Documentation ¶
Index ¶
- Variables
- func WithClient(ctx context.Context, client Client) context.Context
- type ApplicationSnapshotImage
- func (a *ApplicationSnapshotImage) Attestations() []attestation.Attestation[in_toto.ProvenanceStatementSLSA02]
- func (a *ApplicationSnapshotImage) FilterMatchingAttestations(ctx context.Context)
- func (a *ApplicationSnapshotImage) SetImageURL(url string) error
- func (a *ApplicationSnapshotImage) Signatures() []output.EntitySignature
- func (a *ApplicationSnapshotImage) ValidateAttestationSignature(ctx context.Context) error
- func (a ApplicationSnapshotImage) ValidateAttestationSyntax(ctx context.Context) error
- func (a *ApplicationSnapshotImage) ValidateImageAccess(ctx context.Context) error
- func (a *ApplicationSnapshotImage) ValidateImageSignature(ctx context.Context) error
- func (a *ApplicationSnapshotImage) WriteInputFile(ctx context.Context) (string, error)
- type Client
Constants ¶
This section is empty.
Variables ¶
var ( EV001 = ece.NewError("EV001", "No attestation data", ece.ErrorExitStatus) EV002 = ece.NewError("EV002", "Unable to decode attestation data from attestation image", ece.ErrorExitStatus) EV003 = ece.NewError("EV003", "Attestation syntax validation failed", ece.ErrorExitStatus) )
Functions ¶
Types ¶
type ApplicationSnapshotImage ¶
type ApplicationSnapshotImage struct { Evaluators []evaluator.Evaluator // contains filtered or unexported fields }
ApplicationSnapshotImage represents the structure needed to evaluate an Application Snapshot Image
func NewApplicationSnapshotImage ¶
func NewApplicationSnapshotImage(ctx context.Context, url string, p policy.Policy) (*ApplicationSnapshotImage, error)
NewApplicationSnapshotImage returns an ApplicationSnapshotImage struct with reference, checkOpts, and evaluator ready to use.
func (*ApplicationSnapshotImage) Attestations ¶
func (a *ApplicationSnapshotImage) Attestations() []attestation.Attestation[in_toto.ProvenanceStatementSLSA02]
Attestations returns the value of the attestations field of the ApplicationSnapshotImage struct
func (*ApplicationSnapshotImage) FilterMatchingAttestations ¶
func (a *ApplicationSnapshotImage) FilterMatchingAttestations(ctx context.Context)
FilterMatchingAttestations ignores attestations that do not have a matching subject.
func (*ApplicationSnapshotImage) SetImageURL ¶
func (a *ApplicationSnapshotImage) SetImageURL(url string) error
func (*ApplicationSnapshotImage) Signatures ¶
func (a *ApplicationSnapshotImage) Signatures() []output.EntitySignature
func (*ApplicationSnapshotImage) ValidateAttestationSignature ¶
func (a *ApplicationSnapshotImage) ValidateAttestationSignature(ctx context.Context) error
ValidateAttestationSignature executes the cosign.VerifyImageAttestations method
func (ApplicationSnapshotImage) ValidateAttestationSyntax ¶
func (a ApplicationSnapshotImage) ValidateAttestationSyntax(ctx context.Context) error
ValidateAttestationSyntax validates the attestations against known JSON schemas, errors out if there are no attestations to check to prevent sucessful syntax check of no inputs, must invoke [ValidateAttestationSignature] to prefill the attestations.
func (*ApplicationSnapshotImage) ValidateImageAccess ¶
func (a *ApplicationSnapshotImage) ValidateImageAccess(ctx context.Context) error
ValidateImageAccess executes the remote.Head method on the ApplicationSnapshotImage image ref
func (*ApplicationSnapshotImage) ValidateImageSignature ¶
func (a *ApplicationSnapshotImage) ValidateImageSignature(ctx context.Context) error
ValidateImageSignature executes the cosign.VerifyImageSignature method on the ApplicationSnapshotImage image ref.
func (*ApplicationSnapshotImage) WriteInputFile ¶
func (a *ApplicationSnapshotImage) WriteInputFile(ctx context.Context) (string, error)
WriteInputFile writes the JSON from the attestations to input.json in a random temp dir
type Client ¶
type Client interface { VerifyImageSignatures(context.Context, name.Reference, *cosign.CheckOpts) ([]oci.Signature, bool, error) VerifyImageAttestations(context.Context, name.Reference, *cosign.CheckOpts) ([]oci.Signature, bool, error) Head(name.Reference, ...remote.Option) (*gcr.Descriptor, error) }
Client is an interface that contains all the external calls used by the application_snapshot_image package.