diff --git a/cmd/verify.go b/cmd/verify.go index 3b07ed79..9873cfe0 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -64,10 +64,6 @@ const ( // todo: this logic should be broken out and moved to pkg/ // we need to abstract where keys are coming from, etc func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...cryptoutil.Verifier) error { - if vo.KeyPath == "" && len(vo.CAPaths) == 0 && len(verifiers) == 0 { - return fmt.Errorf("must supply either a public key, CA certificates or a verifier") - } - if vo.KeyPath != "" { keyFile, err := os.Open(vo.KeyPath) if err != nil { diff --git a/options/sign.go b/options/sign.go index 655f2053..fdc70789 100644 --- a/options/sign.go +++ b/options/sign.go @@ -28,7 +28,6 @@ type SignOptions struct { var RequiredSignFlags = []string{ "infile", "outfile", - "datatype", } func (so *SignOptions) AddFlags(cmd *cobra.Command) { diff --git a/options/verify.go b/options/verify.go index 7fb4c062..9cbb873e 100644 --- a/options/verify.go +++ b/options/verify.go @@ -34,6 +34,17 @@ var RequiredVerifyFlags = []string{ "policy", } +var OneRequiredPKFlags = []string{ + "publickey", + "policy-ca", + "verifier-kms-ref", +} + +var OneRequiredSubjectFlags = []string{ + "artifactfile", + "subjects", +} + func (vo *VerifyOptions) AddFlags(cmd *cobra.Command) { vo.VerifierOptions.AddFlags(cmd) vo.ArchivistaOptions.AddFlags(cmd) @@ -44,4 +55,7 @@ func (vo *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVarP(&vo.ArtifactFilePath, "artifactfile", "f", "", "Path to the artifact to verify") cmd.Flags().StringSliceVarP(&vo.AdditionalSubjects, "subjects", "s", []string{}, "Additional subjects to lookup attestations") cmd.Flags().StringSliceVarP(&vo.CAPaths, "policy-ca", "", []string{}, "Paths to CA certificates to use for verifying the policy") + + cmd.MarkFlagsRequiredTogether(RequiredVerifyFlags...) + cmd.MarkFlagsOneRequired(OneRequiredPKFlags...) }