mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 15:37:19 +00:00
83f2846572
* feat: add TSA cert chain support in cosign Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add unit test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
51 lines
1.4 KiB
Go
51 lines
1.4 KiB
Go
package images
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/google/go-containerregistry/pkg/authn"
|
|
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
|
|
)
|
|
|
|
type ImageVerifier interface {
|
|
// VerifySignature verifies that the image has the expected signatures
|
|
VerifySignature(ctx context.Context, opts Options) (*Response, error)
|
|
// FetchAttestations retrieves signed attestations and decodes them into in-toto statements
|
|
// https://github.com/in-toto/attestation/blob/main/spec/README.md#statement
|
|
FetchAttestations(ctx context.Context, opts Options) (*Response, error)
|
|
}
|
|
|
|
type Client interface {
|
|
Keychain() authn.Keychain
|
|
Options(context.Context) ([]gcrremote.Option, error)
|
|
}
|
|
|
|
type Options struct {
|
|
ImageRef string
|
|
Client Client
|
|
FetchAttestations bool
|
|
Key string
|
|
Cert string
|
|
CertChain string
|
|
Roots string
|
|
Subject string
|
|
Issuer string
|
|
AdditionalExtensions map[string]string
|
|
Annotations map[string]string
|
|
Repository string
|
|
IgnoreTlog bool
|
|
RekorURL string
|
|
RekorPubKey string
|
|
IgnoreSCT bool
|
|
TSACertChain string
|
|
CTLogsPubKey string
|
|
SignatureAlgorithm string
|
|
PredicateType string
|
|
Type string
|
|
Identities string
|
|
}
|
|
|
|
type Response struct {
|
|
Digest string
|
|
Statements []map[string]interface{}
|
|
}
|