Documentation
¶
Index ¶
- Variables
- type Attestation
- func (*Attestation) Descriptor() ([]byte, []int)
- func (m *Attestation) GetPgpSignedAttestation() *PgpSignedAttestation
- func (m *Attestation) GetSignature() isAttestation_Signature
- func (*Attestation) ProtoMessage()
- func (m *Attestation) Reset()
- func (m *Attestation) String() string
- func (m *Attestation) XXX_DiscardUnknown()
- func (m *Attestation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Attestation) XXX_Merge(src proto.Message)
- func (*Attestation) XXX_OneofWrappers() []interface{}
- func (m *Attestation) XXX_Size() int
- func (m *Attestation) XXX_Unmarshal(b []byte) error
- type Attestation_PgpSignedAttestation
- type Authority
- func (*Authority) Descriptor() ([]byte, []int)
- func (m *Authority) GetHint() *Authority_Hint
- func (*Authority) ProtoMessage()
- func (m *Authority) Reset()
- func (m *Authority) String() string
- func (m *Authority) XXX_DiscardUnknown()
- func (m *Authority) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Authority) XXX_Merge(src proto.Message)
- func (m *Authority) XXX_Size() int
- func (m *Authority) XXX_Unmarshal(b []byte) error
- type Authority_Hint
- func (*Authority_Hint) Descriptor() ([]byte, []int)
- func (m *Authority_Hint) GetHumanReadableName() string
- func (*Authority_Hint) ProtoMessage()
- func (m *Authority_Hint) Reset()
- func (m *Authority_Hint) String() string
- func (m *Authority_Hint) XXX_DiscardUnknown()
- func (m *Authority_Hint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Authority_Hint) XXX_Merge(src proto.Message)
- func (m *Authority_Hint) XXX_Size() int
- func (m *Authority_Hint) XXX_Unmarshal(b []byte) error
- type Details
- func (*Details) Descriptor() ([]byte, []int)
- func (m *Details) GetAttestation() *Attestation
- func (*Details) ProtoMessage()
- func (m *Details) Reset()
- func (m *Details) String() string
- func (m *Details) XXX_DiscardUnknown()
- func (m *Details) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Details) XXX_Merge(src proto.Message)
- func (m *Details) XXX_Size() int
- func (m *Details) XXX_Unmarshal(b []byte) error
- type PgpSignedAttestation
- func (*PgpSignedAttestation) Descriptor() ([]byte, []int)
- func (m *PgpSignedAttestation) GetContentType() PgpSignedAttestation_ContentType
- func (m *PgpSignedAttestation) GetKeyId() isPgpSignedAttestation_KeyId
- func (m *PgpSignedAttestation) GetPgpKeyId() string
- func (m *PgpSignedAttestation) GetSignature() string
- func (*PgpSignedAttestation) ProtoMessage()
- func (m *PgpSignedAttestation) Reset()
- func (m *PgpSignedAttestation) String() string
- func (m *PgpSignedAttestation) XXX_DiscardUnknown()
- func (m *PgpSignedAttestation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PgpSignedAttestation) XXX_Merge(src proto.Message)
- func (*PgpSignedAttestation) XXX_OneofWrappers() []interface{}
- func (m *PgpSignedAttestation) XXX_Size() int
- func (m *PgpSignedAttestation) XXX_Unmarshal(b []byte) error
- type PgpSignedAttestation_ContentType
- type PgpSignedAttestation_PgpKeyId
Constants ¶
This section is empty.
Variables ¶
View Source
var PgpSignedAttestation_ContentType_name = map[int32]string{
0: "CONTENT_TYPE_UNSPECIFIED",
1: "SIMPLE_SIGNING_JSON",
}
View Source
var PgpSignedAttestation_ContentType_value = map[string]int32{
"CONTENT_TYPE_UNSPECIFIED": 0,
"SIMPLE_SIGNING_JSON": 1,
}
Functions ¶
This section is empty.
Types ¶
type Attestation ¶
type Attestation struct {
// The signature, generally over the `resource_url`, that verifies this
// attestation. The semantics of the signature veracity are ultimately
// determined by the verification engine.
//
// Types that are valid to be assigned to Signature:
// *Attestation_PgpSignedAttestation
Signature isAttestation_Signature `protobuf_oneof:"signature"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
Occurrence that represents a single "attestation". The authenticity of an Attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the Authority to which this Attestation is attached is primarily useful for look-up (how to find this Attestation if you already know the Authority and artifact to be verified) and intent (which authority was this attestation intended to sign for).
func (*Attestation) Descriptor ¶
func (*Attestation) Descriptor() ([]byte, []int)
func (*Attestation) GetPgpSignedAttestation ¶
func (m *Attestation) GetPgpSignedAttestation() *PgpSignedAttestation
func (*Attestation) GetSignature ¶
func (m *Attestation) GetSignature() isAttestation_Signature
func (*Attestation) ProtoMessage ¶
func (*Attestation) ProtoMessage()
func (*Attestation) Reset ¶
func (m *Attestation) Reset()
func (*Attestation) String ¶
func (m *Attestation) String() string
func (*Attestation) XXX_DiscardUnknown ¶
func (m *Attestation) XXX_DiscardUnknown()
func (*Attestation) XXX_Marshal ¶
func (m *Attestation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Attestation) XXX_Merge ¶
func (m *Attestation) XXX_Merge(src proto.Message)
func (*Attestation) XXX_OneofWrappers ¶
func (*Attestation) XXX_OneofWrappers() []interface{}
XXX_OneofWrappers is for the internal use of the proto package.
func (*Attestation) XXX_Size ¶
func (m *Attestation) XXX_Size() int
func (*Attestation) XXX_Unmarshal ¶
func (m *Attestation) XXX_Unmarshal(b []byte) error
type Attestation_PgpSignedAttestation ¶
type Attestation_PgpSignedAttestation struct {
PgpSignedAttestation *PgpSignedAttestation `protobuf:"bytes,1,opt,name=pgp_signed_attestation,json=pgpSignedAttestation,proto3,oneof"`
}
type Authority ¶
type Authority struct {
// Hint hints at the purpose of the attestation authority.
Hint *Authority_Hint `protobuf:"bytes,1,opt,name=hint,proto3" json:"hint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This Note is intended to act strictly as a grouping mechanism for the attached Occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an Occurrence to a given Note. It also provides a single point of lookup to find all attached Attestation Occurrences, even if they don't all live in the same project.
func (*Authority) Descriptor ¶
func (*Authority) GetHint ¶
func (m *Authority) GetHint() *Authority_Hint
func (*Authority) ProtoMessage ¶
func (*Authority) ProtoMessage()
func (*Authority) XXX_DiscardUnknown ¶
func (m *Authority) XXX_DiscardUnknown()
func (*Authority) XXX_Marshal ¶
func (*Authority) XXX_Unmarshal ¶
type Authority_Hint ¶
type Authority_Hint struct {
// The human readable name of this Attestation Authority, for example "qa".
HumanReadableName string `protobuf:"bytes,1,opt,name=human_readable_name,json=humanReadableName,proto3" json:"human_readable_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
This submessage provides human-readable hints about the purpose of the Authority. Because the name of a Note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should NOT be used to look up authorities in security sensitive contexts, such as when looking up Attestations to verify.
func (*Authority_Hint) Descriptor ¶
func (*Authority_Hint) Descriptor() ([]byte, []int)
func (*Authority_Hint) GetHumanReadableName ¶
func (m *Authority_Hint) GetHumanReadableName() string
func (*Authority_Hint) ProtoMessage ¶
func (*Authority_Hint) ProtoMessage()
func (*Authority_Hint) Reset ¶
func (m *Authority_Hint) Reset()
func (*Authority_Hint) String ¶
func (m *Authority_Hint) String() string
func (*Authority_Hint) XXX_DiscardUnknown ¶
func (m *Authority_Hint) XXX_DiscardUnknown()
func (*Authority_Hint) XXX_Marshal ¶
func (m *Authority_Hint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Authority_Hint) XXX_Merge ¶
func (m *Authority_Hint) XXX_Merge(src proto.Message)
func (*Authority_Hint) XXX_Size ¶
func (m *Authority_Hint) XXX_Size() int
func (*Authority_Hint) XXX_Unmarshal ¶
func (m *Authority_Hint) XXX_Unmarshal(b []byte) error
type Details ¶
type Details struct {
// Attestation for the resource.
Attestation *Attestation `protobuf:"bytes,1,opt,name=attestation,proto3" json:"attestation,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
Details of an attestation occurrence.
func (*Details) Descriptor ¶
func (*Details) GetAttestation ¶
func (m *Details) GetAttestation() *Attestation
func (*Details) ProtoMessage ¶
func (*Details) ProtoMessage()
func (*Details) XXX_DiscardUnknown ¶
func (m *Details) XXX_DiscardUnknown()
func (*Details) XXX_Marshal ¶
func (*Details) XXX_Unmarshal ¶
type PgpSignedAttestation ¶
type PgpSignedAttestation struct {
// The raw content of the signature, as output by GNU Privacy Guard (GPG) or
// equivalent. Since this message only supports attached signatures, the
// payload that was signed must be attached. While the signature format
// supported is dependent on the verification implementation, currently only
// ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
// `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
// --output=signature.gpg payload.json` will create the signature content
// expected in this field in `signature.gpg` for the `payload.json`
// attestation payload.
Signature string `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
// Type (for example schema) of the attestation payload that was signed.
// The verifier must ensure that the provided type is one that the verifier
// supports, and that the attestation payload is a valid instantiation of that
// type (for example by validating a JSON schema).
ContentType PgpSignedAttestation_ContentType `` /* 161-byte string literal not displayed */
// This field is used by verifiers to select the public key used to validate
// the signature. Note that the policy of the verifier ultimately determines
// which public keys verify a signature based on the context of the
// verification. There is no guarantee validation will succeed if the
// verifier has no key matching this ID, even if it has a key under a
// different ID that would verify the signature. Note that this ID should also
// be present in the signature content above, but that is not expected to be
// used by the verifier.
//
// Types that are valid to be assigned to KeyId:
// *PgpSignedAttestation_PgpKeyId
KeyId isPgpSignedAttestation_KeyId `protobuf_oneof:"key_id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
An attestation wrapper with a PGP-compatible signature. This message only supports `ATTACHED` signatures, where the payload that is signed is included alongside the signature itself in the same file.
func (*PgpSignedAttestation) Descriptor ¶
func (*PgpSignedAttestation) Descriptor() ([]byte, []int)
func (*PgpSignedAttestation) GetContentType ¶
func (m *PgpSignedAttestation) GetContentType() PgpSignedAttestation_ContentType
func (*PgpSignedAttestation) GetKeyId ¶
func (m *PgpSignedAttestation) GetKeyId() isPgpSignedAttestation_KeyId
func (*PgpSignedAttestation) GetPgpKeyId ¶
func (m *PgpSignedAttestation) GetPgpKeyId() string
func (*PgpSignedAttestation) GetSignature ¶
func (m *PgpSignedAttestation) GetSignature() string
func (*PgpSignedAttestation) ProtoMessage ¶
func (*PgpSignedAttestation) ProtoMessage()
func (*PgpSignedAttestation) Reset ¶
func (m *PgpSignedAttestation) Reset()
func (*PgpSignedAttestation) String ¶
func (m *PgpSignedAttestation) String() string
func (*PgpSignedAttestation) XXX_DiscardUnknown ¶
func (m *PgpSignedAttestation) XXX_DiscardUnknown()
func (*PgpSignedAttestation) XXX_Marshal ¶
func (m *PgpSignedAttestation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PgpSignedAttestation) XXX_Merge ¶
func (m *PgpSignedAttestation) XXX_Merge(src proto.Message)
func (*PgpSignedAttestation) XXX_OneofWrappers ¶
func (*PgpSignedAttestation) XXX_OneofWrappers() []interface{}
XXX_OneofWrappers is for the internal use of the proto package.
func (*PgpSignedAttestation) XXX_Size ¶
func (m *PgpSignedAttestation) XXX_Size() int
func (*PgpSignedAttestation) XXX_Unmarshal ¶
func (m *PgpSignedAttestation) XXX_Unmarshal(b []byte) error
type PgpSignedAttestation_ContentType ¶
type PgpSignedAttestation_ContentType int32
Type (for example schema) of the attestation payload that was signed.
const ( // `ContentType` is not set. PgpSignedAttestation_CONTENT_TYPE_UNSPECIFIED PgpSignedAttestation_ContentType = 0 // Atomic format attestation signature. See // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md // The payload extracted from `signature` is a JSON blob conforming to the // linked schema. PgpSignedAttestation_SIMPLE_SIGNING_JSON PgpSignedAttestation_ContentType = 1 )
func (PgpSignedAttestation_ContentType) EnumDescriptor ¶
func (PgpSignedAttestation_ContentType) EnumDescriptor() ([]byte, []int)
func (PgpSignedAttestation_ContentType) String ¶
func (x PgpSignedAttestation_ContentType) String() string
type PgpSignedAttestation_PgpKeyId ¶
type PgpSignedAttestation_PgpKeyId struct {
PgpKeyId string `protobuf:"bytes,2,opt,name=pgp_key_id,json=pgpKeyId,proto3,oneof"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.