verifysignature

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsNoMatchingSignatures 

func IsNoMatchingSignatures(err error) bool

IsNoMatchingSignatures checks if error is of type cosign.ErrNoMatchingSignatures.

func IsNoSignaturesFound 

func IsNoSignaturesFound(err error) bool

IsNoSignaturesFound checks if error is of type cosign.ErrNoSignaturesFound.

func NewCacheVerifier 

func NewCacheVerifier(cache SignatureVerificationResultCache, verifier Verifier) *cacheVerifier

NewCacheVerifier creates cached verifier from the provided cache and verifier.

func NewDirectVerifier 

func NewDirectVerifier(keys lakomconfig.CompletedConfig, allowInsecureRegistries bool) *directVerifier

NewDirectVerifier creates new verifier and returns it.

func NewSignatureVerificationResultCache 

func NewSignatureVerificationResultCache(refreshInterval, cachedObjectTTL time.Duration) (*signatureVerificationResultCache, error)

NewSignatureVerificationResultCache creates and returns a SignatureVerificationResultCache.

Types

type HandleBuilder 

type HandleBuilder struct {
	// contains filtered or unexported fields
}

HandleBuilder implements builder pattern that builds admission handle.

func NewHandleBuilder 

func NewHandleBuilder() HandleBuilder

NewHandleBuilder returns new handle builder.

func (HandleBuilder) Build 

func (hb HandleBuilder) Build() (*handler, error)

Build builds a handler from the HandleBuilder.

func (HandleBuilder) WithAllowInsecureRegistries added in v0.13.0 

func (hb HandleBuilder) WithAllowInsecureRegistries(allowInsecureRegistries bool) HandleBuilder

WithAllowInsecureRegistries configures lakom to communicate via HTTP with registries if HTTPS is not possible

func (HandleBuilder) WithAllowUntrustedImages 

func (hb HandleBuilder) WithAllowUntrustedImages(allowUntrustedImages bool) HandleBuilder

WithAllowUntrustedImages configures the webhook to allow images without trusted signature.

func (HandleBuilder) WithCacheRefreshInterval 

func (hb HandleBuilder) WithCacheRefreshInterval(refreshInterval time.Duration) HandleBuilder

WithCacheRefreshInterval sets the refresh interval for the cache.

func (HandleBuilder) WithCacheTTL 

func (hb HandleBuilder) WithCacheTTL(ttl time.Duration) HandleBuilder

WithCacheTTL sets the TTL for the cache.

func (HandleBuilder) WithLakomConfig added in v0.13.0 

func (hb HandleBuilder) WithLakomConfig(config config.Config) HandleBuilder

WithLakomConfig sets the lakom config with the public keys and their properties.

func (HandleBuilder) WithLogger 

func (hb HandleBuilder) WithLogger(logger logr.Logger) HandleBuilder

WithLogger sets the logger.

func (HandleBuilder) WithManager 

func (hb HandleBuilder) WithManager(mgr manager.Manager) HandleBuilder

WithManager sets the manager.

func (HandleBuilder) WithUseOnlyImagePullSecrets 

func (hb HandleBuilder) WithUseOnlyImagePullSecrets(useOnlyImagePullSecrets bool) HandleBuilder

WithUseOnlyImagePullSecrets sets only the image pull secrets to be used to access the OCI Registry.

type SignatureVerificationResultCache 

type SignatureVerificationResultCache interface {
	GetSignatureVerificationResult(string) (bool, bool)
	StoreSignatureVerificationResult(string, bool)
}

SignatureVerificationResultCache is interface which implementations should store the signature verification status of an image.

type Verifier 

type Verifier interface {
	Verify(context.Context, string, utils.KeyChainReader) (bool, error)
}

Verifier is interface which implementations should verify cosign signatures of an image.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.