sign

package

v0.0.0-...-9b5a78d Latest Latest Go to latest Published: Dec 10, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/IBM/integrity-enforcer

Documentation ¶

Index ¶

Variables
func GenerateMessageFromRawObj(rawObj []byte, filter, mutableAttrs string) string
type ConcreteSignatureEvaluator
- func (self *ConcreteSignatureEvaluator) Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, ...) (*common.SignatureEvalResult, error)
- func (self *ConcreteSignatureEvaluator) GetResourceSignature(ref *common.ResourceRef, reqc *common.ReqContext, ...) *GeneralSignature
type GeneralSignature
type HelmVerifier
- func (self *HelmVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext, ...) (*SigVerifyResult, error)
type ResourceVerifier
type SigVerifyResult
type SignatureEvaluator
- func NewSignatureEvaluator(config *config.VerifierConfig, policy *policy.SignPolicy, ...) (SignatureEvaluator, error)
type SignatureType
type VerifierInterface
- func NewVerifier(verifyType VerifyType, signType SignatureType, verifierNamespace string, ...) VerifierInterface
type VerifyType

Constants ¶

This section is empty.

Variables ¶

View Source

var CommonMessageMask = []string{
	fmt.Sprintf("metadata.labels.\"%s\"", common.ResourceIntegrityLabelKey),
	fmt.Sprintf("metadata.labels.\"%s\"", common.ReasonLabelKey),
	fmt.Sprintf("metadata.annotations.\"%s\"", common.SignatureAnnotationKey),
	fmt.Sprintf("metadata.annotations.\"%s\"", common.MessageAnnotationKey),
	fmt.Sprintf("metadata.annotations.\"%s\"", common.CertificateAnnotationKey),
	fmt.Sprintf("metadata.annotations.\"%s\"", common.SignatureTypeAnnotationKey),
	fmt.Sprintf("metadata.annotations.\"%s\"", common.MessageScopeAnnotationKey),
	fmt.Sprintf("metadata.annotations.\"%s\"", common.MutableAttrsAnnotationKey),
	"metadata.annotations.namespace",
	"metadata.annotations.kubectl.\"kubernetes.io/last-applied-configuration\"",
	"metadata.managedFields",
	"metadata.creationTimestamp",
	"metadata.generation",
	"metadata.annotations.deprecated.daemonset.template.generation",
	"metadata.namespace",
	"metadata.resourceVersion",
	"metadata.selfLink",
	"metadata.uid",
}

Functions ¶

func GenerateMessageFromRawObj ¶

func GenerateMessageFromRawObj(rawObj []byte, filter, mutableAttrs string) string

Types ¶

type ConcreteSignatureEvaluator ¶

type ConcreteSignatureEvaluator struct {
	// contains filtered or unexported fields
}

func (*ConcreteSignatureEvaluator) Eval ¶

func (self *ConcreteSignatureEvaluator) Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, signingProfile rspapi.ResourceSigningProfile) (*common.SignatureEvalResult, error)

func (*ConcreteSignatureEvaluator) GetResourceSignature ¶

func (self *ConcreteSignatureEvaluator) GetResourceSignature(ref *common.ResourceRef, reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList) *GeneralSignature

type GeneralSignature ¶

type GeneralSignature struct {
	SignType SignatureType
	// contains filtered or unexported fields
}

type HelmVerifier ¶

type HelmVerifier struct {
	VerifyType  VerifyType
	Namespace   string
	KeyPathList []string
}

func (*HelmVerifier) Verify ¶

func (self *HelmVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext, signingProfile rspapi.ResourceSigningProfile) (*SigVerifyResult, error)

type ResourceVerifier ¶

type ResourceVerifier struct {
	VerifyType  VerifyType
	Namespace   string
	KeyPathList []string
}

func (*ResourceVerifier) IsPatchWithScopeKey ¶

func (self *ResourceVerifier) IsPatchWithScopeKey(orgObj, rawObj []byte, scope string) bool

func (*ResourceVerifier) MatchMessage ¶

func (self *ResourceVerifier) MatchMessage(message, reqObj []byte, protectAttrs, unprotectAttrs []*profile.AttrsPattern, allowDiffPatterns []*mapnode.DiffPattern, resScope string, signType SignatureType) (bool, string)

func (*ResourceVerifier) Verify ¶

func (self *ResourceVerifier) Verify(sig *GeneralSignature, reqc *common.ReqContext, signingProfile rspapi.ResourceSigningProfile) (*SigVerifyResult, error)

type SigVerifyResult ¶

type SigVerifyResult struct {
	Error  *common.CheckError
	Signer *common.SignerInfo
}

type SignatureEvaluator ¶

type SignatureEvaluator interface {
	Eval(reqc *common.ReqContext, resSigList *vrsig.ResourceSignatureList, signingProfile rspapi.ResourceSigningProfile) (*common.SignatureEvalResult, error)
}

func NewSignatureEvaluator ¶

func NewSignatureEvaluator(config *config.VerifierConfig, policy *policy.SignPolicy, plugins map[string]bool) (SignatureEvaluator, error)

type SignatureType ¶

type SignatureType string

const (
	SignatureTypeUnknown          SignatureType = ""
	SignatureTypeResource         SignatureType = "Resource"
	SignatureTypeApplyingResource SignatureType = "ApplyingResource"
	SignatureTypePatch            SignatureType = "Patch"
	SignatureTypeHelm             SignatureType = "Helm"
)

type VerifierInterface ¶

type VerifierInterface interface {
	Verify(sig *GeneralSignature, reqc *common.ReqContext, signingProfile rspapi.ResourceSigningProfile) (*SigVerifyResult, error)
}

func NewVerifier ¶

func NewVerifier(verifyType VerifyType, signType SignatureType, verifierNamespace string, keyPathList []string) VerifierInterface

type VerifyType ¶

type VerifyType string

const (
	VerifyTypeX509 VerifyType = "x509"
	VerifyTypePGP  VerifyType = "pgp"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL