Documentation
¶
Overview ¶
Package config holds the typed objects that define the schemas for ConfigMap objects that pertain to our API objects. This ConfigMap gets created by the Reconciler by combining all the ClusterImagePolicy CR into a single ConfigMap so that the AdmissionController only needs to deal with a single resource when validationg.
Index ¶
- Constants
- func ConvertCertificateAuthority(source v1alpha1.CertificateAuthority) (*pbtrustroot.CertificateAuthority, error)
- func ConvertTransparencyLogInstance(source v1alpha1.TransparencyLogInstance) (*pbtrustroot.TransparencyLogInstance, error)
- func DeserializeCertChain(chain []byte) (*pbcommon.X509CertificateChain, error)
- func DeserializePublicKey(publicKey []byte) (*pbcommon.PublicKey, crypto.PublicKey, error)
- func HashStringToHashAlgorithm(hash string) pbcommon.HashAlgorithm
- func SerializeCertChain(certChain *pbcommon.X509CertificateChain) []byte
- func SerializePublicKey(publicKey *pbcommon.PublicKey) []byte
- func ToContext(ctx context.Context, c *Config) context.Context
- type CertificateAuthority
- type Config
- type DistinguishedName
- type ImagePolicyConfig
- type LogID
- type SigstoreKeys
- type SigstoreKeysMap
- type Store
- type TimeRange
- type Timestamp
- type TransparencyLogInstance
Constants ¶
const ( // ImagePoliciesConfigName is the name of ConfigMap created by the // reconciler and consumed by the admission webhook. ImagePoliciesConfigName = "config-image-policies" )
const ( // SigstoreKeysConfigName is the name of ConfigMap created by the // reconciler and consumed by the admission webhook for determining // which Keys/Certificates are trusted for things like Fulcio/Rekor, etc. SigstoreKeysConfigName = "config-sigstore-keys" )
Variables ¶
This section is empty.
Functions ¶
func ConvertCertificateAuthority ¶ added in v0.6.0
func ConvertCertificateAuthority(source v1alpha1.CertificateAuthority) (*pbtrustroot.CertificateAuthority, error)
ConvertCertificateAuthority converts public into private CertificateAuthority
func ConvertTransparencyLogInstance ¶ added in v0.6.0
func ConvertTransparencyLogInstance(source v1alpha1.TransparencyLogInstance) (*pbtrustroot.TransparencyLogInstance, error)
ConvertTransparencyLogInstance converts public into private TransparencyLogInstance.
func DeserializeCertChain ¶ added in v0.9.0
func DeserializeCertChain(chain []byte) (*pbcommon.X509CertificateChain, error)
func DeserializePublicKey ¶ added in v0.9.0
func HashStringToHashAlgorithm ¶ added in v0.9.0
func HashStringToHashAlgorithm(hash string) pbcommon.HashAlgorithm
func SerializeCertChain ¶ added in v0.9.0
func SerializeCertChain(certChain *pbcommon.X509CertificateChain) []byte
func SerializePublicKey ¶ added in v0.9.0
Types ¶
type CertificateAuthority ¶ added in v0.6.0
type CertificateAuthority = pbtrustroot.CertificateAuthority
type Config ¶
type Config struct {
ImagePolicyConfig *ImagePolicyConfig
SigstoreKeysConfig *SigstoreKeysMap
}
Config holds the collection of configurations that we attach to contexts. +k8s:deepcopy-gen=false
func FromContext ¶
FromContext extracts a Config from the provided context.
func FromContextOrDefaults ¶
FromContextOrDefaults is like FromContext, but when no Config is attached it returns a Config populated with the defaults for each of the Config fields.
type DistinguishedName ¶ added in v0.6.0
type DistinguishedName = pbcommon.DistinguishedName
type ImagePolicyConfig ¶
type ImagePolicyConfig struct {
// This is the list of ImagePolicies that a admission controller uses
// to make policy decisions.
Policies map[string]webhookcip.ClusterImagePolicy
}
func NewImagePoliciesConfigFromConfigMap ¶
func NewImagePoliciesConfigFromConfigMap(config *corev1.ConfigMap) (*ImagePolicyConfig, error)
NewImagePoliciesConfigFromConfigMap creates a Features from the supplied ConfigMap
func NewImagePoliciesConfigFromMap ¶
func NewImagePoliciesConfigFromMap(data map[string]string) (*ImagePolicyConfig, error)
NewImagePoliciesConfigFromMap creates an ImagePolicyConfig from the supplied Map
func (*ImagePolicyConfig) GetMatchingPolicies ¶
func (p *ImagePolicyConfig) GetMatchingPolicies(image string, kind, apiVersion string, labels map[string]string) (map[string]webhookcip.ClusterImagePolicy, error)
GetMatchingPolicies returns all matching Policies and their Authorities that need to be matched for the given kind, version and labels (if provided) to then match the Image. Returned map contains the name of the CIP as the key, and a normalized ClusterImagePolicy for it.
type SigstoreKeys ¶ added in v0.6.0
type SigstoreKeys = pbtrustroot.TrustedRoot
SigstoreKeys contains all the necessary Keys and Certificates for validating against a specific instance of Sigstore.
func ConvertSigstoreKeys ¶ added in v0.9.0
func ConvertSigstoreKeys(_ context.Context, source *v1alpha1.SigstoreKeys) (sk *SigstoreKeys, err error)
ConvertSigstoreKeys takes a source and converts into a SigstoreKeys suitable for serialization into a ConfigMap entry.
type SigstoreKeysMap ¶ added in v0.6.0
type SigstoreKeysMap struct {
SigstoreKeys map[string]*SigstoreKeys
}
func NewSigstoreKeysFromConfigMap ¶ added in v0.6.0
func NewSigstoreKeysFromConfigMap(config *corev1.ConfigMap) (*SigstoreKeysMap, error)
NewImagePoliciesConfigFromConfigMap creates a Features from the supplied ConfigMap
func NewSigstoreKeysFromMap ¶ added in v0.6.0
func NewSigstoreKeysFromMap(data map[string]string) (*SigstoreKeysMap, error)
NewSigstoreKeysFromMap creates a map of SigstoreKeys to use for validation.
type Store ¶
type Store struct {
*configmap.UntypedStore
}
Store is a typed wrapper around configmap.Untyped store to handle our configmaps. +k8s:deepcopy-gen=false
func NewStore ¶
NewStore creates a new store of Configs and optionally calls functions when ConfigMaps are updated.
type Timestamp ¶ added in v0.9.0
type Timestamp = timestamppb.Timestamp
type TransparencyLogInstance ¶ added in v0.6.0
type TransparencyLogInstance = pbtrustroot.TransparencyLogInstance
Source Files