imagepromoter

package

v4.0.5 Latest Latest Go to latest Published: Feb 2, 2024 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/promo-tools

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultOptions = &Options{
	OutputFormat:            "yaml",
	Threads:                 10,
	SeverityThreshold:       -1,
	SignImages:              true,
	SignerAccount:           "krel-trust@k8s-releng-prod.iam.gserviceaccount.com",
	SignCheckFix:            false,
	SignCheckReferences:     []string{},
	SignCheckFromDays:       5,
	SignCheckIdentity:       "krel-trust@k8s-releng-prod.iam.gserviceaccount.com",
	SignCheckIssuer:         "https://accounts.google.com",
	SignCheckIdentityRegexp: "",
	SignCheckIssuerRegexp:   "",
	MaxSignatureCopies:      50,
	MaxSignatureOps:         50,
}

Functions ¶

This section is empty.

Types ¶

type Options ¶

type Options struct {
	// Threads determines how many promotion threads will run
	Threads int

	// Confirm captures a cli flag with the same name. It runs the security
	// scan and promotion when set. If false, the promoter will exit before\
	// making any modifications.
	Confirm bool

	// Use a service account when true
	UseServiceAcct bool

	// Use only the latest diff for the manifests. Works only when running in prow.
	UseProwManifestDiff bool

	// Manifest is the path of a manifest file
	Manifest string

	// ThinManifestDir is a directory of thin manifests
	ThinManifestDir string

	// Snapshot takes a registry reference and renders a textual representation of
	// how the imagtes stored there look like to the promoter.
	Snapshot string

	// SnapshotSvcAcct is the service account we use when snapshotting.
	// TODO(puerco): Check as we can simplify to just one account
	SnapshotSvcAcct string

	// ManifestBasedSnapshotOf performs a snapshot from the given manifests
	// as opposed of Snapshot which will snapshot a registry across the network
	ManifestBasedSnapshotOf string

	// KeyFiles is a string that points to file of service account keys
	KeyFiles string

	// SeverityThreshold is the level of security vulns to search for.
	SeverityThreshold int

	// JSONLogSummary signals to the promoter if it should print a JSON summary of the operation
	JSONLogSummary bool

	// OutputFormat is the format we will use for snapshots json/yaml
	OutputFormat string

	// MinimalSnapshot is used in snapshots. but im not sure
	MinimalSnapshot bool

	// SnapshotTag when set, only images with this tag will be snapshotted
	SnapshotTag string

	// ParseOnly is an options that causes the promoter to exit
	// before promoting or generating a snapshot when set to true
	ParseOnly bool

	// When tru, sign the container images using the sigstore cosign libraries
	SignImages bool

	// SignerAccount is a service account that will provide the identity
	// when signing promoted images
	SignerAccount string

	// SignerCredentials is a credentials json file to initialize the identity
	// of the signer before running. If specified, the promoter will
	// initialize its API client with the identity in the file and use it
	// to request tokens of the signer account.
	//
	// If this credentials file is not set, the promoter will attempt to generate
	// the OIDC tokens getting its identity from the default application credentials.
	SignerInitCredentials string

	// SignCheckReferences list of image references to check for signatures
	SignCheckReferences []string

	// SignCheckFix when true, fix missing signatures
	SignCheckFix bool

	// SignCheckFromDays number of days back to check for signatrures
	SignCheckFromDays int

	// SignCheckToDays complements SignCheckFromDays to enable date ranges
	SignCheckToDays int

	// SignCheckMaxImages limits the number of images to look when verifying
	SignCheckMaxImages int

	// SignCheckIdentity is the account we expect to sign all images
	SignCheckIdentity string

	// SignCheckIssuer is the issuer of the OIDC tokens used to identify the signer
	SignCheckIssuer string

	// SignCheckIdentityRegexp can use a regex to match more than one signer
	SignCheckIdentityRegexp string

	// SignCheckIssuerRegexp can use a regex to match more than one signer OIDC tokens used to identify the signer
	SignCheckIssuerRegexp string

	// MaxSignatureCopies maximum number of concurrent signature copies
	MaxSignatureCopies int

	// MaxSignatureOps maximum number of concurrent signature operations
	MaxSignatureOps int
}

Options capture the switches available to run the image promoter

func (*Options) Validate ¶

func (o *Options) Validate() error

type RunOptions ¶

type RunOptions struct {
	// Confirm
	Confirm bool

	// Use a service account when true
	UseServiceAcct bool
}

RunOptions capture the options of a run

Source Files ¶

View all Source files

options.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL