params

package
v5.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2023 License: Apache-2.0 Imports: 4 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type OIDCMode

type OIDCMode string
const (
	// OIDCModeStaticToken means the parameter file contains an user-provided OIDC ID token value.
	OIDCModeStaticToken OIDCMode = "staticToken"
	// OIDCModeDeviceGrant specifies the OIDC ID token should be obtained using a device authorization grant (RFC 8628).
	OIDCModeDeviceGrant OIDCMode = "deviceGrant"
	// OIDCModeInteractive specifies the OIDC ID token should be obtained interactively (automatically opening a browser,
	// or interactively prompting the user.)
	OIDCModeInteractive OIDCMode = "interactive"
)

type SigningParameterFile

type SigningParameterFile struct {
	PrivateKeyFile           string `yaml:"privateKeyFile,omitempty"`           // If set, sign using a private key stored in this file.
	PrivateKeyPassphraseFile string `yaml:"privateKeyPassphraseFile,omitempty"` // A file that contains the passprase required for PrivateKeyFile.

	Fulcio *SigningParameterFileFulcio `yaml:"fulcio,omitempty"` // If set, sign using a short-lived key and a Fulcio-issued certificate.

	RekorURL string `yaml:"rekorURL,omitempty"` // If set, upload the signature to the specified Rekor server, and include a log inclusion proof in the signature.
}

SigningParameterFile collects parameters used for creating sigstore signatures.

To consume such a file, most callers should use c/image/pkg/cli/sigstore instead of dealing with this type explicitly using ParseFile.

This type is exported primarily to allow creating parameter files programmatically (and eventually this subpackage should provide an API to convert this type into the appropriate file contents, so that callers don’t need to do that manually).

func ParseFile

func ParseFile(path string) (*SigningParameterFile, error)

ParseFile parses a SigningParameterFile at the specified path.

Most consumers of the parameter file should use c/image/pkg/cli/sigstore to obtain a *signer.Signer instead.

type SigningParameterFileFulcio

type SigningParameterFileFulcio struct {
	FulcioURL string `yaml:"fulcioURL,omitempty"` // URL of the Fulcio server. Required.

	// How to obtain the OIDC ID token required by Fulcio. Required.
	OIDCMode OIDCMode `yaml:"oidcMode,omitempty"`

	// oidcMode = staticToken
	OIDCIDToken string `yaml:"oidcIDToken,omitempty"`

	// oidcMode = deviceGrant || interactive
	OIDCIssuerURL    string `yaml:"oidcIssuerURL,omitempty"` //
	OIDCClientID     string `yaml:"oidcClientID,omitempty"`
	OIDCClientSecret string `yaml:"oidcClientSecret,omitempty"`
}

SigningParameterFileFulcio is a subset of SigningParameterFile dedicated to Fulcio parameters.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL