Documentation ¶
Index ¶
- Constants
- func CleanTrustPolicy(trustPolicy *trustpolicy.Document, logger logr.Logger) *trustpolicy.Document
- type NotationVerifier
- type Options
- func WithAuth(auth authn.Authenticator) Options
- func WithInsecureRegistry(insecure bool) Options
- func WithKeychain(key authn.Keychain) Options
- func WithLogger(logger logr.Logger) Options
- func WithRemoteOptions(opts ...remote.Option) Options
- func WithRootCertificates(data [][]byte) Options
- func WithTrustPolicy(trustPolicy *trustpolicy.Document) Options
Constants ¶
const DefaultTrustPolicyKey = "trustpolicy.json"
name of the trustpolicy file defined in the Secret containing notation public keys.
Variables ¶
This section is empty.
Functions ¶
func CleanTrustPolicy ¶
func CleanTrustPolicy(trustPolicy *trustpolicy.Document, logger logr.Logger) *trustpolicy.Document
CleanTrustPolicy cleans the given trust policy by removing trust stores and trusted identities for trust policy statements that are set to skip signature verification but still have configured trust stores and/or trusted identities. It takes a pointer to a trustpolicy.Document and a logger from the logr package as input parameters. If the trustPolicy is nil, it returns nil. Otherwise, it iterates over the trustPolicy.TrustPolicies and checks if each trust policy statement's SignatureVerification.VerificationLevel is set to trustpolicy.LevelSkip.Name. If it is, it logs a warning message and removes the trust stores and trusted identities for that trust policy statement. Finally, it returns the modified trustPolicy.
Types ¶
type NotationVerifier ¶
type NotationVerifier struct {
// contains filtered or unexported fields
}
NotationVerifier is a struct which is responsible for executing verification logic
func NewNotationVerifier ¶
func NewNotationVerifier(opts ...Options) (*NotationVerifier, error)
NewNotationVerifier initializes a new Verifier
func (*NotationVerifier) Verify ¶
func (v *NotationVerifier) Verify(ctx context.Context, ref name.Reference) (oci.VerificationResult, error)
Verify verifies the authenticity of the given ref OCI image. It returns a boolean indicating if the verification was successful. It returns an error if the verification fails, nil otherwise.
type Options ¶
type Options func(opts *options)
Options is a function that configures the options applied to a Verifier.
func WithAuth ¶
func WithAuth(auth authn.Authenticator) Options
WithAuth is a functional option for overriding the default authenticator options used by the verifier
func WithInsecureRegistry ¶
WithInsecureRegistry sets notation to verify against insecure registry.
func WithKeychain ¶
WithKeychain is a functional option for overriding the default keychain options used by the verifier
func WithLogger ¶
WithLogger is a function that returns an Options function to set the logger for the options. The logger is used for logging purposes within the options.
func WithRemoteOptions ¶
WithRemoteOptions is a functional option for overriding the default remote options used by the verifier
func WithRootCertificates ¶
WithRootCertificates is a functional option for overriding the default rootCertificate options used by the verifier to set the root CA certificate for notary. It takes in a list of certificate data as an array of byte slices. The function returns a options function option that sets the public certificate in the notation options.
func WithTrustPolicy ¶
func WithTrustPolicy(trustPolicy *trustpolicy.Document) Options
WithTrustPolicy sets the trust policy configuration.