options

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2022 License: Apache-2.0 Imports: 37 Imported by: 46

Documentation

Index

Constants

View Source 
const (
	PredicateCustom    = "custom"
	PredicateSLSA      = "slsaprovenance"
	PredicateSPDX      = "spdx"
	PredicateSPDXJSON  = "spdxjson"
	PredicateCycloneDX = "cyclonedx"
	PredicateLink      = "link"
	PredicateVuln      = "vuln"
)
View Source 
const DefaultFulcioURL = "https://fulcio.sigstore.dev"
View Source 
const DefaultOIDCIssuerURL = "https://oauth2.sigstore.dev/auth"
View Source 
const DefaultRekorURL = "https://rekor.sigstore.dev"
View Source 
const DefaultTimeout = 3 * time.Minute

DefaultTimeout specifies the default timeout for commands.

View Source 
const (
	ExperimentalEnv = "COSIGN_EXPERIMENTAL"
)

Variables

View Source 
var PredicateTypeMap = map[string]string{
	PredicateCustom:    attestation.CosignCustomProvenanceV01,
	PredicateSLSA:      slsa.PredicateSLSAProvenance,
	PredicateSPDX:      in_toto.PredicateSPDX,
	PredicateSPDXJSON:  in_toto.PredicateSPDX,
	PredicateCycloneDX: in_toto.PredicateCycloneDX,
	PredicateLink:      in_toto.PredicateLinkV1,
	PredicateVuln:      attestation.CosignVulnProvenanceV01,
}

PredicateTypeMap is the mapping between the predicate `type` option to predicate URI.

Functions

func EnableExperimental 

func EnableExperimental() bool

func NOf 

func NOf(args ...interface{}) int

NOf returns how many of the fields are non-zero

func OneOf 

func OneOf(args ...interface{}) bool

OneOf ensures that only one of the supplied interfaces is set to a non-zero value.

func ParsePredicateType 

func ParsePredicateType(t string) (string, error)

ParsePredicateType parses the predicate `type` flag passed into a predicate URI, or validates `type` is a valid URI.

func UserAgent added in v1.4.0 

func UserAgent() string

UserAgent returns the User-Agent string which `cosign` should send with HTTP requests.ß

Types

type AnnotationOptions 

type AnnotationOptions struct {
	Annotations []string
}

AnnotationOptions is the top level wrapper for the annotations.

func (*AnnotationOptions) AddFlags 

func (o *AnnotationOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

func (*AnnotationOptions) AnnotationsMap 

func (o *AnnotationOptions) AnnotationsMap() (sigs.AnnotationsMap, error)

type AttachAttestationOptions added in v1.5.0 

type AttachAttestationOptions struct {
	Attestations []string
	Registry     RegistryOptions
}

AttachAttestationOptions is the top level wrapper for the attach attestation command.

func (*AttachAttestationOptions) AddFlags added in v1.5.0 

func (o *AttachAttestationOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type AttachSBOMOptions 

type AttachSBOMOptions struct {
	SBOM            string
	SBOMType        string
	SBOMInputFormat string
	Registry        RegistryOptions
}

AttachSBOMOptions is the top level wrapper for the attach sbom command.

func (*AttachSBOMOptions) AddFlags 

func (o *AttachSBOMOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

func (*AttachSBOMOptions) MediaType 

func (o *AttachSBOMOptions) MediaType() (types.MediaType, error)

type AttachSignatureOptions 

type AttachSignatureOptions struct {
	Signature string
	Payload   string
	Registry  RegistryOptions
}

AttachSignatureOptions is the top level wrapper for the attach signature command.

func (*AttachSignatureOptions) AddFlags 

func (o *AttachSignatureOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type AttestOptions 

type AttestOptions struct {
	Key              string
	Cert             string
	CertChain        string
	NoUpload         bool
	Force            bool
	Recursive        bool
	Replace          bool
	SkipConfirmation bool
	NoTlogUpload     bool

	Rekor       RekorOptions
	Fulcio      FulcioOptions
	OIDC        OIDCOptions
	SecurityKey SecurityKeyOptions
	Predicate   PredicateLocalOptions
	Registry    RegistryOptions
}

AttestOptions is the top level wrapper for the attest command.

func (*AttestOptions) AddFlags 

func (o *AttestOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type CertVerifyOptions added in v1.5.0 

type CertVerifyOptions struct {
	Cert                         string
	CertEmail                    string
	CertOidcIssuer               string
	CertGithubWorkflowTrigger    string
	CertGithubWorkflowSha        string
	CertGithubWorkflowName       string
	CertGithubWorkflowRepository string
	CertGithubWorkflowRef        string
	CertChain                    string
	EnforceSCT                   bool
}

CertVerifyOptions is the wrapper for certificate verification.

func (*CertVerifyOptions) AddFlags added in v1.5.0 

func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type CleanOptions added in v1.6.0 

type CleanOptions struct {
	Registry  RegistryOptions
	CleanType string
	Force     bool
}

func (*CleanOptions) AddFlags added in v1.6.0 

func (c *CleanOptions) AddFlags(cmd *cobra.Command)

type CopyOptions 

type CopyOptions struct {
	SignatureOnly bool
	Force         bool
	Registry      RegistryOptions
}

CopyOptions is the top level wrapper for the copy command.

func (*CopyOptions) AddFlags 

func (o *CopyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type FilesOptions 

type FilesOptions struct {
	Files []string
}

FilesOptions is the wrapper for the files.

func (*FilesOptions) AddFlags 

func (o *FilesOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

func (*FilesOptions) Parse 

func (o *FilesOptions) Parse() ([]cremote.File, error)

func (*FilesOptions) String 

func (o *FilesOptions) String() string

type FulcioOptions 

type FulcioOptions struct {
	URL                      string
	IdentityToken            string
	InsecureSkipFulcioVerify bool
}

FulcioOptions is the wrapper for Fulcio related options.

func (*FulcioOptions) AddFlags 

func (o *FulcioOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type GenerateKeyPairOptions 

type GenerateKeyPairOptions struct {
	// KMS Key Management Service
	KMS string
}

GenerateKeyPairOptions is the top level wrapper for the generate-key-pair command.

func (*GenerateKeyPairOptions) AddFlags 

func (o *GenerateKeyPairOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type GenerateOptions 

type GenerateOptions struct {
	AnnotationOptions
	Registry RegistryOptions
}

GenerateOptions is the top level wrapper for the generate command.

func (*GenerateOptions) AddFlags 

func (o *GenerateOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type ImportKeyPairOptions added in v1.5.0 

type ImportKeyPairOptions struct {
	// Local key file generated by external program such as OpenSSL
	Key string
}

ImportKeyPairOptions is the top level wrapper for the import-key-pair command.

func (*ImportKeyPairOptions) AddFlags added in v1.5.0 

func (o *ImportKeyPairOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type InitializeOptions 

type InitializeOptions struct {
	Mirror string
	Root   string
}

InitializeOptions is the top level wrapper for the initialize command.

func (*InitializeOptions) AddFlags 

func (o *InitializeOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type Interface 

type Interface interface {
	// AddFlags adds this options' flags to the cobra command.
	AddFlags(cmd *cobra.Command)
}

type KeyOpts added in v1.9.0 

type KeyOpts struct {
	Sk                   bool
	Slot                 string
	KeyRef               string
	FulcioURL            string
	RekorURL             string
	IDToken              string
	PassFunc             cosign.PassFunc
	OIDCIssuer           string
	OIDCClientID         string
	OIDCClientSecret     string
	OIDCRedirectURL      string
	OIDCDisableProviders bool   // Disable OIDC credential providers in keyless signer
	OIDCProvider         string // Specify which OIDC credential provider to use for keyless signer
	BundlePath           string
	SkipConfirmation     bool

	// FulcioAuthFlow is the auth flow to use when authenticating against
	// Fulcio. See https://pkg.go.dev/github.com/sigstore/cosign/cmd/cosign/cli/fulcio#pkg-constants
	// for valid values.
	FulcioAuthFlow string

	// Modeled after InsecureSkipVerify in tls.Config, this disables
	// verifying the SCT.
	InsecureSkipFulcioVerify bool
}

type KeyParseError 

type KeyParseError struct{}

KeyParseError is an error returned when an incorrect set of key flags are parsed by the CLI

func (*KeyParseError) Error 

func (e *KeyParseError) Error() string

type Keychain added in v1.7.0 

type Keychain = authn.Keychain

Keychain is an alias of authn.Keychain to expose this configuration option to consumers of this lib

type LoadOptions added in v1.4.0 

type LoadOptions struct {
	Directory string
}

LoadOptions is the top level wrapper for the load command.

func (*LoadOptions) AddFlags added in v1.4.0 

func (o *LoadOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type OIDCOptions 

type OIDCOptions struct {
	Issuer   string
	ClientID string

	RedirectURL             string
	Provider                string
	DisableAmbientProviders bool
	// contains filtered or unexported fields
}

OIDCOptions is the wrapper for OIDC related options.

func (*OIDCOptions) AddFlags 

func (o *OIDCOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

func (*OIDCOptions) ClientSecret 

func (o *OIDCOptions) ClientSecret() (string, error)

type PIVToolAttestationOptions 

type PIVToolAttestationOptions struct {
	Output string
	Slot   string
}

PIVToolAttestationOptions is the wrapper for `piv-tool attestation` related options.

func (*PIVToolAttestationOptions) AddFlags 

func (o *PIVToolAttestationOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PIVToolGenerateKeyOptions 

type PIVToolGenerateKeyOptions struct {
	ManagementKey string
	RandomKey     bool
	Slot          string
	PINPolicy     string
	TouchPolicy   string
}

PIVToolGenerateKeyOptions is the wrapper for `piv-tool generate-key` related options.

func (*PIVToolGenerateKeyOptions) AddFlags 

func (o *PIVToolGenerateKeyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PIVToolSetManagementKeyOptions 

type PIVToolSetManagementKeyOptions struct {
	OldKey    string
	NewKey    string
	RandomKey bool
}

PIVToolSetManagementKeyOptions is the wrapper for `piv-tool set-management-key` related options.

func (*PIVToolSetManagementKeyOptions) AddFlags 

func (o *PIVToolSetManagementKeyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PIVToolSetPINOptions 

type PIVToolSetPINOptions struct {
	OldPIN string
	NewPIN string
}

PIVToolSetPINOptions is the wrapper for `piv-tool set-pin` related options.

func (*PIVToolSetPINOptions) AddFlags 

func (o *PIVToolSetPINOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PIVToolSetPUKOptions 

type PIVToolSetPUKOptions struct {
	OldPUK string
	NewPUK string
}

PIVToolSetPUKOptions is the wrapper for `piv-tool set-puk` related options.

func (*PIVToolSetPUKOptions) AddFlags 

func (o *PIVToolSetPUKOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PIVToolUnblockOptions 

type PIVToolUnblockOptions struct {
	PUK    string
	NewPIN string
}

PIVToolUnblockOptions is the wrapper for `piv-tool unblock` related options.

func (*PIVToolUnblockOptions) AddFlags 

func (o *PIVToolUnblockOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PKCS11ToolListKeysUrisOptions added in v1.3.1 

type PKCS11ToolListKeysUrisOptions struct {
	ModulePath string
	SlotID     uint
	Pin        string
}

PKCS11ToolListKeysUrisOptions is the wrapper for `pkcs11-tool list-keys-uris` related options.

func (*PKCS11ToolListKeysUrisOptions) AddFlags added in v1.3.1 

func (o *PKCS11ToolListKeysUrisOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PKCS11ToolListTokensOptions added in v1.3.1 

type PKCS11ToolListTokensOptions struct {
	ModulePath string
}

PKCS11ToolListTokens is the wrapper for `pkcs11-tool list-tokens` related options.

func (*PKCS11ToolListTokensOptions) AddFlags added in v1.3.1 

func (o *PKCS11ToolListTokensOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PolicyInitOptions 

type PolicyInitOptions struct {
	ImageRef    string
	Maintainers []string
	Issuer      string
	Threshold   int
	Expires     int
	OutFile     string
	Registry    RegistryOptions
}

PolicyInitOptions is the top level wrapper for the policy-init command.

func (*PolicyInitOptions) AddFlags 

func (o *PolicyInitOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PolicySignOptions 

type PolicySignOptions struct {
	ImageRef         string
	OutFile          string
	Registry         RegistryOptions
	Fulcio           FulcioOptions
	Rekor            RekorOptions
	SkipConfirmation bool

	OIDC OIDCOptions
}

func (*PolicySignOptions) AddFlags 

func (o *PolicySignOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PredicateLocalOptions 

type PredicateLocalOptions struct {
	PredicateOptions
	Path string
}

PredicateLocalOptions is the wrapper for predicate related options.

func (*PredicateLocalOptions) AddFlags 

func (o *PredicateLocalOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PredicateOptions 

type PredicateOptions struct {
	Type string
}

PredicateOptions is the wrapper for predicate related options.

func (*PredicateOptions) AddFlags 

func (o *PredicateOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PredicateRemoteOptions 

type PredicateRemoteOptions struct {
	PredicateOptions
}

PredicateRemoteOptions is the wrapper for remote predicate related options.

func (*PredicateRemoteOptions) AddFlags 

func (o *PredicateRemoteOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type PubKeyParseError 

type PubKeyParseError struct{}

PubKeyParseError is an error returned when an incorrect set of public key flags are parsed by the CLI

func (*PubKeyParseError) Error 

func (e *PubKeyParseError) Error() string

type PublicKeyOptions 

type PublicKeyOptions struct {
	Key         string
	SecurityKey SecurityKeyOptions
	OutFile     string
}

PublicKeyOptions is the top level wrapper for the public-key command.

func (*PublicKeyOptions) AddFlags 

func (o *PublicKeyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type ReferenceOptions 

type ReferenceOptions struct {
	TagPrefix string
}

ReferenceOptions is a wrapper for image reference options.

func (*ReferenceOptions) AddFlags 

func (o *ReferenceOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type RegistryOptions 

type RegistryOptions struct {
	AllowInsecure      bool
	KubernetesKeychain bool
	RefOpts            ReferenceOptions
	Keychain           Keychain
}

RegistryOptions is the wrapper for the registry options.

func (*RegistryOptions) AddFlags 

func (o *RegistryOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

func (*RegistryOptions) ClientOpts 

func (o *RegistryOptions) ClientOpts(ctx context.Context) ([]ociremote.Option, error)

func (*RegistryOptions) GetRegistryClientOpts 

func (o *RegistryOptions) GetRegistryClientOpts(ctx context.Context) []remote.Option

type RekorOptions 

type RekorOptions struct {
	URL string
}

RekorOptions is the wrapper for Rekor related options.

func (*RekorOptions) AddFlags 

func (o *RekorOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type RootOptions 

type RootOptions struct {
	OutputFile string
	Verbose    bool
	Timeout    time.Duration
}

RootOptions define flags and options for the root cosign cli.

func (*RootOptions) AddFlags 

func (o *RootOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type SBOMDownloadOptions added in v1.10.0 

type SBOMDownloadOptions struct {
	Platform string // Platform to download sboms
}

DownloadOptions is the struct for control

func (*SBOMDownloadOptions) AddFlags added in v1.10.0 

func (o *SBOMDownloadOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type SaveOptions added in v1.4.0 

type SaveOptions struct {
	Directory string
}

SaveOptions is the top level wrapper for the load command.

func (*SaveOptions) AddFlags added in v1.4.0 

func (o *SaveOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type SecurityKeyOptions 

type SecurityKeyOptions struct {
	Use  bool
	Slot string
}

SecurityKeyOptions is the wrapper for security key related options.

func (*SecurityKeyOptions) AddFlags 

func (o *SecurityKeyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type SignBlobOptions 

type SignBlobOptions struct {
	Key               string
	Base64Output      bool
	Output            string // deprecated: TODO remove when the output flag is fully deprecated
	OutputSignature   string // TODO: this should be the root output file arg.
	OutputCertificate string
	SecurityKey       SecurityKeyOptions
	Fulcio            FulcioOptions
	Rekor             RekorOptions
	OIDC              OIDCOptions
	Registry          RegistryOptions
	BundlePath        string
	SkipConfirmation  bool
}

SignBlobOptions is the top level wrapper for the sign-blob command. The new output-certificate flag is only in use when COSIGN_EXPERIMENTAL is enabled

func (*SignBlobOptions) AddFlags 

func (o *SignBlobOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type SignOptions 

type SignOptions struct {
	Key               string
	Cert              string
	CertChain         string
	Upload            bool
	Output            string // deprecated: TODO remove when the output flag is fully deprecated
	OutputSignature   string // TODO: this should be the root output file arg.
	OutputCertificate string
	PayloadPath       string
	Force             bool
	Recursive         bool
	Attachment        string
	SkipConfirmation  bool
	NoTlogUpload      bool

	Rekor       RekorOptions
	Fulcio      FulcioOptions
	OIDC        OIDCOptions
	SecurityKey SecurityKeyOptions
	AnnotationOptions
	Registry RegistryOptions
}

SignOptions is the top level wrapper for the sign command.

func (*SignOptions) AddFlags 

func (o *SignOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type SignatureDigestOptions added in v1.4.0 

type SignatureDigestOptions struct {
	AlgorithmName string
}

SignatureDigestOptions holds options for specifying which digest algorithm should be used when processing a signature.

func (*SignatureDigestOptions) AddFlags added in v1.4.0 

func (o *SignatureDigestOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

func (*SignatureDigestOptions) HashAlgorithm added in v1.4.0 

func (o *SignatureDigestOptions) HashAlgorithm() (crypto.Hash, error)

HashAlgorithm converts the algorithm's name - provided as a string - into a crypto.Hash algorithm. Returns an error if the algorithm name doesn't match a supported algorithm, and defaults to SHA256 in the event that the given algorithm is invalid.

type TreeOptions added in v1.7.0 

type TreeOptions struct {
	Registry  RegistryOptions
	CleanType string
}

func (*TreeOptions) AddFlags added in v1.7.0 

func (c *TreeOptions) AddFlags(cmd *cobra.Command)

type TriangulateOptions 

type TriangulateOptions struct {
	Type     string
	Registry RegistryOptions
}

TriangulateOptions is the top level wrapper for the triangulate command.

func (*TriangulateOptions) AddFlags 

func (o *TriangulateOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type UploadBlobOptions 

type UploadBlobOptions struct {
	ContentType string
	Files       FilesOptions
	Registry    RegistryOptions
}

UploadBlobOptions is the top level wrapper for the `upload blob` command.

func (*UploadBlobOptions) AddFlags 

func (o *UploadBlobOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type UploadWASMOptions 

type UploadWASMOptions struct {
	File     string
	Registry RegistryOptions
}

UploadWASMOptions is the top level wrapper for the `upload wasm` command.

func (*UploadWASMOptions) AddFlags 

func (o *UploadWASMOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type VerifyAttestationOptions 

type VerifyAttestationOptions struct {
	Key         string
	CheckClaims bool
	Output      string

	SecurityKey SecurityKeyOptions
	Rekor       RekorOptions
	CertVerify  CertVerifyOptions
	Registry    RegistryOptions
	Predicate   PredicateRemoteOptions
	Policies    []string
	LocalImage  bool
}

VerifyAttestationOptions is the top level wrapper for the `verify attestation` command.

func (*VerifyAttestationOptions) AddFlags 

func (o *VerifyAttestationOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type VerifyBlobOptions 

type VerifyBlobOptions struct {
	Key        string
	Signature  string
	BundlePath string

	SecurityKey SecurityKeyOptions
	CertVerify  CertVerifyOptions
	Rekor       RekorOptions
	Registry    RegistryOptions
}

VerifyBlobOptions is the top level wrapper for the `verify blob` command.

func (*VerifyBlobOptions) AddFlags 

func (o *VerifyBlobOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type VerifyDockerfileOptions 

type VerifyDockerfileOptions struct {
	VerifyOptions
	BaseImageOnly bool
}

VerifyBlobOptions is the top level wrapper for the `verify blob` command.

func (*VerifyDockerfileOptions) AddFlags 

func (o *VerifyDockerfileOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

type VerifyOptions 

type VerifyOptions struct {
	Key          string
	CheckClaims  bool
	Attachment   string
	Output       string
	SignatureRef string
	LocalImage   bool

	SecurityKey     SecurityKeyOptions
	CertVerify      CertVerifyOptions
	Rekor           RekorOptions
	Registry        RegistryOptions
	SignatureDigest SignatureDigestOptions
	AnnotationOptions
}

VerifyOptions is the top level wrapper for the `verify` command.

func (*VerifyOptions) AddFlags 

func (o *VerifyOptions) AddFlags(cmd *cobra.Command)

AddFlags implements Interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.