diff --git a/cmd/cosign/cli/options/attach.go b/cmd/cosign/cli/options/attach.go index 5d527d14a86..7829b52f54e 100644 --- a/cmd/cosign/cli/options/attach.go +++ b/cmd/cosign/cli/options/attach.go @@ -61,6 +61,7 @@ func (o *AttachSBOMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.SBOM, "sbom", "", "path to the sbom, or {-} for stdin") + _ = cmd.Flags().SetAnnotation("sbom", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.SBOMType, "type", "spdx", "type of sbom (spdx|cyclonedx|syft)") diff --git a/cmd/cosign/cli/options/attest.go b/cmd/cosign/cli/options/attest.go index 7819c85e64f..43fe37a27cc 100644 --- a/cmd/cosign/cli/options/attest.go +++ b/cmd/cosign/cli/options/attest.go @@ -52,15 +52,18 @@ func (o *AttestOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{"key"}) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") + _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") + _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) cmd.Flags().BoolVar(&o.NoUpload, "no-upload", false, "do not upload the generated attestation") diff --git a/cmd/cosign/cli/options/certificate.go b/cmd/cosign/cli/options/certificate.go index 47f637d4e7c..f4effe5e1eb 100644 --- a/cmd/cosign/cli/options/certificate.go +++ b/cmd/cosign/cli/options/certificate.go @@ -38,6 +38,7 @@ var _ Interface = (*RekorOptions)(nil) func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed.") + _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) cmd.Flags().StringVar(&o.CertEmail, "certificate-email", "", "the email expected in a valid Fulcio certificate") @@ -67,6 +68,7 @@ func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command) { "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate") + _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) cmd.Flags().BoolVar(&o.EnforceSCT, "enforce-sct", false, "whether to enforce that a certificate contain an embedded SCT, a proof of "+ diff --git a/cmd/cosign/cli/options/files.go b/cmd/cosign/cli/options/files.go index 5dda2572fc9..1ec62b2e9be 100644 --- a/cmd/cosign/cli/options/files.go +++ b/cmd/cosign/cli/options/files.go @@ -54,4 +54,5 @@ func (o *FilesOptions) String() string { func (o *FilesOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringSliceVarP(&o.Files, "files", "f", nil, ":[platform/arch]") + _ = cmd.Flags().SetAnnotation("files", cobra.BashCompFilenameExt, []string{}) } diff --git a/cmd/cosign/cli/options/import_key_pair.go b/cmd/cosign/cli/options/import_key_pair.go index b4d3ac3d4bf..fde2719162e 100644 --- a/cmd/cosign/cli/options/import_key_pair.go +++ b/cmd/cosign/cli/options/import_key_pair.go @@ -31,4 +31,5 @@ var _ Interface = (*ImportKeyPairOptions)(nil) func (o *ImportKeyPairOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "import key pair to use for signing") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) } diff --git a/cmd/cosign/cli/options/initialize.go b/cmd/cosign/cli/options/initialize.go index 33f8099eaee..0929f530e58 100644 --- a/cmd/cosign/cli/options/initialize.go +++ b/cmd/cosign/cli/options/initialize.go @@ -35,4 +35,5 @@ func (o *InitializeOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Root, "root", "", "path to trusted initial root. defaults to embedded root") + _ = cmd.Flags().SetAnnotation("root", cobra.BashCompSubdirsInDir, []string{}) } diff --git a/cmd/cosign/cli/options/load.go b/cmd/cosign/cli/options/load.go index 4a6e9e9db94..96c7b4a9566 100644 --- a/cmd/cosign/cli/options/load.go +++ b/cmd/cosign/cli/options/load.go @@ -30,5 +30,6 @@ var _ Interface = (*LoadOptions)(nil) func (o *LoadOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Directory, "dir", "", "path to directory where the signed image is stored on disk") + _ = cmd.Flags().SetAnnotation("dir", cobra.BashCompSubdirsInDir, []string{}) _ = cmd.MarkFlagRequired("dir") } diff --git a/cmd/cosign/cli/options/oidc.go b/cmd/cosign/cli/options/oidc.go index 71ae2abeada..ec74895ae26 100644 --- a/cmd/cosign/cli/options/oidc.go +++ b/cmd/cosign/cli/options/oidc.go @@ -64,6 +64,7 @@ func (o *OIDCOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.clientSecretFile, "oidc-client-secret-file", "", "[EXPERIMENTAL] Path to file containing OIDC client secret for application") + _ = cmd.Flags().SetAnnotation("oidc-client-secret-file", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.RedirectURL, "oidc-redirect-url", "", "[EXPERIMENTAL] OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.") diff --git a/cmd/cosign/cli/options/pkcs11_tool.go b/cmd/cosign/cli/options/pkcs11_tool.go index b18aacfa945..735e8009563 100644 --- a/cmd/cosign/cli/options/pkcs11_tool.go +++ b/cmd/cosign/cli/options/pkcs11_tool.go @@ -45,6 +45,7 @@ var _ Interface = (*PKCS11ToolListKeysUrisOptions)(nil) func (o *PKCS11ToolListKeysUrisOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ModulePath, "module-path", "", "absolute path to the PKCS11 module") + _ = cmd.Flags().SetAnnotation("module-path", cobra.BashCompFilenameExt, []string{}) cmd.Flags().UintVar(&o.SlotID, "slot-id", 0, "id of the PKCS11 slot, uses 0 if empty") diff --git a/cmd/cosign/cli/options/policy.go b/cmd/cosign/cli/options/policy.go index 67e9f7691ee..a7ee209a67b 100644 --- a/cmd/cosign/cli/options/policy.go +++ b/cmd/cosign/cli/options/policy.go @@ -39,6 +39,7 @@ func (o *PolicyInitOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.OutFile, "out", "o", "output policy locally") + _ = cmd.Flags().SetAnnotation("out", cobra.BashCompSubdirsInDir, []string{}) cmd.Flags().StringVar(&o.Issuer, "issuer", "", "trusted issuer to use for identity tokens, e.g. https://accounts.google.com") diff --git a/cmd/cosign/cli/options/public_key.go b/cmd/cosign/cli/options/public_key.go index cbb0f0e3cc6..e3c7341a31b 100644 --- a/cmd/cosign/cli/options/public_key.go +++ b/cmd/cosign/cli/options/public_key.go @@ -34,7 +34,9 @@ func (o *PublicKeyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.OutFile, "outfile", "", "path to a payload file to use rather than generating one") + _ = cmd.Flags().SetAnnotation("outfile", cobra.BashCompFilenameExt, []string{}) } diff --git a/cmd/cosign/cli/options/root.go b/cmd/cosign/cli/options/root.go index f42d92213b3..d00f1599653 100644 --- a/cmd/cosign/cli/options/root.go +++ b/cmd/cosign/cli/options/root.go @@ -37,6 +37,7 @@ var _ Interface = (*RootOptions)(nil) func (o *RootOptions) AddFlags(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&o.OutputFile, "output-file", "", "log output to a file") + _ = cmd.Flags().SetAnnotation("output-file", cobra.BashCompFilenameExt, []string{}) cmd.PersistentFlags().BoolVarP(&o.Verbose, "verbose", "d", false, "log debug output") diff --git a/cmd/cosign/cli/options/save.go b/cmd/cosign/cli/options/save.go index c44556b2d2c..58d449172b4 100644 --- a/cmd/cosign/cli/options/save.go +++ b/cmd/cosign/cli/options/save.go @@ -30,5 +30,6 @@ var _ Interface = (*SaveOptions)(nil) func (o *SaveOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Directory, "dir", "", "path to dir where the signed image should be stored on disk") + _ = cmd.Flags().SetAnnotation("dir", cobra.BashCompSubdirsInDir, []string{}) _ = cmd.MarkFlagRequired("dir") } diff --git a/cmd/cosign/cli/options/sign.go b/cmd/cosign/cli/options/sign.go index f532a6eb00e..55ebffb7b4a 100644 --- a/cmd/cosign/cli/options/sign.go +++ b/cmd/cosign/cli/options/sign.go @@ -56,27 +56,33 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.Cert, "certificate", "", "path to the X.509 certificate in PEM format to include in the OCI Signature") + _ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"}) cmd.Flags().StringVar(&o.CertChain, "certificate-chain", "", "path to a list of CA X.509 certificates in PEM format which will be needed "+ "when building the certificate chain for the signing certificate. "+ "Must start with the parent intermediate CA certificate of the "+ "signing certificate and end with the root certificate. Included in the OCI Signature") + _ = cmd.Flags().SetAnnotation("certificate-chain", cobra.BashCompFilenameExt, []string{"cert"}) cmd.Flags().BoolVar(&o.Upload, "upload", true, "whether to upload the signature") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") + _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") + _ = cmd.Flags().SetAnnotation("output-certificate", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.PayloadPath, "payload", "", "path to a payload file to use rather than generating one") + _ = cmd.Flags().SetAnnotation("payload", cobra.BashCompFilenameExt, []string{}) cmd.Flags().BoolVarP(&o.Force, "force", "f", false, "skip warnings and confirmations") diff --git a/cmd/cosign/cli/options/signblob.go b/cmd/cosign/cli/options/signblob.go index 17e0674ded8..3d458bc4852 100644 --- a/cmd/cosign/cli/options/signblob.go +++ b/cmd/cosign/cli/options/signblob.go @@ -48,21 +48,25 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the private key file, KMS URI or Kubernetes Secret") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) cmd.Flags().BoolVar(&o.Base64Output, "b64", true, "whether to base64 encode the output") cmd.Flags().StringVar(&o.OutputSignature, "output-signature", "", "write the signature to FILE") + _ = cmd.Flags().SetAnnotation("output-signature", cobra.BashCompFilenameExt, []string{}) // TODO: remove when output flag is fully deprecated cmd.Flags().StringVar(&o.Output, "output", "", "write the signature to FILE") cmd.Flags().StringVar(&o.OutputCertificate, "output-certificate", "", "write the certificate to FILE") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) cmd.Flags().StringVar(&o.BundlePath, "bundle", "", "write everything required to verify the blob to a FILE") + _ = cmd.Flags().SetAnnotation("bundle", cobra.BashCompFilenameExt, []string{}) cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false, "skip confirmation prompts for non-destructive operations") diff --git a/cmd/cosign/cli/options/upload.go b/cmd/cosign/cli/options/upload.go index 9d7b77ac9d7..488944cf542 100644 --- a/cmd/cosign/cli/options/upload.go +++ b/cmd/cosign/cli/options/upload.go @@ -51,5 +51,6 @@ func (o *UploadWASMOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&o.File, "file", "f", "", "path to the wasm file to upload") + _ = cmd.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{}) _ = cmd.MarkFlagRequired("file") } diff --git a/cmd/cosign/cli/options/verify.go b/cmd/cosign/cli/options/verify.go index 869197b3332..123da549b7e 100644 --- a/cmd/cosign/cli/options/verify.go +++ b/cmd/cosign/cli/options/verify.go @@ -49,6 +49,7 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.Key, "key", "", "path to the public key file, KMS URI or Kubernetes Secret") + _ = cmd.Flags().SetAnnotation("key", cobra.BashCompFilenameExt, []string{}) cmd.Flags().BoolVar(&o.CheckClaims, "check-claims", true, "whether to check the claims found")