diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go index 84f6a4ee..b211999c 100644 --- a/cli/slsa-verifier/verify.go +++ b/cli/slsa-verifier/verify.go @@ -72,6 +72,7 @@ func verifyArtifactCmd() *cobra.Command { o.AddFlags(cmd) // --provenance-path must be supplied when verifying an artifact. cmd.MarkFlagRequired("provenance-path") + cmd.MarkFlagFilename("provenance-path", verify.CommonAttestationFilenameExtensions...) return cmd } @@ -86,7 +87,8 @@ func verifyImageCmd() *cobra.Command { } return nil }, - Short: "Verifies SLSA provenance on a container image", + ValidArgsFunction: cobra.NoFileCompletions, + Short: "Verifies SLSA provenance on a container image", Run: func(cmd *cobra.Command, args []string) { v := verify.VerifyImageCommand{ SourceURI: o.SourceURI, @@ -136,6 +138,12 @@ func verifyNpmPackageCmd() *cobra.Command { } return nil }, + ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + if len(args) != 0 { + return nil, cobra.ShellCompDirectiveNoFileComp + } + return []string{"tgz"}, cobra.ShellCompDirectiveFilterFileExt + }, Short: "Verifies SLSA provenance for an npm package tarball [experimental]", Run: func(cmd *cobra.Command, args []string) { v := verify.VerifyNpmPackageCommand{ @@ -189,9 +197,10 @@ func verifyVSACmd() *cobra.Command { o := &verify.VerifyVSAOptions{} cmd := &cobra.Command{ - Use: "verify-vsa [flags] subject-digest [subject-digest...]", - Args: cobra.NoArgs, - Short: "Verifies SLSA VSAs for the given subject-digests", + Use: "verify-vsa [flags]", + Args: cobra.NoArgs, + ValidArgsFunction: cobra.NoFileCompletions, + Short: "Verifies SLSA VSAs for the given subject-digests", Run: func(cmd *cobra.Command, args []string) { v := verify.VerifyVSACommand{ SubjectDigests: &o.SubjectDigests, diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go index 888338ee..d76535a3 100644 --- a/cli/slsa-verifier/verify/options.go +++ b/cli/slsa-verifier/verify/options.go @@ -45,31 +45,41 @@ type VerifyOptions struct { var _ Interface = (*VerifyOptions)(nil) +var CommonAttestationFilenameExtensions = []string{"sigstore", "intoto", "intoto.jsonl", "json"} + // AddFlags implements Interface. func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { /* Builder options */ cmd.Flags().Var(&o.BuildWorkflowInputs, "build-workflow-input", "[optional] a workflow input provided by a user at trigger time in the format 'key=value'. (Only for 'workflow_dispatch' events on GitHub Actions).") + cmd.RegisterFlagCompletionFunc("build-workflow-input", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.BuilderID, "builder-id", "", "[optional] the unique builder ID who created the provenance") + cmd.RegisterFlagCompletionFunc("builder-id", cobra.NoFileCompletions) /* Source options */ cmd.Flags().StringVar(&o.SourceURI, "source-uri", "", "expected source repository that should have produced the binary, e.g. github.com/some/repo") + cmd.RegisterFlagCompletionFunc("source-uri", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.SourceBranch, "source-branch", "", "[optional] expected branch the binary was compiled from") + cmd.RegisterFlagCompletionFunc("source-branch", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.SourceTag, "source-tag", "", "[optional] expected tag the binary was compiled from") + cmd.RegisterFlagCompletionFunc("source-tag", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.SourceVersionTag, "source-versioned-tag", "", "[optional] expected version the binary was compiled from. Uses semantic version to match the tag") + cmd.RegisterFlagCompletionFunc("source-versioned-tag", cobra.NoFileCompletions) /* Other options */ cmd.Flags().StringVar(&o.ProvenancePath, "provenance-path", "", "path to a provenance file") + cmd.MarkFlagFilename("provenance-path", CommonAttestationFilenameExtensions...) cmd.Flags().StringVar(&o.ProvenanceRepository, "provenance-repository", "", "image repository for provenance with format: /") + cmd.RegisterFlagCompletionFunc("provenance-repository", cobra.NoFileCompletions) cmd.Flags().BoolVar(&o.PrintProvenance, "print-provenance", false, "[optional] print