verifier

package

v0.4.3 Latest Latest Go to latest Published: Jul 26, 2023 License: Apache-2.0 Imports: 30 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nirmata/kyverno-notation-verifier

Documentation ¶

Index ¶

Variables
func WithEnableDebug(debug bool) verifierOptsFunc
func WithImagePullSecrets(secrets string) verifierOptsFunc
func WithInsecureRegistry(insecureRegistry bool) verifierOptsFunc
func WithMaxSignatureAttempts(maxSignatureAttempts int) verifierOptsFunc
func WithPluginConfig(pluginConfigMap string) verifierOptsFunc
func WithProviderAuthConfigResolver(...) verifierOptsFunc
type ImageInfo
type ImageInfos
type RequestData
type ResponseData
type Result
type Verifier
- func NewVerifier(logger *zap.SugaredLogger, opts ...verifierOptsFunc) Verifier

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	CertFile = "/certs/tls.crt"
	KeyFile  = "/certs/tls.key"
)

Functions ¶

func WithEnableDebug ¶

func WithEnableDebug(debug bool) verifierOptsFunc

func WithImagePullSecrets ¶

func WithImagePullSecrets(secrets string) verifierOptsFunc

func WithInsecureRegistry ¶

func WithInsecureRegistry(insecureRegistry bool) verifierOptsFunc

func WithMaxSignatureAttempts ¶

func WithMaxSignatureAttempts(maxSignatureAttempts int) verifierOptsFunc

func WithPluginConfig ¶

func WithPluginConfig(pluginConfigMap string) verifierOptsFunc

func WithProviderAuthConfigResolver ¶ added in v0.2.1

func WithProviderAuthConfigResolver(providerAuthConfigResolver func(context.Context, registry.Reference) (authn.AuthConfig, error)) verifierOptsFunc

Types ¶

type ImageInfo ¶ added in v0.3.1

type ImageInfo struct {
	imageutils.ImageInfo

	// Pointer is the path to the image object in the resource
	Pointer string `json:"jsonPointer"`
}

type ImageInfos ¶ added in v0.3.1

type ImageInfos struct {
	// InitContainers is a map of init containers image data from the AdmissionReview request, key is the container name
	InitContainers map[string]ImageInfo `json:"initContainers,omitempty"`

	// Containers is a map of containers image data from the AdmissionReview request, key is the container name
	Containers map[string]ImageInfo `json:"containers,omitempty"`

	// EphemeralContainers is a map of ephemeral containers image data from the AdmissionReview request, key is the container name
	EphemeralContainers map[string]ImageInfo `json:"ephemeralContainers,omitempty"`
}

type RequestData ¶ added in v0.3.1

type RequestData struct {
	Images ImageInfos `json:"images"`
}

Data format of request body for HandleCheckImages

type ResponseData ¶ added in v0.3.1

type ResponseData struct {
	// Verified is true when all the images are verified.
	Verified bool `json:"verified"`

	// ErrorMessage contains the error recieved when verification fails
	// ErrorMessage is empty when verification succeeds
	ErrorMessage string `json:"message,omitempty"`

	// Results contains the list of containers in JSONPatch format
	// Results is empty when verification fails
	Results []Result `json:"results"`
}

Data format of response body for HandleCheckImages

type Result ¶ added in v0.3.1

type Result struct {
	// Name of the container
	Name string `json:"name"`

	// Path to the image object in the resource
	Path string `json:"path"`

	// Updated image with the digest
	Image string `json:"image"`
}

type Verifier ¶

type Verifier interface {
	// HandleCheckImages is a handler function that takes Kyverno images variable in body and returns JSONPatch compatible object in response
	HandleCheckImages(w http.ResponseWriter, r *http.Request)

	UpdateNotationVerfier() error
	// Shuts down all the factories before exiting
	Stop()
}

func NewVerifier ¶

func NewVerifier(logger *zap.SugaredLogger, opts ...verifierOptsFunc) Verifier

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL