contract

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Version current contract version.
	Version = "v1"
	// Filename default contract file name.
	Filename = "catalog.yaml"
	// Resources default file name.
	ResourcesName = "resources.tar.gz"
	// SignatureExtension.
	SignatureExtension = "sig"
)

Variables

View Source 
var ErrAttestationPublicKeyEmpty = errors.New("public-key is empty")

ErrAttestationPublicKeyEmpty marks the public-key is not yet set.

View Source 
var ErrTektonResourceUnsupported = errors.New("tekton resource not supported")

ErrTektonResourceUnsupported marks the resource as not supported, as in it's not a Kubernetes CRD, or not a Tekton API on supported versions, etc.

Functions

func CalculateSHA256Sum 

func CalculateSHA256Sum(file string) (string, error)

CalculateSHA256Sum calculates the SHA256 sum of the informed file.

Types

type Attestation 

type Attestation struct {
	// PublicKey path to the public key file, KMS URI or Kubernetes Secret.
	PublicKey string `json:"publicKey"`
}

Attestation holds the attributes needed for the software supply chain security.

type Catalog 

type Catalog struct {
	Repository  *Repository  `json:"repository"`  // repository long description
	Attestation *Attestation `json:"attestation"` // software supply provenance
	Resources   *Resources   `json:"resources"`   // inventory of Tekton resources
}

Catalog describes the contents of a repository part of a "catalog" of Tekton resources, including repository metadata, inventory of Tekton resources, test-cases and more.

type Contract 

type Contract struct {
	Version string  `json:"version"` // contract version
	Catalog Catalog `json:"catalog"` // tekton resources catalog
	// contains filtered or unexported fields
}

Contract contains a versioned catalog.

func NewContractEmpty 

func NewContractEmpty() *Contract

NewContractEmpty instantiates a new Contract{} with empty attributes.

func NewContractFromData 

func NewContractFromData(payload []byte) (*Contract, error)

NewContractFromData instantiates a new Contract{} from a YAML payload.

func NewContractFromFile 

func NewContractFromFile(location string) (*Contract, error)

NewContractFromFile instantiates a new Contract{} from a YAML file.

func NewContractFromURL 

func NewContractFromURL(url string) (*Contract, error)

NewContractFromURL instantiates a new Contract{} from a URL.

func (*Contract) AddResourceFile 

func (c *Contract) AddResourceFile(resourceFile, version string) error

AddResourceFile adds a resource file on the contract, making sure it's a Tekton resource file and uses the "kind" to guide on which attribute the resource will be appended.

func (*Contract) GetPublicKey 

func (c *Contract) GetPublicKey() (string, error)

GetPublicKey accessor to the attestation's public-key, emits error when not set.

func (*Contract) Print 

func (c *Contract) Print() ([]byte, error)

Print renders the YAML representation of the current contract.

func (*Contract) Save 

func (c *Contract) Save() error

Save saves the contract on the original file.

func (*Contract) SaveAs 

func (c *Contract) SaveAs(file string) error

SaveAs writes itself on the informed file path.

func (*Contract) SignResources 

func (c *Contract) SignResources(fn ResourceSignFn) error

SignResources runs the informed function against each catalog resource, the expected signature file created is updated on "this" contract instance.

func (*Contract) VerifyResources 

func (c *Contract) VerifyResources(ctx context.Context, fn ResourceVerifySignatureFn) error

VerifyResources runs the informed function against each catalog resource, when error is returned the signature verification process fail.

type Repository 

type Repository struct {
	// Description long description text.
	Description string `json:"description"`
}

Repository contains the general repository information, including metadata to categorize and describe the repository contents, objective, ecosystem, etc.

type ResourceSignFn 

type ResourceSignFn func(_, _ string) error

ResourceSignFn function to perform the resource (file) signature. Parameters:

  • resource-file: resource file location to be signed
  • signature-file: where the signature file should be stored

type ResourceVerifySignatureFn 

type ResourceVerifySignatureFn func(_ context.Context, _, _ string) error

ResourceVerifySignatureFn function to perform the signature verification. Parameters:

  • context: shared context
  • resource-file: the resource file
  • signature-file: the respective signature file

type Resources 

type Resources struct {
	// Tasks List of Tekton Tasks.
	Tasks []*TektonResource `json:"tasks"`
	// Pipelines List of Tekton Pipelines.
	Pipelines []*TektonResource `json:"pipelines"`
}

Resources inventory of all Tekton resources managed by the repository.

type TektonResource 

type TektonResource struct {
	// Name Tekton resource name, the Task or Pipeline actual name.
	Name string `json:"name"`
	// Version Tekton resource version.
	Version string `json:"version"`
	// Filename starting from the repository root, the relative path to the resource file.
	Filename string `json:"filename"`
	// Checksum ".filename"'s SHA256 sum, validates resource payload after network transfer.
	Checksum string `json:"checksum"`
	// Signature Tekton resource signature, either the signature payload, or relative
	// location to the signature file. By default, it uses the ".filename" attributed
	// followed by ".sig" extension.
	Signature string `json:"signature"`
}

TektonResource contains a Tekton resource reference, as in a Task or Pipeline.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.