Skip to content

Commit

Permalink
Don't validate that the issuer bucket exists, and fail if it does not. (
Browse files Browse the repository at this point in the history 
#31)

This allows to remove permissions from the service accounts running
the binary.
  • Loading branch information
@phbnf
phbnf authored Oct 29, 2024
1 parent 75cf6c0 commit a1e95a6
Showing 1 changed file with 1 addition and 15 deletions.
16 changes: 1 addition & 15 deletions storage/gcp/issuers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,8 @@ import (
"path"

gcs "cloud.google.com/go/storage"
"github.com/transparency-dev/static-ct"
sctfe "github.com/transparency-dev/static-ct"
"google.golang.org/api/googleapi"
"google.golang.org/api/iterator"
"k8s.io/klog/v2"
)

Expand All @@ -43,19 +42,6 @@ func NewIssuerStorage(ctx context.Context, projectID string, bucket string, pref
return nil, fmt.Errorf("failed to create GCS client: %v", err)
}

it := c.Buckets(ctx, projectID)
for {
bAttrs, err := it.Next()
if err == iterator.Done {
return nil, fmt.Errorf("bucket %q does not exist, please create it", bucket)
}
if err != nil {
return nil, fmt.Errorf("error scanning buckets: %v", err)
}
if bAttrs.Name == bucket {
break
}
}
r := &IssuersStorage{
bucket: c.Bucket(bucket),
prefix: prefix,
Expand Down

0 comments on commit a1e95a6

Please sign in to comment.