contract

package

v0.0.0-...-dc1648f Latest Latest Go to latest Published: Jan 22, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openshift-pipelines/tektoncd-catalog

Documentation ¶

Index ¶

Constants
Variables
func CalculateSHA256Sum(file string) (string, error)
type Attestation
type Catalog
type Contract
type Probe
type Repository
type ResourceProbe
type ResourceSignFn
type ResourceVerifySignatureFn
type Resources
type TektonResource

Constants ¶

View Source

const (
	// Version current contract version.
	Version = "v1"
	// Filename default contract file name.
	Filename = ".catalog.yaml"
	// SignatureExtension
	SignatureExtension = "sig"
)

Variables ¶

View Source

var ErrAttestationPublicKeyEmpty = errors.New("public-key is empty")

ErrAttestationPublicKeyEmpty marks the public-key is not yet set.

View Source

var ErrTektonResourceUnsupported = errors.New("tekton resource not supported")

ErrTektonResourceUnsupported marks the resource as not supported, as in it's not a Kubernetes CRD, or not a Tekton API on supported versions, etc.

Functions ¶

func CalculateSHA256Sum ¶

func CalculateSHA256Sum(file string) (string, error)

CalculateSHA256Sum calculates the SHA256 sum of the informed file.

Types ¶

type Attestation ¶

type Attestation struct {
	// PublicKey path to the public key file, KMS URI or Kubernetes Secret.
	PublicKey string `json:"publicKey"`
}

Attestation holds the attributes needed for the software supply chain security.

type Catalog ¶

type Catalog struct {
	Repository  *Repository  `json:"repository"`  // repository long description
	Attestation *Attestation `json:"attestation"` // software supply provenance
	Resources   *Resources   `json:"resources"`   // inventory of Tekton resources
	Probe       *Probe       `json:"probe"`       // test-cases for the managed resources
}

Catalog describes the contents of a repository part of a "catalog" of Tekton resources, including repository metadata, inventory of Tekton resources, test-cases and more.

type Contract ¶

type Contract struct {
	Version string  `json:"version"` // contract version
	Catalog Catalog `json:"catalog"` // tekton resources catalog
	// contains filtered or unexported fields
}

Contract contains a versioned catalog.

func NewContractEmpty ¶

func NewContractEmpty() *Contract

NewContractEmpty instantiates a new Contract{} with empty attributes.

func NewContractFromData ¶

func NewContractFromData(payload []byte) (*Contract, error)

NewContractFromData instantiates a new Contract{} from a YAML payload.

func NewContractFromFile ¶

func NewContractFromFile(location string) (*Contract, error)

NewContractFromFile instantiates a new Contract{} from a YAML file.

func NewContractFromURL ¶

func NewContractFromURL(url string) (*Contract, error)

NewContractFromURL instantiates a new Contract{} from a URL.

func (*Contract) AddResourceFile ¶

func (c *Contract) AddResourceFile(resourceFile, version string) error

AddResourceFile adds a resource file on the contract, making sure it's a Tekton resource file and uses the "kind" to guide on which attribute the resource will be appended.

func (*Contract) GetPublicKey ¶

func (c *Contract) GetPublicKey() (string, error)

GetPublicKey accessor to the attestation's public-key, emits error when not set.

func (*Contract) Print ¶

func (c *Contract) Print() ([]byte, error)

Print renders the YAML representation of the current contract.

func (*Contract) Save ¶

func (c *Contract) Save() error

Save saves the contract on the original file.

func (*Contract) SaveAs ¶

func (c *Contract) SaveAs(file string) error

SaveAs writes itself on the informed file path.

func (*Contract) SignResources ¶

func (c *Contract) SignResources(fn ResourceSignFn) error

SignResources runs the informed function against each catalog resource, the expected signature file created is updated on "this" contract instance.

func (*Contract) VerifyResources ¶

func (c *Contract) VerifyResources(ctx context.Context, fn ResourceVerifySignatureFn) error

VerifyResources runs the informed function against each catalog resource, when error is returned the signature verification process fail.

type Probe ¶

type Probe struct {
	// Tasks Tekton Tasks tests.
	Tasks []ResourceProbe `json:"tasks"`
	// Pipelines Tekton Pipelines tests.
	Pipelines []ResourceProbe `json:"pipelines"`
}

Probe contains all the test-cases for the Tekton resources managed by the repository.

type Repository ¶

type Repository struct {
	// Description long description text.
	Description string `json:"description"`
}

Repository contains the general repository information, including metadata to categorize and describe the repository contents, objective, ecosystem, etc.

type ResourceProbe ¶

type ResourceProbe struct {
	// Name testa-case unique name.
	Name string `json:"name"`
	// ResourceName the name of the Tekton resource, present on ".catalog.resources".
	ResourceName string `json:"resourceName"`
	// Workspaces slice of Tekton workspace-bindings for the test-case.
	Workspaces []v1beta1.WorkspaceBinding `json:"workspaces"`
	// Params slice of Tekton Params for the test-case
	Params []v1beta1.Param `json:"params"`
}

ResourceProbe describes a single test-case for a Tekton resource managed by the repository, serves as inputs for "catalog-cd probe".

type ResourceSignFn ¶

type ResourceSignFn func(_, _ string) error

ResourceSignFn function to perform the resource (file) signature. Parameters:

resource-file: resource file location to be signed
signature-file: where the signature file should be stored

type ResourceVerifySignatureFn ¶

type ResourceVerifySignatureFn func(_ context.Context, _, _ string) error

ResourceVerifySignatureFn function to perform the signature verification. Parameters:

context: shared context
resource-file: the resource file
signature-file: the respective signature file

type Resources ¶

type Resources struct {
	// Tasks List of Tekton Tasks.
	Tasks []*TektonResource `json:"tasks"`
	// Pipelines List of Tekton Pipelines.
	Pipelines []*TektonResource `json:"pipelines"`
}

Resources inventory of all Tekton resources managed by the repository.

type TektonResource ¶

type TektonResource struct {
	// Name Tekton resource name, the Task or Pipeline actual name.
	Name string `json:"name"`
	// Version Tekton resource version.
	Version string `json:"version"`
	// Filename starting from the repository root, the relative path to the resource file.
	Filename string `json:"filename"`
	// Checksum ".filename"'s SHA256 sum, validates resource payload after network transfer.
	Checksum string `json:"checksum"`
	// Signature Tekton resource signature, either the signature payload, or relative
	// location to the signature file. By default, it uses the ".filename" attributed
	// followed by ".sig" extension.
	Signature string `json:"signature"`
}

TektonResource contains a Tekton resource reference, as in a Task or Pipeline.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL