trust

package

v28.1.1+incompatible Latest Latest Go to latest Published: Apr 18, 2025 License: Apache-2.0 Imports: 36 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

d.zyszy.best/docker/cli

Documentation ¶

Index ¶

Constants
Variables
func AddToAllSignableRoles(repo client.Repository, target *client.Target) error
func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, ...) (client.Repository, error)
func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever
func GetSignableRoles(repo client.Repository, target *client.Target) ([]data.RoleName, error)
func GetTrustDirectory() string
func NotaryError(repoName string, err error) error
func PushTrustedReference(ctx context.Context, ioStreams Streams, repoInfo *registry.RepositoryInfo, ...) error
func Server(index *registrytypes.IndexInfo) (string, error)
func TagTrusted(ctx context.Context, apiClient client.ImageAPIClient, out io.Writer, ...) error
type ImageRefAndAuth
- func GetImageReferencesAndAuth(ctx context.Context, ...) (ImageRefAndAuth, error)
type Streams

Constants ¶

View Source

const NotaryServer = "https://notary.docker.io"

NotaryServer is the endpoint serving the Notary trust server

Variables ¶

View Source

var (
	// ReleasesRole is the role named "releases"
	ReleasesRole = data.RoleName(path.Join(data.CanonicalTargetsRole.String(), "releases"))
	// ActionsPullOnly defines the actions for read-only interactions with a Notary Repository
	ActionsPullOnly = []string{"pull"}
	// ActionsPushAndPull defines the actions for read-write interactions with a Notary Repository
	ActionsPushAndPull = []string{"pull", "push"}
)

Functions ¶

func AddToAllSignableRoles ¶

func AddToAllSignableRoles(repo client.Repository, target *client.Target) error

AddToAllSignableRoles attempts to add the image target to all the top level delegation roles we can (based on whether we have the signing key and whether the role's path allows us to).

If there are no delegation roles, we add to the targets role.

func GetNotaryRepository ¶

func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *registry.RepositoryInfo, authConfig *registrytypes.AuthConfig, actions ...string) (client.Repository, error)

GetNotaryRepository returns a NotaryRepository which stores all the information needed to operate on a notary repository. It creates an HTTP transport providing authentication support.

func GetPassphraseRetriever ¶

func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever

GetPassphraseRetriever returns a passphrase retriever that utilizes Content Trust env vars

func GetSignableRoles ¶

func GetSignableRoles(repo client.Repository, target *client.Target) ([]data.RoleName, error)

GetSignableRoles returns a list of roles for which we have valid signing keys, given a notary repository and a target

func GetTrustDirectory ¶

func GetTrustDirectory() string

GetTrustDirectory returns the base trust directory name

func NotaryError ¶

func NotaryError(repoName string, err error) error

NotaryError formats an error message received from the notary service

func PushTrustedReference ¶

func PushTrustedReference(ctx context.Context, ioStreams Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader, userAgent string) error

PushTrustedReference pushes a canonical reference to the trust server.

func Server ¶

func Server(index *registrytypes.IndexInfo) (string, error)

Server returns the base URL for the trust server.

func TagTrusted ¶

func TagTrusted(ctx context.Context, apiClient client.ImageAPIClient, out io.Writer, trustedRef reference.Canonical, ref reference.NamedTagged) error

TagTrusted tags a trusted ref. It is a shallow wrapper around [client.Client.ImageTag] that updates the given image references to their familiar format for tagging and printing.

Types ¶

type ImageRefAndAuth ¶

type ImageRefAndAuth struct {
	// contains filtered or unexported fields
}

ImageRefAndAuth contains all reference information and the auth config for an image request

func GetImageReferencesAndAuth ¶

func GetImageReferencesAndAuth(ctx context.Context,
	authResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig,
	imgName string,
) (ImageRefAndAuth, error)

GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name as an ImageRefAndAuth struct

func (*ImageRefAndAuth) AuthConfig ¶

func (imgRefAuth *ImageRefAndAuth) AuthConfig() *registrytypes.AuthConfig

AuthConfig returns the auth information (username, etc) for a given ImageRefAndAuth

func (*ImageRefAndAuth) Digest ¶

func (imgRefAuth *ImageRefAndAuth) Digest() digest.Digest

Digest returns the Image digest for a given ImageRefAndAuth

func (*ImageRefAndAuth) Name ¶

func (imgRefAuth *ImageRefAndAuth) Name() string

Name returns the image name used to initialize the ImageRefAndAuth

func (*ImageRefAndAuth) Reference ¶

func (imgRefAuth *ImageRefAndAuth) Reference() reference.Named

Reference returns the Image reference for a given ImageRefAndAuth

func (*ImageRefAndAuth) RepoInfo ¶

func (imgRefAuth *ImageRefAndAuth) RepoInfo() *registry.RepositoryInfo

RepoInfo returns the repository information for a given ImageRefAndAuth

func (*ImageRefAndAuth) Tag ¶

func (imgRefAuth *ImageRefAndAuth) Tag() string

Tag returns the Image tag for a given ImageRefAndAuth

type Streams ¶

type Streams interface {
	In() *streams.In
	Out() *streams.Out
	Err() *streams.Out
}

Streams is an interface which exposes the standard input and output streams.

Same interface as github.com/docker/cli/cli/command.Streams but defined here to prevent a circular import.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL