Documentation ¶
Index ¶
- Variables
- func GenerateMessageFromRawObj(rawObj []byte, filter, mutableAttrs string) string
- type ConcreteSignatureEvaluator
- type GeneralSignature
- type HelmVerifier
- type ResourceVerifier
- func (self *ResourceVerifier) IsPatchWithScopeKey(orgObj, rawObj []byte, scope string) bool
- func (self *ResourceVerifier) MatchMessage(message, reqObj []byte, protectAttrs, unprotectAttrs []*profile.AttrsPattern, ...) (bool, string)
- func (self *ResourceVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext, ...) (*SigVerifyResult, error)
- type SigVerifyResult
- type SignatureEvaluator
- type SignatureType
- type VerifierInterface
- type VerifyType
Constants ¶
This section is empty.
Variables ¶
View Source
var CommonMessageMask = []string{ fmt.Sprintf("metadata.labels.\"%s\"", common.ResourceIntegrityLabelKey), fmt.Sprintf("metadata.labels.\"%s\"", common.ReasonLabelKey), fmt.Sprintf("metadata.annotations.\"%s\"", common.SignatureAnnotationKey), fmt.Sprintf("metadata.annotations.\"%s\"", common.MessageAnnotationKey), fmt.Sprintf("metadata.annotations.\"%s\"", common.CertificateAnnotationKey), fmt.Sprintf("metadata.annotations.\"%s\"", common.SignatureTypeAnnotationKey), fmt.Sprintf("metadata.annotations.\"%s\"", common.MessageScopeAnnotationKey), fmt.Sprintf("metadata.annotations.\"%s\"", common.MutableAttrsAnnotationKey), "metadata.annotations.namespace", "metadata.annotations.kubectl.\"kubernetes.io/last-applied-configuration\"", "metadata.managedFields", "metadata.creationTimestamp", "metadata.generation", "metadata.annotations.deprecated.daemonset.template.generation", "metadata.namespace", "metadata.resourceVersion", "metadata.selfLink", "metadata.uid", }
Functions ¶
Types ¶
type ConcreteSignatureEvaluator ¶
type ConcreteSignatureEvaluator struct {
// contains filtered or unexported fields
}
func (*ConcreteSignatureEvaluator) Eval ¶
func (self *ConcreteSignatureEvaluator) Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, signingProfile rspapi.ResourceSigningProfile) (*common.SignatureEvalResult, error)
func (*ConcreteSignatureEvaluator) GetResourceSignature ¶
func (self *ConcreteSignatureEvaluator) GetResourceSignature(ref *common.ResourceRef, reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList) *GeneralSignature
type GeneralSignature ¶
type GeneralSignature struct { SignType SignatureType // contains filtered or unexported fields }
type HelmVerifier ¶
type HelmVerifier struct { VerifyType VerifyType Namespace string KeyPathList []string }
func (*HelmVerifier) Verify ¶
func (self *HelmVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext, signingProfile rspapi.ResourceSigningProfile) (*SigVerifyResult, error)
type ResourceVerifier ¶
type ResourceVerifier struct { VerifyType VerifyType Namespace string KeyPathList []string }
func (*ResourceVerifier) IsPatchWithScopeKey ¶
func (self *ResourceVerifier) IsPatchWithScopeKey(orgObj, rawObj []byte, scope string) bool
func (*ResourceVerifier) MatchMessage ¶
func (self *ResourceVerifier) MatchMessage(message, reqObj []byte, protectAttrs, unprotectAttrs []*profile.AttrsPattern, allowDiffPatterns []*mapnode.DiffPattern, resScope string, signType SignatureType) (bool, string)
func (*ResourceVerifier) Verify ¶
func (self *ResourceVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext, signingProfile rspapi.ResourceSigningProfile) (*SigVerifyResult, error)
type SigVerifyResult ¶
type SigVerifyResult struct { Error *common.CheckError Signer *common.SignerInfo }
type SignatureEvaluator ¶
type SignatureEvaluator interface {
Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, signingProfile rspapi.ResourceSigningProfile) (*common.SignatureEvalResult, error)
}
func NewSignatureEvaluator ¶
func NewSignatureEvaluator(config *config.VerifierConfig, policy *policy.SignPolicy, plugins map[string]bool) (SignatureEvaluator, error)
type SignatureType ¶
type SignatureType string
const ( SignatureTypeUnknown SignatureType = "" SignatureTypeResource SignatureType = "Resource" SignatureTypeApplyingResource SignatureType = "ApplyingResource" SignatureTypePatch SignatureType = "Patch" SignatureTypeHelm SignatureType = "Helm" )
type VerifierInterface ¶
type VerifierInterface interface {
Verify(sig *GeneralSignature, reqc *common.ReqContext, signingProfile rspapi.ResourceSigningProfile) (*SigVerifyResult, error)
}
func NewVerifier ¶
func NewVerifier(verifyType VerifyType, signType SignatureType, verifierNamespace string, keyPathList []string) VerifierInterface
type VerifyType ¶
type VerifyType string
const ( VerifyTypeX509 VerifyType = "x509" VerifyTypePGP VerifyType = "pgp" )
Click to show internal directories.
Click to hide internal directories.