legacy signing fixes

[mikehelmick]

Fixes #1623

Proposed Changes

• allow for tokens to be signed w/ legacy keys until DB one is present
  • can be disabled by flag
  • to be removed in v0.21
• fix bug where a not found on DB backed key lookup returned error instead of validating w/ legacy key
• debug logging by default in some tools - makes life easier

Release Note

Allow for legacy signing key config for tokens to be used during the upgrade to DB backed tokens.

[mikehelmick]

this was the bug - it filled in legacy key ID, but then returned an error.

[sethvargo]

I’m not convinced the envvar buys us anything here? I think we should just fallback without the additional layer of indirection and remove in the next release

[sethvargo]

It’d be better just to use the debugger logger instead of setting the env. Just don’t use logging.NewFromEnv and use the NewDebug method (I think there’s one)

[mikehelmick]

this still allows the user to specify

[mikehelmick]

I’m not convinced the envvar buys us anything here? I think we should just fallback without the additional layer of indirection and remove in the next release

meaning remove the flag?

[sethvargo]

Yea, I think we just always fallback in this release.

[mikehelmick]

Yea, I think we just always fallback in this release.

done. Always on in this release.

[google-oss-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mikehelmick, sethvargo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mikehelmick,sethvargo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment