diff --git a/cmd/tesseract/gcp/main.go b/cmd/tesseract/gcp/main.go index 63b6046d..fdf9cb3c 100644 --- a/cmd/tesseract/gcp/main.go +++ b/cmd/tesseract/gcp/main.go @@ -102,7 +102,6 @@ var ( // Infrastructure setup flags bucket = flag.String("bucket", "", "Name of the GCS bucket to store the log in.") - gcsUseGRPC = flag.Bool("gcs_use_grpc", false, "Use gRPC-based GCS client.") gcsConnections = flag.Int("gcs_connections", 4, "Size of connection pool for GCS gRPC client.") spannerDB = flag.String("spanner_db_path", "", "Spanner database path: projects/{projectId}/instances/{instanceId}/databases/{databaseId}.") spannerAntispamDB = flag.String("spanner_antispam_db_path", "", "Spanner antispam deduplication database path projects/{projectId}/instances/{instanceId}/databases/{databaseId}.") @@ -167,7 +166,10 @@ func main() { Timeout: *clientHTTPTimeout, } - gcsClient := gcsClientFromFlags(ctx, hc) + gcsClient, err := gcs.NewGRPCClient(ctx, option.WithGRPCConnectionPool(*gcsConnections)) + if err != nil { + klog.Exitf("Failed to create gRPC GCS client: %v", err) + } fetchedRootsBackupStorage, err := gcp.NewRootsStorage(ctx, *bucket, gcsClient) if err != nil { klog.Exitf("failed to initialize GCS backup storage for remotely fetched roots: %v", err) @@ -399,19 +401,3 @@ func notBeforeRLFromFlags() *tesseract.NotBeforeRL { } return &tesseract.NotBeforeRL{AgeThreshold: a, RateLimit: l} } - -func gcsClientFromFlags(ctx context.Context, httpClient *http.Client) *gcs.Client { - if *gcsUseGRPC { - gcsClient, err := gcs.NewGRPCClient(ctx, option.WithGRPCConnectionPool(*gcsConnections)) - if err != nil { - klog.Exitf("Failed to create gRPC GCS client: %v", err) - } - return gcsClient - } - - gcsClient, err := gcs.NewClient(ctx, gcs.WithJSONReads(), option.WithHTTPClient(httpClient)) - if err != nil { - klog.Exitf("Failed to create GCS client: %v", err) - } - return gcsClient -} diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl b/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl index 75a8be22..dfa75aeb 100644 --- a/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl +++ b/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl @@ -20,7 +20,6 @@ locals { log_public_key_secret_name = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-public-key/versions/1" # Legacy key name pattern. log_private_key_secret_name = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-private-key/versions/1" # Legacy key name pattern. additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"] - gcs_use_grpc = true garbage_collection_interval = "10s" extra_tesseract_flags = [] log_db_name_override = "${local.base_name}-db" diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl b/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl index 95d51b86..a7250d5e 100644 --- a/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl +++ b/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl @@ -21,7 +21,6 @@ locals { log_public_key_secret_name = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-public-key/versions/1" # Legacy key name pattern. log_private_key_secret_name = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-private-key/versions/1" # Legacy key name pattern. additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"] - gcs_use_grpc = true garbage_collection_interval = "10s" extra_tesseract_flags = [] log_db_name_override = "${local.base_name}-db" diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl b/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl index 37f33c6a..da7d4017 100644 --- a/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl +++ b/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl @@ -21,7 +21,6 @@ locals { log_public_key_secret_name = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-public-key/versions/1" # Legacy key name pattern. log_private_key_secret_name = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-private-key/versions/1" # Legacy key name pattern. additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"] - gcs_use_grpc = true garbage_collection_interval = "10s" extra_tesseract_flags = [] log_db_name_override = "${local.base_name}-db" diff --git a/deployment/modules/gcp/cloudrun/main.tf b/deployment/modules/gcp/cloudrun/main.tf index 8fe9fb6b..cf006fce 100644 --- a/deployment/modules/gcp/cloudrun/main.tf +++ b/deployment/modules/gcp/cloudrun/main.tf @@ -62,7 +62,6 @@ resource "google_cloud_run_v2_service" "default" { "--batch_max_age=${var.batch_max_age}", "--roots_remote_fetch_url=${var.roots_remote_fetch_url}", "--roots_remote_fetch_interval=${var.roots_remote_fetch_interval}", - "--gcs_use_grpc=true", ]) ports { container_port = 6962 diff --git a/deployment/modules/gcp/gce/tesseract/main.tf b/deployment/modules/gcp/gce/tesseract/main.tf index 0faf9e7b..405d26aa 100644 --- a/deployment/modules/gcp/gce/tesseract/main.tf +++ b/deployment/modules/gcp/gce/tesseract/main.tf @@ -67,7 +67,6 @@ locals { length(var.roots_reject_fingerprints) == 0 ? "" : join(" ", formatlist("-roots_reject_fingerprints=%s", var.roots_reject_fingerprints)), var.witness_policy == "" ? "" : "-witness_policy_file=${local.witness_policy_file}", length(var.additional_signer_private_key_secret_names) == 0 ? "" : join(" ", formatlist("-additional_signer_private_key_secret_name=%s", var.additional_signer_private_key_secret_names)), - "-gcs_use_grpc=${var.gcs_use_grpc}", var.garbage_collection_interval == null ? "" : "-garbage_collection_interval=${var.garbage_collection_interval}", ], var.extra_tesseract_flags) diff --git a/deployment/modules/gcp/gce/tesseract/variables.tf b/deployment/modules/gcp/gce/tesseract/variables.tf index b55dc7fc..0ff271c9 100644 --- a/deployment/modules/gcp/gce/tesseract/variables.tf +++ b/deployment/modules/gcp/gce/tesseract/variables.tf @@ -158,12 +158,6 @@ variable "roots_reject_fingerprints" { default = [] } -variable "gcs_use_grpc" { - description = "Use gRPC for GCS access." - type = bool - default = false -} - variable "garbage_collection_interval" { description = "Interval between garbage collection runs, e.g. \"10s\"." type = string diff --git a/deployment/modules/gcp/tesseract/gce/main.tf b/deployment/modules/gcp/tesseract/gce/main.tf index aa452214..5cd0eaed 100644 --- a/deployment/modules/gcp/tesseract/gce/main.tf +++ b/deployment/modules/gcp/tesseract/gce/main.tf @@ -55,7 +55,6 @@ module "gce" { roots_remote_fetch_url = var.roots_remote_fetch_url roots_remote_fetch_interval = var.roots_remote_fetch_interval roots_reject_fingerprints = var.roots_reject_fingerprints - gcs_use_grpc = var.gcs_use_grpc garbage_collection_interval = var.garbage_collection_interval extra_tesseract_flags = var.extra_tesseract_flags diff --git a/deployment/modules/gcp/tesseract/gce/variables.tf b/deployment/modules/gcp/tesseract/gce/variables.tf index a1958ced..3c38ae80 100644 --- a/deployment/modules/gcp/tesseract/gce/variables.tf +++ b/deployment/modules/gcp/tesseract/gce/variables.tf @@ -168,12 +168,6 @@ variable "roots_reject_fingerprints" { default = [] } -variable "gcs_use_grpc" { - description = "Use gRPC for GCS access." - type = bool - default = false -} - variable "garbage_collection_interval" { description = "Interval between garbage collection runs, e.g. \"10s\"." type = string