From b43f6bc325dff5f9c9e765307571b8acdb6eadf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Wed, 29 Jan 2025 22:59:11 +0200 Subject: [PATCH 1/2] Simplify completion flag file/dirname marking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ville Skyttä --- cmd/cosign/cli/options/attest.go | 6 +++--- cmd/cosign/cli/options/attest_blob.go | 14 +++++++------- cmd/cosign/cli/options/certificate.go | 8 ++++---- cmd/cosign/cli/options/files.go | 2 +- cmd/cosign/cli/options/import_key_pair.go | 4 ++-- cmd/cosign/cli/options/initialize.go | 2 +- cmd/cosign/cli/options/load.go | 2 +- cmd/cosign/cli/options/oidc.go | 2 +- cmd/cosign/cli/options/pkcs11_tool.go | 4 ++-- cmd/cosign/cli/options/public_key.go | 4 ++-- cmd/cosign/cli/options/root.go | 2 +- cmd/cosign/cli/options/save.go | 2 +- cmd/cosign/cli/options/sign.go | 16 ++++++++-------- cmd/cosign/cli/options/signblob.go | 10 +++++----- cmd/cosign/cli/options/trustedroot.go | 2 +- cmd/cosign/cli/options/upload.go | 2 +- cmd/cosign/cli/options/verify.go | 2 +- 17 files changed, 42 insertions(+), 42 deletions(-) diff --git a/cmd/cosign/cli/options/attest.go b/cmd/cosign/cli/options/attest.go index 8139cddaefa..cbcbff9b1b6 100644 --- a/cmd/cosign/cli/options/attest.go +++ b/cmd/cosign/cli/options/attest.go @@ -54,18 +54,18 @@ func (o *AttestOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{"key"}) + _ = cmd.MarkFlagFilename("key", "key") cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", "cert") cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", "cert") cmd.Flags().BoolVar(&o.NoUpload, "no-upload", false, "do not upload the generated attestation") diff --git a/cmd/cosign/cli/options/attest_blob.go b/cmd/cosign/cli/options/attest_blob.go index b6f48b49671..14bd51d42a3 100644 --- a/cmd/cosign/cli/options/attest_blob.go +++ b/cmd/cosign/cli/options/attest_blob.go @@ -58,33 +58,33 @@ func (o *AttestBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{"key"}) + _ = cmd.MarkFlagFilename("key", "key") cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", "cert") cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", "cert") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-signature") cmd.Flags().StringVar(&o.OutputAttestation, "output-attestation", "", "write the attestation to FILE") cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key") cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") - _ = cmd.Flags().SetAnnotation("bundle", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("bundle") // TODO: have this default to true as a breaking change cmd.Flags().BoolVar(&o.NewBundleFormat, "new-bundle-format", false, @@ -107,5 +107,5 @@ func (o *AttestBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp-bundle", "", "path to an RFC 3161 timestamp bundle FILE") - _ = cmd.Flags().SetAnnotation("rfc3161-timestamp-bundle", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("rfc3161-timestamp-bundle") } diff --git a/cmd/cosign/cli/options/certificate.go b/cmd/cosign/cli/options/certificate.go index 3df7b4b962e..ff4c5920e1b 100644 --- a/cmd/cosign/cli/options/certificate.go +++ b/cmd/cosign/cli/options/certificate.go @@ -46,7 +46,7 @@ var _ Interface = (*RekorOptions)(nil) func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed.") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", "cert") cmd.Flags().StringVar(&o.CertIdentity, "certificate-identity", "", "The identity expected in a valid Fulcio certificate. Valid values include email address, DNS names, IP addresses, and URIs. Either --certificate-identity or --certificate-identity-regexp must be set for keyless flows.") @@ -82,18 +82,18 @@ func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chains for the signing certificate. "+ "The flag is optional and must be used together with --ca-roots, conflicts with "+ "--certificate-chain.") - _ = cmd.Flags().SetAnnotation("ca-intermediates", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("ca-intermediates", "cert") cmd.Flags().StringVar(&o.CARoots, "ca-roots", "", "path to a bundle file of CA certificates in PEM format which will be needed "+ "when building the certificate chains for the signing certificate. Conflicts with --certificate-chain.") - _ = cmd.Flags().SetAnnotation("ca-roots", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("ca-roots", "cert") cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Conflicts with --ca-roots and --ca-intermediates.") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", "cert") cmd.MarkFlagsMutuallyExclusive("ca-roots", "certificate-chain") cmd.MarkFlagsMutuallyExclusive("ca-intermediates", "certificate-chain") diff --git a/cmd/cosign/cli/options/files.go b/cmd/cosign/cli/options/files.go index 0467ac1c622..6e4a2a91cd9 100644 --- a/cmd/cosign/cli/options/files.go +++ b/cmd/cosign/cli/options/files.go @@ -54,5 +54,5 @@ func (o *FilesOptions) String() string { func (o *FilesOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringSliceVarP(&o.Files, "files", "f", nil, ":[platform/arch]") - _ = cmd.Flags().SetAnnotation("files", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("files") } diff --git a/cmd/cosign/cli/options/import_key_pair.go b/cmd/cosign/cli/options/import_key_pair.go index 9c645fed0a0..692bc0b3ecb 100644 --- a/cmd/cosign/cli/options/import_key_pair.go +++ b/cmd/cosign/cli/options/import_key_pair.go @@ -36,11 +36,11 @@ var _ Interface = (*ImportKeyPairOptions)(nil) func (o *ImportKeyPairOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.Key, "key", "k", "", "import key pair to use for signing") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key") cmd.Flags().StringVarP(&o.OutputKeyPrefix, "output-key-prefix", "o", "import-cosign", "name used for outputted key pairs") - _ = cmd.Flags().SetAnnotation("output-key-prefix", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-key-prefix") cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, "skip confirmation prompts for overwriting existing key") diff --git a/cmd/cosign/cli/options/initialize.go b/cmd/cosign/cli/options/initialize.go index 9af970e0ad5..d5eed5346a6 100644 --- a/cmd/cosign/cli/options/initialize.go +++ b/cmd/cosign/cli/options/initialize.go @@ -36,7 +36,7 @@ func (o *InitializeOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Root, "root", "", "path to trusted initial root. defaults to embedded root") - _ = cmd.Flags().SetAnnotation("root", cobra.BashCompSubdirsInDir, []string{}) + _ = cmd.MarkFlagDirname("root") cmd.Flags().StringVar(&o.RootChecksum, "root-checksum", "", "checksum of the initial root, required if root is downloaded via http(s). expects sha256 by default, can be changed to sha512 by providing sha512:") diff --git a/cmd/cosign/cli/options/load.go b/cmd/cosign/cli/options/load.go index 167361d087e..c2c54abc0ff 100644 --- a/cmd/cosign/cli/options/load.go +++ b/cmd/cosign/cli/options/load.go @@ -32,6 +32,6 @@ func (o *LoadOptions) AddFlags(cmd *cobra.Command) { o.Registry.AddFlags(cmd) cmd.Flags().StringVar(&o.Directory, "dir", "", "path to directory where the signed image is stored on disk") - _ = cmd.Flags().SetAnnotation("dir", cobra.BashCompSubdirsInDir, []string{}) + _ = cmd.MarkFlagDirname("dir") _ = cmd.MarkFlagRequired("dir") } diff --git a/cmd/cosign/cli/options/oidc.go b/cmd/cosign/cli/options/oidc.go index c68421be604..52bfb7e711a 100644 --- a/cmd/cosign/cli/options/oidc.go +++ b/cmd/cosign/cli/options/oidc.go @@ -64,7 +64,7 @@ func (o *OIDCOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.clientSecretFile, "oidc-client-secret-file", "", "Path to file containing OIDC client secret for application") - _ = cmd.Flags().SetAnnotation("oidc-client-secret-file", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("oidc-client-secret-file") cmd.Flags().StringVar(&o.RedirectURL, "oidc-redirect-url", "", "OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.") diff --git a/cmd/cosign/cli/options/pkcs11_tool.go b/cmd/cosign/cli/options/pkcs11_tool.go index e673184e2d3..19f6deaac35 100644 --- a/cmd/cosign/cli/options/pkcs11_tool.go +++ b/cmd/cosign/cli/options/pkcs11_tool.go @@ -31,7 +31,7 @@ var _ Interface = (*PKCS11ToolListTokensOptions)(nil) func (o *PKCS11ToolListTokensOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", env.Getenv(env.VariablePKCS11ModulePath), "absolute path to the PKCS11 module") - _ = cmd.Flags().SetAnnotation("module-path", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("module-path") } // PKCS11ToolListKeysUrisOptions is the wrapper for `pkcs11-tool list-keys-uris` related options. @@ -47,7 +47,7 @@ var _ Interface = (*PKCS11ToolListKeysUrisOptions)(nil) func (o *PKCS11ToolListKeysUrisOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", env.Getenv(env.VariablePKCS11ModulePath), "absolute path to the PKCS11 module") - _ = cmd.Flags().SetAnnotation("module-path", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("module-path") cmd.Flags().UintVar(&o.SlotID, "slot-id", 0, "id of the PKCS11 slot, uses 0 if empty") diff --git a/cmd/cosign/cli/options/public_key.go b/cmd/cosign/cli/options/public_key.go index e3c7341a31b..835894a3ee0 100644 --- a/cmd/cosign/cli/options/public_key.go +++ b/cmd/cosign/cli/options/public_key.go @@ -34,9 +34,9 @@ func (o *PublicKeyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key") cmd.Flags().StringVar(&o.OutFile, "outfile", "", "path to a payload file to use rather than generating one") - _ = cmd.Flags().SetAnnotation("outfile", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("outfile") } diff --git a/cmd/cosign/cli/options/root.go b/cmd/cosign/cli/options/root.go index cb15af0dc31..99a611b7800 100644 --- a/cmd/cosign/cli/options/root.go +++ b/cmd/cosign/cli/options/root.go @@ -44,7 +44,7 @@ var _ Interface = (*RootOptions)(nil) func (o *RootOptions) AddFlags(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&o.OutputFile, "output-file", "", "log output to