imagepromoter

package
v3.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 27, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TestSigningAccount = "k8s-infra-promoter-test-signer@k8s-cip-test-prod.iam.gserviceaccount.com"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DefaultPromoterImplementation 

type DefaultPromoterImplementation struct{}

func (*DefaultPromoterImplementation) ActivateServiceAccounts 

func (di *DefaultPromoterImplementation) ActivateServiceAccounts(opts *options.Options) error

ActivateServiceAccounts gets key files and activates service accounts

func (*DefaultPromoterImplementation) AppendManifestToSnapshot 

func (di *DefaultPromoterImplementation) AppendManifestToSnapshot(
	opts *options.Options, mfests []schema.Manifest,
) ([]schema.Manifest, error)

AppendManifestToSnapshot checks if a manifest was specified in the options passed to the promoter. If one is found, we parse it and append it to the list of manifests generated for the snapshot during GetSnapshotManifests()

func (*DefaultPromoterImplementation) CopySignatures 

func (di *DefaultPromoterImplementation) CopySignatures(
	opts *options.Options, sc *reg.SyncContext, signedEdges map[reg.PromotionEdge]interface{},
) error

CopySignatures copies sboms and signatures from the signed edges and attaches them to the newly promoted images before stamping the Kubernetes org signature

func (*DefaultPromoterImplementation) FindSingedEdges added in v3.4.3 

func (di *DefaultPromoterImplementation) FindSingedEdges(
	edges map[reg.PromotionEdge]interface{},
) (map[reg.PromotionEdge]interface{}, error)

FindSingedEdges takes a list of edges and returns a list of those that have a signature attached

func (*DefaultPromoterImplementation) GetIdentityToken 

func (di *DefaultPromoterImplementation) GetIdentityToken(
	opts *options.Options, serviceAccount string,
) (tok string, err error)

GetIdentityToken returns an identity token for the selected service account in order for this function to work, an account has to be already logged. This can be achieved using the

func (*DefaultPromoterImplementation) GetPromotionEdges 

func (di *DefaultPromoterImplementation) GetPromotionEdges(
	sc *reg.SyncContext, mfests []schema.Manifest,
) (promotionEdges map[reg.PromotionEdge]interface{}, err error)

GetPromotionEdges checks the manifests and determines from them the promotion edges, ie the images that need to be promoted.

func (*DefaultPromoterImplementation) GetRegistryImageInventory 

func (di *DefaultPromoterImplementation) GetRegistryImageInventory(
	opts *options.Options, mfests []schema.Manifest,
) (registry.RegInvImage, error)

func (*DefaultPromoterImplementation) GetSnapshotManifests 

func (di *DefaultPromoterImplementation) GetSnapshotManifests(
	opts *options.Options,
) ([]schema.Manifest, error)

GetSnapshotManifest creates the manifest list from the specified snapshot source

func (*DefaultPromoterImplementation) GetSnapshotSourceRegistry 

func (di *DefaultPromoterImplementation) GetSnapshotSourceRegistry(
	opts *options.Options,
) (*registry.Context, error)

func (*DefaultPromoterImplementation) MakeProducerFunction 

func (di *DefaultPromoterImplementation) MakeProducerFunction(useServiceAccount bool) StreamProducerFunc

MakeProducerFunction builds a function that will be called during promotion to get the producer streams

func (DefaultPromoterImplementation) MakeSyncContext 

func (di DefaultPromoterImplementation) MakeSyncContext(
	opts *options.Options, mfests []schema.Manifest,
) (*reg.SyncContext, error)

MakeSyncContext takes a slice of manifests and creates a sync context object based on them and the promoter options

func (*DefaultPromoterImplementation) ParseManifests 

func (di *DefaultPromoterImplementation) ParseManifests(opts *options.Options) (mfests []schema.Manifest, err error)

ParseManifests reads the manifest file or manifest directory and parses them to return a slice of Manifest objects.

func (*DefaultPromoterImplementation) PrecheckAndExit 

func (di *DefaultPromoterImplementation) PrecheckAndExit(
	opts *options.Options, mfests []schema.Manifest,
) error

PrecheckAndExit run simple prechecks to exit before promotions or security scans

func (*DefaultPromoterImplementation) PrewarmTUFCache added in v3.4.3 

func (di *DefaultPromoterImplementation) PrewarmTUFCache() error

PrewarmTUFCache initializes the TUF cache so that threads do not have to compete against each other creating the TUF database.

func (*DefaultPromoterImplementation) PrintSecDisclaimer 

func (di *DefaultPromoterImplementation) PrintSecDisclaimer()

printSecDisclaimer prints a disclaimer about false positives that may be found in container image lauyers.

func (*DefaultPromoterImplementation) PrintSection 

func (di *DefaultPromoterImplementation) PrintSection(message string, confirm bool)

printSection handles the start/finish labels in the former legacy cli/run code

func (*DefaultPromoterImplementation) PrintVersion 

func (di *DefaultPromoterImplementation) PrintVersion()

func (*DefaultPromoterImplementation) PromoteImages 

func (di *DefaultPromoterImplementation) PromoteImages(
	sc *reg.SyncContext,
	promotionEdges map[reg.PromotionEdge]interface{},
	fn StreamProducerFunc,
) error

PromoteImages starts an image promotion of a set of edges

func (*DefaultPromoterImplementation) ScanEdges 

func (di *DefaultPromoterImplementation) ScanEdges(
	opts *options.Options, sc *reg.SyncContext,
	promotionEdges map[reg.PromotionEdge]interface{},
) error

ScanEdges runs the vulnerability scans on the new images detected by the promoter.

func (*DefaultPromoterImplementation) SignImages 

func (di *DefaultPromoterImplementation) SignImages(
	opts *options.Options, sc *reg.SyncContext, edges map[reg.PromotionEdge]interface{},
) error

SignImages signs the promoted images and stores their signatures in the registry

func (*DefaultPromoterImplementation) Snapshot 

func (di *DefaultPromoterImplementation) Snapshot(opts *options.Options, rii registry.RegInvImage) error

Run a snapshot

func (*DefaultPromoterImplementation) ValidateManifestLists 

func (di *DefaultPromoterImplementation) ValidateManifestLists(opts *options.Options) error

ValidateManifestLists implements one of the run modes of the promoter where it parses the manifests, checks the images and exits

func (*DefaultPromoterImplementation) ValidateOptions 

func (di *DefaultPromoterImplementation) ValidateOptions(opts *options.Options) error

ValidateOptions checks an options set

func (*DefaultPromoterImplementation) ValidateStagingSignatures 

func (di *DefaultPromoterImplementation) ValidateStagingSignatures(
	edges map[reg.PromotionEdge]interface{},
) (map[reg.PromotionEdge]interface{}, error)

ValidateStagingSignatures checks if edges (images) have a signature applied during its staging run. If they do it verifies them and returns an error if they are not valid.

func (*DefaultPromoterImplementation) WriteSBOMs 

func (di *DefaultPromoterImplementation) WriteSBOMs(
	opts *options.Options, sc *reg.SyncContext, edges map[reg.PromotionEdge]interface{},
) error

WriteSBOMs writes SBOMs to each of the newly promoted images and stores them along the signatures in the registry

type StreamProducerFunc 

type StreamProducerFunc func(
	srcRegistry image.Registry, srcImageName image.Name,
	destRC registry.Context, imageName image.Name,
	digest image.Digest, tag image.Tag, tp reg.TagOp,
) stream.Producer

streamProducerFunc is a function that gets the required fields to construct a promotion stream producer

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.