sign

package
v0.9.20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Options 

type Options struct {
	// Logger is the custom logger to be used for message printing.
	Logger *logrus.Logger

	// Verbose can be used to enable a higher log verbosity
	Verbose bool

	// Timeout is the default timeout for network operations.
	// Defaults to 3 minutes
	Timeout time.Duration

	AllowInsecure bool

	// AttachSignature tells the signer to attach or not the new
	// signature to its image
	AttachSignature bool

	OutputSignaturePath   string
	OutputCertificatePath string
	Annotations           map[string]interface{}
	PrivateKeyPath        string
	PublicKeyPath         string

	// Identity token for keyless signing
	IdentityToken string

	// EnableTokenProviders tells signer to try to get a
	// token from the cosign providers when needed.
	EnableTokenProviders bool

	// PassFunc is a function that returns a slice of bytes that will be used
	// as a password for decrypting the cosign key. It is used only if PrivateKeyPath
	// is provided (i.e. it's not used for keyless signing).
	// Defaults to nil, which acts as having no password provided at all.
	PassFunc cosign.PassFunc

	// MaxRetries indicates the number of times to retry operations
	// when transient failures occur
	MaxRetries uint
}

Options can be used to modify the behavior of the signer.

func Default 

func Default() *Options

Default returns a default Options instance.

func (*Options) ToCosignRootOptions 

func (o *Options) ToCosignRootOptions() options.RootOptions

type SignedFile 

type SignedFile struct {
	// contains filtered or unexported fields
}

SignedFile contains additional metadata from the signing and verification process.

func (*SignedFile) CertificatePath 

func (s *SignedFile) CertificatePath() string

CertificatePath returns the path to the Certificate output of the signed file.

func (*SignedFile) Path 

func (s *SignedFile) Path() string

Path returns the path hash of the signed file.

func (*SignedFile) SHA256 

func (s *SignedFile) SHA256() string

SHA256 returns the SHA256 hash of the signed file.

func (*SignedFile) SignaturePath 

func (s *SignedFile) SignaturePath() string

SignaturePath returns the path to the Signature output of the signed file.

type SignedImage 

type SignedImage struct {
	// contains filtered or unexported fields
}

SignedImage contains additional metadata from the signing and verification process.

func (*SignedImage) Digest 

func (s *SignedImage) Digest() string

Digest returns the digest of the signed object.

func (*SignedImage) Reference 

func (s *SignedImage) Reference() string

Reference returns the OCI registry reference of the object.

func (*SignedImage) Signature 

func (s *SignedImage) Signature() string

Signature returns the signature of the signed object.

type SignedObject 

type SignedObject struct {
	// contains filtered or unexported fields
}

SignedObject contains additional metadata from the signing and verification process.

func (*SignedObject) File 

func (s *SignedObject) File() *SignedFile

File returns the file of the signed object and nil if it's an image.

func (*SignedObject) Image 

func (s *SignedObject) Image() *SignedImage

Image returns the image of the signed object and nil if it's a file.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer is the main structure to be used by API consumers.

func New 

func New(options *Options) *Signer

New returns a new Signer instance.

func (*Signer) IsFileSigned 

func (s *Signer) IsFileSigned(ctx context.Context, path string) (bool, error)

IsFileSigned takes an path reference and retrusn true if there is a signature available for it. It makes no signature verification, only checks to see if there is a TLog to be found on Rekor.

func (*Signer) IsImageSigned 

func (s *Signer) IsImageSigned(imageRef string) (bool, error)

IsImageSigned takes an image reference and returns true if there are signatures available for it. It makes no signature verification, only checks to see if more than one signature is available.

func (*Signer) SetImpl 

func (s *Signer) SetImpl(impl impl)

SetImpl can be used to set the internal implementation, which is mainly used for testing.

func (*Signer) SignFile 

func (s *Signer) SignFile(path string) (*SignedObject, error)

SignFile can be used to sign any provided file path by using keyless signing.

func (*Signer) SignImage 

func (s *Signer) SignImage(reference string) (object *SignedObject, err error)

SignImage can be used to sign any provided container image reference by using keyless signing.

func (*Signer) UploadBlob 

func (s *Signer) UploadBlob(path string) error

func (*Signer) VerifyFile 

func (s *Signer) VerifyFile(path string) (*SignedObject, error)

VerifyFile can be used to validate any provided file path. If no signed entry is found we skip the file without errors.

func (*Signer) VerifyImage 

func (s *Signer) VerifyImage(reference string) (*SignedObject, error)

VerifyImage can be used to validate any provided container image reference by using keyless signing.

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.