mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
29997fe446
* fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial update Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update registry credentials handling order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * comment out ACR helper - breaks anonymous image pull Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main and refactor verifiers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix opt init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove local address Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update to NotaryV2 RC Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update deps Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format imports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove env and no-op statement Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove unused field Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * renable ACR credential helper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shutting06@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
39 lines
1.1 KiB
Go
39 lines
1.1 KiB
Go
package images
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/kyverno/kyverno/pkg/registryclient"
|
|
)
|
|
|
|
type ImageVerifier interface {
|
|
// VerifySignature verifies that the image has the expected signatures
|
|
VerifySignature(ctx context.Context, opts Options) (*Response, error)
|
|
// FetchAttestations retrieves signed attestations and decodes them into in-toto statements
|
|
// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement
|
|
FetchAttestations(ctx context.Context, opts Options) (*Response, error)
|
|
}
|
|
|
|
type Options struct {
|
|
ImageRef string
|
|
RegistryClient registryclient.Client
|
|
FetchAttestations bool
|
|
Key string
|
|
Cert string
|
|
CertChain string
|
|
Roots string
|
|
Subject string
|
|
Issuer string
|
|
AdditionalExtensions map[string]string
|
|
Annotations map[string]string
|
|
Repository string
|
|
RekorURL string
|
|
SignatureAlgorithm string
|
|
PredicateType string
|
|
Identities string
|
|
}
|
|
|
|
type Response struct {
|
|
Digest string
|
|
Statements []map[string]interface{}
|
|
}
|