diff --git a/cmd/cosign/cli/options/attach.go b/cmd/cosign/cli/options/attach.go index cb7b9a2ceb3..17174305d1f 100644 --- a/cmd/cosign/cli/options/attach.go +++ b/cmd/cosign/cli/options/attach.go @@ -80,7 +80,7 @@ func (o *AttachSBOMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.SBOM, "sbom", "", "path to the sbom, or {-} for stdin") - _ = cmd.Flags().SetAnnotation("sbom", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("sbom", sbomExts...) cmd.Flags().StringVar(&o.SBOMType, "type", "spdx", "type of sbom (spdx|cyclonedx|syft)") diff --git a/cmd/cosign/cli/options/attest.go b/cmd/cosign/cli/options/attest.go index 8139cddaefa..eca2c93d492 100644 --- a/cmd/cosign/cli/options/attest.go +++ b/cmd/cosign/cli/options/attest.go @@ -54,18 +54,18 @@ func (o *AttestOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{"key"}) + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().BoolVar(&o.NoUpload, "no-upload", false, "do not upload the generated attestation") diff --git a/cmd/cosign/cli/options/attest_blob.go b/cmd/cosign/cli/options/attest_blob.go index b6f48b49671..b641c5b328e 100644 --- a/cmd/cosign/cli/options/attest_blob.go +++ b/cmd/cosign/cli/options/attest_blob.go @@ -58,33 +58,34 @@ func (o *AttestBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{"key"}) + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-signature", signatureExts...) cmd.Flags().StringVar(&o.OutputAttestation, "output-attestation", "", "write the attestation to FILE") + // _ = cmd.MarkFlagFilename("output-attestation") // no typical extensions cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key", certificateExts...) cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") - _ = cmd.Flags().SetAnnotation("bundle", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("bundle", bundleExts...) // TODO: have this default to true as a breaking change cmd.Flags().BoolVar(&o.NewBundleFormat, "new-bundle-format", false, @@ -107,5 +108,5 @@ func (o *AttestBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp-bundle", "", "path to an RFC 3161 timestamp bundle FILE") - _ = cmd.Flags().SetAnnotation("rfc3161-timestamp-bundle", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("rfc3161-timestamp-bundle") // no typical extensions } diff --git a/cmd/cosign/cli/options/bundle.go b/cmd/cosign/cli/options/bundle.go index 68c1cdc11c3..a8a090d4c2b 100644 --- a/cmd/cosign/cli/options/bundle.go +++ b/cmd/cosign/cli/options/bundle.go @@ -39,15 +39,19 @@ var _ Interface = (*BundleCreateOptions)(nil) func (o *BundleCreateOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Artifact, "artifact", "", "path to artifact FILE") + // _ = cmd.MarkFlagFilename("artifact") // no typical extensions cmd.Flags().StringVar(&o.AttestationPath, "attestation", "", "path to attestation FILE") + // _ = cmd.MarkFlagFilename("attestation") // no typical extensions cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "path to old format bundle FILE") + _ = cmd.MarkFlagFilename("bundle", bundleExts...) cmd.Flags().StringVar(&o.CertificatePath, "certificate", "", "path to the signing certificate, likely from Fulco.") + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().BoolVar(&o.IgnoreTlog, "ignore-tlog", false, "ignore transparency log verification, to be used when an artifact "+ @@ -55,17 +59,21 @@ func (o *BundleCreateOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.KeyRef, "key", "", "path to the public key file, KMS URI or Kubernetes Secret") + _ = cmd.MarkFlagFilename("key", publicKeyExts...) cmd.Flags().StringVar(&o.Out, "out", "", "path to output bundle") + _ = cmd.MarkFlagFilename("out", bundleExts...) cmd.Flags().StringVar(&o.RekorURL, "rekor-url", "https://rekor.sigstore.dev", "address of rekor STL server") cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp", "", "path to RFC3161 timestamp FILE") + // _ = cmd.MarkFlagFilename("rfc3161-timestamp") // no typical extensions cmd.Flags().StringVar(&o.SignaturePath, "signature", "", "path to base64-encoded signature over attestation in DSSE format") + _ = cmd.MarkFlagFilename("signature", signatureExts...) cmd.Flags().BoolVar(&o.Sk, "sk", false, "whether to use a hardware security key") diff --git a/cmd/cosign/cli/options/certificate.go b/cmd/cosign/cli/options/certificate.go index 3df7b4b962e..b14d408fe20 100644 --- a/cmd/cosign/cli/options/certificate.go +++ b/cmd/cosign/cli/options/certificate.go @@ -46,7 +46,7 @@ var _ Interface = (*RekorOptions)(nil) func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed.") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertIdentity, "certificate-identity", "", "The identity expected in a valid Fulcio certificate. Valid values include email address, DNS names, IP addresses, and URIs. Either --certificate-identity or --certificate-identity-regexp must be set for keyless flows.") @@ -82,24 +82,25 @@ func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chains for the signing certificate. "+ "The flag is optional and must be used together with --ca-roots, conflicts with "+ "--certificate-chain.") - _ = cmd.Flags().SetAnnotation("ca-intermediates", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("ca-intermediates", certificateExts...) cmd.Flags().StringVar(&o.CARoots, "ca-roots", "", "path to a bundle file of CA certificates in PEM format which will be needed "+ "when building the certificate chains for the signing certificate. Conflicts with --certificate-chain.") - _ = cmd.Flags().SetAnnotation("ca-roots", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("ca-roots", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Conflicts with --ca-roots and --ca-intermediates.") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.MarkFlagsMutuallyExclusive("ca-roots", "certificate-chain") cmd.MarkFlagsMutuallyExclusive("ca-intermediates", "certificate-chain") cmd.Flags().StringVar(&o.SCT, "sct", "", "path to a detached Signed Certificate Timestamp, formatted as a RFC6962 AddChainResponse struct. "+ "If a certificate contains an SCT, verification will check both the detached and embedded SCTs.") + // _ = cmd.MarkFlagFilename("sct") // no typical extensions cmd.Flags().BoolVar(&o.IgnoreSCT, "insecure-ignore-sct", false, "when set, verification will not check that a certificate contains an embedded SCT, a proof of "+ "inclusion in a certificate transparency log") diff --git a/cmd/cosign/cli/options/files.go b/cmd/cosign/cli/options/files.go index 0467ac1c622..1d3bde17c2e 100644 --- a/cmd/cosign/cli/options/files.go +++ b/cmd/cosign/cli/options/files.go @@ -54,5 +54,5 @@ func (o *FilesOptions) String() string { func (o *FilesOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringSliceVarP(&o.Files, "files", "f", nil, ":[platform/arch]") - _ = cmd.Flags().SetAnnotation("files", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("files") // no typical extensions } diff --git a/cmd/cosign/cli/options/fulcio.go b/cmd/cosign/cli/options/fulcio.go index 139731a77ce..e30d6b63813 100644 --- a/cmd/cosign/cli/options/fulcio.go +++ b/cmd/cosign/cli/options/fulcio.go @@ -39,6 +39,7 @@ func (o *FulcioOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.IdentityToken, "identity-token", "", "identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted.") + // _ = cmd.MarkFlagFilename("identity-token") // no typical extensions cmd.Flags().StringVar(&o.AuthFlow, "fulcio-auth-flow", "", "fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. (options) normal|device|token|client_credentials") diff --git a/cmd/cosign/cli/options/import_key_pair.go b/cmd/cosign/cli/options/import_key_pair.go index 9c645fed0a0..55e66c226a0 100644 --- a/cmd/cosign/cli/options/import_key_pair.go +++ b/cmd/cosign/cli/options/import_key_pair.go @@ -36,11 +36,11 @@ var _ Interface = (*ImportKeyPairOptions)(nil) func (o *ImportKeyPairOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.Key, "key", "k", "", "import key pair to use for signing") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVarP(&o.OutputKeyPrefix, "output-key-prefix", "o", "import-cosign", "name used for outputted key pairs") - _ = cmd.Flags().SetAnnotation("output-key-prefix", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("output-key-prefix") // no typical extensions cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, "skip confirmation prompts for overwriting existing key") diff --git a/cmd/cosign/cli/options/initialize.go b/cmd/cosign/cli/options/initialize.go index 9af970e0ad5..d5eed5346a6 100644 --- a/cmd/cosign/cli/options/initialize.go +++ b/cmd/cosign/cli/options/initialize.go @@ -36,7 +36,7 @@ func (o *InitializeOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Root, "root", "", "path to trusted initial root. defaults to embedded root") - _ = cmd.Flags().SetAnnotation("root", cobra.BashCompSubdirsInDir, []string{}) + _ = cmd.MarkFlagDirname("root") cmd.Flags().StringVar(&o.RootChecksum, "root-checksum", "", "checksum of the initial root, required if root is downloaded via http(s). expects sha256 by default, can be changed to sha512 by providing sha512:") diff --git a/cmd/cosign/cli/options/load.go b/cmd/cosign/cli/options/load.go index 167361d087e..c2c54abc0ff 100644 --- a/cmd/cosign/cli/options/load.go +++ b/cmd/cosign/cli/options/load.go @@ -32,6 +32,6 @@ func (o *LoadOptions) AddFlags(cmd *cobra.Command) { o.Registry.AddFlags(cmd) cmd.Flags().StringVar(&o.Directory, "dir", "", "path to directory where the signed image is stored on disk") - _ = cmd.Flags().SetAnnotation("dir", cobra.BashCompSubdirsInDir, []string{}) + _ = cmd.MarkFlagDirname("dir") _ = cmd.MarkFlagRequired("dir") } diff --git a/cmd/cosign/cli/options/oidc.go b/cmd/cosign/cli/options/oidc.go index c68421be604..b62e2d14db2 100644 --- a/cmd/cosign/cli/options/oidc.go +++ b/cmd/cosign/cli/options/oidc.go @@ -64,7 +64,7 @@ func (o *OIDCOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.clientSecretFile, "oidc-client-secret-file", "", "Path to file containing OIDC client secret for application") - _ = cmd.Flags().SetAnnotation("oidc-client-secret-file", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("oidc-client-secret-file") // no typical extensions cmd.Flags().StringVar(&o.RedirectURL, "oidc-redirect-url", "", "OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.") diff --git a/cmd/cosign/cli/options/options.go b/cmd/cosign/cli/options/options.go index f69d8309e29..014348549d9 100644 --- a/cmd/cosign/cli/options/options.go +++ b/cmd/cosign/cli/options/options.go @@ -21,3 +21,37 @@ type Interface interface { // AddFlags adds this options' flags to the cobra command. AddFlags(cmd *cobra.Command) } + +var bundleExts = []string{ + "bundle", +} +var certificateExts = []string{ + "cert", + "crt", + "pem", +} +var logExts = []string{ + "log", +} +var moduleExts = []string{ + "dll", + "dylib", + "so", +} +var privateKeyExts = []string{ + "key", +} +var publicKeyExts = []string{ + "pub", +} +var sbomExts = []string{ + "json", + "xml", + "spdx", +} +var signatureExts = []string{ + "sig", +} +var wasmExts = []string{ + "wasm", +} diff --git a/cmd/cosign/cli/options/pkcs11_tool.go b/cmd/cosign/cli/options/pkcs11_tool.go index e673184e2d3..c391e9de7b6 100644 --- a/cmd/cosign/cli/options/pkcs11_tool.go +++ b/cmd/cosign/cli/options/pkcs11_tool.go @@ -31,7 +31,7 @@ var _ Interface = (*PKCS11ToolListTokensOptions)(nil) func (o *PKCS11ToolListTokensOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", env.Getenv(env.VariablePKCS11ModulePath), "absolute path to the PKCS11 module") - _ = cmd.Flags().SetAnnotation("module-path", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("module-path", moduleExts...) } // PKCS11ToolListKeysUrisOptions is the wrapper for `pkcs11-tool list-keys-uris` related options. @@ -47,7 +47,7 @@ var _ Interface = (*PKCS11ToolListKeysUrisOptions)(nil) func (o *PKCS11ToolListKeysUrisOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", env.Getenv(env.VariablePKCS11ModulePath), "absolute path to the PKCS11 module") - _ = cmd.Flags().SetAnnotation("module-path", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("module-path", moduleExts...) cmd.Flags().UintVar(&o.SlotID, "slot-id", 0, "id of the PKCS11 slot, uses 0 if empty") diff --git a/cmd/cosign/cli/options/predicate.go b/cmd/cosign/cli/options/predicate.go index af05ce46954..b5a01f7cfab 100644 --- a/cmd/cosign/cli/options/predicate.go +++ b/cmd/cosign/cli/options/predicate.go @@ -94,6 +94,7 @@ func (o *PredicateLocalOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Path, "predicate", "", "path to the predicate file.") + _ = cmd.MarkFlagFilename("predicate", sbomExts...) _ = cmd.MarkFlagRequired("predicate") } diff --git a/cmd/cosign/cli/options/public_key.go b/cmd/cosign/cli/options/public_key.go index e3c7341a31b..2297360a675 100644 --- a/cmd/cosign/cli/options/public_key.go +++ b/cmd/cosign/cli/options/public_key.go @@ -34,9 +34,9 @@ func (o *PublicKeyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.OutFile, "outfile", "", "path to a payload file to use rather than generating one") - _ = cmd.Flags().SetAnnotation("outfile", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("outfile", publicKeyExts...) } diff --git a/cmd/cosign/cli/options/registry.go b/cmd/cosign/cli/options/registry.go index 9d22b4ea8b7..6840d532974 100644 --- a/cmd/cosign/cli/options/registry.go +++ b/cmd/cosign/cli/options/registry.go @@ -80,12 +80,15 @@ func (o *RegistryOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RegistryCACert, "registry-cacert", "", "path to the X.509 CA certificate file in PEM format to be used for the connection to the registry") + _ = cmd.MarkFlagFilename("registry-cacert", certificateExts...) cmd.Flags().StringVar(&o.RegistryClientCert, "registry-client-cert", "", "path to the X.509 certificate file in PEM format to be used for the connection to the registry") + _ = cmd.MarkFlagFilename("registry-client-cert", certificateExts...) cmd.Flags().StringVar(&o.RegistryClientKey, "registry-client-key", "", "path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry") + _ = cmd.MarkFlagFilename("registry-client-key", privateKeyExts...) cmd.Flags().StringVar(&o.RegistryServerName, "registry-server-name", "", "SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry") diff --git a/cmd/cosign/cli/options/root.go b/cmd/cosign/cli/options/root.go index cb15af0dc31..92bb01e6a92 100644 --- a/cmd/cosign/cli/options/root.go +++ b/cmd/cosign/cli/options/root.go @@ -44,7 +44,7 @@ var _ Interface = (*RootOptions)(nil) func (o *RootOptions) AddFlags(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&o.OutputFile, "output-file", "", "log output to a file") - _ = cmd.Flags().SetAnnotation("output-file", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-file", logExts...) cmd.PersistentFlags().BoolVarP(&o.Verbose, "verbose", "d", false, "log debug output") diff --git a/cmd/cosign/cli/options/save.go b/cmd/cosign/cli/options/save.go index 7c4f623de61..761d4bb42eb 100644 --- a/cmd/cosign/cli/options/save.go +++ b/cmd/cosign/cli/options/save.go @@ -32,6 +32,6 @@ func (o *SaveOptions) AddFlags(cmd *cobra.Command) { o.Registry.AddFlags(cmd) cmd.Flags().StringVar(&o.Directory, "dir", "", "path to dir where the signed image should be stored on disk") - _ = cmd.Flags().SetAnnotation("dir", cobra.BashCompSubdirsInDir, []string{}) + _ = cmd.MarkFlagDirname("dir") _ = cmd.MarkFlagRequired("dir") } diff --git a/cmd/cosign/cli/options/sign.go b/cmd/cosign/cli/options/sign.go index 70ec9acab62..bcacfd7e63f 100644 --- a/cmd/cosign/cli/options/sign.go +++ b/cmd/cosign/cli/options/sign.go @@ -66,42 +66,43 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().BoolVar(&o.Upload, "upload", true, "whether to upload the signature") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-signature", signatureExts...) cmd.Flags().StringVar(&o.OutputPayload, "output-payload", "", "write the signed payload to FILE") - _ = cmd.Flags().SetAnnotation("output-payload", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("output-payload") // no typical extensions cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.Flags().SetAnnotation("output-certificate", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-certificate", certificateExts...) cmd.Flags().StringVar(&o.PayloadPath, "payload", "", "path to a payload file to use rather than generating one") - _ = cmd.Flags().SetAnnotation("payload", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("payload") // no typical extensions cmd.Flags().BoolVarP(&o.Recursive, "recursive", "r", false, "if a multi-arch image is specified, additionally sign each discrete image") cmd.Flags().StringVar(&o.Attachment, "attachment", "", "DEPRECATED, related image attachment to sign (sbom), default none") + _ = cmd.MarkFlagFilename("attachment", sbomExts...) cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, "skip confirmation prompts for non-destructive operations") @@ -111,12 +112,15 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAClientCACert, "timestamp-client-cacert", "", "path to the X.509 CA certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cacert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientCert, "timestamp-client-cert", "", "path to the X.509 certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientKey, "timestamp-client-key", "", "path to the X.509 private key file in PEM format to be used, together with the 'timestamp-client-cert' value, for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-key", privateKeyExts...) cmd.Flags().StringVar(&o.TSAServerName, "timestamp-server-name", "", "SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the TSA Server") @@ -124,7 +128,7 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAServerURL, "timestamp-server-url", "", "url to the Timestamp RFC3161 server, default none. Must be the path to the API to request timestamp responses, e.g. https://freetsa.org/tsr") - _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate", certificateExts...) cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false, "issue a code signing certificate from Fulcio, even if a key is provided") diff --git a/cmd/cosign/cli/options/signblob.go b/cmd/cosign/cli/options/signblob.go index d6326690684..db08489c2a7 100644 --- a/cmd/cosign/cli/options/signblob.go +++ b/cmd/cosign/cli/options/signblob.go @@ -56,25 +56,26 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key", privateKeyExts...) cmd.Flags().BoolVar(&o.Base64Output, "b64", true, "whether to base64 encode the output") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") - _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-signature", signatureExts...) // TODO: remove when output flag is fully deprecated cmd.Flags().StringVar(&o.Output, "output", "", "write the signature to FILE") + _ = cmd.MarkFlagFilename("output", signatureExts...) cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("output-certificate", certificateExts...) cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") - _ = cmd.Flags().SetAnnotation("bundle", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("bundle", bundleExts...) // TODO: have this default to true as a breaking change cmd.Flags().BoolVar(&o.NewBundleFormat, "new-bundle-format", false, @@ -88,12 +89,15 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.TSAClientCACert, "timestamp-client-cacert", "", "path to the X.509 CA certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cacert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientCert, "timestamp-client-cert", "", "path to the X.509 certificate file in PEM format to be used for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-cert", certificateExts...) cmd.Flags().StringVar(&o.TSAClientKey, "timestamp-client-key", "", "path to the X.509 private key file in PEM format to be used, together with the 'timestamp-client-cert' value, for the connection to the TSA Server") + _ = cmd.MarkFlagFilename("timestamp-client-key", privateKeyExts...) cmd.Flags().StringVar(&o.TSAServerName, "timestamp-server-name", "", "SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the TSA Server") @@ -103,7 +107,7 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.RFC3161TimestampPath, "rfc3161-timestamp", "", "write the RFC3161 timestamp to a file") - _ = cmd.Flags().SetAnnotation("rfc3161-timestamp", cobra.BashCompFilenameExt, []string{}) + // _ = cmd.MarkFlagFilename("rfc3161-timestamp") // no typical extensions cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false, "issue a code signing certificate from Fulcio, even if a key is provided") diff --git a/cmd/cosign/cli/options/trustedroot.go b/cmd/cosign/cli/options/trustedroot.go index 298d34d9c8a..21561aa527a 100644 --- a/cmd/cosign/cli/options/trustedroot.go +++ b/cmd/cosign/cli/options/trustedroot.go @@ -37,20 +37,23 @@ func (o *TrustedRootCreateOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate.") - _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) + _ = cmd.MarkFlagFilename("certificate-chain", certificateExts...) cmd.Flags().StringArrayVar(&o.CtfeKeyPath, "ctfe-key", nil, "path to a PEM-encoded public key used by certificate authority for "+ "certificate transparency log.") + _ = cmd.MarkFlagFilename("ctfe-key", publicKeyExts...) cmd.Flags().StringArrayVar(&o.CtfeStartTime, "ctfe-start-time", nil, "RFC 3339 string describing validity start time for key use by "+ "certificate transparency log.") cmd.Flags().StringVar(&o.Out, "out", "", "path to output trusted root") + // _ = cmd.MarkFlagFilename("output") // no typical extensions cmd.Flags().StringArrayVar(&o.RekorKeyPath, "rekor-key", nil, "path to a PEM-encoded public key used by transparency log like Rekor.") + _ = cmd.MarkFlagFilename("rekor-key", publicKeyExts...) cmd.Flags().StringArrayVar(&o.RekorStartTime, "rekor-start-time", nil, "RFC 3339 string describing validity start time for key use by "+ @@ -59,4 +62,5 @@ func (o *TrustedRootCreateOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringArrayVar(&o.TSACertChainPath, "timestamp-certificate-chain", nil, "path to PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must contain the root CA certificate. "+ "Optionally may contain intermediate CA certificates") + _ = cmd.MarkFlagFilename("timestamp-certificate-chain", certificateExts...) } diff --git a/cmd/cosign/cli/options/upload.go b/cmd/cosign/cli/options/upload.go index 9ef6a0b72f5..37c928b8842 100644 --- a/cmd/cosign/cli/options/upload.go +++ b/cmd/cosign/cli/options/upload.go @@ -54,6 +54,6 @@ func (o *UploadWASMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.File, "file", "f", "", "path to the wasm file to upload") - _ = cmd.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("file", wasmExts...) _ = cmd.MarkFlagRequired("file") } diff --git a/cmd/cosign/cli/options/verify.go b/cmd/cosign/cli/options/verify.go index 3cdbb0e8a62..6ab0d7ca863 100644 --- a/cmd/cosign/cli/options/verify.go +++ b/cmd/cosign/cli/options/verify.go @@ -92,22 +92,25 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the public key file, KMS URI or Kubernetes Secret") - _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) + _ = cmd.MarkFlagFilename("key", publicKeyExts...) cmd.Flags().BoolVar(&o.CheckClaims, "check-claims", true, "whether to check the claims found") cmd.Flags().StringVar(&o.Attachment, "attachment", "", "DEPRECATED, related image attachment to verify (sbom), default none") + _ = cmd.MarkFlagFilename("attachment", sbomExts...) cmd.Flags().StringVarP(&o.Output, "output", "o", "json", "output format for the signing image information (json|text)") cmd.Flags().StringVar(&o.SignatureRef, "signature", "", "signature content or path or remote URL") + _ = cmd.MarkFlagFilename("signature", signatureExts...) cmd.Flags().StringVar(&o.PayloadRef, "payload", "", "payload path or remote URL") + // _ = cmd.MarkFlagFilename("payload") // no typical extensions cmd.Flags().BoolVar(&o.LocalImage, "local-image", false, "whether the specified image is a path to an image saved locally via 'cosign save'")