centralize rekor client construction

Signed-off-by: Jake Sanders <[email protected]>

cmd/cosign/cli/attest/attest.go

@@ -29,6 +29,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	"github.com/sigstore/cosign/cmd/cosign/cli/sign"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/cosign/attestation"
@@ -39,7 +40,6 @@ import (
 	"github.com/sigstore/cosign/pkg/oci/static"
 	sigs "github.com/sigstore/cosign/pkg/signature"
 	"github.com/sigstore/cosign/pkg/types"
-	rekPkgClient "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore/pkg/signature/dsse"
@@ -77,7 +77,7 @@ func uploadToTlog(ctx context.Context, sv *sign.SignerVerifier, rekorURL string,
 		rekorBytes = pemBytes
 	}
 
-	rekorClient, err := rekPkgClient.GetRekorClient(rekorURL, rekPkgClient.WithUserAgent(options.UserAgent()))
+	rekorClient, err := rekor.NewClient(rekorURL)
 	if err != nil {
 		return nil, err
 	}

cmd/cosign/cli/rekor/rekor.go

@@ -0,0 +1,30 @@
+// Copyright 2021 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package rekor
+
+import (
+	rekor "github.com/sigstore/rekor/pkg/client"
+	"github.com/sigstore/rekor/pkg/generated/client"
+
+	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+)
+
+func NewClient(rekorURL string) (*client.Rekor, error) {
+	rekorClient, err := rekor.GetRekorClient(rekorURL, rekor.WithUserAgent(options.UserAgent()))
+	if err != nil {
+		return nil, err
+	}
+	return rekorClient, nil
+}

cmd/cosign/cli/sign/sign.go

@@ -35,6 +35,7 @@ import (
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	icos "github.com/sigstore/cosign/internal/pkg/cosign"
 	ifulcio "github.com/sigstore/cosign/internal/pkg/cosign/fulcio"
 	ipayload "github.com/sigstore/cosign/internal/pkg/cosign/payload"
@@ -50,7 +51,6 @@ import (
 	"github.com/sigstore/cosign/pkg/oci/walk"
 	providers "github.com/sigstore/cosign/pkg/providers/all"
 	sigs "github.com/sigstore/cosign/pkg/signature"
-	rekorClient "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
 	signatureoptions "github.com/sigstore/sigstore/pkg/signature/options"
@@ -207,7 +207,7 @@ func signDigest(ctx context.Context, digest name.Digest, payload []byte, ko KeyO
 	s = ipayload.NewSigner(sv, nil, nil)
 	s = ifulcio.NewSigner(s, sv.Cert, sv.Chain)
 	if ShouldUploadToTlog(ctx, digest, force, ko.RekorURL) {
-		rClient, err := rekorClient.GetRekorClient(ko.RekorURL, rekorClient.WithUserAgent(options.UserAgent()))
+		rClient, err := rekor.NewClient(ko.RekorURL)
 		if err != nil {
 			return err
 		}

cmd/cosign/cli/sign/sign_blob.go

@@ -28,8 +28,8 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	"github.com/sigstore/cosign/pkg/cosign"
-	rekorClient "github.com/sigstore/rekor/pkg/client"
 	signatureoptions "github.com/sigstore/sigstore/pkg/signature/options"
 )
 
@@ -87,7 +87,7 @@ func SignBlobCmd(ctx context.Context, ko KeyOpts, regOpts options.RegistryOption
 		if err != nil {
 			return nil, err
 		}
-		rekorClient, err := rekorClient.GetRekorClient(ko.RekorURL, rekorClient.WithUserAgent(options.UserAgent()))
+		rekorClient, err := rekor.NewClient(ko.RekorURL)
 		if err != nil {
 			return nil, err
 		}

cmd/cosign/cli/verify/verify.go

@@ -30,13 +30,13 @@ import (
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	"github.com/sigstore/cosign/cmd/cosign/cli/sign"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/cosign/pivkey"
 	"github.com/sigstore/cosign/pkg/cosign/pkcs11key"
 	"github.com/sigstore/cosign/pkg/oci"
 	sigs "github.com/sigstore/cosign/pkg/signature"
-	rekor "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/payload"
@@ -96,7 +96,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 	}
 	if options.EnableExperimental() {
 		if c.RekorURL != "" {
-			rekorClient, err := rekor.GetRekorClient(c.RekorURL, rekor.WithUserAgent(options.UserAgent()))
+			rekorClient, err := rekor.NewClient(c.RekorURL)
 			if err != nil {
 				return errors.Wrap(err, "creating Rekor client")
 			}

cmd/cosign/cli/verify/verify_attestation.go

@@ -32,11 +32,11 @@ import (
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/cosign/cue"
 	"github.com/sigstore/cosign/pkg/cosign/pivkey"
 	sigs "github.com/sigstore/cosign/pkg/signature"
-	rekor "github.com/sigstore/rekor/pkg/client"
 )
 
 // VerifyAttestationCommand verifies a signature on a supplied container image
@@ -76,7 +76,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e
 	}
 	if options.EnableExperimental() {
 		if c.RekorURL != "" {
-			rekorClient, err := rekor.GetRekorClient(c.RekorURL, rekor.WithUserAgent(options.UserAgent()))
+			rekorClient, err := rekor.NewClient(c.RekorURL)
 			if err != nil {
 				return errors.Wrap(err, "creating Rekor client")
 			}

cmd/cosign/cli/verify/verify_blob.go

@@ -31,13 +31,13 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	"github.com/sigstore/cosign/cmd/cosign/cli/sign"
 	"github.com/sigstore/cosign/pkg/blob"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/cosign/pivkey"
 	"github.com/sigstore/cosign/pkg/cosign/pkcs11key"
 	sigs "github.com/sigstore/cosign/pkg/signature"
-	rekorClient "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/types"
 	hashedrekord "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1"
@@ -118,7 +118,7 @@ func VerifyBlobCmd(ctx context.Context, ko sign.KeyOpts, certRef, sigRef, blobRe
 			return err
 		}
 	case options.EnableExperimental():
-		rClient, err := rekorClient.GetRekorClient(ko.RekorURL)
+		rClient, err := rekor.NewClient(ko.RekorURL)
 		if err != nil {
 			return err
 		}
@@ -170,7 +170,7 @@ func VerifyBlobCmd(ctx context.Context, ko sign.KeyOpts, certRef, sigRef, blobRe
 	fmt.Fprintln(os.Stderr, "Verified OK")
 
 	if options.EnableExperimental() {
-		rekorClient, err := rekorClient.GetRekorClient(ko.RekorURL, rekorClient.WithUserAgent(options.UserAgent()))
+		rekorClient, err := rekor.NewClient(ko.RekorURL)
 		if err != nil {
 			return err
 		}