types

package

v1.0.1 Latest Latest Go to latest Published: Feb 9, 2024 License: Apache-2.0 Imports: 3 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nirmata/kyverno-notation-verifier

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	CertFile                 = "/certs/tls.crt"
	KeyFile                  = "/certs/tls.key"
	ENV_DEFAULT_TRUST_POLICY = "DEFAULT_TRUST_POLICY"
)

Functions ¶

This section is empty.

Types ¶

type AttestationList ¶ added in v0.6.6

type AttestationList map[string][]kyvernov1.AnyAllConditions

type AttestationType ¶ added in v0.6.6

type AttestationType struct {
	// Name is the media type of the attestation
	Name string `json:"name"`

	// Conditions are used to determine if a policy rule should be applied by evaluating a
	// set of conditions. The declaration can contain nested `any` or `all` statements.
	Conditions kyvernov1.AnyAllConditions `json:"conditions"`
}

type AttestationsInfo ¶ added in v0.6.6

type AttestationsInfo struct {
	// Image references are the regex of the images containing these attestations
	ImageReference string `json:"imageReference"`

	// type is a list of all the attestation types to check in these images
	Type []AttestationType `json:"type"`
}

type ImageInfo ¶

type ImageInfo struct {
	imageutils.ImageInfo

	// Pointer is the path to the image object in the resource
	Pointer string `json:"jsonPointer"`
}

type ImageInfos ¶

type ImageInfos struct {
	// InitContainers is a map of init containers image data from the AdmissionReview request, key is the container name
	InitContainers map[string]ImageInfo `json:"initContainers,omitempty"`

	// Containers is a map of containers image data from the AdmissionReview request, key is the container name
	Containers map[string]ImageInfo `json:"containers,omitempty"`

	// EphemeralContainers is a map of ephemeral containers image data from the AdmissionReview request, key is the container name
	EphemeralContainers map[string]ImageInfo `json:"ephemeralContainers,omitempty"`
}

type RequestData ¶

type RequestData struct {
	// ImageReferences is a list of matching image reference patterns. At least one pattern in the
	// list must match the image for the rule to apply. Each image reference consists of a registry
	// address (defaults to docker.io), repository, image, and tag (defaults to latest).
	// Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
	// +kubebuilder:validation:Optional
	ImageReferences []string `json:"imageReferences"`

	// List of images in the form of kyverno's image variable
	Images ImageInfos `json:"images"`

	// TrustPolicy specifies the name of the trust policy to be used for this specific request
	TrustPolicy string `json:"trustPolicy"`

	// List of image regex and attestations
	Attestations []AttestationsInfo `json:"attestations"`

	// Metadata is the current value of kyverno-notation-aws.io/verify-images annotation
	Metadata string `json:"metadata"`
}

Data format of request body for HandleCheckImages

type ResponseData ¶

type ResponseData struct {
	// Verified is true when all the images are verified.
	Verified bool `json:"verified"`

	// ErrorMessage contains the error recieved when verification fails
	// ErrorMessage is empty when verification succeeds
	ErrorMessage string `json:"message,omitempty"`

	// Results contains the list of containers in JSONPatch format
	// Results is empty when verification fails
	Results []jsonpatch.Operation `json:"results"`
}

Data format of response body for HandleCheckImages

type VerificationRequest ¶ added in v0.8.7

type VerificationRequest struct {
	// ImageReferences is a list of matching image reference patterns. At least one pattern in the
	// list must match the image for the rule to apply. Each image reference consists of a registry
	// address (defaults to docker.io), repository, image, and tag (defaults to latest).
	// Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
	// +kubebuilder:validation:Optional
	ImageReferences []string `json:"imageReferences"`

	// List of images in the form of kyverno's image variable
	Images ImageInfos `json:"images"`

	// TrustPolicy specifies the name of the trust policy to be used for this specific request
	TrustPolicy string `json:"trustPolicy"`

	// List of image regex and attestations
	Attestations []AttestationsInfo `json:"attestations"`

	// Metadata is the current value of kyverno-notation-aws.io/verify-images annotation
	Metadata map[string]bool `json:"metadata"`
}

VerificationRequest is the data sent to verifier after processed from HandleCheckImages request

Source Files ¶

View all Source files

types.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL