v1beta1

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package +groupName=policy.sigstore.dev

Index

Constants

This section is empty.

Variables

View Source 
var (
	// SchemeBuilder builds a scheme with the types known to the package.
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme adds the types known to this package to an existing schema.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: policy.GroupName, Version: "v1beta1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

func ValidateGlob 

func ValidateGlob(glob string) *apis.FieldError

ValidateGlob glob compilation by testing against empty string

func ValidateRegex 

func ValidateRegex(regex string) *apis.FieldError

Types

type Attestation 

type Attestation struct {
	// Name of the attestation. These can then be referenced at the CIP level
	// policy.
	Name string `json:"name"`
	// Which predicate type to verify. Matches cosign verify-attestation options.
	PredicateType string `json:"predicateType"`
	// +optional
	Policy *Policy `json:"policy,omitempty"`
}

Attestation defines the type of attestation to validate and optionally apply a policy decision to it. Authority block is used to verify the specified attestation types, and if Policy is specified, then it's applied only after the validation of the Attestation signature has been verified.

func (*Attestation) DeepCopy 

func (in *Attestation) DeepCopy() *Attestation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Attestation.

func (*Attestation) DeepCopyInto 

func (in *Attestation) DeepCopyInto(out *Attestation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Attestation) Validate 

func (a *Attestation) Validate(ctx context.Context) *apis.FieldError

type Authority 

type Authority struct {
	// Name is the name for this authority. Used by the CIP Policy
	// validator to be able to reference matching signature or attestation
	// verifications.
	// If not specified, the name will be authority-<index in array>
	Name string `json:"name"`
	// +optional
	Key *KeyRef `json:"key,omitempty"`
	// +optional
	Keyless *KeylessRef `json:"keyless,omitempty"`
	// +optional
	Sources []Source `json:"source,omitempty"`
	// +optional
	CTLog *TLog `json:"ctlog,omitempty"`
	// +optional
	Attestations []Attestation `json:"attestations,omitempty"`
}

func (*Authority) DeepCopy 

func (in *Authority) DeepCopy() *Authority

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authority.

func (*Authority) DeepCopyInto 

func (in *Authority) DeepCopyInto(out *Authority)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Authority) Validate 

func (authority *Authority) Validate(ctx context.Context) *apis.FieldError

type ClusterImagePolicy 

type ClusterImagePolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`

	// Spec holds the desired state of the ClusterImagePolicy (from the client).
	Spec ClusterImagePolicySpec `json:"spec"`
}

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterImagePolicy) ConvertFrom 

func (c *ClusterImagePolicy) ConvertFrom(ctx context.Context, source apis.Convertible) error

ConvertFrom implements api.Convertible

func (*ClusterImagePolicy) ConvertTo 

func (c *ClusterImagePolicy) ConvertTo(ctx context.Context, sink apis.Convertible) error

ConvertTo implements api.Convertible

func (*ClusterImagePolicy) DeepCopy 

func (in *ClusterImagePolicy) DeepCopy() *ClusterImagePolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicy.

func (*ClusterImagePolicy) DeepCopyInto 

func (in *ClusterImagePolicy) DeepCopyInto(out *ClusterImagePolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterImagePolicy) DeepCopyObject 

func (in *ClusterImagePolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterImagePolicy) GetGroupVersionKind 

func (c *ClusterImagePolicy) GetGroupVersionKind() schema.GroupVersionKind

GetGroupVersionKind implements kmeta.OwnerRefable

func (*ClusterImagePolicy) SetDefaults 

func (c *ClusterImagePolicy) SetDefaults(ctx context.Context)

SetDefaults implements apis.Defaultable

func (*ClusterImagePolicy) Validate 

func (c *ClusterImagePolicy) Validate(ctx context.Context) *apis.FieldError

Validate implements apis.Validatable

type ClusterImagePolicyList 

type ClusterImagePolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []ClusterImagePolicy `json:"items"`
}

ClusterImagePolicyList is a list of ClusterImagePolicy resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*ClusterImagePolicyList) DeepCopy 

func (in *ClusterImagePolicyList) DeepCopy() *ClusterImagePolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyList.

func (*ClusterImagePolicyList) DeepCopyInto 

func (in *ClusterImagePolicyList) DeepCopyInto(out *ClusterImagePolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterImagePolicyList) DeepCopyObject 

func (in *ClusterImagePolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterImagePolicySpec 

type ClusterImagePolicySpec struct {
	Images      []ImagePattern `json:"images"`
	Authorities []Authority    `json:"authorities"`
	// Policy is an optional policy that can be applied against all the
	// successfully validated Authorities. If no authorities pass, this does
	// not even get evaluated, as the Policy is considered failed.
	// +optional
	Policy *Policy `json:"policy,omitempty"`
}

ClusterImagePolicySpec defines a list of images that should be verified

func (*ClusterImagePolicySpec) DeepCopy 

func (in *ClusterImagePolicySpec) DeepCopy() *ClusterImagePolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicySpec.

func (*ClusterImagePolicySpec) DeepCopyInto 

func (in *ClusterImagePolicySpec) DeepCopyInto(out *ClusterImagePolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterImagePolicySpec) SetDefaults 

func (spec *ClusterImagePolicySpec) SetDefaults(ctx context.Context)

func (*ClusterImagePolicySpec) Validate 

func (spec *ClusterImagePolicySpec) Validate(ctx context.Context) (errors *apis.FieldError)

type ConfigMapReference 

type ConfigMapReference struct {
	// Name is unique within a namespace to reference a configmap resource.
	// +optional
	Name string `json:"name,omitempty"`
	// Namespace defines the space within which the configmap name must be unique.
	// +optional
	Namespace string `json:"namespace,omitempty"`
}

ConfigMapReference is cut&paste from SecretReference, but for the life of me couldn't find one in the public types. If there's one, use it.

func (*ConfigMapReference) DeepCopy 

func (in *ConfigMapReference) DeepCopy() *ConfigMapReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapReference.

func (*ConfigMapReference) DeepCopyInto 

func (in *ConfigMapReference) DeepCopyInto(out *ConfigMapReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity 

type Identity struct {
	// +optional
	Issuer string `json:"issuer,omitempty"`
	// +optional
	Subject string `json:"subject,omitempty"`
}

Identity may contain the issuer and/or the subject found in the transparency log. Either field supports a pattern glob.

func (*Identity) DeepCopy 

func (in *Identity) DeepCopy() *Identity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity.

func (*Identity) DeepCopyInto 

func (in *Identity) DeepCopyInto(out *Identity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Identity) Validate 

func (identity *Identity) Validate(ctx context.Context) *apis.FieldError

type ImagePattern 

type ImagePattern struct {
	Glob string `json:"glob"`
}

ImagePattern defines a pattern and its associated authorties If multiple patterns match a particular image, then ALL of those authorities must be satisfied for the image to be admitted.

func (*ImagePattern) DeepCopy 

func (in *ImagePattern) DeepCopy() *ImagePattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePattern.

func (*ImagePattern) DeepCopyInto 

func (in *ImagePattern) DeepCopyInto(out *ImagePattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ImagePattern) Validate 

func (image *ImagePattern) Validate(ctx context.Context) *apis.FieldError

type KeyRef 

type KeyRef struct {
	// +optional
	SecretRef *v1.SecretReference `json:"secretRef,omitempty"`
	// Data contains the inline public key
	// +optional
	Data string `json:"data,omitempty"`
	// KMS contains the KMS url of the public key
	// Supported formats differ based on the KMS system used.
	// +optional
	KMS string `json:"kms,omitempty"`
}

This references a public verification key stored in a secret in the cosign-system namespace. A KeyRef must specify only one of SecretRef, Data or KMS

func (*KeyRef) DeepCopy 

func (in *KeyRef) DeepCopy() *KeyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyRef.

func (*KeyRef) DeepCopyInto 

func (in *KeyRef) DeepCopyInto(out *KeyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KeyRef) Validate 

func (key *KeyRef) Validate(ctx context.Context) *apis.FieldError

type KeylessRef 

type KeylessRef struct {
	// +optional
	URL *apis.URL `json:"url,omitempty"`
	// +optional
	Identities []Identity `json:"identities,omitempty"`
	// +optional
	CACert *KeyRef `json:"ca-cert,omitempty"`
}

KeylessRef contains location of the validating certificate and the identities against which to verify. KeylessRef will contain either the URL to the verifying certificate, or it will contain the certificate data inline or in a secret.

func (*KeylessRef) DeepCopy 

func (in *KeylessRef) DeepCopy() *KeylessRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeylessRef.

func (*KeylessRef) DeepCopyInto 

func (in *KeylessRef) DeepCopyInto(out *KeylessRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KeylessRef) Validate 

func (keyless *KeylessRef) Validate(ctx context.Context) *apis.FieldError

type Policy 

type Policy struct {
	// Which kind of policy this is, currently only rego or cue are supported.
	// Furthermore, only cue is tested :)
	Type string `json:"type"`
	// +optional
	Data string `json:"data,omitempty"`
	// +optional
	URL *apis.URL `json:"url,omitempty"`
	// +optional
	ConfigMapRef *ConfigMapReference `json:"configMapRef,omitempty"`
}

Policy specifies a policy to use for Attestation validation. Exactly one of Data, URL, or ConfigMapReference must be specified.

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) Validate 

func (p *Policy) Validate(ctx context.Context) *apis.FieldError

type Source 

type Source struct {
	// +optional
	OCI string `json:"oci,omitempty"`
	// SignaturePullSecrets is an optional list of references to secrets in the
	// same namespace as the deploying resource for pulling any of the signatures
	// used by this Source.
	// +optional
	SignaturePullSecrets []v1.LocalObjectReference `json:"signaturePullSecrets,omitempty"`
}

Source specifies the location of the signature

func (*Source) DeepCopy 

func (in *Source) DeepCopy() *Source

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Source.

func (*Source) DeepCopyInto 

func (in *Source) DeepCopyInto(out *Source)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Source) Validate 

func (source *Source) Validate(ctx context.Context) *apis.FieldError

type TLog 

type TLog struct {
	// +optional
	URL *apis.URL `json:"url,omitempty"`
}

TLog specifies the URL to a transparency log that holds the signature and public key information

func (*TLog) DeepCopy 

func (in *TLog) DeepCopy() *TLog

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLog.

func (*TLog) DeepCopyInto 

func (in *TLog) DeepCopyInto(out *TLog)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.