Documentation
¶
Index ¶
- Constants
- type FakeKubernetesClient
- type Options
- type Policy
- func NewInertPolicy(ctx context.Context, policyRef string) (Policy, error)
- func NewInputPolicy(ctx context.Context, policyRef string, effectiveTime string) (Policy, error)
- func NewOfflinePolicy(ctx context.Context, effectiveTime string) (Policy, error)
- func NewPolicy(ctx context.Context, opts Options) (Policy, error)
Constants ¶
const ( Now = "now" AtAttestation = "attestation" DateFormat = "2006-01-02" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FakeKubernetesClient ¶
type FakeKubernetesClient struct {
Policy ecc.EnterpriseContractPolicySpec
Snapshot app.SnapshotSpec
FetchError bool
}
func (*FakeKubernetesClient) FetchEnterpriseContractPolicy ¶
func (c *FakeKubernetesClient) FetchEnterpriseContractPolicy(ctx context.Context, ref string) (*ecc.EnterpriseContractPolicy, error)
func (*FakeKubernetesClient) FetchSnapshot ¶
type Policy ¶
type Policy interface {
PublicKeyPEM() ([]byte, error)
CheckOpts() (*cosign.CheckOpts, error)
WithSpec(spec ecc.EnterpriseContractPolicySpec) Policy
Spec() ecc.EnterpriseContractPolicySpec
EffectiveTime() time.Time
AttestationTime(time.Time)
Identity() cosign.Identity
Keyless() bool
}
func NewInertPolicy ¶
NewInertPolicy construct and return a new instance of Policy that doesn't perform strict checks on the consistency of the policy.
The policyRef parameter is expected to be either a JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name
If policyRef is blank, an empty EnterpriseContractPolicySpec is used.
func NewInputPolicy ¶
NewInputPolicy constructs and returns a new instance of Policy that doesn't perform strict checks on the consistency of the policy, but can evaluate based on provided effectiveTime
The policyRef parameter is expected to be either a YAML/JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name
If policyRef is blank, an empty EnterpriseContractPolicySpec is used.
func NewOfflinePolicy ¶
NewOfflinePolicy construct and return a new instance of Policy that is used in offline scenarios, i.e. without cluster or specific services access, and no signature verification being performed.
func NewPolicy ¶
NewPolicy construct and return a new instance of Policy.
The policyRef parameter is expected to be either a JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name
If policyRef is blank, an empty EnterpriseContractPolicySpec is used.
rekorUrl and publicKey provide a mechanism to overwrite the attributes, of same name, in the EnterpriseContractPolicySpec.
The public key is resolved as part of object construction. If the public key is a reference to a kubernetes resource, for example, the cluster will be contacted.
Source Files
Directories