cosign

Documentation

Index

• Constants
• Variables
• type Extension
• type KeyConfig
• type KeylessConfig
• type LegacyExtension
• type PKKey
• type PluginConfig
• type TrustPolicies
  • func CreateTrustPolicies(configs []TrustPolicyConfig, verifierName string) (*TrustPolicies, error)
  • func (tps *TrustPolicies) GetScopedPolicy(reference string) (TrustPolicy, error)
• type TrustPolicy
  • func CreateTrustPolicy(config TrustPolicyConfig, verifierName string) (TrustPolicy, error)
• type TrustPolicyConfig

Constants

const (
	DefaultRekorURL                 string = "https://rekor.sigstore.dev"
	DefaultTLogVerify               bool   = true
	DefaultCTLogVerify              bool   = true
	DefaultTrustPolicyConfigVersion string = "1.0.0"
)

const GlobalWildcardCharacter = '*'

Variables

var SupportedTrustPolicyConfigVersions = []string{DefaultTrustPolicyConfigVersion}

Types

type Extension

type Extension struct {
	SignatureExtension []cosignExtensionList `json:"signatures,omitempty"`
}

Extension is the structure for the verifier result extensions contains a list of signature verification results where each entry corresponds to a single signature verified

type KeyConfig

type KeyConfig struct {
	Provider string `json:"provider,omitempty"`
	Name     string `json:"name,omitempty"`
	Version  string `json:"version,omitempty"`
	File     string `json:"file,omitempty"`
}

type KeylessConfig

type KeylessConfig struct {
	RekorURL    string `json:"rekorURL,omitempty"`
	CTLogVerify *bool  `json:"ctLogVerify,omitempty"`
}

type LegacyExtension

type LegacyExtension struct {
	SignatureExtension []cosignExtension `json:"signatures,omitempty"`
}

LegacyExtension is the structure for the verifier result extensions used for backwards compatibility with the legacy cosign verifier

type PKKey

type PKKey struct {
	Provider string `json:"provider"`
	Name     string `json:"name,omitempty"`
	Version  string `json:"version,omitempty"`
}

type PluginConfig

type PluginConfig struct {
	Name             string              `json:"name"`
	Type             string              `json:"type,omitempty"`
	ArtifactTypes    string              `json:"artifactTypes"`
	KeyRef           string              `json:"key,omitempty"`
	RekorURL         string              `json:"rekorURL,omitempty"`
	NestedReferences []string            `json:"nestedArtifactTypes,omitempty"`
	TrustPolicies    []TrustPolicyConfig `json:"trustPolicies,omitempty"`
}

type TrustPolicies

type TrustPolicies struct {
	// contains filtered or unexported fields
}

func CreateTrustPolicies

func CreateTrustPolicies(configs []TrustPolicyConfig, verifierName string) (*TrustPolicies, error)

CreateTrustPolicies creates a set of trust policies from the given configuration

func (*TrustPolicies) GetScopedPolicy

func (tps *TrustPolicies) GetScopedPolicy(reference string) (TrustPolicy, error)

GetScopedPolicy returns the policy that applies to the given reference TODO: add link to scopes docs when published

type TrustPolicy

type TrustPolicy interface {
	GetName() string
	GetKeys(ctx context.Context, namespace string) (map[PKKey]keymanagementprovider.PublicKey, error)
	GetScopes() []string
	GetCosignOpts(context.Context) (cosign.CheckOpts, error)
}

func CreateTrustPolicy

func CreateTrustPolicy(config TrustPolicyConfig, verifierName string) (TrustPolicy, error)

CreateTrustPolicy creates a trust policy from the given configuration returns an error if the configuration is invalid reads the public keys from the file path

type TrustPolicyConfig

type TrustPolicyConfig struct {
	Version    string        `json:"version"`
	Name       string        `json:"name"`
	Scopes     []string      `json:"scopes"`
	Keys       []KeyConfig   `json:"keys,omitempty"`
	Keyless    KeylessConfig `json:"keyless,omitempty"`
	TLogVerify *bool         `json:"tLogVerify,omitempty"`
}