Use rekor client library from upstream
Closed this issue · 4 comments
We have a home brew rekor client library as we just need to hit two API endpoints and we keep the data in a pretty unstructured format when passing it on to the Rego policies. That said, it might be better to use if the upstream rekor client library if we can.
Ah sure ! Thank you for this @nsmith5. Would you mind assigning it to me then I'll start working on it ASAP (tonight 🥳) I'd love to help when I found a chances like this.😍
Yup, can you point me to the client library you're talking about? I found some client code in the rekor repo but it was pretty dense and importantly it was strongly typed which doesn't work well with Rego policy.
These are the ones I thought can help us to accomplish this:
- https://github.com/sigstore/rekor/blob/97f2f392dda2500dfc3ca4f05d8fafcf16c0ab78/pkg/client/rekor_client.go?_pjax=%23js-repo-pjax-container%2C%20div%5Bitemtype%3D%22http%3A%2F%2Fschema.org%2FSoftwareSourceCode%22%5D%20main%2C%20%5Bdata-pjax-container%5D#L28
- https://github.com/sigstore/cosign/blob/ef380f01336989a4e6223d00b2a79db3daac99f3/pkg/cosign/tlog.go?_pjax=%23js-repo-pjax-container%2C%20div%5Bitemtype%3D%22http%3A%2F%2Fschema.org%2FSoftwareSourceCode%22%5D%20main%2C%20%5Bdata-pjax-container%5D#L134
Does it make sense? @nsmith5
I don't know that this makes sense to me to be honest. It pulls in a lot of dependencies without a clear benefit in my eyes. Closing for now