Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAndVerifyImageSignatureMetadata ¶
func GetAndVerifyImageSignatureMetadata(ctx context.Context, artifactClient artifacts.ArtifactsClient, configProvider common.ConfigurationProvider, compartmentId string, compartmentIdInSubtree bool, repositoryName string, imageDigest string, trustedKeys []string) (bool, error)
GetAndVerifyImageSignatureMetadata calls OCIR to list all the signatures satisfying the user provided criterion then calls KMS to verify the returned signatures
Description: Fetch a container image signature metadata and verity the signature Response: Boolean to indicate if any of the signatures of the container image is verified Parameters: - compartmentId: description: The OCID of the compartment in which the container repository exists. eg) ocid1.compartment.oc1..exampleuniqueID maxLength: 100 minLength: 1 - compartmentIdInSubtree: description: When set to true, the hierarchy of compartments is traversed - repositoryName: description: The repository name in which the container image exists eg) busybox - imageDigest: description: The sha256 digest of the docker image. eg) sha256:12345 - trustedKeys: description: List of OCIDs of the kmsKeyId used to sign the container image.
func SignAndUploadContainerImageSignatureMetadata ¶
func SignAndUploadContainerImageSignatureMetadata(ctx context.Context, artifactClient artifacts.ArtifactsClient, configProvider common.ConfigurationProvider, kmsKeyId string, kmsKeyVersionId string, signingAlgorithm string, compartmentId string, imageId string, description string, metadata string) (*artifacts.ContainerImageSignature, error)
SignAndUploadContainerImageSignatureMetadata calls KMS to sign the message then calls OCIR to upload the returned signature
Description: Sign a container image and upload the signature to the image
Response: The signed container image signature metadata.
Parameters:
- kmsKeyId:
description: The OCID of the kmsKeyId used to sign the container image. eg) ocid1.key.oc1..exampleuniqueID
maxLength: 255
minLength: 1
- kmsKeyVersionId:
description: The OCID of the kmsKeyVersionId used to sign the container image. eg) ocid1.keyversion.oc1..exampleuniqueID
maxLength: 255
minLength: 1
- signingAlgorithm:
- description: The algorithm to be used for signing. These are the only supported signing algorithms for container images.
- SHA_224_RSA_PKCS_PSS
- SHA_256_RSA_PKCS_PSS
- SHA_384_RSA_PKCS_PSS
- SHA_512_RSA_PKCS_PSS
- compartmentId:
description: The OCID of the compartment in which the container repository exists. eg) ocid1.compartment.oc1..exampleuniqueID
maxLength: 100
minLength: 1
- imageId:
description: The OCID of the container image. eg) ocid1.containerimage.oc1..exampleuniqueID
maxLength: 255
minLength: 1
- repoPath:
description The docker repository path. eg) odx-registry/busybox
- imageDigest:
description: The sha256 digest of the docker image. eg) sha256:12345
- description:
description: An user inputted message.
- metadata:
description: An user defined information about the container image in JSON format eg) {"buildNumber":"123"}
restriction:
- should only contains alphanumeric key strings.
- should be alphabetically sorted.
- should not have whitespaces or escape characters.
Types ¶
type Message ¶
type Message struct {
Description string `mandatory:"true" json:"description"`
ImageDigest string `mandatory:"true" json:"imageDigest"`
KmsKeyId string `mandatory:"true" json:"kmsKeyId"`
KmsKeyVersionId string `mandatory:"true" json:"kmsKeyVersionId"`
Metadata string `mandatory:"true" json:"metadata"`
Region string `mandatory:"true" json:"region"`
RepositoryName string `mandatory:"true" json:"repositoryName"`
SigningAlgorithm string `mandatory:"true" json:"signingAlgorithm"`
}
Message defines the struct of container image signature payload
Source Files
Click to show internal directories.
Click to hide internal directories.