Kind takes an unqualified kind and returns back a Group qualified GroupKind.

Resource takes an unqualified resource and returns a Group qualified GroupResource.

SplitPEMCertificateChain returns a list of leaf (non-CA) certificates, a certificate pool for intermediate CA certificates, and a certificate pool for root CA certificates.

ValidateGlob glob compilation by testing against empty string.

ClusterImagePolicyConditionCMUpdated is set to True when the CIP has been successfully added into the ConfigMap holding all the compiled CIPs.

ClusterImagePolicyConditionKeysInlined is set to True when all the Keys have been (Secrets, KMS, etc.) resolved, fetched, validated, and inlined into the compiled representation.

ClusterImagePolicyConditionPoliciesInlined is set to True when all the policies have been resolved, fetched, validated, and inlined into the compiled representation.

ClusterImagePolicyConditionReady is set when the ClusterImagePolicy has been compiled into the underlying ConfigMap properly.

By default the TUF repo contains this prefix, so if it's there, remove it.

TrustRootConditionCMUpdated is set to True when the inline representation has been successfully added to the ConfigMap holding all the TrustRoots.

TrustRootConditionKeysInlined is set to True when keys have been either verified, fetched and verified and inlined into the intermediate representation usable for validation.

TrustRootConditionReady is set when the TrustRoot has been compiled into the underlying ConfigMap properly.

AddToScheme adds the types known to this package to an existing schema.

SchemeBuilder builds a scheme with the types known to the package.

SchemeGroupVersion is group version used to register these objects.

Attestation defines the type of attestation to validate and optionally apply a policy decision to it.

ClusterImagePolicy defines the images that go through verification and the authorities used for verification +genclient +genclient:nonNamespaced +genreconciler:krshapedlogic=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object.

ClusterImagePolicyList is a list of ClusterImagePolicy resources +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object.

ClusterImagePolicySpec defines a list of images that should be verified.

ClusterImagePolicyStatus represents the current state of a ClusterImagePolicy.

ConfigMapReference is cut&paste from SecretReference, but for the life of me couldn't find one in the public types.

Identity may contain the issuer and/or the subject found in the transparency log.

ImagePattern defines a pattern and its associated authorties If multiple patterns match a particular image, then ALL of those authorities must be satisfied for the image to be admitted.

KeylessRef contains location of the validating certificate and the identities against which to verify.

This references a public verification key stored in a secret in the cosign-system namespace.

MatchResource allows selecting resources based on its version, group and resource.

Policy specifies a policy to use for Attestation or the CIP validation (iff at least one authority matches).

Remote specifies the TUF with trusted initial root and remote mirror where to fetch updates from.

RemotePolicy defines all the properties to fetch a remote policy.

Repository specifies an airgapped TUF.

RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds the time-stamped verification for the signature.

SigstoreKeys contains all the necessary Keys and Certificates for validating against a specific instance of Sigstore.

Source specifies the location of the signature / attestations.

StaticRef specifies that signatures / attestations are not validated but instead a static policy is applied against matching images.

TLog specifies the URL to a transparency log that holds the signature and public key information.

TransparencyLogInstance describes the immutable parameters from a transparency log.

TrustRoot defines the keys and certificates that are trusted for validating against.

TrustRootList is a list of TrustRoot resources +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object.

TrustRootSpec defines a trusted Root.

TrustRootStatus represents the current state of a TrustRoot.