mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 15:37:19 +00:00
c1015bf619
* fix excessive logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove cosign dependency from API package Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update UserAgent Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
50 lines
1.4 KiB
Go
50 lines
1.4 KiB
Go
package images
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/google/go-containerregistry/pkg/authn"
|
|
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
|
|
)
|
|
|
|
type ImageVerifier interface {
|
|
// VerifySignature verifies that the image has the expected signatures
|
|
VerifySignature(ctx context.Context, opts Options) (*Response, error)
|
|
// FetchAttestations retrieves signed attestations and decodes them into in-toto statements
|
|
// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement
|
|
FetchAttestations(ctx context.Context, opts Options) (*Response, error)
|
|
}
|
|
|
|
type Client interface {
|
|
Keychain() authn.Keychain
|
|
Options(context.Context) ([]gcrremote.Option, error)
|
|
}
|
|
|
|
type Options struct {
|
|
ImageRef string
|
|
Client Client
|
|
FetchAttestations bool
|
|
Key string
|
|
Cert string
|
|
CertChain string
|
|
Roots string
|
|
Subject string
|
|
Issuer string
|
|
AdditionalExtensions map[string]string
|
|
Annotations map[string]string
|
|
Repository string
|
|
IgnoreTlog bool
|
|
RekorURL string
|
|
RekorPubKey string
|
|
IgnoreSCT bool
|
|
CTLogsPubKey string
|
|
SignatureAlgorithm string
|
|
PredicateType string
|
|
Type string
|
|
Identities string
|
|
}
|
|
|
|
type Response struct {
|
|
Digest string
|
|
Statements []map[string]interface{}
|
|
}
|