Remove Google CA v1beta1 API and associated config (#349)

* Deprecate gcp_private_ca_version Towards #342: remove v1beta1 GCP CA API Signed-off-by: Zachary Newman <z@znewman.net> * Remove Google CA v1beta1 API and associated config Fixes #342 Signed-off-by: Zachary Newman <z@znewman.net>
sigstore · Jan 25, 2022 · 6f0ed01 · 6f0ed01
1 parent ecb056e
commit 6f0ed01
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 292 deletions.
diff --git a/README.md b/README.md
@@ -62,7 +62,7 @@ The public Fulcio root CA is currently running on [GCP CA Service](https://cloud
 You can also run Fulcio with your own CA on CA Service by passing in a parent and specifying Google as the CA:
 
 ```
-go run main.go serve --ca googleca  --gcp_private_ca_parent=projects/myproject/locations/us-central1/caPools/mypool --gcp_private_ca_version=v1
+go run main.go serve --ca googleca  --gcp_private_ca_parent=projects/myproject/locations/us-central1/caPools/mypool
 ```
 
 ### PKCS11CA

diff --git a/cmd/app/serve.go b/cmd/app/serve.go
@@ -31,7 +31,6 @@ import (
 	"github.com/sigstore/fulcio/pkg/ca/ephemeralca"
 	"github.com/sigstore/fulcio/pkg/ca/fileca"
 	googlecav1 "github.com/sigstore/fulcio/pkg/ca/googleca/v1"
-	googlecav1beta1 "github.com/sigstore/fulcio/pkg/ca/googleca/v1beta1"
 	"github.com/sigstore/fulcio/pkg/ca/x509ca"
 	"github.com/sigstore/fulcio/pkg/config"
 	"github.com/sigstore/fulcio/pkg/log"
@@ -56,7 +55,6 @@ func newServeCmd() *cobra.Command {
 	cmd.Flags().String("ca", "", "googleca | pkcs11ca | fileca | ephemeralca (for testing)")
 	cmd.Flags().String("aws-hsm-root-ca-path", "", "Path to root CA on disk (only used with AWS HSM)")
 	cmd.Flags().String("gcp_private_ca_parent", "", "private ca parent: /projects/<project>/locations/<location>/<name> (only used with --ca googleca)")
-	cmd.Flags().String("gcp_private_ca_version", "v1", "private ca version: [v1|v1beta1] (only used with --ca googleca)")
 	cmd.Flags().String("hsm-caroot-id", "", "HSM ID for Root CA (only used with --ca pkcs11ca)")
 	cmd.Flags().String("ct-log-url", "http://localhost:6962/test", "host and path (with log prefix at the end) to the ct log")
 	cmd.Flags().String("config-path", "/etc/fulcio-config/config.json", "path to fulcio config json")
@@ -98,6 +96,10 @@ func runServeCmd(cmd *cobra.Command, args []string) {
 		if !viper.IsSet("gcp_private_ca_parent") {
 			log.Logger.Fatal("gcp_private_ca_parent must be set when using googleca")
 		}
+		if viper.IsSet("gcp_private_ca_version") {
+			// There's a MarkDeprecated function in cobra/pflags, but it doesn't use log.Logger
+			log.Logger.Warn("gcp_private_ca_version is deprecated and will soon be removed; please remove it")
+		}
 
 	case "fileca":
 		if !viper.IsSet("fileca-cert") {
@@ -130,15 +132,7 @@ func runServeCmd(cmd *cobra.Command, args []string) {
 	var baseca certauth.CertificateAuthority
 	switch viper.GetString("ca") {
 	case "googleca":
-		version := viper.GetString("gcp_private_ca_version")
-		switch version {
-		case "v1":
-			baseca, err = googlecav1.NewCertAuthorityService(cmd.Context(), viper.GetString("gcp_private_ca_parent"))
-		case "v1beta1":
-			baseca, err = googlecav1beta1.NewCertAuthorityService(cmd.Context(), viper.GetString("gcp_private_ca_parent"))
-		default:
-			err = fmt.Errorf("invalid value for gcp_private_ca_version: %v", version)
-		}
+		baseca, err = googlecav1.NewCertAuthorityService(cmd.Context(), viper.GetString("gcp_private_ca_parent"))
 	case "pkcs11ca":
 		params := x509ca.Params{
 			ConfigPath: viper.GetString("pkcs11-config-path"),

diff --git a/config/fulcio-config.yaml b/config/fulcio-config.yaml
@@ -59,7 +59,6 @@ data:
         host: 0.0.0.0
         port: 5555
         ca: googleca
-        gcp_private_ca_version: v1
         ct-log-url: http://ct-log/test
         log_type: prod
 kind: ConfigMap

diff --git a/pkg/ca/googleca/v1beta1/googleca.go b/pkg/ca/googleca/v1beta1/googleca.go
diff --git a/pkg/ca/googleca/v1beta1/googleca_test.go b/pkg/ca/googleca/v1beta1/googleca_test.go