a file") - _ = cmd.Flags().SetAnnotation("output-file", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-file") cmd.PersistentFlags().BoolVarP(&o.Verbose, "verbose", "d", false, "log debug output") diff --git a/cmd/cosign/cli/options/save.go b/cmd/cosign/cli/options/save.go index 7c4f623de61..761d4bb42eb 100644 --- a/cmd/cosign/cli/options/save.go +++ b/cmd/cosign/cli/options/save.go @@ -32,6 +32,6 @@ func (o *SaveOptions) AddFlags(cmd *cobra.Command) { o.Registry.AddFlags(cmd) cmd.Flags().StringVar(&o.Directory, "dir", "", "path to dir where the signed image should be stored on disk") - _ = cmd.Flags().SetAnnotation("dir", cobra.BashCompSubdirsInDir, []string{}) + _ = cmd.MarkFlagDirname("dir") _ = cmd.MarkFlagRequired("dir") } diff --git a/cmd/cosign/cli/options/sign.go b/cmd/cosign/cli/options/sign.go index 70ec9acab62..cbf8c5bb121 100644 --- a/cmd/cosign/cli/options/sign.go +++ b/cmd/cosign/cli/options/sign.go @@ -66,36 +66,36 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key") cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", "cert") cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", "cert") cmd.Flags().BoolVar(&o.Upload, "upload", true, "whether to upload the signature") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-signature") cmd.Flags().StringVar(&o.OutputPayload, "output-payload", "", "write the signed payload to FILE") - _ = cmd.Flags().SetAnnotation("output-payload", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-payload") cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.Flags().SetAnnotation("output-certificate", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-certificate") cmd.Flags().StringVar(&o.PayloadPath, "payload", "", "path to a payload file to use rather than generating one") - _ = cmd.Flags().SetAnnotation("payload", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("payload") cmd.Flags().BoolVarP(&o.Recursive, "recursive", "r", false, "if a multi-arch image is specified, additionally sign each discrete image") @@ -124,7 +124,7 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAServerURL, "timestamp-server-url", "", "url to the Timestamp RFC3161 server, default none. Must be the path to the API to request timestamp responses, e.g. https://freetsa.org/tsr") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", "cert") cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false, "issue a code signing certificate from Fulcio, even if a key is provided") diff --git a/cmd/cosign/cli/options/signblob.go b/cmd/cosign/cli/options/signblob.go index d6326690684..87821f6ef67 100644 --- a/cmd/cosign/cli/options/signblob.go +++ b/cmd/cosign/cli/options/signblob.go @@ -56,25 +56,25 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key") cmd.Flags().BoolVar(&o.Base64Output, "b64", true, "whether to base64 encode the output") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-signature") // TODO: remove when output flag is fully deprecated cmd.Flags().StringVar(&o.Output, "output", "", "write the signature to FILE") cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-certificate") cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") - _ = cmd.Flags().SetAnnotation("bundle", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("bundle") // TODO: have this default to true as a breaking change cmd.Flags().BoolVar(&o.NewBundleFormat, "new-bundle-format", false, @@ -103,7 +103,7 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp", "", "write the RFC3161 timestamp to a file") - _ = cmd.Flags().SetAnnotation("rfc3161-timestamp", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("rfc3161-timestamp") cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false, "issue a code signing certificate from Fulcio, even if a key is provided") diff --git a/cmd/cosign/cli/options/trustedroot.go b/cmd/cosign/cli/options/trustedroot.go index 298d34d9c8a..c668f7394f0 100644 --- a/cmd/cosign/cli/options/trustedroot.go +++ b/cmd/cosign/cli/options/trustedroot.go @@ -37,7 +37,7 @@ func (o *TrustedRootCreateOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate.") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", "cert") cmd.Flags().StringArrayVar(&o.CtfeKeyPath, "ctfe-key", nil, "path to a PEM-encoded public key used by certificate authority for "+ diff --git a/cmd/cosign/cli/options/upload.go b/cmd/cosign/cli/options/upload.go index 9ef6a0b72f5..64c4784e523 100644 --- a/cmd/cosign/cli/options/upload.go +++ b/cmd/cosign/cli/options/upload.go @@ -54,6 +54,6 @@ func (o *UploadWASMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.File, "file", "f", "", "path to the wasm file to upload") - _ = cmd.