From 5f09c424d541cf22fd3d891ccadc7f7d6c762f72 Mon Sep 17 00:00:00 2001 From: Hayden B Date: Wed, 25 May 2022 06:45:29 -0700 Subject: [PATCH] Add privacy statement for PII storage (#1909) This statement has been added just before the OIDC code/normal flow, since only in this flow we expect a user to be present. For the device flow or when a token is provided, it's likely that Cosign is being run in an automated environment. This requires the user either type Y or provide a global flag for confirmation. This should not break any existing flows in automated environments because it's only the flow when a browser is needed, not for the device flow or when a token is provided. Signed-off-by: Hayden Blauzvern --- cmd/cosign/cli/clean.go | 2 +- cmd/cosign/cli/commands.go | 6 +++++ cmd/cosign/cli/fulcio/fulcio.go | 16 ++++++++++++ cmd/cosign/cli/options/root.go | 10 +++++--- doc/cosign.md | 1 + doc/cosign_attach.md | 1 + doc/cosign_attach_attestation.md | 1 + doc/cosign_attach_sbom.md | 1 + doc/cosign_attach_signature.md | 1 + doc/cosign_attest.md | 1 + doc/cosign_clean.md | 1 + doc/cosign_completion.md | 1 + doc/cosign_copy.md | 1 + doc/cosign_dockerfile.md | 1 + doc/cosign_dockerfile_verify.md | 1 + doc/cosign_download.md | 1 + doc/cosign_download_attestation.md | 1 + doc/cosign_download_sbom.md | 1 + doc/cosign_download_signature.md | 1 + doc/cosign_generate-key-pair.md | 1 + doc/cosign_generate.md | 1 + doc/cosign_import-key-pair.md | 1 + doc/cosign_initialize.md | 1 + doc/cosign_load.md | 1 + doc/cosign_login.md | 1 + doc/cosign_manifest.md | 1 + doc/cosign_manifest_verify.md | 1 + doc/cosign_piv-tool.md | 1 + doc/cosign_piv-tool_attestation.md | 1 + doc/cosign_piv-tool_generate-key.md | 1 + doc/cosign_piv-tool_reset.md | 1 + doc/cosign_piv-tool_set-management-key.md | 1 + doc/cosign_piv-tool_set-pin.md | 1 + doc/cosign_piv-tool_set-puk.md | 1 + doc/cosign_piv-tool_unblock.md | 1 + doc/cosign_pkcs11-tool.md | 1 + doc/cosign_pkcs11-tool_list-keys-uris.md | 1 + doc/cosign_pkcs11-tool_list-tokens.md | 1 + doc/cosign_policy.md | 1 + doc/cosign_policy_init.md | 1 + doc/cosign_policy_sign.md | 1 + doc/cosign_public-key.md | 1 + doc/cosign_save.md | 1 + doc/cosign_sign-blob.md | 1 + doc/cosign_sign.md | 1 + doc/cosign_tree.md | 1 + doc/cosign_triangulate.md | 1 + doc/cosign_upload.md | 1 + doc/cosign_upload_blob.md | 1 + doc/cosign_upload_wasm.md | 1 + doc/cosign_verify-attestation.md | 1 + doc/cosign_verify-blob.md | 1 + doc/cosign_verify.md | 1 + doc/cosign_version.md | 1 + pkg/cosign/common.go | 30 +++++++++++++++++++++-- 55 files changed, 108 insertions(+), 6 deletions(-) diff --git a/cmd/cosign/cli/clean.go b/cmd/cosign/cli/clean.go index 7635e4889fa..c26701263bd 100644 --- a/cmd/cosign/cli/clean.go +++ b/cmd/cosign/cli/clean.go @@ -51,7 +51,7 @@ func Clean() *cobra.Command { func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, imageRef string, force bool) error { if !force { - ok, err := cosign.ConfirmPrompt(prompt(cleanType)) + ok, err := cosign.ConfirmPromptDestructive(prompt(cleanType)) if err != nil { return err } diff --git a/cmd/cosign/cli/commands.go b/cmd/cosign/cli/commands.go index 0d8765cc09c..6b72c0175cd 100644 --- a/cmd/cosign/cli/commands.go +++ b/cmd/cosign/cli/commands.go @@ -26,6 +26,7 @@ import ( cranecmd "github.com/google/go-containerregistry/cmd/crane/cmd" "github.com/sigstore/cosign/cmd/cosign/cli/options" + "github.com/sigstore/cosign/pkg/cosign" ) var ( @@ -73,6 +74,11 @@ func New() *cobra.Command { if ro.Verbose { logs.Debug.SetOutput(os.Stderr) } + + if ro.SkipConfirmation { + cosign.SetSkipConfirmation(ro.SkipConfirmation) + } + return nil }, PersistentPostRun: func(cmd *cobra.Command, args []string) { diff --git a/cmd/cosign/cli/fulcio/fulcio.go b/cmd/cosign/cli/fulcio/fulcio.go index b0ef7cf5d85..7d4bfe8a4a3 100644 --- a/cmd/cosign/cli/fulcio/fulcio.go +++ b/cmd/cosign/cli/fulcio/fulcio.go @@ -22,6 +22,7 @@ import ( "crypto/rand" "crypto/sha256" "crypto/x509" + "errors" "fmt" "net/url" "os" @@ -41,6 +42,12 @@ const ( FlowNormal = "normal" FlowDevice = "device" FlowToken = "token" + // spacing is intentional to have this indented + PrivacyStatement = ` + Note that there may be personally identifiable information associated with this signed artifact. + This may include the email address associated with the account with which you authenticate. + This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.` + PrivacyStatementConfirmation = " By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs." ) type oidcConnector interface { @@ -135,6 +142,8 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) { } fmt.Fprintln(os.Stderr, "Retrieving signed certificate...") + fmt.Fprintln(os.Stderr, PrivacyStatement) + var flow string switch { case ko.FulcioAuthFlow != "": @@ -146,6 +155,13 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) { fmt.Fprintln(os.Stderr, "Non-interactive mode detected, using device flow.") flow = FlowDevice default: + ok, err := cosign.ConfirmPrompt(PrivacyStatementConfirmation) + if err != nil { + return nil, err + } + if !ok { + return nil, errors.New("no confirmation") + } flow = FlowNormal } Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain. diff --git a/cmd/cosign/cli/options/root.go b/cmd/cosign/cli/options/root.go index f42d92213b3..d8e3e99bee5 100644 --- a/cmd/cosign/cli/options/root.go +++ b/cmd/cosign/cli/options/root.go @@ -23,9 +23,10 @@ import ( // RootOptions define flags and options for the root cosign cli. type RootOptions struct { - OutputFile string - Verbose bool - Timeout time.Duration + OutputFile string + Verbose bool + Timeout time.Duration + SkipConfirmation bool } // DefaultTimeout specifies the default timeout for commands. @@ -43,4 +44,7 @@ func (o *RootOptions) AddFlags(cmd *cobra.Command) { cmd.PersistentFlags().DurationVarP(&o.Timeout, "timeout", "t", DefaultTimeout, "timeout for commands") + + cmd.PersistentFlags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, + "skip confirmation prompts for non-destructive operations") } diff --git a/doc/cosign.md b/doc/cosign.md index b2b97cb94bf..7b214a51325 100644 --- a/doc/cosign.md +++ b/doc/cosign.md @@ -9,6 +9,7 @@ A tool for Container Signing, Verification and Storage in an OCI registry. --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_attach.md b/doc/cosign_attach.md index 37f01366cc1..03f9b120ca1 100644 --- a/doc/cosign_attach.md +++ b/doc/cosign_attach.md @@ -14,6 +14,7 @@ Provides utilities for attaching artifacts to other artifacts in a registry --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_attach_attestation.md b/doc/cosign_attach_attestation.md index e480bcfca75..751ef09433f 100644 --- a/doc/cosign_attach_attestation.md +++ b/doc/cosign_attach_attestation.md @@ -28,6 +28,7 @@ cosign attach attestation [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_attach_sbom.md b/doc/cosign_attach_sbom.md index df2b3c1df8e..8407f705172 100644 --- a/doc/cosign_attach_sbom.md +++ b/doc/cosign_attach_sbom.md @@ -30,6 +30,7 @@ cosign attach sbom [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_attach_signature.md b/doc/cosign_attach_signature.md index d682a0df9d1..d55497be30a 100644 --- a/doc/cosign_attach_signature.md +++ b/doc/cosign_attach_signature.md @@ -29,6 +29,7 @@ cosign attach signature [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_attest.md b/doc/cosign_attest.md index e5f1d033da5..3eb706f27a8 100644 --- a/doc/cosign_attest.md +++ b/doc/cosign_attest.md @@ -71,6 +71,7 @@ cosign attest [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_clean.md b/doc/cosign_clean.md index 199b49ec110..0fbdfa7a044 100644 --- a/doc/cosign_clean.md +++ b/doc/cosign_clean.md @@ -29,6 +29,7 @@ cosign clean [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_completion.md b/doc/cosign_completion.md index 0a4f5262649..d255ed55f10 100644 --- a/doc/cosign_completion.md +++ b/doc/cosign_completion.md @@ -46,6 +46,7 @@ cosign completion [bash|zsh|fish|powershell] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_copy.md b/doc/cosign_copy.md index 60c1b8e784b..30de596ac7f 100644 --- a/doc/cosign_copy.md +++ b/doc/cosign_copy.md @@ -38,6 +38,7 @@ cosign copy [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_dockerfile.md b/doc/cosign_dockerfile.md index 6527aaf3074..0275fca38dd 100644 --- a/doc/cosign_dockerfile.md +++ b/doc/cosign_dockerfile.md @@ -14,6 +14,7 @@ Provides utilities for discovering images in and performing operations on Docker --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_dockerfile_verify.md b/doc/cosign_dockerfile_verify.md index e852a0c96c3..97d17aad511 100644 --- a/doc/cosign_dockerfile_verify.md +++ b/doc/cosign_dockerfile_verify.md @@ -81,6 +81,7 @@ cosign dockerfile verify [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_download.md b/doc/cosign_download.md index 5910c07d546..eea0b885a11 100644 --- a/doc/cosign_download.md +++ b/doc/cosign_download.md @@ -14,6 +14,7 @@ Provides utilities for downloading artifacts and attached artifacts in a registr --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_download_attestation.md b/doc/cosign_download_attestation.md index a74bb4e8a25..81dc60bbb5f 100644 --- a/doc/cosign_download_attestation.md +++ b/doc/cosign_download_attestation.md @@ -27,6 +27,7 @@ cosign download attestation [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_download_sbom.md b/doc/cosign_download_sbom.md index 79a439306ed..bd571cc05a0 100644 --- a/doc/cosign_download_sbom.md +++ b/doc/cosign_download_sbom.md @@ -27,6 +27,7 @@ cosign download sbom [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_download_signature.md b/doc/cosign_download_signature.md index f6c8956bd28..7071e56f6b5 100644 --- a/doc/cosign_download_signature.md +++ b/doc/cosign_download_signature.md @@ -27,6 +27,7 @@ cosign download signature [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_generate-key-pair.md b/doc/cosign_generate-key-pair.md index 040ffecb1f0..07c000cf478 100644 --- a/doc/cosign_generate-key-pair.md +++ b/doc/cosign_generate-key-pair.md @@ -60,6 +60,7 @@ CAVEATS: --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_generate.md b/doc/cosign_generate.md index 5b1c6488068..145b1062bed 100644 --- a/doc/cosign_generate.md +++ b/doc/cosign_generate.md @@ -43,6 +43,7 @@ cosign generate [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_import-key-pair.md b/doc/cosign_import-key-pair.md index 4b90d1becfe..cc67f996f02 100644 --- a/doc/cosign_import-key-pair.md +++ b/doc/cosign_import-key-pair.md @@ -36,6 +36,7 @@ CAVEATS: --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_initialize.md b/doc/cosign_initialize.md index 655750d11c9..0fed05c0793 100644 --- a/doc/cosign_initialize.md +++ b/doc/cosign_initialize.md @@ -51,6 +51,7 @@ cosign initialize -mirror -root --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_load.md b/doc/cosign_load.md index 97fa7142a2b..42461f88dcb 100644 --- a/doc/cosign_load.md +++ b/doc/cosign_load.md @@ -29,6 +29,7 @@ cosign load [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_login.md b/doc/cosign_login.md index f6f8a2c51fa..c102cab2c15 100644 --- a/doc/cosign_login.md +++ b/doc/cosign_login.md @@ -28,6 +28,7 @@ cosign login [OPTIONS] [SERVER] [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_manifest.md b/doc/cosign_manifest.md index a55c971e4f9..1f231bc6d53 100644 --- a/doc/cosign_manifest.md +++ b/doc/cosign_manifest.md @@ -14,6 +14,7 @@ Provides utilities for discovering images in and performing operations on Kubern --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_manifest_verify.md b/doc/cosign_manifest_verify.md index 042b6c7d652..b98168ffe66 100644 --- a/doc/cosign_manifest_verify.md +++ b/doc/cosign_manifest_verify.md @@ -75,6 +75,7 @@ cosign manifest verify [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool.md b/doc/cosign_piv-tool.md index 5cc858fd8c8..ebecea4a660 100644 --- a/doc/cosign_piv-tool.md +++ b/doc/cosign_piv-tool.md @@ -15,6 +15,7 @@ Provides utilities for managing a hardware token --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_attestation.md b/doc/cosign_piv-tool_attestation.md index d21c49d8658..f9895598d98 100644 --- a/doc/cosign_piv-tool_attestation.md +++ b/doc/cosign_piv-tool_attestation.md @@ -21,6 +21,7 @@ cosign piv-tool attestation [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_generate-key.md b/doc/cosign_piv-tool_generate-key.md index 34637b67c86..5097e1fb4a3 100644 --- a/doc/cosign_piv-tool_generate-key.md +++ b/doc/cosign_piv-tool_generate-key.md @@ -24,6 +24,7 @@ cosign piv-tool generate-key [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_reset.md b/doc/cosign_piv-tool_reset.md index c4d9fd31149..bba7a5afd68 100644 --- a/doc/cosign_piv-tool_reset.md +++ b/doc/cosign_piv-tool_reset.md @@ -19,6 +19,7 @@ cosign piv-tool reset [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_set-management-key.md b/doc/cosign_piv-tool_set-management-key.md index 4fb9dfa3261..d55d2c841cd 100644 --- a/doc/cosign_piv-tool_set-management-key.md +++ b/doc/cosign_piv-tool_set-management-key.md @@ -22,6 +22,7 @@ cosign piv-tool set-management-key [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_set-pin.md b/doc/cosign_piv-tool_set-pin.md index bd92ab309cb..e73ce96ea36 100644 --- a/doc/cosign_piv-tool_set-pin.md +++ b/doc/cosign_piv-tool_set-pin.md @@ -21,6 +21,7 @@ cosign piv-tool set-pin [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_set-puk.md b/doc/cosign_piv-tool_set-puk.md index 742a0c5ad6d..34ea39bca34 100644 --- a/doc/cosign_piv-tool_set-puk.md +++ b/doc/cosign_piv-tool_set-puk.md @@ -21,6 +21,7 @@ cosign piv-tool set-puk [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_piv-tool_unblock.md b/doc/cosign_piv-tool_unblock.md index 369bd0c21b0..4b2767545de 100644 --- a/doc/cosign_piv-tool_unblock.md +++ b/doc/cosign_piv-tool_unblock.md @@ -21,6 +21,7 @@ cosign piv-tool unblock [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_pkcs11-tool.md b/doc/cosign_pkcs11-tool.md index 92e3a405381..9a39d22a34c 100644 --- a/doc/cosign_pkcs11-tool.md +++ b/doc/cosign_pkcs11-tool.md @@ -15,6 +15,7 @@ Provides utilities for retrieving information from a PKCS11 token. --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_pkcs11-tool_list-keys-uris.md b/doc/cosign_pkcs11-tool_list-keys-uris.md index 494021a51a5..85b9a1e76bc 100644 --- a/doc/cosign_pkcs11-tool_list-keys-uris.md +++ b/doc/cosign_pkcs11-tool_list-keys-uris.md @@ -22,6 +22,7 @@ cosign pkcs11-tool list-keys-uris [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_pkcs11-tool_list-tokens.md b/doc/cosign_pkcs11-tool_list-tokens.md index e58fad0b0e8..5ba02675912 100644 --- a/doc/cosign_pkcs11-tool_list-tokens.md +++ b/doc/cosign_pkcs11-tool_list-tokens.md @@ -20,6 +20,7 @@ cosign pkcs11-tool list-tokens [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_policy.md b/doc/cosign_policy.md index 64b30847027..513cc6ec704 100644 --- a/doc/cosign_policy.md +++ b/doc/cosign_policy.md @@ -24,6 +24,7 @@ cosign policy [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_policy_init.md b/doc/cosign_policy_init.md index 1c9393a7467..b757ce6cbca 100644 --- a/doc/cosign_policy_init.md +++ b/doc/cosign_policy_init.md @@ -41,6 +41,7 @@ cosign policy init [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_policy_sign.md b/doc/cosign_policy_sign.md index f09ef6a8820..053b465a358 100644 --- a/doc/cosign_policy_sign.md +++ b/doc/cosign_policy_sign.md @@ -38,6 +38,7 @@ cosign policy sign [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_public-key.md b/doc/cosign_public-key.md index 9996aa7102a..555fc8052bf 100644 --- a/doc/cosign_public-key.md +++ b/doc/cosign_public-key.md @@ -56,6 +56,7 @@ cosign public-key [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_save.md b/doc/cosign_save.md index d0acf98847a..1f64f6a4582 100644 --- a/doc/cosign_save.md +++ b/doc/cosign_save.md @@ -29,6 +29,7 @@ cosign save [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_sign-blob.md b/doc/cosign_sign-blob.md index 6ac4183f646..9d98514e883 100644 --- a/doc/cosign_sign-blob.md +++ b/doc/cosign_sign-blob.md @@ -62,6 +62,7 @@ cosign sign-blob [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_sign.md b/doc/cosign_sign.md index 4cb379bdde6..10ad09ad8af 100644 --- a/doc/cosign_sign.md +++ b/doc/cosign_sign.md @@ -89,6 +89,7 @@ cosign sign [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_tree.md b/doc/cosign_tree.md index 5107c13cd13..32f3b3a4749 100644 --- a/doc/cosign_tree.md +++ b/doc/cosign_tree.md @@ -27,6 +27,7 @@ cosign tree [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_triangulate.md b/doc/cosign_triangulate.md index d1c6d46c4b2..4533ed4806a 100644 --- a/doc/cosign_triangulate.md +++ b/doc/cosign_triangulate.md @@ -28,6 +28,7 @@ cosign triangulate [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_upload.md b/doc/cosign_upload.md index 28e69c11687..6cf81ddc7ea 100644 --- a/doc/cosign_upload.md +++ b/doc/cosign_upload.md @@ -14,6 +14,7 @@ Provides utilities for uploading artifacts to a registry --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_upload_blob.md b/doc/cosign_upload_blob.md index 622603d40a7..1c2087498df 100644 --- a/doc/cosign_upload_blob.md +++ b/doc/cosign_upload_blob.md @@ -41,6 +41,7 @@ cosign upload blob [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_upload_wasm.md b/doc/cosign_upload_wasm.md index f9130951b1d..93e4dd6fd19 100644 --- a/doc/cosign_upload_wasm.md +++ b/doc/cosign_upload_wasm.md @@ -28,6 +28,7 @@ cosign upload wasm [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_verify-attestation.md b/doc/cosign_verify-attestation.md index 7349a7c27bc..6acd31adf0f 100644 --- a/doc/cosign_verify-attestation.md +++ b/doc/cosign_verify-attestation.md @@ -85,6 +85,7 @@ cosign verify-attestation [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_verify-blob.md b/doc/cosign_verify-blob.md index ef9c7acc549..6c17df3d07b 100644 --- a/doc/cosign_verify-blob.md +++ b/doc/cosign_verify-blob.md @@ -84,6 +84,7 @@ cosign verify-blob [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_verify.md b/doc/cosign_verify.md index a5cbb988a64..8bfae767cb1 100644 --- a/doc/cosign_verify.md +++ b/doc/cosign_verify.md @@ -94,6 +94,7 @@ cosign verify [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/doc/cosign_version.md b/doc/cosign_version.md index 924b0563ebf..3bb4929d96c 100644 --- a/doc/cosign_version.md +++ b/doc/cosign_version.md @@ -19,6 +19,7 @@ cosign version [flags] --output-file string log output to a file -t, --timeout duration timeout for commands (default 3m0s) -d, --verbose log debug output + -y, --yes skip confirmation prompts for non-destructive operations ``` ### SEE ALSO diff --git a/pkg/cosign/common.go b/pkg/cosign/common.go index 4a8601c1cc7..e0937c57677 100644 --- a/pkg/cosign/common.go +++ b/pkg/cosign/common.go @@ -26,6 +26,14 @@ import ( "golang.org/x/term" ) +// skipConfirmation is a global variable to store whether or not the user has provided +// the --yes flag to skip all confirmation prompts +var skipConfirmation bool + +func SetSkipConfirmation(skip bool) { + skipConfirmation = skip +} + // TODO need to centralize this logic func FileExists(filename string) bool { info, err := os.Stat(filename) @@ -35,14 +43,32 @@ func FileExists(filename string) bool { return !info.IsDir() } +// ConfirmPrompt prompts the user for confirmation for an action. Supports skipping +// the confirmation prompt when the global skipConfirmation is set. func ConfirmPrompt(msg string) (bool, error) { - fmt.Fprintf(os.Stderr, "%s\n\nAre you sure you want to continue? [Y/n]: ", msg) + if skipConfirmation { + return skipConfirmation, nil + } + + fmt.Fprintf(os.Stderr, "%s\n\nAre you sure you want to continue? (y/[N]): ", msg) + reader := bufio.NewReader(os.Stdin) + r, err := reader.ReadString('\n') + if err != nil { + return false, err + } + return strings.Trim(r, "\n") == "Y" || strings.Trim(r, "\n") == "y", nil +} + +// ConfirmPromptDestructive prompts the user for confirmation for an action. Ignores +// skipConfirmation. +func ConfirmPromptDestructive(msg string) (bool, error) { + fmt.Fprintf(os.Stderr, "%s\n\nAre you sure you want to continue? (y/[N]): ", msg) reader := bufio.NewReader(os.Stdin) r, err := reader.ReadString('\n') if err != nil { return false, err } - return strings.Trim(r, "\n") == "Y", nil + return strings.Trim(r, "\n") == "Y" || strings.Trim(r, "\n") == "y", nil } func GetPassFromTerm(confirm bool) ([]byte, error) {