have rekor.NewSigner accept a *client.Rekor instead of a URL (#1115)

Signed-off-by: Jake Sanders <jsand@google.com>
sigstore · Nov 30, 2021 · 1da6742 · 1da6742
1 parent ac7e33c
commit 1da6742
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 15 deletions.
diff --git a/cmd/cosign/cli/sign/sign.go b/cmd/cosign/cli/sign/sign.go
@@ -52,6 +52,7 @@ import (
 	providers "github.com/sigstore/cosign/pkg/providers/all"
 	sigs "github.com/sigstore/cosign/pkg/signature"
 	fulcPkgClient "github.com/sigstore/fulcio/pkg/client"
+	rekorClient "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
 	sigPayload "github.com/sigstore/sigstore/pkg/signature/payload"
@@ -215,7 +216,11 @@ func signDigest(ctx context.Context, digest name.Digest, payload []byte, ko KeyO
 	s = ipayload.NewSigner(sv, nil, nil)
 	s = ifulcio.NewSigner(s, sv.Cert, sv.Chain)
 	if ShouldUploadToTlog(ctx, digest, force, ko.RekorURL) {
-		s = irekor.NewSigner(s, ko.RekorURL)
+		rClient, err := rekorClient.GetRekorClient(ko.RekorURL)
+		if err != nil {
+			return err
+		}
+		s = irekor.NewSigner(s, rClient)
 	}
 
 	ociSig, _, err := s.Sign(ctx, bytes.NewReader(payload))

diff --git a/internal/pkg/cosign/rekor/rekor.go b/internal/pkg/cosign/rekor/rekor.go
@@ -26,8 +26,7 @@ import (
 	cosignv1 "github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/oci"
 	"github.com/sigstore/cosign/pkg/oci/static"
-	rekPkgClient "github.com/sigstore/rekor/pkg/client"
-	rekGenClient "github.com/sigstore/rekor/pkg/generated/client"
+	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 )
@@ -47,14 +46,10 @@ func bundle(entry *models.LogEntryAnon) *oci.Bundle {
 	}
 }
 
-type tlogUploadFn func(*rekGenClient.Rekor, []byte) (*models.LogEntryAnon, error)
+type tlogUploadFn func(*client.Rekor, []byte) (*models.LogEntryAnon, error)
 
-func uploadToTlog(rekorBytes []byte, rekorURL string, upload tlogUploadFn) (*oci.Bundle, error) {
-	rekorClient, err := rekPkgClient.GetRekorClient(rekorURL)
-	if err != nil {
-		return nil, err
-	}
-	entry, err := upload(rekorClient, rekorBytes)
+func uploadToTlog(rekorBytes []byte, rClient *client.Rekor, upload tlogUploadFn) (*oci.Bundle, error) {
+	entry, err := upload(rClient, rekorBytes)
 	if err != nil {
 		return nil, err
 	}
@@ -66,7 +61,7 @@ func uploadToTlog(rekorBytes []byte, rekorURL string, upload tlogUploadFn) (*oci
 type signerWrapper struct {
 	inner cosign.Signer
 
-	rekorURL string
+	rClient *client.Rekor
 }
 
 var _ cosign.Signer = (*signerWrapper)(nil)
@@ -107,7 +102,7 @@ func (rs *signerWrapper) Sign(ctx context.Context, payload io.Reader) (oci.Signa
 		return nil, nil, err
 	}
 
-	bundle, err := uploadToTlog(rekorBytes, rs.rekorURL, func(r *rekGenClient.Rekor, b []byte) (*models.LogEntryAnon, error) {
+	bundle, err := uploadToTlog(rekorBytes, rs.rClient, func(r *client.Rekor, b []byte) (*models.LogEntryAnon, error) {
 		return cosignv1.TLogUpload(ctx, r, sigBytes, payloadBytes, b)
 	})
 	if err != nil {
@@ -149,9 +144,9 @@ func (rs *signerWrapper) Sign(ctx context.Context, payload io.Reader) (oci.Signa
 }
 
 // NewSigner returns a `cosign.Signer` which uploads the signature to Rekor
-func NewSigner(inner cosign.Signer, rekorURL string) cosign.Signer {
+func NewSigner(inner cosign.Signer, rClient *client.Rekor) cosign.Signer {
 	return &signerWrapper{
-		inner:    inner,
-		rekorURL: rekorURL,
+		inner:   inner,
+		rClient: rClient,
 	}
 }