Add force flag for clean

Signed-off-by: Priya Wadhwa <[email protected]>
sigstore · Mar 23, 2022 · ee4713c · ee4713c
1 parent 7a82b14
commit ee4713c
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 10 deletions.
diff --git a/cmd/cosign/cli/clean.go b/cmd/cosign/cli/clean.go
@@ -38,21 +38,23 @@ func Clean() *cobra.Command {
 		Example: "  cosign clean <IMAGE>",
 		Args:    cobra.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return CleanCmd(cmd.Context(), c.Registry, c.CleanType, args[0])
+			return CleanCmd(cmd.Context(), c.Registry, c.CleanType, args[0], c.Force)
 		},
 	}
 
 	c.AddFlags(cmd)
 	return cmd
 }
 
-func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, imageRef string) error {
-	ok, err := cosign.ConfirmPrompt("WARNING: this will remove all signatures from the image")
-	if err != nil {
-		return err
-	}
-	if !ok {
-		return nil
+func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, imageRef string, force bool) error {
+	if !force {
+		ok, err := cosign.ConfirmPrompt(prompt(cleanType))
+		if err != nil {
+			return err
+		}
+		if !ok {
+			return nil
+		}
 	}
 
 	ref, err := name.ParseReference(imageRef)
@@ -100,3 +102,17 @@ func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, i
 
 	return nil
 }
+
+func prompt(cleanType string) string {
+	switch cleanType {
+	case "signature":
+		return "WARNING: this will remove all signatures from the image"
+	case "sbom":
+		return "WARNING: this will remove all SBOMs from the image"
+	case "attestation":
+		return "WARNING: this will remove all attestations from the image"
+	case "all":
+		return "WARNING: this will remove all signatures, SBOMs and attestations from the image"
+	}
+	return ""
+}
diff --git a/cmd/cosign/cli/options/clean.go b/cmd/cosign/cli/options/clean.go
@@ -19,11 +19,13 @@ import "github.com/spf13/cobra"
 type CleanOptions struct {
 	Registry  RegistryOptions
 	CleanType string
+	Force     bool
 }
 
 var _ Interface = (*CleanOptions)(nil)
 
 func (c *CleanOptions) AddFlags(cmd *cobra.Command) {
 	c.Registry.AddFlags(cmd)
 	cmd.Flags().StringVarP(&c.CleanType, "type", "", "all", "a type of clean: <signature|attestation|sbom|all> (default: all)")
+	cmd.Flags().BoolVarP(&c.Force, "force", "f", false, "do not prompt for confirmation")
 }
diff --git a/doc/cosign_clean.md b/doc/cosign_clean.md
diff --git a/test/e2e_test.go b/test/e2e_test.go
@@ -168,7 +168,7 @@ func TestSignVerifyClean(t *testing.T) {
 	must(download.SignatureCmd(ctx, options.RegistryOptions{}, imgName), t)
 
 	// Now clean signature from the given image
-	must(cli.CleanCmd(ctx, options.RegistryOptions{}, "all", imgName), t)
+	must(cli.CleanCmd(ctx, options.RegistryOptions{}, "all", imgName, true), t)
 
 	// It doesn't work
 	mustErr(verify(pubKeyPath, imgName, true, nil, ""), t)
@@ -197,7 +197,7 @@ func TestImportSignVerifyClean(t *testing.T) {
 	must(download.SignatureCmd(ctx, options.RegistryOptions{}, imgName), t)
 
 	// Now clean signature from the given image
-	must(cli.CleanCmd(ctx, options.RegistryOptions{}, "all", imgName), t)
+	must(cli.CleanCmd(ctx, options.RegistryOptions{}, "all", imgName, true), t)
 
 	// It doesn't work
 	mustErr(verify(pubKeyPath, imgName, true, nil, ""), t)