allow creating parameter files programmatically (and eventually this subpackage should provide an API to convert this type into the appropriate file contents, so that callers don’t need to do that manually).

func ParseFile ¶

func ParseFile(path string) (*SigningParameterFile, error)

ParseFile parses a SigningParameterFile at the specified path.

Most consumers of the parameter file should use c/image/pkg/cli/sigstore to obtain a *signer.Signer instead.

type SigningParameterFileFulcio ¶

type SigningParameterFileFulcio struct {
	FulcioURL string `yaml:"fulcioURL,omitempty"` // URL of the Fulcio server. Required.

	// How to obtain the OIDC ID token required by Fulcio. Required.
	OIDCMode OIDCMode `yaml:"oidcMode,omitempty"`

	// oidcMode = staticToken
	OIDCIDToken string `yaml:"oidcIDToken,omitempty"`

	// oidcMode = deviceGrant || interactive
	OIDCIssuerURL    string `yaml:"oidcIssuerURL,omitempty"` //
	OIDCClientID     string `yaml:"oidcClientID,omitempty"`
	OIDCClientSecret string `yaml:"oidcClientSecret,omitempty"`
}

SigningParameterFileFulcio is a subset of SigningParameterFile dedicated to Fulcio parameters.

Source Files ¶

View all Source files

sigstore.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL