genproto: google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/attestation Index | Files

package attestation

import "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/attestation"

Index

Package Files

attestation.pb.go

Variables

var (
    PgpSignedAttestation_ContentType_name = map[int32]string{
        0:  "CONTENT_TYPE_UNSPECIFIED",
        1:  "SIMPLE_SIGNING_JSON",
    }
    PgpSignedAttestation_ContentType_value = map[string]int32{
        "CONTENT_TYPE_UNSPECIFIED": 0,
        "SIMPLE_SIGNING_JSON":      1,
    }
)

Enum value maps for PgpSignedAttestation_ContentType.

var (
    GenericSignedAttestation_ContentType_name = map[int32]string{
        0:  "CONTENT_TYPE_UNSPECIFIED",
        1:  "SIMPLE_SIGNING_JSON",
    }
    GenericSignedAttestation_ContentType_value = map[string]int32{
        "CONTENT_TYPE_UNSPECIFIED": 0,
        "SIMPLE_SIGNING_JSON":      1,
    }
)

Enum value maps for GenericSignedAttestation_ContentType.

var File_google_devtools_containeranalysis_v1beta1_attestation_attestation_proto protoreflect.FileDescriptor

type Attestation Uses

type Attestation struct {

    // Required. The signature, generally over the `resource_url`, that verifies
    // this attestation. The semantics of the signature veracity are ultimately
    // determined by the verification engine.
    //
    // Types that are assignable to Signature:
    //	*Attestation_PgpSignedAttestation
    //	*Attestation_GenericSignedAttestation
    Signature isAttestation_Signature `protobuf_oneof:"signature"`
    // contains filtered or unexported fields
}

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for look-up (how to find this attestation if you already know the authority and artifact to be verified) and intent (which authority was this attestation intended to sign for).

func (*Attestation) Descriptor Uses

func (*Attestation) Descriptor() ([]byte, []int)

Deprecated: Use Attestation.ProtoReflect.Descriptor instead.

func (*Attestation) GetGenericSignedAttestation Uses

func (x *Attestation) GetGenericSignedAttestation() *GenericSignedAttestation

func (*Attestation) GetPgpSignedAttestation Uses

func (x *Attestation) GetPgpSignedAttestation() *PgpSignedAttestation

func (*Attestation) GetSignature Uses

func (m *Attestation) GetSignature() isAttestation_Signature

func (*Attestation) ProtoMessage Uses

func (*Attestation) ProtoMessage()

func (*Attestation) ProtoReflect Uses

func (x *Attestation) ProtoReflect() protoreflect.Message

func (*Attestation) Reset Uses

func (x *Attestation) Reset()

func (*Attestation) String Uses

func (x *Attestation) String() string

type Attestation_GenericSignedAttestation Uses

type Attestation_GenericSignedAttestation struct {
    GenericSignedAttestation *GenericSignedAttestation `protobuf:"bytes,2,opt,name=generic_signed_attestation,json=genericSignedAttestation,proto3,oneof"`
}

type Attestation_PgpSignedAttestation Uses

type Attestation_PgpSignedAttestation struct {
    // A PGP signed attestation.
    PgpSignedAttestation *PgpSignedAttestation `protobuf:"bytes,1,opt,name=pgp_signed_attestation,json=pgpSignedAttestation,proto3,oneof"`
}

type Authority Uses

type Authority struct {

    // Hint hints at the purpose of the attestation authority.
    Hint *Authority_Hint `protobuf:"bytes,1,opt,name=hint,proto3" json:"hint,omitempty"`
    // contains filtered or unexported fields
}

Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project.

func (*Authority) Descriptor Uses

func (*Authority) Descriptor() ([]byte, []int)

Deprecated: Use Authority.ProtoReflect.Descriptor instead.

func (*Authority) GetHint Uses

func (x *Authority) GetHint() *Authority_Hint

func (*Authority) ProtoMessage Uses

func (*Authority) ProtoMessage()

func (*Authority) ProtoReflect Uses

func (x *Authority) ProtoReflect() protoreflect.Message

func (*Authority) Reset Uses

func (x *Authority) Reset()

func (*Authority) String Uses

func (x *Authority) String() string

type Authority_Hint Uses

type Authority_Hint struct {

    // Required. The human readable name of this attestation authority, for
    // example "qa".
    HumanReadableName string `protobuf:"bytes,1,opt,name=human_readable_name,json=humanReadableName,proto3" json:"human_readable_name,omitempty"`
    // contains filtered or unexported fields
}

This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify.

func (*Authority_Hint) Descriptor Uses

func (*Authority_Hint) Descriptor() ([]byte, []int)

Deprecated: Use Authority_Hint.ProtoReflect.Descriptor instead.

func (*Authority_Hint) GetHumanReadableName Uses

func (x *Authority_Hint) GetHumanReadableName() string

func (*Authority_Hint) ProtoMessage Uses

func (*Authority_Hint) ProtoMessage()

func (*Authority_Hint) ProtoReflect Uses

func (x *Authority_Hint) ProtoReflect() protoreflect.Message

func (*Authority_Hint) Reset Uses

func (x *Authority_Hint) Reset()

func (*Authority_Hint) String Uses

func (x *Authority_Hint) String() string

type Details Uses

type Details struct {

    // Required. Attestation for the resource.
    Attestation *Attestation `protobuf:"bytes,1,opt,name=attestation,proto3" json:"attestation,omitempty"`
    // contains filtered or unexported fields
}

Details of an attestation occurrence.

func (*Details) Descriptor Uses

func (*Details) Descriptor() ([]byte, []int)

Deprecated: Use Details.ProtoReflect.Descriptor instead.

func (*Details) GetAttestation Uses

func (x *Details) GetAttestation() *Attestation

func (*Details) ProtoMessage Uses

func (*Details) ProtoMessage()

func (*Details) ProtoReflect Uses

func (x *Details) ProtoReflect() protoreflect.Message

func (*Details) Reset Uses

func (x *Details) Reset()

func (*Details) String Uses

func (x *Details) String() string

type GenericSignedAttestation Uses

type GenericSignedAttestation struct {

    // Type (for example schema) of the attestation payload that was signed.
    // The verifier must ensure that the provided type is one that the verifier
    // supports, and that the attestation payload is a valid instantiation of that
    // type (for example by validating a JSON schema).
    ContentType GenericSignedAttestation_ContentType `protobuf:"varint,1,opt,name=content_type,json=contentType,proto3,enum=grafeas.v1beta1.attestation.GenericSignedAttestation_ContentType" json:"content_type,omitempty"`
    // The serialized payload that is verified by one or more `signatures`.
    // The encoding and semantic meaning of this payload must match what is set in
    // `content_type`.
    SerializedPayload []byte `protobuf:"bytes,2,opt,name=serialized_payload,json=serializedPayload,proto3" json:"serialized_payload,omitempty"`
    // One or more signatures over `serialized_payload`.  Verifier implementations
    // should consider this attestation message verified if at least one
    // `signature` verifies `serialized_payload`.  See `Signature` in common.proto
    // for more details on signature structure and verification.
    Signatures []*common.Signature `protobuf:"bytes,3,rep,name=signatures,proto3" json:"signatures,omitempty"`
    // contains filtered or unexported fields
}

An attestation wrapper that uses the Grafeas `Signature` message. This attestation must define the `serialized_payload` that the `signatures` verify and any metadata necessary to interpret that plaintext. The signatures should always be over the `serialized_payload` bytestring.

func (*GenericSignedAttestation) Descriptor Uses

func (*GenericSignedAttestation) Descriptor() ([]byte, []int)

Deprecated: Use GenericSignedAttestation.ProtoReflect.Descriptor instead.

func (*GenericSignedAttestation) GetContentType Uses

func (x *GenericSignedAttestation) GetContentType() GenericSignedAttestation_ContentType

func (*GenericSignedAttestation) GetSerializedPayload Uses

func (x *GenericSignedAttestation) GetSerializedPayload() []byte

func (*GenericSignedAttestation) GetSignatures Uses

func (x *GenericSignedAttestation) GetSignatures() []*common.Signature

func (*GenericSignedAttestation) ProtoMessage Uses

func (*GenericSignedAttestation) ProtoMessage()

func (*GenericSignedAttestation) ProtoReflect Uses

func (x *GenericSignedAttestation) ProtoReflect() protoreflect.Message

func (*GenericSignedAttestation) Reset Uses

func (x *GenericSignedAttestation) Reset()

func (*GenericSignedAttestation) String Uses

func (x *GenericSignedAttestation) String() string

type GenericSignedAttestation_ContentType Uses

type GenericSignedAttestation_ContentType int32

Type of the attestation plaintext that was signed.

const (
    // `ContentType` is not set.
    GenericSignedAttestation_CONTENT_TYPE_UNSPECIFIED GenericSignedAttestation_ContentType = 0
    // Atomic format attestation signature. See
    // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md
    // The payload extracted in `plaintext` is a JSON blob conforming to the
    // linked schema.
    GenericSignedAttestation_SIMPLE_SIGNING_JSON GenericSignedAttestation_ContentType = 1
)

func (GenericSignedAttestation_ContentType) Descriptor Uses

func (GenericSignedAttestation_ContentType) Descriptor() protoreflect.EnumDescriptor

func (GenericSignedAttestation_ContentType) Enum Uses

func (x GenericSignedAttestation_ContentType) Enum() *GenericSignedAttestation_ContentType

func (GenericSignedAttestation_ContentType) EnumDescriptor Uses

func (GenericSignedAttestation_ContentType) EnumDescriptor() ([]byte, []int)

Deprecated: Use GenericSignedAttestation_ContentType.Descriptor instead.

func (GenericSignedAttestation_ContentType) Number Uses

func (x GenericSignedAttestation_ContentType) Number() protoreflect.EnumNumber

func (GenericSignedAttestation_ContentType) String Uses

func (x GenericSignedAttestation_ContentType) String() string

func (GenericSignedAttestation_ContentType) Type Uses

func (GenericSignedAttestation_ContentType) Type() protoreflect.EnumType

type PgpSignedAttestation Uses

type PgpSignedAttestation struct {

    // Required. The raw content of the signature, as output by GNU Privacy Guard
    // (GPG) or equivalent. Since this message only supports attached signatures,
    // the payload that was signed must be attached. While the signature format
    // supported is dependent on the verification implementation, currently only
    // ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
    // `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
    // --output=signature.gpg payload.json` will create the signature content
    // expected in this field in `signature.gpg` for the `payload.json`
    // attestation payload.
    Signature string `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
    // Type (for example schema) of the attestation payload that was signed.
    // The verifier must ensure that the provided type is one that the verifier
    // supports, and that the attestation payload is a valid instantiation of that
    // type (for example by validating a JSON schema).
    ContentType PgpSignedAttestation_ContentType `protobuf:"varint,3,opt,name=content_type,json=contentType,proto3,enum=grafeas.v1beta1.attestation.PgpSignedAttestation_ContentType" json:"content_type,omitempty"`
    // This field is used by verifiers to select the public key used to validate
    // the signature. Note that the policy of the verifier ultimately determines
    // which public keys verify a signature based on the context of the
    // verification. There is no guarantee validation will succeed if the
    // verifier has no key matching this ID, even if it has a key under a
    // different ID that would verify the signature. Note that this ID should also
    // be present in the signature content above, but that is not expected to be
    // used by the verifier.
    //
    // Types that are assignable to KeyId:
    //	*PgpSignedAttestation_PgpKeyId
    KeyId isPgpSignedAttestation_KeyId `protobuf_oneof:"key_id"`
    // contains filtered or unexported fields
}

An attestation wrapper with a PGP-compatible signature. This message only supports `ATTACHED` signatures, where the payload that is signed is included alongside the signature itself in the same file.

func (*PgpSignedAttestation) Descriptor Uses

func (*PgpSignedAttestation) Descriptor() ([]byte, []int)

Deprecated: Use PgpSignedAttestation.ProtoReflect.Descriptor instead.

func (*PgpSignedAttestation) GetContentType Uses

func (x *PgpSignedAttestation) GetContentType() PgpSignedAttestation_ContentType

func (*PgpSignedAttestation) GetKeyId Uses

func (m *PgpSignedAttestation) GetKeyId() isPgpSignedAttestation_KeyId

func (*PgpSignedAttestation) GetPgpKeyId Uses

func (x *PgpSignedAttestation) GetPgpKeyId() string

func (*PgpSignedAttestation) GetSignature Uses

func (x *PgpSignedAttestation) GetSignature() string

func (*PgpSignedAttestation) ProtoMessage Uses

func (*PgpSignedAttestation) ProtoMessage()

func (*PgpSignedAttestation) ProtoReflect Uses

func (x *PgpSignedAttestation) ProtoReflect() protoreflect.Message

func (*PgpSignedAttestation) Reset Uses

func (x *PgpSignedAttestation) Reset()

func (*PgpSignedAttestation) String Uses

func (x *PgpSignedAttestation) String() string

type PgpSignedAttestation_ContentType Uses

type PgpSignedAttestation_ContentType int32

Type (for example schema) of the attestation payload that was signed.

const (
    // `ContentType` is not set.
    PgpSignedAttestation_CONTENT_TYPE_UNSPECIFIED PgpSignedAttestation_ContentType = 0
    // Atomic format attestation signature. See
    // https://github.com/containers/image/blob/8a5d2f82a6e3263290c8e0276c3e0f64e77723e7/docs/atomic-signature.md
    // The payload extracted from `signature` is a JSON blob conforming to the
    // linked schema.
    PgpSignedAttestation_SIMPLE_SIGNING_JSON PgpSignedAttestation_ContentType = 1
)

func (PgpSignedAttestation_ContentType) Descriptor Uses

func (PgpSignedAttestation_ContentType) Descriptor() protoreflect.EnumDescriptor

func (PgpSignedAttestation_ContentType) Enum Uses

func (x PgpSignedAttestation_ContentType) Enum() *PgpSignedAttestation_ContentType

func (PgpSignedAttestation_ContentType) EnumDescriptor Uses

func (PgpSignedAttestation_ContentType) EnumDescriptor() ([]byte, []int)

Deprecated: Use PgpSignedAttestation_ContentType.Descriptor instead.

func (PgpSignedAttestation_ContentType) Number Uses

func (x PgpSignedAttestation_ContentType) Number() protoreflect.EnumNumber

func (PgpSignedAttestation_ContentType) String Uses

func (x PgpSignedAttestation_ContentType) String() string

func (PgpSignedAttestation_ContentType) Type Uses

func (PgpSignedAttestation_ContentType) Type() protoreflect.EnumType

type PgpSignedAttestation_PgpKeyId Uses

type PgpSignedAttestation_PgpKeyId struct {
    // The cryptographic fingerprint of the key used to generate the signature,
    // as output by, e.g. `gpg --list-keys`. This should be the version 4, full
    // 160-bit fingerprint, expressed as a 40 character hexidecimal string. See
    // https://tools.ietf.org/html/rfc4880#section-12.2 for details.
    // Implementations may choose to acknowledge "LONG", "SHORT", or other
    // abbreviated key IDs, but only the full fingerprint is guaranteed to work.
    // In gpg, the full fingerprint can be retrieved from the `fpr` field
    // returned when calling --list-keys with --with-colons.  For example:
    // ```
    // gpg --with-colons --with-fingerprint --force-v4-certs \
    //     --list-keys attester@example.com
    // tru::1:1513631572:0:3:1:5
    // pub:...<SNIP>...
    // fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
    // ```
    // Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
    PgpKeyId string `protobuf:"bytes,2,opt,name=pgp_key_id,json=pgpKeyId,proto3,oneof"`
}

Package attestation imports 6 packages (graph) and is imported by 3 packages. Updated 2020-08-13. Refresh now. Tools for package owners.