-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathpolicyenforcer.go
54 lines (44 loc) · 2 KB
/
policyenforcer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
/*
Copyright The Ratify Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package ratify
import (
"context"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
// ValidationReport describes the results of verifying an artifact and its
// nested artifacts by available verifiers.
type ValidationReport struct {
// Subject is the subject reference of the artifact being verified.
// Required.
Subject string
// Results are generated by verifiers while verifying the subject against
// the referrer artifact. Required.
// e.g. If the Subject is a container image, Artifact is a descriptor to
// Notation signature. Results are generated by Notation verifiers verifying
// the image against the signature.
Results []*VerificationResult
// Artifact is the descriptor of the referrer artifact being verified
// against with. Required.
Artifact ocispec.Descriptor
// ArtifactReports is reports of verifying referrer artifacts. Optional.
// e.g. If the Subject is a container image, Artifact is a descriptor to
// SBOM which is signed by a Notation signature. ArtifactReports are
// generated by the executor verifying the SBOM against the signature.
ArtifactReports []*ValidationReport
}
// PolicyEnforcer is an interface with methods that make policy decisions.
type PolicyEnforcer interface {
// Evaluate determines the final outcome of validation reports generated by
// the executor verifying the subject artifact and its associated artifacts.
Evaluate(ctx context.Context, artifactReports []*ValidationReport) (bool, error)
}