cosign

package

v1.3.1 Latest Latest Go to latest Published: Oct 23, 2024 License: Apache-2.0 Imports: 42 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ratify-project/ratify

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Extension
type KeyConfig
type KeylessConfig
type LegacyExtension
type PKKey
type PluginConfig
type TrustPolicies
- func CreateTrustPolicies(configs []TrustPolicyConfig, verifierName string) (*TrustPolicies, error)
- func (tps *TrustPolicies) GetScopedPolicy(reference string) (TrustPolicy, error)
type TrustPolicy
- func CreateTrustPolicy(config TrustPolicyConfig, verifierName string) (TrustPolicy, error)
type TrustPolicyConfig

Constants ¶

View Source

const (
	DefaultRekorURL                 string = "https://rekor.sigstore.dev"
	DefaultTLogVerify               bool   = true
	DefaultCTLogVerify              bool   = true
	DefaultTrustPolicyConfigVersion string = "1.0.0"
)

View Source

const GlobalWildcardCharacter = '*'

Variables ¶

View Source

var SupportedTrustPolicyConfigVersions = []string{DefaultTrustPolicyConfigVersion}

Functions ¶

This section is empty.

Types ¶

type Extension ¶

type Extension struct {
	SignatureExtension []cosignExtensionList `json:"signatures,omitempty"`
	TrustPolicy        string                `json:"trustPolicy,omitempty"`
}

Extension is the structure for the verifier result extensions contains a list of signature verification results where each entry corresponds to a single signature verified

type KeyConfig ¶

type KeyConfig struct {
	Provider string `json:"provider,omitempty"`
	Name     string `json:"name,omitempty"`
	Version  string `json:"version,omitempty"`
	File     string `json:"file,omitempty"`
}

type KeylessConfig ¶

type KeylessConfig struct {
	CTLogVerify                 *bool  `json:"ctLogVerify,omitempty"`
	CertificateIdentity         string `json:"certificateIdentity,omitempty"`
	CertificateIdentityRegExp   string `json:"certificateIdentityRegExp,omitempty"`
	CertificateOIDCIssuer       string `json:"certificateOIDCIssuer,omitempty"`
	CertificateOIDCIssuerRegExp string `json:"certificateOIDCIssuerRegExp,omitempty"`
}

type LegacyExtension ¶

type LegacyExtension struct {
	SignatureExtension []cosignExtension `json:"signatures,omitempty"`
}

LegacyExtension is the structure for the verifier result extensions used for backwards compatibility with the legacy cosign verifier

type PKKey ¶

type PKKey struct {
	Provider string `json:"provider,omitempty"`
	Name     string `json:"name,omitempty"`
	Version  string `json:"version,omitempty"`
}

type PluginConfig ¶

type PluginConfig struct {
	Name             string              `json:"name"`
	Type             string              `json:"type,omitempty"`
	ArtifactTypes    string              `json:"artifactTypes"`
	KeyRef           string              `json:"key,omitempty"`
	RekorURL         string              `json:"rekorURL,omitempty"`
	NestedReferences []string            `json:"nestedArtifactTypes,omitempty"`
	TrustPolicies    []TrustPolicyConfig `json:"trustPolicies,omitempty"`
}

type TrustPolicies ¶

type TrustPolicies struct {
	// contains filtered or unexported fields
}

func CreateTrustPolicies ¶

func CreateTrustPolicies(configs []TrustPolicyConfig, verifierName string) (*TrustPolicies, error)

CreateTrustPolicies creates a set of trust policies from the given configuration

func (*TrustPolicies) GetScopedPolicy ¶

func (tps *TrustPolicies) GetScopedPolicy(reference string) (TrustPolicy, error)

GetScopedPolicy returns the policy that applies to the given reference TODO: add link to scopes docs when published

type TrustPolicy ¶

type TrustPolicy interface {
	GetName() string
	GetKeys(ctx context.Context, namespace string) (map[PKKey]keymanagementprovider.PublicKey, error)
	GetScopes() []string
	GetCosignOpts(context.Context) (cosign.CheckOpts, error)
}

func CreateTrustPolicy ¶

func CreateTrustPolicy(config TrustPolicyConfig, verifierName string) (TrustPolicy, error)

CreateTrustPolicy creates a trust policy from the given configuration returns an error if the configuration is invalid reads the public keys from the file path

type TrustPolicyConfig ¶

type TrustPolicyConfig struct {
	Version    string        `json:"version"`
	Name       string        `json:"name"`
	Scopes     []string      `json:"scopes"`
	Keys       []KeyConfig   `json:"keys,omitempty"`
	Keyless    KeylessConfig `json:"keyless,omitempty"`
	TLogVerify *bool         `json:"tLogVerify,omitempty"`
	RekorURL   string        `json:"rekorURL,omitempty"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL