v1alpha1

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +k8s:deepcopy-gen=package +kubebuilder:object:generate=true +groupName=nirmata.io

Index

Constants

View Source 
const GroupName = "nirmata.io"

GroupName specifies the group name used to register the objects.

Variables

View Source 
var (
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	// Depreciated: use Install instead
	AddToScheme = localSchemeBuilder.AddToScheme
	Install     = localSchemeBuilder.AddToScheme
)
View Source 
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha1"}

GroupVersion specifies the group and the version used to register the objects.

View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.

Functions

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type Attestation 

type Attestation struct {
	// +optional
	Type string `json:"type"`
	// Conditions are used to verify attributes within a Predicate. If no Conditions are specified
	// the attestation check is satisfied as long there are predicates that match the predicate type.
	// +optional
	Conditions []kyvernov1.AnyAllConditions `json:"conditions,omitempty" yaml:"conditions,omitempty"`
}

func (*Attestation) DeepCopy 

func (in *Attestation) DeepCopy() *Attestation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Attestation.

func (*Attestation) DeepCopyInto 

func (in *Attestation) DeepCopyInto(out *Attestation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CTLog 

type CTLog struct {
	// +optional
	PubKey string `json:"pubKey"`
}

func (*CTLog) DeepCopy 

func (in *CTLog) DeepCopy() *CTLog

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CTLog.

func (*CTLog) DeepCopyInto 

func (in *CTLog) DeepCopyInto(out *CTLog)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Certificate 

type Certificate struct {
	// +optional
	Cert string `json:"cert"`
	// +optional
	CertChain string `json:"certChain"`
}

func (*Certificate) DeepCopy 

func (in *Certificate) DeepCopy() *Certificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.

func (*Certificate) DeepCopyInto 

func (in *Certificate) DeepCopyInto(out *Certificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Cosign 

type Cosign struct {
	// +optional
	Key *Key `json:"key,omitempty"`
	// +optional
	Keyless *Keyless `json:"keyless,omitempty"`
	// +optional
	Certificate *Certificate `json:"certificate,omitempty"`
	// +optional
	Rekor *Rekor `json:"rekor,omitempty"`
	// +optional
	CTLog *CTLog `json:"ctlog,omitempty"`
	// +optional
	SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"`
	// +optional
	Repository string `json:"repository,omitempty"`
	// +optional
	IgnoreTlog bool `json:"ignoreTlog"`
	// +optional
	IgnoreSCT bool `json:"ignoreSCT"`
	// +optional
	TSACertChain string `json:"tsaCertChain"`
	// +optional
	InToToAttestations []*Attestation `json:"intotoAttestations,omitempty"`
}

Cosign is a set of attributes used to verify cosign signatures

func (*Cosign) DeepCopy 

func (in *Cosign) DeepCopy() *Cosign

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cosign.

func (*Cosign) DeepCopyInto 

func (in *Cosign) DeepCopyInto(out *Cosign)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImageExtractorConfig 

type ImageExtractorConfig struct {
	// Path is the path to the object containing the image field in a custom resource.
	// It should be slash-separated. Each slash-separated key must be a valid YAML key or a wildcard '*'.
	// Wildcard keys are expanded in case of arrays or objects.
	Path string `json:"path" yaml:"path"`
	// Value is an optional name of the field within 'path' that points to the image URI.
	// This is useful when a custom 'key' is also defined.
	// +optional
	Value string `json:"value,omitempty" yaml:"value,omitempty"`
	// Name is the entry the image will be available under 'images.<name>' in the context.
	// If this field is not defined, image entries will appear under 'images.custom'.
	// +optional
	Name string `json:"name,omitempty" yaml:"name,omitempty"`
	// Key is an optional name of the field within 'path' that will be used to uniquely identify an image.
	// Note - this field MUST be unique.
	// +optional
	Key string `json:"key,omitempty" yaml:"key,omitempty"`
	// JMESPath is an optional JMESPath expression to apply to the image value.
	// This is useful when the extracted image begins with a prefix like 'docker://'.
	// The 'trim_prefix' function may be used to trim the prefix: trim_prefix(@, 'docker://').
	// Note - Image digest mutation may not be used when applying a JMESPAth to an image.
	// +optional
	JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
}

func (*ImageExtractorConfig) DeepCopy 

func (in *ImageExtractorConfig) DeepCopy() *ImageExtractorConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageExtractorConfig.

func (*ImageExtractorConfig) DeepCopyInto 

func (in *ImageExtractorConfig) DeepCopyInto(out *ImageExtractorConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImageExtractorConfigs 

type ImageExtractorConfigs []ImageExtractorConfig

func (ImageExtractorConfigs) DeepCopy 

func (in ImageExtractorConfigs) DeepCopy() ImageExtractorConfigs

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageExtractorConfigs.

func (ImageExtractorConfigs) DeepCopyInto 

func (in ImageExtractorConfigs) DeepCopyInto(out *ImageExtractorConfigs)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImageVerificationPolicy 

type ImageVerificationPolicy struct {
	metav1.TypeMeta `json:",inline" yaml:",inline"`

	// Standard object's metadata.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// ImageVerificationPolicy spec.
	Spec ImageVerificationPolicySpec `json:"spec" yaml:"spec"`
}

ImageVerificationPolicy defines rules to verify images used in matching resources

func (*ImageVerificationPolicy) DeepCopy 

func (in *ImageVerificationPolicy) DeepCopy() *ImageVerificationPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationPolicy.

func (*ImageVerificationPolicy) DeepCopyInto 

func (in *ImageVerificationPolicy) DeepCopyInto(out *ImageVerificationPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ImageVerificationPolicy) DeepCopyObject 

func (in *ImageVerificationPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ImageVerificationPolicyList 

type ImageVerificationPolicyList struct {
	metav1.TypeMeta `json:",inline" yaml:",inline"`
	metav1.ListMeta `json:"metadata" yaml:"metadata"`
	Items           []ImageVerificationPolicy `json:"items" yaml:"items"`
}

ImageVerificationPolicyList is a list of ValidatingPolicy instances.

func (*ImageVerificationPolicyList) DeepCopy 

func (in *ImageVerificationPolicyList) DeepCopy() *ImageVerificationPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationPolicyList.

func (*ImageVerificationPolicyList) DeepCopyInto 

func (in *ImageVerificationPolicyList) DeepCopyInto(out *ImageVerificationPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ImageVerificationPolicyList) DeepCopyObject 

func (in *ImageVerificationPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ImageVerificationPolicySpec 

type ImageVerificationPolicySpec struct {
	Rules []ImageVerificationRule `json:"rules"`
}

func (*ImageVerificationPolicySpec) DeepCopy 

func (in *ImageVerificationPolicySpec) DeepCopy() *ImageVerificationPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationPolicySpec.

func (*ImageVerificationPolicySpec) DeepCopyInto 

func (in *ImageVerificationPolicySpec) DeepCopyInto(out *ImageVerificationPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImageVerificationRule 

type ImageVerificationRule struct {
	Name string `json:"name"`
	// +optional
	Match          v1alpha1.Match        `json:"match"`
	ImageExtractor ImageExtractorConfigs `json:"imageExtractors"`
	// +optional
	RequiredCount int               `json:"count"`
	Rules         VerificationRules `json:"verify"`
}

func (*ImageVerificationRule) DeepCopy 

func (in *ImageVerificationRule) DeepCopy() *ImageVerificationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageVerificationRule.

func (*ImageVerificationRule) DeepCopyInto 

func (in *ImageVerificationRule) DeepCopyInto(out *ImageVerificationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Key 

type Key struct {
	// +optional
	PublicKey string `json:"publicKey"`
}

func (*Key) DeepCopy 

func (in *Key) DeepCopy() *Key

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key.

func (*Key) DeepCopyInto 

func (in *Key) DeepCopyInto(out *Key)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Keyless 

type Keyless struct {
	// +optional
	Issuer string `json:"issuer"`
	// +optional
	Subject string `json:"subject"`
	// +optional
	Root string `json:"root"`
}

func (*Keyless) DeepCopy 

func (in *Keyless) DeepCopy() *Keyless

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Keyless.

func (*Keyless) DeepCopyInto 

func (in *Keyless) DeepCopyInto(out *Keyless)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Notary 

type Notary struct {
	Certs string `json:"certs"`
	// +optional
	Attestations []*Attestation `json:"attestations"`
}

Notary is a set of attributes used to verify notary signatures

func (*Notary) DeepCopy 

func (in *Notary) DeepCopy() *Notary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Notary.

func (*Notary) DeepCopyInto 

func (in *Notary) DeepCopyInto(out *Notary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Rekor 

type Rekor struct {
	// +optional
	URL string `json:"url"`
	// +optional
	PubKey string `json:"pubKey"`
}

func (*Rekor) DeepCopy 

func (in *Rekor) DeepCopy() *Rekor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rekor.

func (*Rekor) DeepCopyInto 

func (in *Rekor) DeepCopyInto(out *Rekor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VerificationRule 

type VerificationRule struct {
	// ImageReferences is a list of matching image reference patterns. At least one pattern in the
	// list must match the image for the rule to apply. Each image reference consists of a registry
	// address, repository, image, and tag (defaults to latest). Wildcards ('*' and '?') are allowed.
	ImageReferences string `json:"imageReferences"`

	// Cosign is an array of attributes used to verify cosign signatures
	// +optional
	Cosign []*Cosign `json:"cosign,omitempty"`

	// Notary is an array of attributes used to verify notary signatures
	// +optional
	Notary []*Notary `json:"notary,omitempty"`
}

VerificationRule is a rule against which images are validated.

func (*VerificationRule) DeepCopy 

func (in *VerificationRule) DeepCopy() *VerificationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerificationRule.

func (*VerificationRule) DeepCopyInto 

func (in *VerificationRule) DeepCopyInto(out *VerificationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VerificationRule) Validate 

func (v *VerificationRule) Validate() error

type VerificationRules 

type VerificationRules []VerificationRule

VerificationRules is a set of VerificationPolicy

func (VerificationRules) DeepCopy 

func (in VerificationRules) DeepCopy() VerificationRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerificationRules.

func (VerificationRules) DeepCopyInto 

func (in VerificationRules) DeepCopyInto(out *VerificationRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.