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("file") _ = cmd.MarkFlagRequired("file") } diff --git a/cmd/cosign/cli/options/verify.go b/cmd/cosign/cli/options/verify.go index 3cdbb0e8a62..7f83c0c77a1 100644 --- a/cmd/cosign/cli/options/verify.go +++ b/cmd/cosign/cli/options/verify.go @@ -92,7 +92,7 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the public key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key") cmd.Flags().BoolVar(&o.CheckClaims, "check-claims", true, "whether to check the claims found") From b6ac9b3224f088cb2a453152a8447e09a5893c36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Wed, 29 Jan 2025 23:06:51 +0200 Subject: [PATCH 2/2] Improve flag filename completions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Be more consistent across with extensions accepted/filtered, add some. Also, mark and comment out cases where there are no known typical filename extensions for flags taking filename arguments, to make it obvious that they have not been inadvertently omitted. Marking a flag as filename without specifying extensions is a no-op, and actually considered a bug per commentary in cobra sources: https://github.com/spf13/cobra/blob/41b26ec8bb59dfba580f722201bf371c4f5703dd/completions.go#L387-L390 Closes https://github.com/sigstore/community/issues/538 Signed-off-by: Ville Skyttä --- cmd/cosign/cli/options/attach.go | 2 +- cmd/cosign/cli/options/attest.go | 6 ++-- cmd/cosign/cli/options/attest_blob.go | 15 +++++----- cmd/cosign/cli/options/bundle.go | 8 ++++++ cmd/cosign/cli/options/certificate.go | 9 +++--- cmd/cosign/cli/options/files.go | 2 +- cmd/cosign/cli/options/fulcio.go | 1 + cmd/cosign/cli/options/import_key_pair.go | 4 +-- cmd/cosign/cli/options/oidc.go | 2 +- cmd/cosign/cli/options/options.go | 34 +++++++++++++++++++++++ cmd/cosign/cli/options/pkcs11_tool.go | 4 +-- cmd/cosign/cli/options/predicate.go | 1 + cmd/cosign/cli/options/public_key.go | 4 +-- cmd/cosign/cli/options/registry.go | 3 ++ cmd/cosign/cli/options/root.go | 2 +- cmd/cosign/cli/options/sign.go | 20 +++++++------ cmd/cosign/cli/options/signblob.go | 14 ++++++---- cmd/cosign/cli/options/trustedroot.go | 6 +++- cmd/cosign/cli/options/upload.go | 2 +- cmd/cosign/cli/options/verify.go | 5 +++- 20 files changed, 104 insertions(+), 40 deletions(-) diff --git a/cmd/cosign/cli/options/attach.go b/cmd/cosign/cli/options/attach.go index cb7b9a2ceb3..17174305d1f 100644 --- a/cmd/cosign/cli/options/attach.go +++ b/cmd/cosign/cli/options/attach.go @@ -80,7 +80,7 @@ func (o *AttachSBOMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.SBOM, "sbom", "", "path to the sbom, or {-} for stdin") - _ = cmd.Flags().SetAnnotation("sbom", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("sbom", sbomExts...) cmd.Flags().StringVar(&o.SBOMType, "type", "spdx", "type of sbom (spdx|cyclonedx|syft)") diff --git a/cmd/cosign/cli/options/attest.go b/cmd/cosign/cli/options/attest.go index cbcbff9b1b6..eca2c93d492 100644 --- a/cmd/cosign/cli/options/attest.go +++ b/cmd/cosign/cli/options/attest.go @@ -54,18 +54,18 @@ func (o *AttestOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.MarkFlagFilename("key", "key") + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.MarkFlagFilename("certificate", "cert") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.MarkFlagFilename("certificate-chain", "cert") + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().BoolVar(&o.NoUpload, "no-upload", false, "do not upload the generated attestation") diff --git a/cmd/cosign/cli/options/attest_blob.go b/cmd/cosign/cli/options/attest_blob.go index 14bd51d42a3..b641c5b328e 100644 --- a/cmd/cosign/cli/options/attest_blob.go +++ b/cmd/cosign/cli/options/attest_blob.go @@ -58,33 +58,34 @@ func (o *AttestBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.MarkFlagFilename("key", "key") + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.MarkFlagFilename("certificate", "cert") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.MarkFlagFilename("certificate-chain", "cert") + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.MarkFlagFilename("output-signature") + _ = cmd.MarkFlagFilename("output-signature", signatureExts...) cmd.Flags().StringVar(&o.OutputAttestation, "output-attestation", "", "write the attestation to FILE") + // _ = cmd.MarkFlagFilename("output-attestation") // no typical extensions cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.MarkFlagFilename("key") + _ = cmd.MarkFlagFilename("key", certificateExts...) cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") - _ = cmd.MarkFlagFilename("bundle") + _ = cmd.MarkFlagFilename("bundle", bundleExts...) // TODO: have this default to true as a breaking change cmd.Flags().BoolVar(&o.NewBundleFormat, "new-bundle-format", false, @@ -107,5 +108,5 @@ func (o *AttestBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp-bundle", "", "path to an RFC 3161 timestamp bundle FILE") - _ = cmd.MarkFlagFilename("rfc3161-timestamp-bundle") + // _ = cmd.MarkFlagFilename("rfc3161-timestamp-bundle") // no typical extensions } diff --git a/cmd/cosign/cli/options/bundle.go b/cmd/cosign/cli/options/bundle.go index 68c1cdc11c3..a8a090d4c2b 100644 --- a/cmd/cosign/cli/options/bundle.go +++ b/cmd/cosign/cli/options/bundle.go @@ -39,15 +39,19 @@ var _ Interface = (*BundleCreateOptions)(nil) func (o *BundleCreateOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Artifact, "artifact", "", "path to artifact FILE") + // _ = cmd.MarkFlagFilename("artifact") // no typical extensions cmd.Flags().StringVar(&o.AttestationPath, "attestation", "", "path to attestation FILE") + // _ = cmd.MarkFlagFilename("attestation") // no typical extensions cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "path to old format bundle FILE") + _ = cmd.MarkFlagFilename("bundle", bundleExts...) cmd.Flags().StringVar(&o.CertificatePath, "certificate", "", "path to the signing certificate, likely from Fulco.") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().BoolVar(&o.IgnoreTlog, "ignore-tlog", false, "ignore transparency log verification, to be used when an artifact "+ @@ -55,17 +59,21 @@ func (o *BundleCreateOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.KeyRef, "key", "", "path to the public key file, KMS URI or Kubernetes Secret") + _ = cmd.MarkFlagFilename("key", publicKeyExts...) cmd.Flags().StringVar(&o.Out, "out", "", "path to output bundle") + _ = cmd.MarkFlagFilename("out", bundleExts...) cmd.Flags().StringVar(&o.RekorURL, "rekor-url", "https://rekor.sigstore.dev", "address of rekor STL server") cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp", "", "path to RFC3161 timestamp FILE") + // _ = cmd.MarkFlagFilename("rfc3161-timestamp") // no typical extensions cmd.Flags().StringVar(&o.SignaturePath, "signature", "", "path to base64-encoded signature over attestation in DSSE format") + _ = cmd.MarkFlagFilename("signature", signatureExts...) cmd.Flags().BoolVar(&o.Sk, "sk", false, "whether to use a hardware security key") diff --git a/cmd/cosign/cli/options/certificate.go b/cmd/cosign/cli/options/certificate.go index ff4c5920e1b..b14d408fe20 100644 --- a/cmd/cosign/cli/options/certificate.go +++ b/cmd/cosign/cli/options/certificate.go @@ -46,7 +46,7 @@ var _ Interface = (*RekorOptions)(nil) func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed.") - _ = cmd.MarkFlagFilename("certificate", "cert") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertIdentity, "certificate-identity", "", "The identity expected in a valid Fulcio certificate. Valid values include email address, DNS names, IP addresses, and URIs. Either --certificate-identity or --certificate-identity-regexp must be set for keyless flows.") @@ -82,24 +82,25 @@ func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chains for the signing certificate. "+ "The flag is optional and must be used together with --ca-roots, conflicts with "+ "--certificate-chain.") - _ = cmd.MarkFlagFilename("ca-intermediates", "cert") + _ = cmd.MarkFlagFilename("ca-intermediates", certificateExts...) cmd.Flags().StringVar(&o.CARoots, "ca-roots", "", "path to a bundle file of CA certificates in PEM format which will be needed "+ "when building the certificate chains for the signing certificate. Conflicts with --certificate-chain.") - _ = cmd.MarkFlagFilename("ca-roots", "cert") + _ = cmd.MarkFlagFilename("ca-roots", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Conflicts with --ca-roots and --ca-intermediates.") - _ = cmd.MarkFlagFilename("certificate-chain", "cert") + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.MarkFlagsMutuallyExclusive("ca-roots", "certificate-chain") cmd.MarkFlagsMutuallyExclusive("ca-intermediates", "certificate-chain") cmd.Flags().StringVar(&o.SCT, "sct", "", "path to a detached Signed Certificate Timestamp, formatted as a RFC6962 AddChainResponse struct. "+ "If a certificate contains an SCT, verification will check both the detached and embedded SCTs.") + // _ = cmd.MarkFlagFilename("sct") // no typical extensions cmd.Flags().BoolVar(&o.IgnoreSCT, "insecure-ignore-sct", false, "when set, verification will not check that a certificate contains an embedded SCT, a proof of "+ "inclusion in a certificate transparency log") diff --git a/cmd/cosign/cli/options/files.go b/cmd/cosign/cli/options/files.go index 6e4a2a91cd9..1d3bde17c2e 100644 --- a/cmd/cosign/cli/options/files.go +++ b/cmd/cosign/cli/options/files.go @@ -54,5 +54,5 @@ func (o *FilesOptions) String() string { func (o *FilesOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringSliceVarP(&o.Files, "files", "f", nil, ":[platform/arch]") - _ = cmd.MarkFlagFilename("files") + // _ = cmd.MarkFlagFilename("files") // no typical extensions } diff --git a/cmd/cosign/cli/options/fulcio.go b/cmd/cosign/cli/options/fulcio.go index 139731a77ce..e30d6b63813 100644 --- a/cmd/cosign/cli/options/fulcio.go +++ b/cmd/cosign/cli/options/fulcio.go @@ -39,6 +39,7 @@ func (o *FulcioOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.IdentityToken, "identity-token", "", "identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted.") + // _ = cmd.MarkFlagFilename("identity-token") // no typical extensions