Explicitly disable auth for the sigstore-tuf-root. (#528)

I had expired credentials that were causing this to fail. The bucket is public, so we should just not use auth (which apparently requires being explicit). Signed-off-by: Dan Lorenc <dlorenc@google.com>
sigstore · Aug 9, 2021 · 9018c86 · 9018c86
1 parent bfd42e5
commit 9018c86
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -28,6 +28,7 @@ require (
 	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
+	google.golang.org/api v0.50.0
 	k8s.io/api v0.22.0
 	k8s.io/apimachinery v0.22.0
 	k8s.io/client-go v0.22.0

diff --git a/pkg/cosign/tuf/store.go b/pkg/cosign/tuf/store.go
@@ -22,6 +22,7 @@ import (
 
 	"cloud.google.com/go/storage"
 	"github.com/theupdateframework/go-tuf/client"
+	"google.golang.org/api/option"
 )
 
 type GcsRemoteOptions struct {
@@ -47,7 +48,7 @@ func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions,
 	store := gcsRemoteStore{ctx: ctx, bucket: bucket, opts: opts, client: client}
 	if client == nil {
 		var err error
-		store.client, err = storage.NewClient(ctx)
+		store.client, err = storage.NewClient(ctx, option.WithoutAuthentication())
 		if err != nil {
 			return nil, err
 		}