attestation

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 13, 2024 License: Apache-2.0 Imports: 11 Imported by: 8

Documentation

Index

Constants

View Source
const CollectionType = "https://witness.testifysec.com/attestation-collection/v0.1"

Variables

This section is empty.

Functions

func AttestorOptions

func AttestorOptions(nameOrType string) []registry.Configurer

func FactoryByName

func FactoryByName(name string) (registry.FactoryFunc[Attestor], bool)

func FactoryByType

func FactoryByType(uri string) (registry.FactoryFunc[Attestor], bool)

func RegisterAttestation

func RegisterAttestation(name, predicateType string, run RunType, factoryFunc registry.FactoryFunc[Attestor], opts ...registry.Configurer)

func RegisterAttestationWithTypes added in v0.5.1

func RegisterAttestationWithTypes(name string, predicateTypes []string, run RunType, factoryFunc registry.FactoryFunc[Attestor], opts ...registry.Configurer)

func RegistrationEntries

func RegistrationEntries() []registry.Entry[Attestor]

Types

type AttestationContext

type AttestationContext struct {
	// contains filtered or unexported fields
}

func NewContext

func NewContext(stepName string, attestors []Attestor, opts ...AttestationContextOption) (*AttestationContext, error)

func (*AttestationContext) CompletedAttestors

func (ctx *AttestationContext) CompletedAttestors() []CompletedAttestor

func (*AttestationContext) Context

func (ctx *AttestationContext) Context() context.Context

func (*AttestationContext) Hashes

func (ctx *AttestationContext) Hashes() []cryptoutil.DigestValue

func (*AttestationContext) Materials

func (ctx *AttestationContext) Materials() map[string]cryptoutil.DigestSet

func (*AttestationContext) Products

func (ctx *AttestationContext) Products() map[string]Product

func (*AttestationContext) RunAttestors

func (ctx *AttestationContext) RunAttestors() error

func (*AttestationContext) StepName added in v0.4.0

func (ctx *AttestationContext) StepName() string

func (*AttestationContext) WorkingDir

func (ctx *AttestationContext) WorkingDir() string

type AttestationContextOption

type AttestationContextOption func(ctx *AttestationContext)

func WithWorkingDir

func WithWorkingDir(workingDir string) AttestationContextOption

type Attestor

type Attestor interface {
	Name() string
	Type() string
	RunType() RunType
	Attest(ctx *AttestationContext) error
	Schema() *jsonschema.Schema
}

func Attestors deprecated

func Attestors(nameOrTypes []string) ([]Attestor, error)

Deprecated: use GetAttestors instead

func GetAttestor added in v0.2.1

func GetAttestor(nameOrType string) (Attestor, error)

func GetAttestors added in v0.2.1

func GetAttestors(nameOrTypes []string) ([]Attestor, error)

type BackReffer

type BackReffer interface {
	BackRefs() map[string]cryptoutil.DigestSet
}

BackReffer allows attestors to indicate which of their subjects are good candidates to find related attestations. For example the git attestor's commit hash subject is a good candidate to find all attestation collections that also refer to a specific git commit.

type Collection

type Collection struct {
	Name         string                  `json:"name"`
	Attestations []CollectionAttestation `json:"attestations"`
}

func NewCollection

func NewCollection(name string, attestors []CompletedAttestor) Collection

func (*Collection) Artifacts

func (c *Collection) Artifacts() map[string]cryptoutil.DigestSet

Artifacts returns a map of digestsets that describe the union of the materials and products from the collection. This essentially gives a view of end state of the files after all the attestors in the collection ran.

func (*Collection) BackRefs

func (c *Collection) BackRefs() map[string]cryptoutil.DigestSet

func (*Collection) Materials

func (c *Collection) Materials() map[string]cryptoutil.DigestSet

func (*Collection) Subjects

func (c *Collection) Subjects() map[string]cryptoutil.DigestSet

type CollectionAttestation

type CollectionAttestation struct {
	Type        string    `json:"type"`
	Attestation Attestor  `json:"attestation"`
	StartTime   time.Time `json:"starttime"`
	EndTime     time.Time `json:"endtime"`
}

func NewCollectionAttestation

func NewCollectionAttestation(completed CompletedAttestor) CollectionAttestation

func (*CollectionAttestation) UnmarshalJSON

func (c *CollectionAttestation) UnmarshalJSON(data []byte) error

type CompletedAttestor

type CompletedAttestor struct {
	Attestor  Attestor
	StartTime time.Time
	EndTime   time.Time
	Error     error
}

type ErrAttestationNotFound

type ErrAttestationNotFound string

func (ErrAttestationNotFound) Error

func (e ErrAttestationNotFound) Error() string

type ErrAttestor added in v0.3.0

type ErrAttestor struct {
	Name    string
	RunType RunType
	Reason  string
}

func (ErrAttestor) Error added in v0.3.0

func (e ErrAttestor) Error() string

type ErrAttestorNotFound added in v0.2.1

type ErrAttestorNotFound string

func (ErrAttestorNotFound) Error added in v0.2.1

func (e ErrAttestorNotFound) Error() string

type Exporter added in v0.4.0

type Exporter interface {
	Export() bool
	Subjects() map[string]cryptoutil.DigestSet
}

Exporter allows attestors to export their attestations for separation from the collection.

type Materialer

type Materialer interface {
	Materials() map[string]cryptoutil.DigestSet
}

Materialer allows attestors to communicate about materials that were observed while the attestor executed. For example the material attestor records the hashes of all files before a command is run.

type Producer

type Producer interface {
	Products() map[string]Product
}

Producer allows attestors to communicate that some product was created while the attestor executed. For example the product attestor runs after a command run and finds files that did not exist in the working directory prior to the command's execution.

type Product

type Product struct {
	MimeType string               `json:"mime_type"`
	Digest   cryptoutil.DigestSet `json:"digest"`
}

type RunType

type RunType string
const (
	PreMaterialRunType RunType = "prematerial"
	MaterialRunType    RunType = "material"
	ExecuteRunType     RunType = "execute"
	ProductRunType     RunType = "product"
	PostProductRunType RunType = "postproduct"
	VerifyRunType      RunType = "verify"
)

func (RunType) String

func (r RunType) String() string

type Subjecter

type Subjecter interface {
	Subjects() map[string]cryptoutil.DigestSet
}

Subjecter allows attestors to expose bits of information that will be added to the in-toto statement as subjects. External services such as Rekor and Archivista use in-toto subjects as indexes back to attestations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL