mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
6a62613d5b
* feat: add TUF and CTlogs to types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add tuf init and custom ctlogs to cosign verify Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update tests with new types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: reduce description size Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ctlogs negative test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add validate for ignoresct Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update codegen files Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update codegen Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove TUF changes Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
50 lines
1.4 KiB
Go
50 lines
1.4 KiB
Go
package images
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/google/go-containerregistry/pkg/authn"
|
|
"github.com/sigstore/cosign/v2/pkg/oci/remote"
|
|
)
|
|
|
|
type ImageVerifier interface {
|
|
// VerifySignature verifies that the image has the expected signatures
|
|
VerifySignature(ctx context.Context, opts Options) (*Response, error)
|
|
// FetchAttestations retrieves signed attestations and decodes them into in-toto statements
|
|
// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement
|
|
FetchAttestations(ctx context.Context, opts Options) (*Response, error)
|
|
}
|
|
|
|
type Client interface {
|
|
Keychain() authn.Keychain
|
|
BuildRemoteOption(context.Context) remote.Option
|
|
}
|
|
|
|
type Options struct {
|
|
ImageRef string
|
|
Client Client
|
|
FetchAttestations bool
|
|
Key string
|
|
Cert string
|
|
CertChain string
|
|
Roots string
|
|
Subject string
|
|
Issuer string
|
|
AdditionalExtensions map[string]string
|
|
Annotations map[string]string
|
|
Repository string
|
|
IgnoreTlog bool
|
|
RekorURL string
|
|
RekorPubKey string
|
|
IgnoreSCT bool
|
|
CTLogsPubKey string
|
|
SignatureAlgorithm string
|
|
PredicateType string
|
|
Type string
|
|
Identities string
|
|
}
|
|
|
|
type Response struct {
|
|
Digest string
|
|
Statements []map[string]interface{}
|
|
}
|