Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +k8s:deepcopy-gen=package +kubebuilder:object:generate=true +groupName=nirmata.io
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type Attestation
- type CTLog
- type Certificate
- type Cosign
- type ImageExtractorConfig
- type ImageExtractorConfigs
- type ImageVerificationPolicy
- type ImageVerificationPolicyList
- type ImageVerificationPolicySpec
- type ImageVerificationRule
- type Key
- type Keyless
- type Notary
- type Rekor
- type VerificationRule
- type VerificationRules
Constants ¶
const GroupName = "nirmata.io"
GroupName specifies the group name used to register the objects.
Variables ¶
var ( // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder // Depreciated: use Install instead AddToScheme = localSchemeBuilder.AddToScheme Install = localSchemeBuilder.AddToScheme )
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha1"}
GroupVersion specifies the group and the version used to register the objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type Attestation ¶
type Attestation struct { // +optional Type string `json:"type"` // Conditions are used to verify attributes within a Predicate. If no Conditions are specified // the attestation check is satisfied as long there are predicates that match the predicate type. // +optional Conditions []kyvernov1.AnyAllConditions `json:"conditions,omitempty" yaml:"conditions,omitempty"` }
func (*Attestation) DeepCopy ¶
func (in *Attestation) DeepCopy() *Attestation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Attestation.
func (*Attestation) DeepCopyInto ¶
func (in *Attestation) DeepCopyInto(out *Attestation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CTLog ¶
type CTLog struct { // +optional PubKey string `json:"pubKey"` }
func (*CTLog) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CTLog.
func (*CTLog) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Certificate ¶
type Certificate struct { // +optional Cert string `json:"cert"` // +optional CertChain string `json:"certChain"` }
func (*Certificate) DeepCopy ¶
func (in *Certificate) DeepCopy() *Certificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (*Certificate) DeepCopyInto ¶
func (in *Certificate) DeepCopyInto(out *Certificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Cosign ¶
type Cosign struct { // +optional Key *Key `json:"key,omitempty"` // +optional Keyless *Keyless `json:"keyless,omitempty"` // +optional Certificate *Certificate `json:"certificate,omitempty"` // +optional Rekor *Rekor `json:"rekor,omitempty"` // +optional CTLog *CTLog `json:"ctlog,omitempty"` // +optional SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"` // +optional Repository string `json:"repository,omitempty"` // +optional IgnoreTlog bool `json:"ignoreTlog"` // +optional IgnoreSCT bool `json:"ignoreSCT"` // +optional TSACertChain string `json:"tsaCertChain"` // +optional InToToAttestations []*Attestation `json:"intotoAttestations,omitempty"` }
Cosign is a set of attributes used to verify cosign signatures
func (*Cosign) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cosign.
func (*Cosign) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ImageExtractorConfig ¶
type ImageExtractorConfig struct { // Path is the path to the object containing the image field in a custom resource. // It should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'. // Wildcard keys are expanded in case of arrays or objects. Path string `json:"path" yaml:"path"` // Value is an optional name of the field within 'path' that points to the image URI. // This is useful when a custom 'key' is also defined. // +optional Value string `json:"value,omitempty" yaml:"value,omitempty"` // Name is the entry the image will be available under 'images.<name>' in the context. // If this field is not defined, image entries will appear under 'images.custom'. // +optional Name string `json:"name,omitempty" yaml:"name,omitempty"` // Key is an optional name of the field within 'path' that will be used to uniquely identify an image. // Note - this field MUST be unique. // +optional Key string `json:"key,omitempty" yaml:"key,omitempty"` // JMESPath is an optional JMESPath expression to apply to the image value. // This is useful when the extracted image begins with a prefix like 'docker://'. // The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://'). // Note - Image digest mutation may not be used when applying a JMESPAth to an image. // +optional JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"` }
func (*ImageExtractorConfig) DeepCopy ¶
func (in *ImageExtractorConfig) DeepCopy() *ImageExtractorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageExtractorConfig.
func (*ImageExtractorConfig) DeepCopyInto ¶
func (in *ImageExtractorConfig) DeepCopyInto(out *ImageExtractorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ImageExtractorConfigs ¶
type ImageExtractorConfigs []ImageExtractorConfig
func (ImageExtractorConfigs) DeepCopy ¶
func (in ImageExtractorConfigs) DeepCopy() ImageExtractorConfigs
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageExtractorConfigs.
func (ImageExtractorConfigs) DeepCopyInto ¶
func (in ImageExtractorConfigs) DeepCopyInto(out *ImageExtractorConfigs)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ImageVerificationPolicy ¶
type ImageVerificationPolicy struct { metav1.TypeMeta `json:",inline" yaml:",inline"` // Standard object's metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` // ImageVerificationPolicy spec. Spec ImageVerificationPolicySpec `json:"spec" yaml:"spec"` }
ImageVerificationPolicy defines rules to verify images used in matching resources
func (*ImageVerificationPolicy) DeepCopy ¶
func (in *ImageVerificationPolicy) DeepCopy() *ImageVerificationPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationPolicy.
func (*ImageVerificationPolicy) DeepCopyInto ¶
func (in *ImageVerificationPolicy) DeepCopyInto(out *ImageVerificationPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ImageVerificationPolicy) DeepCopyObject ¶
func (in *ImageVerificationPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ImageVerificationPolicyList ¶
type ImageVerificationPolicyList struct { metav1.TypeMeta `json:",inline" yaml:",inline"` metav1.ListMeta `json:"metadata" yaml:"metadata"` Items []ImageVerificationPolicy `json:"items" yaml:"items"` }
ImageVerificationPolicyList is a list of ValidatingPolicy instances.
func (*ImageVerificationPolicyList) DeepCopy ¶
func (in *ImageVerificationPolicyList) DeepCopy() *ImageVerificationPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationPolicyList.
func (*ImageVerificationPolicyList) DeepCopyInto ¶
func (in *ImageVerificationPolicyList) DeepCopyInto(out *ImageVerificationPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ImageVerificationPolicyList) DeepCopyObject ¶
func (in *ImageVerificationPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ImageVerificationPolicySpec ¶
type ImageVerificationPolicySpec struct {
Rules []ImageVerificationRule `json:"rules"`
}
func (*ImageVerificationPolicySpec) DeepCopy ¶
func (in *ImageVerificationPolicySpec) DeepCopy() *ImageVerificationPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationPolicySpec.
func (*ImageVerificationPolicySpec) DeepCopyInto ¶
func (in *ImageVerificationPolicySpec) DeepCopyInto(out *ImageVerificationPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ImageVerificationRule ¶
type ImageVerificationRule struct { Name string `json:"name"` // +optional Match v1alpha1.Match `json:"match"` ImageExtractor ImageExtractorConfigs `json:"imageExtractors"` // +optional RequiredCount int `json:"count"` Rules VerificationRules `json:"verify"` }
func (*ImageVerificationRule) DeepCopy ¶
func (in *ImageVerificationRule) DeepCopy() *ImageVerificationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationRule.
func (*ImageVerificationRule) DeepCopyInto ¶
func (in *ImageVerificationRule) DeepCopyInto(out *ImageVerificationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Key ¶
type Key struct { // +optional PublicKey string `json:"publicKey"` }
func (*Key) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key.
func (*Key) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Keyless ¶
type Keyless struct { // +optional Issuer string `json:"issuer"` // +optional Subject string `json:"subject"` // +optional Root string `json:"root"` }
func (*Keyless) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Keyless.
func (*Keyless) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Notary ¶
type Notary struct { Certs string `json:"certs"` // +optional Attestations []*Attestation `json:"attestations"` }
Notary is a set of attributes used to verify notary signatures
func (*Notary) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Notary.
func (*Notary) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rekor ¶
type Rekor struct { // +optional URL string `json:"url"` // +optional PubKey string `json:"pubKey"` }
func (*Rekor) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rekor.
func (*Rekor) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VerificationRule ¶
type VerificationRule struct { // ImageReferences is a list of matching image reference patterns. At least one pattern in the // list must match the image for the rule to apply. Each image reference consists of a registry // address, repository, image, and tag (defaults to latest). Wildcards ('*' and '?') are allowed. ImageReferences string `json:"imageReferences"` // Cosign is an array of attributes used to verify cosign signatures // +optional Cosign []*Cosign `json:"cosign,omitempty"` // Notary is an array of attributes used to verify notary signatures // +optional Notary []*Notary `json:"notary,omitempty"` }
VerificationRule is a rule against which images are validated.
func (*VerificationRule) DeepCopy ¶
func (in *VerificationRule) DeepCopy() *VerificationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerificationRule.
func (*VerificationRule) DeepCopyInto ¶
func (in *VerificationRule) DeepCopyInto(out *VerificationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VerificationRule) Validate ¶
func (v *VerificationRule) Validate() error
type VerificationRules ¶
type VerificationRules []VerificationRule
VerificationRules is a set of VerificationPolicy
func (VerificationRules) DeepCopy ¶
func (in VerificationRules) DeepCopy() VerificationRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerificationRules.
func (VerificationRules) DeepCopyInto ¶
func (in VerificationRules) DeepCopyInto(out *VerificationRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.