Kind takes an unqualified kind and returns back a Group qualified GroupKind.

Resource takes an unqualified resource and returns a Group qualified GroupResource.

ValidateGlob glob compilation by testing against empty string.

ClusterImagePolicyConditionCMUpdated is set to True when the CIP has been successfully added into the ConfigMap holding all the compiled CIPs.

ClusterImagePolicyConditionKeysInlined is set to True when all the Keys have been (Secrets, KMS, etc.) resolved, fetched, validated, and inlined into the compiled representation.

ClusterImagePolicyConditionPoliciesInlined is set to True when all the policies have been resolved, fetched, validated, and inlined into the compiled representation.

ClusterImagePolicyReady is set when the ClusterImagePolicy has been compiled into the underlying ConfigMap properly.

AddToScheme adds the types known to this package to an existing schema.

SchemeBuilder builds a scheme with the types known to the package.

SchemeGroupVersion is group version used to register these objects.

Attestation defines the type of attestation to validate and optionally apply a policy decision to it.

The authorities block defines the rules for discovering and validating signatures.

ClusterImagePolicy defines the images that go through verification and the authorities used for verification +genclient +genclient:nonNamespaced +genreconciler:krshapedlogic=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object.

ClusterImagePolicyList is a list of ClusterImagePolicy resources +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object.

ClusterImagePolicySpec defines a list of images that should be verified.

ClusterImagePolicyStatus represents the current state of a ClusterImagePolicy.

ConfigMapReference is cut&paste from SecretReference, but for the life of me couldn't find one in the public types.

Identity may contain the issuer and/or the subject found in the transparency log.

ImagePattern defines a pattern and its associated authorties If multiple patterns match a particular image, then ALL of those authorities must be satisfied for the image to be admitted.

KeylessRef contains location of the validating certificate and the identities against which to verify.

This references a public verification key stored in a secret in the cosign-system namespace.

MatchResource allows selecting resources based on its version, group and resource.

Policy specifies a policy to use for Attestation or the CIP validation (iff at least one authority matches).

RemotePolicy defines all the properties to fetch a remote policy.

RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds the time-stamped verification for the signature.

Source specifies the location of the signature / attestations.

StaticRef specifies that signatures / attestations are not validated but instead a static policy is applied against matching images.

TLog specifies the URL to a transparency log that holds the signature and public key information.