voucher_client

command

v2.7.0 Latest Latest Go to latest Published: Jan 4, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grafeas/voucher

Links

Open Source Insights

README ¶

Voucher Client

Installation

Voucher Client is a tool for connecting to a running Voucher server.

Install the client, voucher_client, by running:

$ go install github.com/grafeas/voucher/v2/cmd/voucher_client

This will download and install the voucher client into $GOPATH/bin directory.

Note: omitting "v2" from the path will download Voucher Client v1.

Configuration

The configuration for Voucher Client can be written as a toml, json, or yaml file, and you can specify the path to the configuration file using "--config". By default, the configuration is expected to be located at ~/.voucher{.yaml,.toml,.json}.

Below are the configuration options for Voucher Client:

Key	Description
`server`	The Voucher server to connect to.
`timeout`	The number of seconds to wait before failing (defaults to 240).
`username`	Username to authenticate against Voucher with. (When auth = basic)
`password`	Password to authenticate against Voucher with. (When auth = basic)
`auth`	The method to authenticate against Voucher with. (defaults to basic). Possible values: basic, idtoken, default-access-token

Configuration options can be overridden at runtime by setting the appropriate flag. For example, if you set the "port" flag when running voucher_server, that value will override whatever is in the configuration.

Here is an example (yaml encoded) configuration file:

---
server: "https://my-voucher-server"
username: "<username>"
password: "<password>"

Using Voucher Client

While you can use curl to make API calls against Voucher, you can also use voucher_client to save from making HTTP requests by hand. Unlike the other Voucher tools, voucher_client will look up the appropriate canonical version of an image reference if passed a tagged image reference.

$ voucher_client [--voucher <server> --verify --check <check to run>] <image path>

voucher_client supports the following flags:

Flag	Short Flag	Description
`--auth`	`-a`	The method to authenticate against Voucher with.
`--config`		The path to your configuration file, (default is $HOME/.voucher.yaml)
`--check`	`-c`	The Check to run on the image ("all" for all checks).
`--voucher`	`-v`	The Voucher server to connect to.
`--verify`		Verify an image has attestations rather than checking and attesting an image.
`--username`		Username to authenticate against Voucher with.
`--password`		Password to authenticate against Voucher with.
`--timeout`	`-t`	The number of seconds to wait before failing (defaults to 240).

For example:

$ voucher_client -v http://localhost:8000 gcr.io/path/to/image:latest

The output will be something along the following lines:

Using config file: /Users/catherine/.voucher.yaml
Submitting image to Voucher: gcr.io/path/to/image@sha256:ab7524b7375fbf09b3784f0bbd9cb2505700dd05e03ce5f5e6d262bf2f5ac51c
image was rejected
   ✓ passed diy
   ✓ passed nobody
   ✓ passed is_shopify
   ✗ failed snakeoil, err: vulnernable to 2 vulnerabilities: CVE-2019-5481 (high), CVE-2019-5482 (high)

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL