Documentation
¶
Index ¶
- Constants
- func DigestForRef(reference string) (string, error)
- func WithExtraIgnoreAnnotations(anns ...string) func(*Attestor)
- func WithExtraIgnoreFields(fields ...string) func(*Attestor)
- func WithKubeContext(context string) func(*Attestor)
- func WithKubeconfigPath(path string) func(*Attestor)
- func WithRecordClusterInfo(record bool) func(*Attestor)
- func WithServerSideDryRun(dryRun bool) func(*Attestor)
- type Attestor
- type ClusterInfo
- type RecordedImage
- type RecordedNode
- type RecordedObject
Constants ¶
const Name = "k8smanifest"
Name is the identifier for this attestor.
const RunType = attestation.PostProductRunType
RunType is the run stage at which this attestor is executed.
const Type = "https://witness.dev/attestations/k8smanifest/v0.2"
Type is the URI identifying the predicate type.
Variables ¶
This section is empty.
Functions ¶
func DigestForRef ¶
func WithExtraIgnoreAnnotations ¶
WithExtraIgnoreAnnotations appends additional ephemeral annotations to ignore.
func WithExtraIgnoreFields ¶
WithExtraIgnoreFields appends additional ephemeral fields to ignore.
func WithKubeContext ¶
WithKubeContext sets the kubeconfig path used in server-side dry-run.
func WithKubeconfigPath ¶
WithKubeconfigPath sets the kubeconfig path used in server-side dry-run.
func WithRecordClusterInfo ¶
WithRecordClusterInfo sets the cluster information recording option.
func WithServerSideDryRun ¶
WithServerSideDryRun sets the server-side dry-run option.
Types ¶
type Attestor ¶
type Attestor struct {
ServerSideDryRun bool `json:"serversidedryrun,omitempty"`
RecordClusterInfo bool `json:"recordclusterinfo,omitempty"`
KubeconfigPath string `json:"kubeconfig,omitempty"`
KubeContext string `json:"kubecontext,omitempty"`
IgnoreFields []string `json:"ignorefields,omitempty" jsonschema:"title=ignorefields"`
IgnoreAnnotations []string `json:"ignoreannotations,omitempty"`
RecordedDocs []RecordedObject `json:"recordeddocs,omitempty"`
ClusterInfo ClusterInfo `json:"clusterinfo"`
// contains filtered or unexported fields
}
Attestor implements the Witness Attestor interface for Kubernetes manifests.
func (*Attestor) Attest ¶
func (a *Attestor) Attest(ctx *attestation.AttestationContext) error
Attest processes any YAML/JSON products, removes ephemeral fields, etc.
func (*Attestor) RunType ¶
func (a *Attestor) RunType() attestation.RunType
RunType satisfies the Attestor interface.
func (*Attestor) Schema ¶
func (a *Attestor) Schema() *jsonschema.Schema
Schema provides a JSON schema for this attestor.
type ClusterInfo ¶
type ClusterInfo struct {
Server string `json:"server"`
RecordedNodes map[string]RecordedNode `json:"nodes"`
}
type RecordedImage ¶
type RecordedImage struct {
Reference string `json:"reference"`
Digest map[string]string `json:"digest"`
}
Recorded image stores the details of images found in kubernetes manifests
type RecordedNode ¶
type RecordedNode struct {
Name string `json:"name"`
Labels map[string]string `json:"labels"`
NodeInfo corev1.NodeSystemInfo `json:"nodeInfo"`
}
type RecordedObject ¶
type RecordedObject struct {
FilePath string `json:"filepath"`
Kind string `json:"kind"`
Name string `json:"name"`
Data json.RawMessage `json:"data"`
SubjectKey string `json:"subjectkey"`
RecordedImages []RecordedImage `json:"recordedimages"`
}
RecordedObject stores ephemeral-cleaned doc details.
Source Files