kyverno/pkg/images/verifier.go

package images

import (
	"context"

	"github.com/kyverno/kyverno/pkg/registryclient"
)

type ImageVerifier interface {
	// VerifySignature verifies that the image has the expected signatures
	VerifySignature(ctx context.Context, opts Options) (*Response, error)
	// FetchAttestations retrieves signed attestations and decodes them into in-toto statements
	// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement
	FetchAttestations(ctx context.Context, opts Options) (*Response, error)
}

type Options struct {
	ImageRef             string
	RegistryClient       registryclient.Client
	FetchAttestations    bool
	Key                  string
	Cert                 string
	CertChain            string
	Roots                string
	Subject              string
	Issuer               string
	AdditionalExtensions map[string]string
	Annotations          map[string]string
	Repository           string
	RekorURL             string
	SignatureAlgorithm   string
	PredicateType        string
	Identities           string
}

type Response struct {
	Digest     string
	Statements []map[string]interface{}
}
Notary v2 (#6011) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> 2023-02-20 08:26:10 -08:00			`package images`

			`import (`
			`"context"`

			`"github.com/kyverno/kyverno/pkg/registryclient"`
			`)`

			`type ImageVerifier interface {`
			`// VerifySignature verifies that the image has the expected signatures`
			`VerifySignature(ctx context.Context, opts Options) (*Response, error)`
			`// FetchAttestations retrieves signed attestations and decodes them into in-toto statements`
			`// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement`
			`FetchAttestations(ctx context.Context, opts Options) (*Response, error)`
			`}`

			`type Options struct {`
			`ImageRef string`
			`RegistryClient registryclient.Client`
			`FetchAttestations bool`
			`Key string`
			`Cert string`
			`CertChain string`
			`Roots string`
			`Subject string`
			`Issuer string`
			`AdditionalExtensions map[string]string`
			`Annotations map[string]string`
			`Repository string`
			`RekorURL string`
			`SignatureAlgorithm string`
			`PredicateType string`
			`Identities string`
			`}`

			`type Response struct {`
			`Digest string`
			`Statements []map[string]interface{}`
			`}`