sigstore · bobcallaway · Oct 6, 2022 · Oct 5, 2022
@@ -65,8 +65,6 @@ func init() {
 	rootCmd.PersistentFlags().Var(NewFlagValue(formatFlag, "default"), "format", "Command output format")
 	rootCmd.PersistentFlags().Var(NewFlagValue(timeoutFlag, "30s"), "timeout", "HTTP timeout")
 
-	rootCmd.PersistentFlags().String("api-key", "", "API key for rekor.sigstore.dev")
-
 	// these are bound here and not in PreRun so that all child commands can use them
 	if err := viper.BindPFlags(rootCmd.PersistentFlags()); err != nil {
 		log.CliLogger.Fatal(err)

@@ -23,7 +23,6 @@ import (
 	retryablehttp "github.com/hashicorp/go-retryablehttp"
 	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/util"
-	"github.com/spf13/viper"
 )
 
 func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error) {
@@ -45,12 +44,6 @@ func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error
 	rt.Consumers["application/x-pem-file"] = runtime.TextConsumer()
 	rt.Consumers["application/pem-certificate-chain"] = runtime.TextConsumer()
 	rt.Producers["application/json"] = runtime.JSONProducer()
-	rt.Producers["application/timestamp-query"] = runtime.ByteStreamProducer()
-	rt.Consumers["application/timestamp-reply"] = runtime.ByteStreamConsumer()
-
-	if viper.GetString("api-key") != "" {
-		rt.DefaultAuthentication = httptransport.APIKeyAuth("apiKey", "query", viper.GetString("api-key"))
-	}
 
 	registry := strfmt.Default
 	registry.Add("signedCheckpoint", &util.SignedNote{}, util.SignedCheckpointValidator)

@@ -18,66 +18,9 @@ package client
 import (
 	"net/http"
 	"net/http/httptest"
-	"strings"
 	"testing"
-
-	"github.com/spf13/viper"
 )
 
-func TestAPIKey(t *testing.T) {
-	t.Parallel()
-	pkRequestReceived := false
-	logRequestReceived := false
-	testServer := httptest.NewServer(http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			file := []byte{}
-
-			switch {
-			case strings.HasPrefix(r.URL.Path, "/api/v1/log/publicKey"):
-				pkRequestReceived = true
-				if r.URL.Query().Get("apiKey") != "" {
-					t.Errorf("API key sent but not expected: %v", r.URL.Query().Get("apiKey"))
-				}
-			case strings.HasPrefix(r.URL.Path, "/api/v1/log"):
-				logRequestReceived = true
-				if r.URL.Query().Get("apiKey") == "" {
-					t.Errorf("API key expected but not sent")
-				}
-			}
-			w.WriteHeader(http.StatusOK)
-			_, _ = w.Write(file)
-		}))
-	defer testServer.Close()
-
-	t.Run("GetLogInfo", func(t *testing.T) {
-		logRequestReceived = false
-		viper.Set("api-key", "thisIsAnAPIKey")
-		client, err := GetRekorClient(testServer.URL)
-		if err != nil {
-			t.Error(err)
-		}
-		_, _ = client.Tlog.GetLogInfo(nil)
-		if !logRequestReceived {
-			t.Fatal("no GetLogInfo requests were received")
-		}
-	})
-
-	t.Run("GetPublicKey", func(t *testing.T) {
-		pkRequestReceived = false
-		viper.Set("api-key", "")
-		client, err := GetRekorClient(testServer.URL)
-		if err != nil {
-			t.Error(err)
-		}
-		_, _ = client.Pubkey.GetPublicKey(nil)
-		if !pkRequestReceived {
-			t.Fatal("no GetPublicKey requests were received")
-		}
-
-	})
-
-}
-
 func TestGetRekorClientWithUserAgent(t *testing.T) {
 	t.Parallel()
 	expectedUserAgent := "test User-Agent"

@@ -865,27 +865,6 @@ func TestX509(t *testing.T) {
 
 }
 
-func TestUploadNoAPIKeyInOutput(t *testing.T) {
-	// Create a random artifact and sign it.
-	artifactPath := filepath.Join(t.TempDir(), "artifact")
-	sigPath := filepath.Join(t.TempDir(), "signature.asc")
-
-	createdPGPSignedArtifact(t, artifactPath, sigPath)
-
-	// Write the public key to a file
-	pubPath := filepath.Join(t.TempDir(), "pubKey.asc")
-	if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0644); err != nil {
-		t.Fatal(err)
-	}
-
-	// It should upload successfully.
-	out := runCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath, "--api-key", "foobar")
-	outputContains(t, out, "Created entry at")
-	if strings.Contains(out, "foobar") {
-		t.Errorf("CLI output contained API key when it should have squelched it")
-	}
-}
-
 func TestWatch(t *testing.T) {
 
 	td := t.TempDir()