the verified provenance to stdout") @@ -94,28 +104,37 @@ func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) { /* Builder options */ cmd.Flags().Var(&o.BuildWorkflowInputs, "build-workflow-input", "[optional] a workflow input provided by a user at trigger time in the format 'key=value'. (Only for 'workflow_dispatch' events on GitHub Actions).") + cmd.RegisterFlagCompletionFunc("build-workflow-input", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.BuilderID, "builder-id", "", "[optional] the unique builder ID who created the provenance") + cmd.RegisterFlagCompletionFunc("builder-id", cobra.NoFileCompletions) /* Source options */ cmd.Flags().StringVar(&o.SourceURI, "source-uri", "", "expected source repository that should have produced the binary, e.g. github.com/some/repo") + cmd.RegisterFlagCompletionFunc("source-uri", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.SourceBranch, "source-branch", "", "[optional] expected branch the binary was compiled from") + cmd.RegisterFlagCompletionFunc("source-branch", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.SourceTag, "source-tag", "", "[optional] expected tag the binary was compiled from") + cmd.RegisterFlagCompletionFunc("source-tag", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.SourceVersionTag, "source-versioned-tag", "", "[optional] expected version the binary was compiled from. Uses semantic version to match the tag") + cmd.RegisterFlagCompletionFunc("source-versioned-tag", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.AttestationsPath, "attestations-path", "", "path to a file containing the attestations") + cmd.MarkFlagFilename("attestations-path", CommonAttestationFilenameExtensions...) cmd.Flags().StringVar(&o.PackageName, "package-name", "", "the package name") + cmd.RegisterFlagCompletionFunc("package-name", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.PackageVersion, "package-version", "", "the package version") + cmd.RegisterFlagCompletionFunc("package-version", cobra.NoFileCompletions) cmd.Flags().BoolVar(&o.PrintProvenance, "print-provenance", false, "[optional] print the verified provenance to stdout") @@ -145,27 +164,34 @@ var _ Interface = (*VerifyVSAOptions)(nil) func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringArrayVar(&o.SubjectDigests, "subject-digest", []string{}, "the digests to be verified. Pass multiple digests by repeating the flag. e.g. --subject-digest : --subject-digest :") + cmd.RegisterFlagCompletionFunc("subject-digest", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.AttestationPath, "attestation-path", "", "path to a file containing the attestation") + cmd.MarkFlagFilename("attestation-path", CommonAttestationFilenameExtensions...) cmd.Flags().StringVar(&o.VerifierID, "verifier-id", "", "the unique verifier ID who created the attestation") + cmd.RegisterFlagCompletionFunc("verfier-id", cobra.NoFileCompletions) cmd.Flags().StringVar(&o.ResourceURI, "resource-uri", "", "the resource URI to be verified") + cmd.RegisterFlagCompletionFunc("resource-uri", cobra.NoFileCompletions) cmd.Flags().StringArrayVar(&o.VerifiedLevels, "verified-level", []string{}, "[optional] the levels of verification to be performed. Pass multiple digests by repeating the flag, e.g., --verified-level SLSA_BUILD_LEVEL_2 --verified-level FEDRAMP_LOW'") + cmd.RegisterFlagCompletionFunc("verified-level", cobra.NoFileCompletions) cmd.Flags().BoolVar(&o.PrintAttestation, "print-attestation", false, "[optional] print the contents of attestation to stdout") cmd.Flags().StringVar(&o.PublicKeyPath, "public-key-path", "", "path to a public key file") + cmd.MarkFlagFilename("public-key-path", "pem") cmd.Flags().StringVar(&o.PublicKeyID, "public-key-id", "", "[optional] the ID of the public key, defaults to the SHA256 digest of the base64-encoded public key") + cmd.RegisterFlagCompletionFunc("public-key-id", cobra.NoFileCompletions) cmd.MarkFlagRequired("subject-digests") cmd.MarkFlagRequired("attestation-path")