Skip to content

Commit

Permalink
sigstore: fix detect_credential signature (#641)
Browse files Browse the repository at this point in the history
* sigstore: fix `detect_credential` signature

This API accidentally gained a parameter in a point release,
which is both a semver breakage and strictly unnecessary
(since the parameter is an invariant).

Signed-off-by: William Woodruff <william@trailofbits.com>

* CHANGELOG: record changes

Signed-off-by: William Woodruff <william@trailofbits.com>

---------

Signed-off-by: William Woodruff <william@trailofbits.com>
  • Loading branch information
woodruffw authored May 1, 2023
1 parent 50c6aab commit bce2bb4
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 4 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ All versions prior to 0.9.0 are untracked.
bundle, rather than falling back to deprecated individual targets
([#626](https://github.com/sigstore/sigstore-python/pull/626))

### Fixed

* Removed an unnecessary and backwards-incompatible parameter from the
`sigstore.oidc.detect_credential` API
([#641](https://github.com/sigstore/sigstore-python/pull/641))

## [1.1.2]

### Fixed
Expand Down
3 changes: 1 addition & 2 deletions sigstore/_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
from sigstore._internal.ctfe import CTKeyring
from sigstore._internal.fulcio.client import DEFAULT_FULCIO_URL, FulcioClient
from sigstore._internal.keyring import Keyring
from sigstore._internal.oidc import DEFAULT_AUDIENCE
from sigstore._internal.rekor.client import (
DEFAULT_REKOR_URL,
RekorClient,
Expand Down Expand Up @@ -960,7 +959,7 @@ def _verify_github(args: argparse.Namespace) -> None:
def _get_identity_token(args: argparse.Namespace) -> Optional[str]:
token = None
if not args.oidc_disable_ambient_providers:
token = detect_credential(DEFAULT_AUDIENCE)
token = detect_credential()

if not token:
if args.staging:
Expand Down
5 changes: 3 additions & 2 deletions sigstore/oidc.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import requests
from pydantic import BaseModel, StrictStr

from sigstore._internal.oidc import DEFAULT_AUDIENCE
from sigstore.errors import Error, NetworkError

DEFAULT_OAUTH_ISSUER_URL = "https://oauth2.sigstore.dev/auth"
Expand Down Expand Up @@ -233,9 +234,9 @@ def diagnostics(self) -> str:
"""


def detect_credential(audience: str) -> Optional[str]:
def detect_credential() -> Optional[str]:
"""Calls `id.detect_credential`, but wraps exceptions with our own exception type."""
try:
return cast(Optional[str], id.detect_credential(audience))
return cast(Optional[str], id.detect_credential(DEFAULT_AUDIENCE))
except id.IdentityError as exc:
IdentityError.raise_from_id(exc)

0 comments on commit bce2bb4

Please sign in to comment.