attestation

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2024 License: Apache-2.0 Imports: 11 Imported by: 8

Documentation

Index

Constants

View Source 
const CollectionType = "https://witness.testifysec.com/attestation-collection/v0.1"

Variables

This section is empty.

Functions

func AttestorOptions 

func AttestorOptions(nameOrType string) []registry.Configurer

func FactoryByName 

func FactoryByName(name string) (registry.FactoryFunc[Attestor], bool)

func FactoryByType 

func FactoryByType(uri string) (registry.FactoryFunc[Attestor], bool)

func RegisterAttestation 

func RegisterAttestation(name, predicateType string, run RunType, factoryFunc registry.FactoryFunc[Attestor], opts ...registry.Configurer)

func RegisterAttestationWithTypes added in v0.5.1 

func RegisterAttestationWithTypes(name string, predicateTypes []string, run RunType, factoryFunc registry.FactoryFunc[Attestor], opts ...registry.Configurer)

func RegistrationEntries 

func RegistrationEntries() []registry.Entry[Attestor]

Types

type AttestationContext 

type AttestationContext struct {
	// contains filtered or unexported fields
}

func NewContext 

func NewContext(stepName string, attestors []Attestor, opts ...AttestationContextOption) (*AttestationContext, error)

func (*AttestationContext) CompletedAttestors 

func (ctx *AttestationContext) CompletedAttestors() []CompletedAttestor

func (*AttestationContext) Context 

func (ctx *AttestationContext) Context() context.Context

func (*AttestationContext) Hashes 

func (ctx *AttestationContext) Hashes() []cryptoutil.DigestValue

func (*AttestationContext) Materials 

func (ctx *AttestationContext) Materials() map[string]cryptoutil.DigestSet

func (*AttestationContext) Products 

func (ctx *AttestationContext) Products() map[string]Product

func (*AttestationContext) RunAttestors 

func (ctx *AttestationContext) RunAttestors() error

func (*AttestationContext) StepName added in v0.4.0 

func (ctx *AttestationContext) StepName() string

func (*AttestationContext) WorkingDir 

func (ctx *AttestationContext) WorkingDir() string

type AttestationContextOption 

type AttestationContextOption func(ctx *AttestationContext)

func WithContext 

func WithContext(ctx context.Context) AttestationContextOption

func WithHashes 

func WithHashes(hashes []cryptoutil.DigestValue) AttestationContextOption

func WithWorkingDir 

func WithWorkingDir(workingDir string) AttestationContextOption

type Attestor 

type Attestor interface {
	Name() string
	Type() string
	RunType() RunType
	Attest(ctx *AttestationContext) error
	Schema() *jsonschema.Schema
}

func Attestors deprecated 

func Attestors(nameOrTypes []string) ([]Attestor, error)

Deprecated: use GetAttestors instead

func GetAttestor added in v0.2.1 

func GetAttestor(nameOrType string) (Attestor, error)

func GetAttestors added in v0.2.1 

func GetAttestors(nameOrTypes []string) ([]Attestor, error)

type BackReffer 

type BackReffer interface {
	BackRefs() map[string]cryptoutil.DigestSet
}

BackReffer allows attestors to indicate which of their subjects are good candidates to find related attestations. For example the git attestor's commit hash subject is a good candidate to find all attestation collections that also refer to a specific git commit.

type Collection 

type Collection struct {
	Name         string                  `json:"name"`
	Attestations []CollectionAttestation `json:"attestations"`
}

func NewCollection 

func NewCollection(name string, attestors []CompletedAttestor) Collection

func (*Collection) Artifacts 

func (c *Collection) Artifacts() map[string]cryptoutil.DigestSet

Artifacts returns a map of digestsets that describe the union of the materials and products from the collection. This essentially gives a view of end state of the files after all the attestors in the collection ran.

func (*Collection) BackRefs 

func (c *Collection) BackRefs() map[string]cryptoutil.DigestSet

func (*Collection) Materials 

func (c *Collection) Materials() map[string]cryptoutil.DigestSet

func (*Collection) Subjects 

func (c *Collection) Subjects() map[string]cryptoutil.DigestSet

type CollectionAttestation 

type CollectionAttestation struct {
	Type        string    `json:"type"`
	Attestation Attestor  `json:"attestation"`
	StartTime   time.Time `json:"starttime"`
	EndTime     time.Time `json:"endtime"`
}

func NewCollectionAttestation 

func NewCollectionAttestation(completed CompletedAttestor) CollectionAttestation

func (*CollectionAttestation) UnmarshalJSON 

func (c *CollectionAttestation) UnmarshalJSON(data []byte) error

type CompletedAttestor 

type CompletedAttestor struct {
	Attestor  Attestor
	StartTime time.Time
	EndTime   time.Time
	Error     error
}

type ErrAttestationNotFound 

type ErrAttestationNotFound string

func (ErrAttestationNotFound) Error 

func (e ErrAttestationNotFound) Error() string

type ErrAttestor added in v0.3.0 

type ErrAttestor struct {
	Name    string
	RunType RunType
	Reason  string
}

func (ErrAttestor) Error added in v0.3.0 

func (e ErrAttestor) Error() string

type ErrAttestorNotFound added in v0.2.1 

type ErrAttestorNotFound string

func (ErrAttestorNotFound) Error added in v0.2.1 

func (e ErrAttestorNotFound) Error() string

type Exporter added in v0.4.0 

type Exporter interface {
	Export() bool
	Subjects() map[string]cryptoutil.DigestSet
}

Exporter allows attestors to export their attestations for separation from the collection.

type Materialer 

type Materialer interface {
	Materials() map[string]cryptoutil.DigestSet
}

Materialer allows attestors to communicate about materials that were observed while the attestor executed. For example the material attestor records the hashes of all files before a command is run.

type Producer 

type Producer interface {
	Products() map[string]Product
}

Producer allows attestors to communicate that some product was created while the attestor executed. For example the product attestor runs after a command run and finds files that did not exist in the working directory prior to the command's execution.

type Product 

type Product struct {
	MimeType string               `json:"mime_type"`
	Digest   cryptoutil.DigestSet `json:"digest"`
}

type RunType 

type RunType string
const (
	PreMaterialRunType RunType = "prematerial"
	MaterialRunType    RunType = "material"
	ExecuteRunType     RunType = "execute"
	ProductRunType     RunType = "product"
	PostProductRunType RunType = "postproduct"
	VerifyRunType      RunType = "verify"
)

func (RunType) String 

func (r RunType) String() string

type Subjecter 

type Subjecter interface {
	Subjects() map[string]cryptoutil.DigestSet
}

Subjecter allows attestors to expose bits of information that will be added to the in-toto statement as subjects. External services such as Rekor and Archivista use in-toto subjects as indexes back to attestations.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.