container

package

v0.0.2 Latest Latest Go to latest Published: Sep 6, 2023 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/mediator

Links

Open Source Insights

Documentation ¶

Overview ¶

Package container provides a client for interacting with container images

Index ¶

Variables
func ExtractIdentityFromCertificate(manifest containerregistry.Manifest) (string, string, error)
func GetArtifactSignatureAndWorkflowInfo(ctx context.Context, cli ghclient.RestAPI, ...) (sigInfo json.RawMessage, workflowInfo json.RawMessage, err error)
func GetImageManifest(imageRef name.Reference, username string, token string) (containerregistry.Manifest, error)
func GetKeysFromVerified(verified []oci.Signature) ([]payload.SimpleContainerImage, error)
func GetSignatureTag(imageRef name.Reference, username string, token string) (name.Reference, error)
func TagIsSignature(tags []string) bool
func ValidateSignature(ctx context.Context, accessToken string, package_owner string, ...) (*pb.SignatureVerification, *pb.GithubWorkflow, error)
func VerifyFromIdentity(ctx context.Context, imageRef string, owner string, token string, ...) (bool, bool, map[string]interface{}, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrSigValidation is returned when signature validation fails
	ErrSigValidation = errors.New("error validating signature")
	// ErrProtoParse is returned when parsing the protobuf representation of signature or workflow fails
	ErrProtoParse = errors.New("error getting bytes from proto")
)

View Source

var REGISTRY = "ghcr.io"

REGISTRY is the default registry

Functions ¶

func ExtractIdentityFromCertificate ¶

func ExtractIdentityFromCertificate(manifest containerregistry.Manifest) (string, string, error)

ExtractIdentityFromCertificate returns the identity and issuer from the certificate

func GetArtifactSignatureAndWorkflowInfo ¶ added in v0.0.2

func GetArtifactSignatureAndWorkflowInfo(
	ctx context.Context,
	cli ghclient.RestAPI,
	ownerLogin, artifactName, versionName string,
) (sigInfo json.RawMessage, workflowInfo json.RawMessage, err error)

GetArtifactSignatureAndWorkflowInfo returns the signature and workflow information as raw JSON for a given artifact

func GetImageManifest ¶

func GetImageManifest(imageRef name.Reference, username string, token string) (containerregistry.Manifest, error)

GetImageManifest returns the manifest for the given image

func GetKeysFromVerified ¶

func GetKeysFromVerified(verified []oci.Signature) ([]payload.SimpleContainerImage, error)

GetKeysFromVerified returns the keys from the verified signatures nolint: gocyclo

func GetSignatureTag ¶

func GetSignatureTag(imageRef name.Reference, username string, token string) (name.Reference, error)

GetSignatureTag returns the signature tag for a given image if exists

func TagIsSignature ¶ added in v0.0.2

func TagIsSignature(tags []string) bool

TagIsSignature if tag contains the .sig suffix it's a signature, as cosign stores signatures in that format

func ValidateSignature ¶

func ValidateSignature(ctx context.Context, accessToken string, package_owner string,
	package_url string) (*pb.SignatureVerification, *pb.GithubWorkflow, error)

ValidateSignature returns information about signature validation of a package

func VerifyFromIdentity ¶

func VerifyFromIdentity(ctx context.Context, imageRef string, owner string, token string,
	identity string, issuer string) (bool, bool, map[string]interface{}, error)

VerifyFromIdentity verifies the image from the identity and extracts the keys

Types ¶

This section is empty.

Source Files ¶

View all Source files

container.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL