diff --git a/cmd/rekor-cli/app/root.go b/cmd/rekor-cli/app/root.go index 2cb38e282..dfd1e893c 100644 --- a/cmd/rekor-cli/app/root.go +++ b/cmd/rekor-cli/app/root.go @@ -65,8 +65,6 @@ func init() { rootCmd.PersistentFlags().Var(NewFlagValue(formatFlag, "default"), "format", "Command output format") rootCmd.PersistentFlags().Var(NewFlagValue(timeoutFlag, "30s"), "timeout", "HTTP timeout") - rootCmd.PersistentFlags().String("api-key", "", "API key for rekor.sigstore.dev") - // these are bound here and not in PreRun so that all child commands can use them if err := viper.BindPFlags(rootCmd.PersistentFlags()); err != nil { log.CliLogger.Fatal(err) diff --git a/pkg/client/rekor_client.go b/pkg/client/rekor_client.go index 92397844a..8fd66b069 100644 --- a/pkg/client/rekor_client.go +++ b/pkg/client/rekor_client.go @@ -23,7 +23,6 @@ import ( retryablehttp "github.com/hashicorp/go-retryablehttp" "github.com/sigstore/rekor/pkg/generated/client" "github.com/sigstore/rekor/pkg/util" - "github.com/spf13/viper" ) func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error) { @@ -45,12 +44,6 @@ func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error rt.Consumers["application/x-pem-file"] = runtime.TextConsumer() rt.Consumers["application/pem-certificate-chain"] = runtime.TextConsumer() rt.Producers["application/json"] = runtime.JSONProducer() - rt.Producers["application/timestamp-query"] = runtime.ByteStreamProducer() - rt.Consumers["application/timestamp-reply"] = runtime.ByteStreamConsumer() - - if viper.GetString("api-key") != "" { - rt.DefaultAuthentication = httptransport.APIKeyAuth("apiKey", "query", viper.GetString("api-key")) - } registry := strfmt.Default registry.Add("signedCheckpoint", &util.SignedNote{}, util.SignedCheckpointValidator) diff --git a/pkg/client/rekor_client_test.go b/pkg/client/rekor_client_test.go index 267db5298..2440307c7 100644 --- a/pkg/client/rekor_client_test.go +++ b/pkg/client/rekor_client_test.go @@ -18,66 +18,9 @@ package client import ( "net/http" "net/http/httptest" - "strings" "testing" - - "github.com/spf13/viper" ) -func TestAPIKey(t *testing.T) { - t.Parallel() - pkRequestReceived := false - logRequestReceived := false - testServer := httptest.NewServer(http.HandlerFunc( - func(w http.ResponseWriter, r *http.Request) { - file := []byte{} - - switch { - case strings.HasPrefix(r.URL.Path, "/api/v1/log/publicKey"): - pkRequestReceived = true - if r.URL.Query().Get("apiKey") != "" { - t.Errorf("API key sent but not expected: %v", r.URL.Query().Get("apiKey")) - } - case strings.HasPrefix(r.URL.Path, "/api/v1/log"): - logRequestReceived = true - if r.URL.Query().Get("apiKey") == "" { - t.Errorf("API key expected but not sent") - } - } - w.WriteHeader(http.StatusOK) - _, _ = w.Write(file) - })) - defer testServer.Close() - - t.Run("GetLogInfo", func(t *testing.T) { - logRequestReceived = false - viper.Set("api-key", "thisIsAnAPIKey") - client, err := GetRekorClient(testServer.URL) - if err != nil { - t.Error(err) - } - _, _ = client.Tlog.GetLogInfo(nil) - if !logRequestReceived { - t.Fatal("no GetLogInfo requests were received") - } - }) - - t.Run("GetPublicKey", func(t *testing.T) { - pkRequestReceived = false - viper.Set("api-key", "") - client, err := GetRekorClient(testServer.URL) - if err != nil { - t.Error(err) - } - _, _ = client.Pubkey.GetPublicKey(nil) - if !pkRequestReceived { - t.Fatal("no GetPublicKey requests were received") - } - - }) - -} - func TestGetRekorClientWithUserAgent(t *testing.T) { t.Parallel() expectedUserAgent := "test User-Agent" diff --git a/tests/e2e_test.go b/tests/e2e_test.go index 135965467..ff5b7f0ac 100644 --- a/tests/e2e_test.go +++ b/tests/e2e_test.go @@ -865,27 +865,6 @@ func TestX509(t *testing.T) { } -func TestUploadNoAPIKeyInOutput(t *testing.T) { - // Create a random artifact and sign it. - artifactPath := filepath.Join(t.TempDir(), "artifact") - sigPath := filepath.Join(t.TempDir(), "signature.asc") - - createdPGPSignedArtifact(t, artifactPath, sigPath) - - // Write the public key to a file - pubPath := filepath.Join(t.TempDir(), "pubKey.asc") - if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0644); err != nil { - t.Fatal(err) - } - - // It should upload successfully. - out := runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath, "--api-key", "foobar") - outputContains(t, out, "Created entry at") - if strings.Contains(out, "foobar") { - t.Errorf("CLI output contained API key when it should have squelched it") - } -} - func TestWatch(t *testing.T) { td := t.TempDir()