Add a policy evaluation library#88
Merged
mtrmac merged 6 commits intocontainers:masterfrom Jun 2, 2016
Merged
Conversation
Contributor
Author
|
(Depends on #75, which will also be affected by the |
mtrmac
force-pushed
the
policy-eval
branch
4 times, most recently
from
2942e5f to
4ab6b25
Compare
Contributor
Author
Done. Calling this finished, ready for review. |
mtrmac
changed the title
Member
|
LGTM feel free to merge it (does it needs a rebase?) |
(The key was one-time-generated in a temporary directory, and is, intentionally, not available.) This is not conceptually related to the rest of the PR, just adding a missing case to the test, except that the added fixture will be reused in a prSignedBy test.
…gnature To support verification of signatures when more than one key, or more than one identity, are accepted, have verifyAndExtract signature accept callbacks (in a struct so that they are explicitly named). verifyAndExtractSignature now also validates the manifest digest. It is intended to become THE SINGLE PLACE where untrusted signature blobs have signatures verified, are validated against other expectations, and parsed, and converted into internal data structures available to other code. Also: - Modifies VerifyDockerManifestSignature to use utils.ManifestMatchesDigest. - Adds a test for Docker reference mismatch in VerifyDockerManifestSignature.
…ace/repo format Using the canonical minimized format of Docker references introduces too many ambiguities. This also removes some validation of the scope string, but all that was really doing was rejecting completely invalid input like uppercase. Sadly it is not qutie obvious that we can detect and reject mistakes like using "busybox" as a scope instead of the correct "docker.io/library/busybox". Perhaps require at least one dot or port number in the host name?
Also move the declaration of the type from the mostly-public policy_types.go to policy_eval.go.
Also move the declaration of the type from the mostly-public policy_types.go to policy_eval.go.
…ImageAllowed PolicyContext is intended to be the primary API for skopeo/signature: supply a policy and an image, and ask specific, well-defined (preferably yes/no) questions.
Contributor
Author
|
Yeah, this included #75 . Will merge after tests, thanks! |
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is now mostly ready for review; in particular the public API structure of
PolicyContext, and the internal abstraction ofPolicyRequirementandPolicyReferenceMatch, are done.The one thing I still want to get done before merging is to eliminate duplication between
signature.goandpolicy_eval_signedby.go.See individual commit messages for a little more detailed descriptions.