Documentation ¶
Index ¶
Constants ¶
const ( Now = "now" AtAttestation = "attestation" DateFormat = "2006-01-02" )
Variables ¶
var (
PO001 = e.NewError("PO001", "Invalid policy time argument", e.ErrorExitStatus)
)
Functions ¶
This section is empty.
Types ¶
type FakeKubernetesClient ¶
type FakeKubernetesClient struct { Policy ecc.EnterpriseContractPolicySpec Snapshot app.SnapshotSpec FetchError bool }
func (*FakeKubernetesClient) FetchEnterpriseContractPolicy ¶
func (c *FakeKubernetesClient) FetchEnterpriseContractPolicy(ctx context.Context, ref string) (*ecc.EnterpriseContractPolicy, error)
func (*FakeKubernetesClient) FetchSnapshot ¶
type Policy ¶
type Policy interface { PublicKeyPEM() ([]byte, error) CheckOpts() (*cosign.CheckOpts, error) WithSpec(spec ecc.EnterpriseContractPolicySpec) Policy Spec() ecc.EnterpriseContractPolicySpec EffectiveTime() time.Time AttestationTime(time.Time) }
func NewInertPolicy ¶
NewInertPolicy construct and return a new instance of Policy that doesn't perform strict checks on the consistency of the policy.
The policyRef parameter is expected to be either a JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name
If policyRef is blank, an empty EnterpriseContractPolicySpec is used.
func NewOfflinePolicy ¶
NewOfflinePolicy construct and return a new instance of Policy that is used in offline scenarios, i.e. without cluster or specific services access, and no signature verification being performed.
func NewPolicy ¶
func NewPolicy(ctx context.Context, policyRef, rekorUrl, publicKey, effectiveTime string) (Policy, error)
NewPolicy construct and return a new instance of Policy.
The policyRef parameter is expected to be either a JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name
If policyRef is blank, an empty EnterpriseContractPolicySpec is used.
rekorUrl and publicKey provide a mechanism to overwrite the attributes, of same name, in the EnterpriseContractPolicySpec.
The public key is resolved as part of object construction. If the public key is a reference to a kubernetes resource, for example, the cluster will be contacted.