chains

package
v0.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2024 License: Apache-2.0 Imports: 32 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// ChainsAnnotation is the standard annotation to indicate a TR has been signed.
	ChainsAnnotation             = "chains.tekton.dev/signed"
	RetryAnnotation              = "chains.tekton.dev/retries"
	ChainsTransparencyAnnotation = "chains.tekton.dev/transparency"
	MaxRetries                   = 3
)
View Source 
const (
	SignedMessagesCount     = "sgcount"
	SignsStoredCount        = "stcount"
	PayloadUploadeCount     = "plcount"
	MarkedAsSignedCount     = "mrcount"
	PipelineRunSignedName   = "pipelinerun_sign_created_total"
	PipelineRunSignedDesc   = "Total number of signed messages for pipelineruns"
	PipelineRunUploadedName = "pipelinerun_payload_uploaded_total"
	PipelineRunUploadedDesc = "Total number of uploaded payloads for pipelineruns"
	PipelineRunStoredName   = "pipelinerun_payload_stored_total"
	PipelineRunStoredDesc   = "Total number of stored payloads for pipelineruns"
	PipelineRunMarkedName   = "pipelinerun_marked_signed_total"
	PipelineRunMarkedDesc   = "Total number of objects marked as signed for pipelineruns"
	TaskRunSignedName       = "taskrun_sign_created_total"
	TaskRunSignedDesc       = "Total number of signed messages for taskruns"
	TaskRunUploadedName     = "taskrun_payload_uploaded_total"
	TaskRunUploadedDesc     = "Total number of uploaded payloads for taskruns"
	TaskRunStoredName       = "taskrun_payload_stored_total"
	TaskRunStoredDesc       = "Total number of stored payloads for taskruns"
	TaskRunMarkedName       = "taskrun_marked_signed_total"
	TaskRunMarkedDesc       = "Total number of objects marked as signed for taskruns"
)
View Source 
const (
	RekorAnnotation = "chains.tekton.dev/transparency-upload"
)

Variables

This section is empty.

Functions

func AddAnnotation added in v0.4.0 

func AddAnnotation(ctx context.Context, obj objects.TektonObject, ps versioned.Interface, key, value string, annotations map[string]string) error

func AddRetry added in v0.4.0 

func AddRetry(ctx context.Context, obj objects.TektonObject, ps versioned.Interface, annotations map[string]string) error

func HandleRetry added in v0.4.0 

func HandleRetry(ctx context.Context, obj objects.TektonObject, ps versioned.Interface, annotations map[string]string) error

func MarkFailed added in v0.4.0 

func MarkFailed(ctx context.Context, obj objects.TektonObject, ps versioned.Interface, annotations map[string]string) error

func MarkSigned 

func MarkSigned(ctx context.Context, obj objects.TektonObject, ps versioned.Interface, annotations map[string]string) error

MarkSigned marks a Tekton object as signed.

func Reconciled added in v0.4.0 

func Reconciled(ctx context.Context, client versioned.Interface, obj objects.TektonObject) bool

Reconciled determines whether a Tekton object has already been reconciled. It first inspects the state of the given TektonObject. If that indicates it has not been reconciled, then Reconciled fetches the latest version of the TektonObject from the cluster and inspects that version as well. This aims to avoid creating multiple attestations due to a stale cached TektonObject.

func RetryAvailable added in v0.4.0 

func RetryAvailable(obj objects.TektonObject) bool

Types

type MetricsRecorder added in v0.20.0 

type MetricsRecorder interface {
	RecordCountMetrics(ctx context.Context, MetricType string)
}

type ObjectSigner added in v0.13.0 

type ObjectSigner struct {
	// Backends: store payload and signature
	// The keys are different storage option's name. {docdb, gcs, grafeas, oci, tekton}
	// The values are the actual storage backends that will be used to store and retrieve provenance.
	Backends          map[string]storage.Backend
	SecretPath        string
	Pipelineclientset versioned.Interface
	// Metrics Recorder config
	Recorder MetricsRecorder
}

func (*ObjectSigner) Sign added in v0.13.0 

func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject) error

Signs TaskRun and PipelineRun objects, as well as generates attesations for each Follows process of extract payload, sign payload, store payload and signature

type Signer 

type Signer interface {
	Sign(ctx context.Context, obj objects.TektonObject) error
}

type TaskRunVerifier added in v0.6.0 

type TaskRunVerifier struct {
	KubeClient        kubernetes.Interface
	Pipelineclientset versioned.Interface
	SecretPath        string
}

func (*TaskRunVerifier) VerifyTaskRun added in v0.6.0 

func (tv *TaskRunVerifier) VerifyTaskRun(ctx context.Context, tr *v1.TaskRun) error

type Verifier added in v0.6.0 

type Verifier interface {
	VerifyTaskRun(ctx context.Context, tr *v1.TaskRun) error
}

Source Files

View all Source files

Directories

Path Synopsis
all
simple
slsa/attest
slsa/extract
slsa/extract/v1beta1
slsa/internal/artifact
slsa/internal/build_definition
slsa/internal/build_types
slsa/internal/compare
slsa/internal/external_parameters
slsa/internal/internal_parameters
slsa/internal/material
slsa/internal/material/v1beta1
slsa/internal/metadata
slsa/internal/provenance
slsa/internal/resolved_dependencies
slsa/internal/results
slsa/internal/slsaconfig
slsa/v1
slsa/v1/internal/protos
slsa/v1/pipelinerun
slsa/v1/taskrun
slsa/v2alpha3
slsa/v2alpha3/internal/pipelinerun
slsa/v2alpha3/internal/taskrun
slsa/v2alpha4
slsa/v2alpha4/internal/pipelinerun
slsa/v2alpha4/internal/taskrun
kms
Package kms creates a signer using a key management server
 Package kms creates a signer using a key management server
x509
api
docdb
gcs
grafeas
oci
pubsub
tekton

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.