-
Notifications
You must be signed in to change notification settings - Fork 55
/
run.go
85 lines (72 loc) · 3.47 KB
/
run.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright 2022 The Witness Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package options
import (
"github.com/in-toto/go-witness/attestation"
"github.com/in-toto/go-witness/log"
"github.com/spf13/cobra"
)
var DefaultAttestors = []string{"environment", "git"}
type RunOptions struct {
SignerOptions SignerOptions
KMSSignerProviderOptions KMSSignerProviderOptions
ArchivistaOptions ArchivistaOptions
WorkingDir string
Attestations []string
Hashes []string
OutFilePath string
StepName string
Tracing bool
TimestampServers []string
AttestorOptSetters map[string][]func(attestation.Attestor) (attestation.Attestor, error)
}
var RequiredRunFlags = []string{
"step",
}
var OneRequiredPKSignFlags = []string{
"signer-file-key-path",
"policy-ca",
"signer-kms-ref",
}
func (ro *RunOptions) AddFlags(cmd *cobra.Command) {
ro.SignerOptions.AddFlags(cmd)
ro.ArchivistaOptions.AddFlags(cmd)
cmd.Flags().StringVarP(&ro.WorkingDir, "workingdir", "d", "", "Directory from which commands will run")
cmd.Flags().StringSliceVarP(&ro.Attestations, "attestations", "a", DefaultAttestors, "Attestations to record ('product' and 'material' are always recorded)")
cmd.Flags().StringSliceVar(&ro.Hashes, "hashes", []string{"sha256"}, "Hashes selected for digest calculation. Defaults to SHA256")
cmd.Flags().StringVarP(&ro.OutFilePath, "outfile", "o", "", "File to write signed data to")
cmd.Flags().StringVarP(&ro.StepName, "step", "s", "", "Name of the step being run")
cmd.Flags().BoolVar(&ro.Tracing, "trace", false, "Enable tracing for the command")
cmd.Flags().StringSliceVar(&ro.TimestampServers, "timestamp-servers", []string{}, "Timestamp Authority Servers to use when signing envelope")
cmd.MarkFlagsRequiredTogether(RequiredRunFlags...)
attestationRegistrations := attestation.RegistrationEntries()
ro.AttestorOptSetters = addFlagsFromRegistry("attestor", attestationRegistrations, cmd)
ro.KMSSignerProviderOptions.AddFlags(cmd)
}
type ArchivistaOptions struct {
Enable bool
Url string
}
func (o *ArchivistaOptions) AddFlags(cmd *cobra.Command) {
cmd.Flags().BoolVar(&o.Enable, "enable-archivista", false, "Use Archivista to store or retrieve attestations")
cmd.Flags().BoolVar(&o.Enable, "enable-archivist", false, "Use Archivista to store or retrieve attestations (deprecated)")
if err := cmd.Flags().MarkHidden("enable-archivist"); err != nil {
log.Errorf("failed to hide enable-archivist flag: %w", err)
}
cmd.Flags().StringVar(&o.Url, "archivista-server", "https://archivista.testifysec.io", "URL of the Archivista server to store or retrieve attestations")
cmd.Flags().StringVar(&o.Url, "archivist-server", "https://archivista.testifysec.io", "URL of the Archivista server to store or retrieve attestations (deprecated)")
if err := cmd.Flags().MarkHidden("archivist-server"); err != nil {
log.Debugf("failed to hide archivist-server flag: %w", err)
}
}