gcbsigner

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2020 License: Apache-2.0 Imports: 13 Imported by: 2

Documentation

Overview

Copyright 2018 Google LLC

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BuildEvent

type BuildEvent struct {
	ID      string
	Status  string
	Source  BuildSource
	Results BuildResults
}

type BuildProvenance

type BuildProvenance struct {
	BuildID   string
	ImageRef  string
	BuiltFrom string
}

func ExtractBuildProvenanceFromEvent

func ExtractBuildProvenanceFromEvent(msg *pubsub.Message) ([]BuildProvenance, error)

ExtractBuildProvenanceFromEvent extracts the build provenance from a Cloud Builder event. Return the list of images built and their build provenance. If the event does contain relevant buikld info (e.g., the build is not yet complete, or no images were produced) then 'nil' will be returned.

TODO this should validate the provenance in the pubsub message against the information in Container Analysis that is created by Cloud Builder.

type BuildResults

type BuildResults struct {
	Images []struct {
		Name   string
		Digest string
	}
}

type BuildSource

type BuildSource struct {
	RepoSource struct {
		RepoName   string
		ProjectID  string
		BranchName string
		TagName    string
		CommitSHA  string
	}
}

type Config

type Config struct {
	Secret   secrets.Fetcher
	Validate buildpolicy.ValidateFunc
}

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

func New

func New(client metadata.ReadWriteClient, c *Config) Signer

func (Signer) ValidateAndSign

func (s Signer) ValidateAndSign(prov BuildProvenance, bps []v1beta1.BuildPolicy) error

ValidateAndSign validates builtFrom against the build policies and creates attestations for all authorities for the matching policies. Returns an error if creating an attestation for any authority fails.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL