v1alpha1

package
v0.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2024 License: Apache-2.0 Imports: 8 Imported by: 3

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the validation v1alpha1 API group +kubebuilder:object:generate=true +groupName=validation.spectrocloud.labs

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "validation.spectrocloud.labs", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type Artifact 

type Artifact struct {
	// Ref is the path to the artifact in the host registry that should be validated.
	// An individual artifact can take any of the following forms:
	// <repository-path>/<artifact-name>
	// <repository-path>/<artifact-name>:<tag>
	// <repository-path>/<artifact-name>@<digest>
	//
	// When no tag or digest are specified, the default tag "latest" is used.
	Ref string `json:"ref" yaml:"ref"`

	// ValidationType overrides the OciRegistryRule level ValidationType for a particular artifact.
	// +kubebuilder:validation:Enum=full;fast;none
	ValidationType *ValidationType `json:"validationType,omitempty" yaml:"validationType,omitempty"`
}

Artifact defines an OCI artifact to be validated.

func (*Artifact) DeepCopy 

func (in *Artifact) DeepCopy() *Artifact

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Artifact.

func (*Artifact) DeepCopyInto 

func (in *Artifact) DeepCopyInto(out *Artifact)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Auth 

type Auth struct {
	// SecretName is the name of the Kubernetes Secret that exists in the same namespace as the OciValidator
	// and that contains the credentials used to authenticate to the OCI Registry.
	SecretName *string `json:"secretName,omitempty" yaml:"secretName,omitempty"`

	// BasicAuth is the username and password used to authenticate to the OCI registry.
	Basic *BasicAuth `json:"basic,omitempty" yaml:"basic,omitempty"`

	// ECRAuth is the access key ID, secret access key, and session token used to authenticate to ECR.
	ECR *ECRAuth `json:"ecr,omitempty" yaml:"ecr,omitempty"`
}

Auth defines the authentication information for the registry. One of SecretName, Basic, or ECR must be provided for a private registry. If multiple fields are provided, the order of precedence is SecretName, Basic, ECR.

func (*Auth) DeepCopy 

func (in *Auth) DeepCopy() *Auth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Auth.

func (*Auth) DeepCopyInto 

func (in *Auth) DeepCopyInto(out *Auth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BasicAuth added in v0.2.0 

type BasicAuth struct {
	// Username is the username used to authenticate to the OCI Registry.
	Username string `json:"username" yaml:"username"`

	// Password is the password used to authenticate to the OCI Registry.
	Password string `json:"password" yaml:"password"`
}

BasicAuth defines the username and password used to authenticate to the OCI registry.

func (*BasicAuth) DeepCopy added in v0.2.0 

func (in *BasicAuth) DeepCopy() *BasicAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth.

func (*BasicAuth) DeepCopyInto added in v0.2.0 

func (in *BasicAuth) DeepCopyInto(out *BasicAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ECRAuth added in v0.2.0 

type ECRAuth struct {
	// AccessKeyID is the AWS access key ID used to authenticate to ECR.
	AccessKeyID string `json:"accessKeyID" yaml:"accessKeyID"`

	// SecretAccessKey is the AWS secret access key used to authenticate to ECR.
	SecretAccessKey string `json:"secretAccessKey" yaml:"secretAccessKey"`

	// SessionToken is the AWS session token used to authenticate to ECR.
	SessionToken string `json:"sessionToken,omitempty" yaml:"sessionToken,omitempty"`
}

ECRAuth defines the access key ID, secret access key, and session token used to authenticate to ECR.

func (*ECRAuth) DeepCopy added in v0.2.0 

func (in *ECRAuth) DeepCopy() *ECRAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ECRAuth.

func (*ECRAuth) DeepCopyInto added in v0.2.0 

func (in *ECRAuth) DeepCopyInto(out *ECRAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OciRegistryRule 

type OciRegistryRule struct {
	validationrule.ManuallyNamed `json:",inline" yaml:",omitempty"`

	// Name is a unique name for the OciRegistryRule.
	RuleName string `json:"name" yaml:"name"`

	// Host is the URI of an OCI registry.
	Host string `json:"host" yaml:"host"`

	// ValidationType specifies which (if any) type of validation is performed on the artifacts.
	// Valid values are "full", "fast", and "none". When set to "none", the artifact will not be pulled and no extra validation will be performed.
	// For both "full" and "fast" validationType, the following validations will be executed:
	// - Layers existence will be validated
	// - Config digest, size, content, and type will be validated
	// - Manifest digest, content, and size will be validated
	// For "full" validationType, the following additional validations will be performed:
	// - Layer digest, diffID, size, and media type will be validated
	// See more details about validation here:
	// https://github.com/google/go-containerregistry/blob/8dadbe76ff8c20d0e509406f04b7eade43baa6c1/pkg/v1/validate/image.go#L30
	// +kubebuilder:validation:Enum=full;fast;none
	// +kubebuilder:default:=none
	ValidationType ValidationType `json:"validationType" yaml:"validationType"`

	// Artifacts is a slice of artifacts in the OCI registry that should be validated.
	// +kubebuilder:validation:MinItems=1
	Artifacts []Artifact `json:"artifacts,omitempty" yaml:"artifacts,omitempty"`

	// Auth provides authentication information for the registry.
	Auth Auth `json:"auth,omitempty" yaml:"auth,omitempty"`

	// InsecureSkipTLSVerify specifies whether to skip verification of the OCI registry's TLS certificate.
	InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty" yaml:"insecureSkipTLSVerify,omitempty"`

	// CaCert is the CA certificate of the OCI registry.
	CaCert string `json:"caCert,omitempty" yaml:"caCert,omitempty"`

	// SignatureVerification provides signature verification options for the artifacts.
	SignatureVerification SignatureVerification `json:"signatureVerification,omitempty" yaml:"signatureVerification,omitempty"`
}

OciRegistryRule defines the validation rule for an OCI registry.

func (*OciRegistryRule) DeepCopy 

func (in *OciRegistryRule) DeepCopy() *OciRegistryRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciRegistryRule.

func (*OciRegistryRule) DeepCopyInto 

func (in *OciRegistryRule) DeepCopyInto(out *OciRegistryRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (OciRegistryRule) Name 

func (r OciRegistryRule) Name() string

Name returns the name of the OciRegistryRule.

func (*OciRegistryRule) SetName added in v0.3.0 

func (r *OciRegistryRule) SetName(name string)

SetName sets the name of the OciRegistryRule.

type OciValidator 

type OciValidator struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   OciValidatorSpec   `json:"spec,omitempty"`
	Status OciValidatorStatus `json:"status,omitempty"`
}

OciValidator is the Schema for the ocivalidators API.

func (*OciValidator) DeepCopy 

func (in *OciValidator) DeepCopy() *OciValidator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciValidator.

func (*OciValidator) DeepCopyInto 

func (in *OciValidator) DeepCopyInto(out *OciValidator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OciValidator) DeepCopyObject 

func (in *OciValidator) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (OciValidator) GetKind added in v0.2.0 

func (v OciValidator) GetKind() string

GetKind returns the OCI validator's kind.

func (OciValidator) PluginCode added in v0.0.13 

func (v OciValidator) PluginCode() string

PluginCode returns the OCI validator's plugin code.

func (OciValidator) ResultCount added in v0.0.13 

func (v OciValidator) ResultCount() int

ResultCount returns the number of validation results expected for an OciValidator.

type OciValidatorList 

type OciValidatorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []OciValidator `json:"items"`
}

OciValidatorList contains a list of OciValidator.

func (*OciValidatorList) DeepCopy 

func (in *OciValidatorList) DeepCopy() *OciValidatorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciValidatorList.

func (*OciValidatorList) DeepCopyInto 

func (in *OciValidatorList) DeepCopyInto(out *OciValidatorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OciValidatorList) DeepCopyObject 

func (in *OciValidatorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OciValidatorSpec 

type OciValidatorSpec struct {
	// +kubebuilder:validation:MaxItems=5
	// +kubebuilder:validation:XValidation:message="OciRegistryRules must have a unique RuleName",rule="self.all(e, size(self.filter(x, x.name == e.name)) == 1)"
	OciRegistryRules []OciRegistryRule `json:"ociRegistryRules,omitempty" yaml:"ociRegistryRules,omitempty"`
}

OciValidatorSpec defines the desired state of OciValidator.

func (*OciValidatorSpec) AllPubKeysDirect added in v0.3.3 

func (s *OciValidatorSpec) AllPubKeysDirect() map[string][][]byte

AllPubKeysDirect returns a map of public keys for each rule when invoked directly.

func (*OciValidatorSpec) BasicAuthsDirect added in v0.3.3 

func (s *OciValidatorSpec) BasicAuthsDirect() map[string][]string

BasicAuthsDirect returns a map of basic authentication details for each rule when invoked directly.

func (*OciValidatorSpec) DeepCopy 

func (in *OciValidatorSpec) DeepCopy() *OciValidatorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciValidatorSpec.

func (*OciValidatorSpec) DeepCopyInto 

func (in *OciValidatorSpec) DeepCopyInto(out *OciValidatorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (OciValidatorSpec) PluginCode added in v0.0.13 

func (s OciValidatorSpec) PluginCode() string

PluginCode returns the OCI validator's plugin code.

func (OciValidatorSpec) ResultCount 

func (s OciValidatorSpec) ResultCount() int

ResultCount returns the number of validation results expected for an OciValidatorSpec.

type OciValidatorStatus 

type OciValidatorStatus struct{}

OciValidatorStatus defines the observed state of OciValidator.

func (*OciValidatorStatus) DeepCopy 

func (in *OciValidatorStatus) DeepCopy() *OciValidatorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciValidatorStatus.

func (*OciValidatorStatus) DeepCopyInto 

func (in *OciValidatorStatus) DeepCopyInto(out *OciValidatorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SignatureVerification 

type SignatureVerification struct {
	// Provider specifies the technology used to sign the OCI Artifact.
	// +kubebuilder:validation:Enum=cosign
	// +kubebuilder:default:=cosign
	Provider string `json:"provider" yaml:"provider"`

	// SecretName is the name of the Kubernetes Secret that exists in the same namespace as the OciValidator
	// and that contains the trusted public keys used to sign artifacts in the OciRegistryRule.
	SecretName string `json:"secretName" yaml:"secretName"`

	// PublicKeys is a slice of public keys used to verify the signatures of artifacts in the OciRegistryRule.
	PublicKeys []string `json:"publicKeys,omitempty" yaml:"publicKeys,omitempty"`
}

SignatureVerification defines the provider and secret name to verify the signatures of artifacts in an OCI registry.

func (*SignatureVerification) DeepCopy 

func (in *SignatureVerification) DeepCopy() *SignatureVerification

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignatureVerification.

func (*SignatureVerification) DeepCopyInto 

func (in *SignatureVerification) DeepCopyInto(out *SignatureVerification)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValidationType added in v0.2.0 

type ValidationType string

ValidationType defines the type of extra validation to perform on the artifacts. 

const (
	// ValidationTypeFull specifies full validation of the artifacts.
	ValidationTypeFull ValidationType = "full"
	// ValidationTypeFast specifies fast validation of the artifacts.
	ValidationTypeFast ValidationType = "fast"
	// ValidationTypeNone specifies no extra validation of the artifacts, artifacts will not be pulled.
	ValidationTypeNone ValidationType = "none"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.