cmd.Flags().StringVar(&o.AuthFlow, "fulcio-auth-flow", "", "fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials") diff --git a/cmd/cosign/cli/options/import_key_pair.go b/cmd/cosign/cli/options/import_key_pair.go index 692bc0b3ecb..55e66c226a0 100644 --- a/cmd/cosign/cli/options/import_key_pair.go +++ b/cmd/cosign/cli/options/import_key_pair.go @@ -36,11 +36,11 @@ var _ Interface = (*ImportKeyPairOptions)(nil) func (o *ImportKeyPairOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.Key, "key", "k", "", "import key pair to use for signing") - _ = cmd.MarkFlagFilename("key") + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVarP(&o.OutputKeyPrefix, "output-key-prefix", "o", "import-cosign", "name used for outputted key pairs") - _ = cmd.MarkFlagFilename("output-key-prefix") + // _ = cmd.MarkFlagFilename("output-key-prefix") // no typical extensions cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, "skip confirmation prompts for overwriting existing key") diff --git a/cmd/cosign/cli/options/oidc.go b/cmd/cosign/cli/options/oidc.go index 52bfb7e711a..b62e2d14db2 100644 --- a/cmd/cosign/cli/options/oidc.go +++ b/cmd/cosign/cli/options/oidc.go @@ -64,7 +64,7 @@ func (o *OIDCOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.clientSecretFile, "oidc-client-secret-file", "", "Path to file containing OIDC client secret for application") - _ = cmd.MarkFlagFilename("oidc-client-secret-file") + // _ = cmd.MarkFlagFilename("oidc-client-secret-file") // no typical extensions cmd.Flags().StringVar(&o.RedirectURL, "oidc-redirect-url", "", "OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.") diff --git a/cmd/cosign/cli/options/options.go b/cmd/cosign/cli/options/options.go index f69d8309e29..014348549d9 100644 --- a/cmd/cosign/cli/options/options.go +++ b/cmd/cosign/cli/options/options.go @@ -21,3 +21,37 @@ type Interface interface { // AddFlags adds this options' flags to the cobra command. AddFlags(cmd *cobra.Command) } + +var bundleExts = []string{ + "bundle", +} +var certificateExts = []string{ + "cert", + "crt", + "pem", +} +var logExts = []string{ + "log", +} +var moduleExts = []string{ + "dll", + "dylib", + "so", +} +var privateKeyExts = []string{ + "key", +} +var publicKeyExts = []string{ + "pub", +} +var sbomExts = []string{ + "json", + "xml", + "spdx", +} +var signatureExts = []string{ + "sig", +} +var wasmExts = []string{ + "wasm", +} diff --git a/cmd/cosign/cli/options/pkcs11_tool.go b/cmd/cosign/cli/options/pkcs11_tool.go index 19f6deaac35..c391e9de7b6 100644 --- a/cmd/cosign/cli/options/pkcs11_tool.go +++ b/cmd/cosign/cli/options/pkcs11_tool.go @@ -31,7 +31,7 @@ var _ Interface = (*PKCS11ToolListTokensOptions)(nil) func (o *PKCS11ToolListTokensOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", env.Getenv(env.VariablePKCS11ModulePath), "absolute path to the PKCS11 module") - _ = cmd.MarkFlagFilename("module-path") + _ = cmd.MarkFlagFilename("module-path", moduleExts...) } // PKCS11ToolListKeysUrisOptions is the wrapper for `pkcs11-tool list-keys-uris` related options. @@ -47,7 +47,7 @@ var _ Interface = (*PKCS11ToolListKeysUrisOptions)(nil) func (o *PKCS11ToolListKeysUrisOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", env.Getenv(env.VariablePKCS11ModulePath), "absolute path to the PKCS11 module") - _ = cmd.MarkFlagFilename("module-path") + _ = cmd.MarkFlagFilename("module-path", moduleExts...) cmd.Flags().UintVar(&o.SlotID, "slot-id", 0, "id of the PKCS11 slot, uses 0 if empty") diff --git a/cmd/cosign/cli/options/predicate.go b/cmd/cosign/cli/options/predicate.go index af05ce46954..b5a01f7cfab 100644 --- a/cmd/cosign/cli/options/predicate.go +++ b/cmd/cosign/cli/options/predicate.go @@ -94,6 +94,7 @@ func (o *PredicateLocalOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Path, "predicate", "", "path to the predicate file.") + _ = cmd.MarkFlagFilename("predicate", sbomExts...) _ = cmd.MarkFlagRequired("predicate") } diff --git a/cmd/cosign/cli/options/public_key.go b/cmd/cosign/cli/options/public_key.go index 835894a3ee0..2297360a675 100644 --- a/cmd/cosign/cli/options/public_key.go +++ b/cmd/cosign/cli/options/public_key.go @@ -34,9 +34,9 @@ func (o *PublicKeyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.MarkFlagFilename("key") + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.OutFile, "outfile", "", "path to a payload file to use rather than generating one") - _ = cmd.MarkFlagFilename("outfile") + _ = cmd.MarkFlagFilename("outfile", publicKeyExts...) } diff --git a/cmd/cosign/cli/options/registry.go b/cmd/cosign/cli/options/registry.go index 9d22b4ea8b7..6840d532974 100644 --- a/cmd/cosign/cli/options/registry.go +++ b/cmd/cosign/cli/options/registry.go @@ -80,12 +80,15 @@ func (o *RegistryOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RegistryCACert, "registry-cacert", "", "path to the X.509 CA certificate file in PEM format to be used for the connection to the registry") + _ = cmd.MarkFlagFilename("registry-cacert", certificateExts...) cmd.Flags().StringVar(&o.RegistryClientCert, "registry-client-cert", "", "path to the X.509 certificate file in PEM format to be used for the connection to the registry") + _ = cmd.MarkFlagFilename("registry-client-cert", certificateExts...) cmd.Flags().StringVar(&o.RegistryClientKey, "registry-client-key", "", "path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry") + _ = cmd.MarkFlagFilename("registry-client-key", privateKeyExts...) cmd.Flags().StringVar(&o.RegistryServerName, "registry-server-name", "", "SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry") diff --git a/cmd/cosign/cli/options/root.go b/cmd/cosign/cli/options/root.go index 99a611b7800..92bb01e6a92 100644 --- a/cmd/cosign/cli/options/root.go +++ b/cmd/cosign/cli/options/root.go @@ -44,7 +44,7 @@ var _ Interface = (*RootOptions)(nil) func (o *RootOptions) AddFlags(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&o.OutputFile, "output-file", "", "log output to a file") - _ = cmd.MarkFlagFilename("output-file") + _ = cmd.MarkFlagFilename("output-file", logExts...) cmd.PersistentFlags().BoolVarP(&o.Verbose, "verbose", "d", false, "log debug output") diff --git a/cmd/cosign/cli/options/sign.go b/cmd/cosign/cli/options/sign.go index cbf8c5bb121..bcacfd7e63f 100644 --- a/cmd/cosign/cli/options/sign.go +++ b/cmd/cosign/cli/options/sign.go @@ -66,42 +66,43 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.MarkFlagFilename("key") + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.MarkFlagFilename("certificate", "cert") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.MarkFlagFilename("certificate-chain", "cert") + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().BoolVar(&o.Upload, "upload", true, "whether to upload the signature") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.MarkFlagFilename("output-signature") + _ = cmd.MarkFlagFilename("output-signature", signatureExts...) cmd.Flags().StringVar(&o.OutputPayload, "output-payload", "", "write the signed payload to FILE") - _ = cmd.MarkFlagFilename("output-payload") + // _ = cmd.MarkFlagFilename("output-payload") // no typical extensions cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.MarkFlagFilename("output-certificate") + _ = cmd.MarkFlagFilename("output-certificate", certificateExts...) cmd.Flags().StringVar(&o.PayloadPath, "payload", "", "path to a payload file to use rather than generating one") - _ = cmd.MarkFlagFilename("payload") + // _ = cmd.MarkFlagFilename("payload") // no typical extensions cmd.Flags().BoolVarP(&o.Recursive, "recursive", "r", false, "if a multi-arch image is specified, additionally sign each discrete image") cmd.Flags().StringVar(&o.Attachment, "attachment", "", "DEPRECATED, related image attachment to sign (sbom), default none") + _ = cmd.MarkFlagFilename("attachment", sbomExts...) cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, "skip confirmation prompts for non-destructive operations") @@ -111,12 +112,15 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAClientCACert, "timestamp-client-cacert", "", "path to the X.509 CA certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cacert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientCert, "timestamp-client-cert", "", "path to the X.509 certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientKey, "timestamp-client-key", "", "path to the X.509 private key file in PEM format to be used, together with the 'timestamp-client-cert' value, for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-key", privateKeyExts...) cmd.Flags().StringVar(&o.TSAServerName, "timestamp-server-name", "", "SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the TSA Server") @@ -124,7 +128,7 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAServerURL, "timestamp-server-url", "", "url to the Timestamp RFC3161 server, default none. Must be the path to the API to request timestamp responses, e.g. https://freetsa.org/tsr") - _ = cmd.MarkFlagFilename("certificate", "cert") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false, "issue a code signing certificate from Fulcio, even if a key is provided") diff --git a/cmd/cosign/cli/options/signblob.go b/cmd/cosign/cli/options/signblob.go index 87821f6ef67..db08489c2a7 100644 --- a/cmd/cosign/cli/options/signblob.go +++ b/cmd/cosign/cli/options/signblob.go @@ -56,25 +56,26 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.MarkFlagFilename("key") + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().BoolVar(&o.Base64Output, "b64", true, "whether to base64 encode the output") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.MarkFlagFilename("output-signature") + _ = cmd.MarkFlagFilename("output-signature", signatureExts...) // TODO: remove when output flag is fully deprecated cmd.Flags().StringVar(&o.Output, "output", "", "write the signature to FILE") + _ = cmd.MarkFlagFilename("output", signatureExts...) cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.MarkFlagFilename("output-certificate") + _ = cmd.MarkFlagFilename("output-certificate", certificateExts...) cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") - _ = cmd.MarkFlagFilename("bundle") + _ = cmd.MarkFlagFilename("bundle", bundleExts...) // TODO: have this default to true as a breaking change cmd.Flags().BoolVar(&o.NewBundleFormat, "new-bundle-format", false, @@ -88,12 +89,15 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAClientCACert, "timestamp-client-cacert", "", "path to the X.509 CA certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cacert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientCert, "timestamp-client-cert", "", "path to the X.509 certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientKey, "timestamp-client-key", "", "path to the X.509 private key file in PEM format to be used, together with the 'timestamp-client-cert' value, for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-key", privateKeyExts...) cmd.Flags().StringVar(&o.TSAServerName, "timestamp-server-name", "", "SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the TSA Server") @@ -103,7 +107,7 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp", "", "write the RFC3161 timestamp to a file") - _ = cmd.MarkFlagFilename("rfc3161-timestamp") + // _ = cmd.MarkFlagFilename("rfc3161-timestamp") // no typical extensions cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false, "issue a code signing certificate from Fulcio, even if a key is provided") diff --git a/cmd/cosign/cli/options/trustedroot.go b/cmd/cosign/cli/options/trustedroot.go index c668f7394f0..21561aa527a 100644 --- a/cmd/cosign/cli/options/trustedroot.go +++ b/cmd/cosign/cli/options/trustedroot.go @@ -37,20 +37,23 @@ func (o *TrustedRootCreateOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate.") - _ = cmd.MarkFlagFilename("certificate-chain", "cert") + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().StringArrayVar(&o.CtfeKeyPath, "ctfe-key", nil, "path to a PEM-encoded public key used by certificate authority for "+ "certificate transparency log.") + _ = cmd.MarkFlagFilename("ctfe-key", publicKeyExts...) cmd.Flags().StringArrayVar(&o.CtfeStartTime, "ctfe-start-time", nil, "RFC 3339 string describing validity start time for key use by "+ "certificate transparency log.") cmd.Flags().StringVar(&o.Out, "out", "", "path to output trusted root") + // _ = cmd.MarkFlagFilename("output") // no typical extensions cmd.Flags().StringArrayVar(&o.RekorKeyPath, "rekor-key", nil, "path to a PEM-encoded public key used by transparency log like Rekor.") + _ = cmd.MarkFlagFilename("rekor-key", publicKeyExts...) cmd.Flags().StringArrayVar(&o.RekorStartTime, "rekor-start-time", nil, "RFC 3339 string describing validity start time for key use by "+ @@ -59,4 +62,5 @@ func (o *TrustedRootCreateOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringArrayVar(&o.TSACertChainPath, "timestamp-certificate-chain", nil, "path to PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must contain the root CA certificate. "+ "Optionally may contain intermediate CA certificates") + _ = cmd.MarkFlagFilename("timestamp-certificate-chain", certificateExts...) } diff --git a/cmd/cosign/cli/options/upload.go b/cmd/cosign/cli/options/upload.go index 64c4784e523..37c928b8842 100644 --- a/cmd/cosign/cli/options/upload.go +++ b/cmd/cosign/cli/options/upload.go @@ -54,6 +54,6 @@ func (o *UploadWASMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.File, "file", "f", "", "path to the wasm file to upload") - _ = cmd.MarkFlagFilename("file") + _ = cmd.MarkFlagFilename("file", wasmExts...) _ = cmd.MarkFlagRequired("file") } diff --git a/cmd/cosign/cli/options/verify.go b/cmd/cosign/cli/options/verify.go index 7f83c0c77a1..6ab0d7ca863 100644 --- a/cmd/cosign/cli/options/verify.go +++ b/cmd/cosign/cli/options/verify.go @@ -92,22 +92,25 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the public key file, KMS URI or Kubernetes Secret") - _ = cmd.MarkFlagFilename("key") + _ = cmd.MarkFlagFilename("key", publicKeyExts...) cmd.Flags().BoolVar(&o.CheckClaims, "check-claims", true, "whether to check the claims found") cmd.Flags().StringVar(&o.Attachment, "attachment", "", "DEPRECATED, related image attachment to verify (sbom), default none") + _ = cmd.MarkFlagFilename("attachment", sbomExts...) cmd.Flags().StringVarP(&o.Output, "output", "o", "json", "output format for the signing image information (json|text)") cmd.Flags().StringVar(&o.SignatureRef, "signature", "", "signature content or path or remote URL") + _ = cmd.MarkFlagFilename("signature", signatureExts...) cmd.Flags().StringVar(&o.PayloadRef, "payload", "", "payload path or remote URL") + // _ = cmd.MarkFlagFilename("payload") // no typical extensions cmd.Flags().BoolVar(&o.LocalImage, "local-image", false, "whether the specified image is a path to an image saved locally via 'cosign save'")