1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
kyverno/pkg/images/verifier.go
Pradeep Lakshmi Narasimha 373f942ea9
fix: Allow images to be pulled from insecure registry when allowInsecureRegistry flag is set to true (#10934) (#11243)
* fix: Allow images to be pulled from insecure registry when allowInsecureRegistry flag is set to true (#10934)

Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>

* Update pkg/registryclient/client.go

Signed-off-by: Vishal Choudhary <vishal.chdhry.work@gmail.com>

---------

Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.chdhry.work@gmail.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.chdhry.work@gmail.com>
2024-10-07 15:29:12 +00:00

57 lines
1.6 KiB
Go

package images
import (
"context"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/name"
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
)
type ImageVerifier interface {
// VerifySignature verifies that the image has the expected signatures
VerifySignature(ctx context.Context, opts Options) (*Response, error)
// FetchAttestations retrieves signed attestations and decodes them into in-toto statements
// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement
FetchAttestations(ctx context.Context, opts Options) (*Response, error)
}
type Client interface {
Keychain() authn.Keychain
Options(context.Context) ([]gcrremote.Option, error)
NameOptions() []name.Option
}
type Options struct {
SigstoreBundle bool
ImageRef string
Client Client
FetchAttestations bool
Key string
Cert string
CertChain string
Roots string
Subject string
SubjectRegExp string
Issuer string
IssuerRegExp string
AdditionalExtensions map[string]string
Annotations map[string]string
Repository string
CosignOCI11 bool
IgnoreTlog bool
RekorURL string
RekorPubKey string
IgnoreSCT bool
TSACertChain string
CTLogsPubKey string
SignatureAlgorithm string
PredicateType string
Type string
Identities string
}
type Response struct {
Digest string
Statements []map[string]interface{}
}