Use cosign.ConfirmPrompt more consistently (#2039)

Also unexport some needlessly exported consts in cli/fulcio/fulcio.go -- these should be implemented via sigstore/sigstore. Signed-off-by: Jason Hall <[email protected]>
sigstore · Jun 30, 2022 · 94832ba · 94832ba
1 parent 3cebdc5
commit 94832ba
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 34 deletions.
diff --git a/cmd/cosign/cli/clean.go b/cmd/cosign/cli/clean.go
@@ -16,20 +16,19 @@
 package cli
 
 import (
-	"bufio"
 	"context"
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
-	"strings"
 
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
 	"github.com/spf13/cobra"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/pkg/cosign"
 	ociremote "github.com/sigstore/cosign/pkg/oci/remote"
 )
 
@@ -50,27 +49,13 @@ func Clean() *cobra.Command {
 	return cmd
 }
 
-// confirmPromptDestructive prompts the user for confirmation for an action. Ignores
-// skipConfirmation.
-func confirmPromptDestructive(msg string) (bool, error) {
-	fmt.Fprintf(os.Stderr, "%s\n\nAre you sure you want to continue? (y/[N]): ", msg)
-	reader := bufio.NewReader(os.Stdin)
-	r, err := reader.ReadString('\n')
+func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, imageRef string, force bool) error {
+	ok, err := cosign.ConfirmPrompt(prompt(cleanType), force)
 	if err != nil {
-		return false, err
+		return err
 	}
-	return strings.Trim(r, "\n") == "Y" || strings.Trim(r, "\n") == "y", nil
-}
-
-func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, imageRef string, force bool) error {
-	if !force {
-		ok, err := confirmPromptDestructive(prompt(cleanType))
-		if err != nil {
-			return err
-		}
-		if !ok {
-			return nil
-		}
+	if !ok {
+		return nil
 	}
 
 	ref, err := name.ParseReference(imageRef)

diff --git a/cmd/cosign/cli/fulcio/fulcio.go b/cmd/cosign/cli/fulcio/fulcio.go
@@ -39,15 +39,15 @@ import (
 )
 
 const (
-	FlowNormal = "normal"
-	FlowDevice = "device"
-	FlowToken  = "token"
+	flowNormal = "normal"
+	flowDevice = "device"
+	flowToken  = "token"
 	// spacing is intentional to have this indented
-	PrivacyStatement = `
+	privacyStatement = `
         Note that there may be personally identifiable information associated with this signed artifact.
         This may include the email address associated with the account with which you authenticate.
         This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.`
-	PrivacyStatementConfirmation = "        By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs."
+	privacyStatementConfirmation = "        By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs."
 )
 
 type oidcConnector interface {
@@ -95,12 +95,12 @@ func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConn
 func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*api.CertificateResponse, error) {
 	c := &realConnector{}
 	switch flow {
-	case FlowDevice:
+	case flowDevice:
 		c.flow = oauthflow.NewDeviceFlowTokenGetter(
 			oidcIssuer, oauthflow.SigstoreDeviceURL, oauthflow.SigstoreTokenURL)
-	case FlowNormal:
+	case flowNormal:
 		c.flow = oauthflow.DefaultIDTokenGetter
-	case FlowToken:
+	case flowToken:
 		c.flow = &oauthflow.StaticTokenGetter{RawToken: idToken}
 	default:
 		return nil, fmt.Errorf("unsupported oauth flow: %s", flow)
@@ -151,27 +151,27 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
 	}
 	fmt.Fprintln(os.Stderr, "Retrieving signed certificate...")
 
-	fmt.Fprintln(os.Stderr, PrivacyStatement)
+	fmt.Fprintln(os.Stderr, privacyStatement)
 
 	var flow string
 	switch {
 	case ko.FulcioAuthFlow != "":
 		// Caller manually set flow option.
 		flow = ko.FulcioAuthFlow
 	case idToken != "":
-		flow = FlowToken
+		flow = flowToken
 	case !term.IsTerminal(0):
 		fmt.Fprintln(os.Stderr, "Non-interactive mode detected, using device flow.")
-		flow = FlowDevice
+		flow = flowDevice
 	default:
-		ok, err := cosign.ConfirmPrompt(PrivacyStatementConfirmation, ko.SkipConfirmation)
+		ok, err := cosign.ConfirmPrompt(privacyStatementConfirmation, ko.SkipConfirmation)
 		if err != nil {
 			return nil, err
 		}
 		if !ok {
 			return nil, errors.New("no confirmation")
 		}
-		flow = FlowNormal
+		flow = flowNormal
 	}
 	Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain.
 	if err != nil {

diff --git a/cmd/cosign/cli/options/clean.go b/cmd/cosign/cli/options/clean.go
@@ -27,5 +27,6 @@ var _ Interface = (*CleanOptions)(nil)
 func (c *CleanOptions) AddFlags(cmd *cobra.Command) {
 	c.Registry.AddFlags(cmd)
 	cmd.Flags().StringVarP(&c.CleanType, "type", "", "all", "a type of clean: <signature|attestation|sbom|all> (default: all)")
+	// TODO: Rename to --skip-confirmation for consistency?
 	cmd.Flags().BoolVarP(&c.Force, "force", "f", false, "do not prompt for confirmation")
 }