policy

package

v0.0.0-...-06b94e1 Latest Latest Go to latest Published: Mar 28, 2023 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hacbs-contract/ec-cli

Documentation ¶

Index ¶

Constants
Variables
type FakeKubernetesClient
- func (c *FakeKubernetesClient) FetchEnterpriseContractPolicy(ctx context.Context, ref string) (*ecc.EnterpriseContractPolicy, error)
- func (c *FakeKubernetesClient) FetchSnapshot(ctx context.Context, ref string) (*app.Snapshot, error)
type Policy

Constants ¶

View Source

const (
	Now           = "now"
	AtAttestation = "attestation"
	DateFormat    = "2006-01-02"
)

Variables ¶

View Source

var (
	PO001 = e.NewError("PO001", "Invalid policy time argument", e.ErrorExitStatus)
)

Functions ¶

This section is empty.

Types ¶

type FakeKubernetesClient ¶

type FakeKubernetesClient struct {
	Policy     ecc.EnterpriseContractPolicySpec
	Snapshot   app.SnapshotSpec
	FetchError bool
}

func (*FakeKubernetesClient) FetchEnterpriseContractPolicy ¶

func (c *FakeKubernetesClient) FetchEnterpriseContractPolicy(ctx context.Context, ref string) (*ecc.EnterpriseContractPolicy, error)

func (*FakeKubernetesClient) FetchSnapshot ¶

func (c *FakeKubernetesClient) FetchSnapshot(ctx context.Context, ref string) (*app.Snapshot, error)

type Policy ¶

type Policy interface {
	PublicKeyPEM() ([]byte, error)
	CheckOpts() (*cosign.CheckOpts, error)
	WithSpec(spec ecc.EnterpriseContractPolicySpec) Policy
	Spec() ecc.EnterpriseContractPolicySpec
	EffectiveTime() time.Time
	AttestationTime(time.Time)
}

func NewInertPolicy ¶

func NewInertPolicy(ctx context.Context, policyRef string) (Policy, error)

NewInertPolicy construct and return a new instance of Policy that doesn't perform strict checks on the consistency of the policy.

The policyRef parameter is expected to be either a JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name

If policyRef is blank, an empty EnterpriseContractPolicySpec is used.

func NewOfflinePolicy ¶

func NewOfflinePolicy(ctx context.Context, effectiveTime string) (Policy, error)

NewOfflinePolicy construct and return a new instance of Policy that is used in offline scenarios, i.e. without cluster or specific services access, and no signature verification being performed.

func NewPolicy ¶

func NewPolicy(ctx context.Context, policyRef, rekorUrl, publicKey, effectiveTime string) (Policy, error)

NewPolicy construct and return a new instance of Policy.

The policyRef parameter is expected to be either a JSON-encoded instance of EnterpriseContractPolicySpec, or reference to the location of the EnterpriseContractPolicy resource in Kubernetes using the format: [namespace/]name

If policyRef is blank, an empty EnterpriseContractPolicySpec is used.

rekorUrl and publicKey provide a mechanism to overwrite the attributes, of same name, in the EnterpriseContractPolicySpec.

The public key is resolved as part of object construction. If the public key is a reference to a kubernetes resource, for example, the cluster will be contacted.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
source

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL