1{
2"signatures": [],
3"signed": {
4 "_type": "layout",
5 "expires": "2030-11-18T16:06:36Z",
6 "inspect": [
7 {
8 "_type": "inspection",
9 "expected_materials": [
10 [
11 "MATCH",
12 "foo.tar.gz",
13 "WITH",
14 "PRODUCTS",
15 "FROM",
16 "package"
17 ],
18 [
19 "DISALLOW",
20 "foo.tar.gz"
21 ]
22 ],
23 "expected_products": [
24 [
25 "MATCH",
26 "foo.py",
27 "WITH",
28 "PRODUCTS",
29 "FROM",
30 "write-code"
31 ],
32 [
33 "DISALLOW",
34 "foo.py"
35 ]
36 ],
37 "name": "untar",
38 "run": [
39 "tar",
40 "xfz",
41 "foo.tar.gz"
42 ]
43 }
44 ],
45 "intermediatecas": {},
46 "keys": {},
47 "readme": "",
48 "rootcas": {
49 {{ROOTCA}}
50 },
51 "steps": [
52 {
53 "_type": "step",
54 "cert_constraints": [
55 {
56 "common_name": "*",
57 "dns_names": [
58 ""
59 ],
60 "emails": [
61 ""
62 ],
63 "organizations": [
64 "*"
65 ],
66 "roots": [
67 "*"
68 ],
69 "uris": [
70 "spiffe://example.com/write-code"
71 ]
72 }
73 ],
74 "expected_command": ["sh -c echo hello > foo.py"],
75 "expected_materials": [],
76 "expected_products": [
77 [
78 "ALLOW",
79 "foo.py"
80 ]
81 ],
82 "name": "write-code",
83 "pubkeys": [],
84 "threshold": 1
85 },
86 {
87 "_type": "step",
88 "cert_constraints": [
89 {
90 "common_name": "*",
91 "dns_names": [
92 ""
93 ],
94 "emails": [
95 ""
96 ],
97 "organizations": [
98 "*"
99 ],
100 "roots": [
101 "*"
102 ],
103 "uris": [
104 "spiffe://example.com/package"
105 ]
106 }
107 ],
108 "expected_command": [
109 "tar",
110 "zcvf",
111 "foo.tar.gz",
112 "foo.py"
113 ],
114 "expected_materials": [
115 [
116 "MATCH",
117 "foo.py",
118 "WITH",
119 "PRODUCTS",
120 "FROM",
121 "write-code"
122 ],
123 [
124 "DISALLOW",
125 "*"
126 ]
127 ],
128 "expected_products": [
129 [
130 "ALLOW",
131 "foo.tar.gz"
132 ],
133 [
134 "ALLOW",
135 "foo.py"
136 ]
137 ],
138 "name": "package",
139 "pubkeys": [],
140 "threshold": 1
141 }
142 ]
143}
144}
View as plain text