Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Fulcio client lib and use LegacyClient #1760

Closed
wants to merge 1 commit into from
Closed

Bump Fulcio client lib and use LegacyClient #1760

wants to merge 1 commit into from

Conversation

nsmith5
Copy link
Contributor

@nsmith5 nsmith5 commented Apr 14, 2022

Summary

With @bobcallaway's recent work the client in Fulcio library was renamed to LegacyClient. This change bumps the Fulcio package version and uses that new LegacyClient name. Once GRPC is rolled out in production we should move off of this client as it uses the v1 API's

@nsmith5 nsmith5 force-pushed the fulcio-legacy-client branch from 4be881a to b00c8e5 Compare April 14, 2022 17:22
mattmoor
mattmoor reviewed Apr 14, 2022
View reviewed changes
Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think .fulcioverifier.go.swp is unintended?

@nsmith5 nsmith5 force-pushed the fulcio-legacy-client branch from b00c8e5 to 71e85e4 Compare April 14, 2022 17:23
@nsmith5
Copy link
Contributor Author

nsmith5 commented Apr 14, 2022

Yup, removed and need a mod tidy as well

mattmoor
mattmoor previously approved these changes Apr 14, 2022
View reviewed changes
@nsmith5 nsmith5 force-pushed the fulcio-legacy-client branch from 71e85e4 to 0c2a8e6 Compare April 14, 2022 18:27
Bump Fulcio client lib and use LegacyClient
316683b 
Uses the LegacyClient as the GRPC change hasn't yet
been deployed.

Signed-off-by: Nathan Smith <[email protected]>
@nsmith5 nsmith5 force-pushed the fulcio-legacy-client branch from 0c2a8e6 to 316683b Compare April 14, 2022 18:44
@nsmith5
Copy link
Contributor Author

nsmith5 commented Apr 14, 2022

Hmm I see the GRPC refactor did pull in some banned dependencies (trillian + grpc middleware) that work against our slimming down the cosign binary....

Should we make a client library upstream and not use the api package so we can slim down the client library as much as possible?

@haydentherapper
Copy link
Contributor

I removed "github.com/google/certificate-transparency-go" in the embedded SCT PR, we need to depend on it.

@nsmith5
Copy link
Contributor Author

nsmith5 commented Apr 14, 2022

Ah ok, yeah I don't think we can run away from depending on grpc either now so these changes make sense then..

@haydentherapper
Copy link
Contributor

I wonder if the issue is the same thing I was running into in #1731, where one of the Trillian packages defines a flag that conflicts with what's defined in cosignd.

@haydentherapper
Copy link
Contributor

This is why in #1731 I copied in a file, so that when I used that package, I was only pulling in the bare minimum.

@nsmith5
Copy link
Contributor Author

nsmith5 commented Apr 18, 2022

closing in favour of #1762

@nsmith5 nsmith5 closed this Apr 18, 2022
@nsmith5 nsmith5 deleted the fulcio-legacy-client branch April 20, 2022 17:29
@nsmith5 nsmith5 restored the fulcio-legacy-client branch May 13, 2022 14:56
@nsmith5 nsmith5 reopened this May 13, 2022
@nsmith5 nsmith5 closed this Aug 2, 2022
@nsmith5 nsmith5 deleted the fulcio-legacy-client branch August 2, 2022 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmoor mattmoor mattmoor left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nsmith5 @haydentherapper @mattmoor