Update based on comments

Message always printed now, confirmation only asked in interactive environment Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
sigstore · May 24, 2022 · ed04700 · ed04700
1 parent fb7d00e
commit ed04700
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 23 deletions.
diff --git a/cmd/cosign/cli/commands.go b/cmd/cosign/cli/commands.go
@@ -75,8 +75,8 @@ func New() *cobra.Command {
 				logs.Debug.SetOutput(os.Stderr)
 			}
 
-			if ro.Confirmation {
-				cosign.SetConfirmation(ro.Confirmation)
+			if ro.SkipConfirmation {
+				cosign.SetSkipConfirmation(ro.SkipConfirmation)
 			}
 
 			return nil

diff --git a/cmd/cosign/cli/fulcio/fulcio.go b/cmd/cosign/cli/fulcio/fulcio.go
@@ -46,8 +46,8 @@ const (
 	PrivacyStatement = `
         Note that there may be personally identifiable information associated with this signed artifact.
         This may include the email address associated with the account with which you authenticate.
-        This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.
-        By typing 'Y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs.`
+        This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.`
+	PrivacyStatementConfirmation = "        By typing 'Y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs."
 )
 
 type oidcConnector interface {
@@ -99,14 +99,6 @@ func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIss
 		c.flow = oauthflow.NewDeviceFlowTokenGetter(
 			oidcIssuer, oauthflow.SigstoreDeviceURL, oauthflow.SigstoreTokenURL)
 	case FlowNormal:
-		fmt.Fprintln(os.Stderr, PrivacyStatement)
-		ok, err := cosign.ConfirmPrompt("")
-		if err != nil {
-			return nil, err
-		}
-		if !ok {
-			return nil, errors.New("no confirmation")
-		}
 		c.flow = oauthflow.DefaultIDTokenGetter
 	case FlowToken:
 		c.flow = &oauthflow.StaticTokenGetter{RawToken: idToken}
@@ -150,6 +142,8 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
 	}
 	fmt.Fprintln(os.Stderr, "Retrieving signed certificate...")
 
+	fmt.Fprintln(os.Stderr, PrivacyStatement)
+
 	var flow string
 	switch {
 	case ko.FulcioAuthFlow != "":
@@ -161,6 +155,14 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
 		fmt.Fprintln(os.Stderr, "Non-interactive mode detected, using device flow.")
 		flow = FlowDevice
 	default:
+		fmt.Fprintln(os.Stderr, PrivacyStatementConfirmation)
+		ok, err := cosign.ConfirmPrompt("")
+		if err != nil {
+			return nil, err
+		}
+		if !ok {
+			return nil, errors.New("no confirmation")
+		}
 		flow = FlowNormal
 	}
 	Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain.

diff --git a/cmd/cosign/cli/options/root.go b/cmd/cosign/cli/options/root.go
@@ -23,10 +23,10 @@ import (
 
 // RootOptions define flags and options for the root cosign cli.
 type RootOptions struct {
-	OutputFile   string
-	Verbose      bool
-	Timeout      time.Duration
-	Confirmation bool
+	OutputFile       string
+	Verbose          bool
+	Timeout          time.Duration
+	SkipConfirmation bool
 }
 
 // DefaultTimeout specifies the default timeout for commands.
@@ -45,6 +45,6 @@ func (o *RootOptions) AddFlags(cmd *cobra.Command) {
 	cmd.PersistentFlags().DurationVarP(&o.Timeout, "timeout", "t", DefaultTimeout,
 		"timeout for commands")
 
-	cmd.PersistentFlags().BoolVarP(&o.Confirmation, "yes", "y", false,
+	cmd.PersistentFlags().BoolVarP(&o.SkipConfirmation, "yes", "y", false,
 		"skip confirmation prompts")
 }
diff --git a/pkg/cosign/common.go b/pkg/cosign/common.go
@@ -26,12 +26,12 @@ import (
 	"golang.org/x/term"
 )
 
-// confirmation is a global variable to store whether or not the user has provided
+// skipConfirmation is a global variable to store whether or not the user has provided
 // the --yes flag to skip all confirmation prompts
-var confirmation bool
+var skipConfirmation bool
 
-func SetConfirmation(confirm bool) {
-	confirmation = confirm
+func SetSkipConfirmation(skip bool) {
+	skipConfirmation = skip
 }
 
 // TODO need to centralize this logic
@@ -44,8 +44,8 @@ func FileExists(filename string) bool {
 }
 
 func ConfirmPrompt(msg string) (bool, error) {
-	if confirmation {
-		return confirmation, nil
+	if skipConfirmation {
+		return skipConfirmation, nil
 	}
 
 	fmt.Fprintf(os.Stderr, "%s\n\nAre you sure you want to continue? [Y/n]: ", msg)