transparency-dev · phbnf · Mar 19, 2026 · Mar 19, 2026
@@ -102,7 +102,6 @@ var (
 
 	// Infrastructure setup flags
 	bucket                     = flag.String("bucket", "", "Name of the GCS bucket to store the log in.")
-	gcsUseGRPC                 = flag.Bool("gcs_use_grpc", false, "Use gRPC-based GCS client.")
 	gcsConnections             = flag.Int("gcs_connections", 4, "Size of connection pool for GCS gRPC client.")
 	spannerDB                  = flag.String("spanner_db_path", "", "Spanner database path: projects/{projectId}/instances/{instanceId}/databases/{databaseId}.")
 	spannerAntispamDB          = flag.String("spanner_antispam_db_path", "", "Spanner antispam deduplication database path projects/{projectId}/instances/{instanceId}/databases/{databaseId}.")
@@ -167,7 +166,10 @@ func main() {
 		Timeout: *clientHTTPTimeout,
 	}
 
-	gcsClient := gcsClientFromFlags(ctx, hc)
+	gcsClient, err := gcs.NewGRPCClient(ctx, option.WithGRPCConnectionPool(*gcsConnections))
+	if err != nil {
+		klog.Exitf("Failed to create gRPC GCS client: %v", err)
+	}
 	fetchedRootsBackupStorage, err := gcp.NewRootsStorage(ctx, *bucket, gcsClient)
 	if err != nil {
 		klog.Exitf("failed to initialize GCS backup storage for remotely fetched roots: %v", err)
@@ -399,19 +401,3 @@ func notBeforeRLFromFlags() *tesseract.NotBeforeRL {
 	}
 	return &tesseract.NotBeforeRL{AgeThreshold: a, RateLimit: l}
 }
-
-func gcsClientFromFlags(ctx context.Context, httpClient *http.Client) *gcs.Client {
-	if *gcsUseGRPC {
-		gcsClient, err := gcs.NewGRPCClient(ctx, option.WithGRPCConnectionPool(*gcsConnections))
-		if err != nil {
-			klog.Exitf("Failed to create gRPC GCS client: %v", err)
-		}
-		return gcsClient
-	}
-
-	gcsClient, err := gcs.NewClient(ctx, gcs.WithJSONReads(), option.WithHTTPClient(httpClient))
-	if err != nil {
-		klog.Exitf("Failed to create GCS client: %v", err)
-	}
-	return gcsClient
-}
@@ -20,7 +20,6 @@ locals {
   log_public_key_secret_name                 = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-public-key/versions/1"  # Legacy key name pattern.
   log_private_key_secret_name                = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-private-key/versions/1" # Legacy key name pattern.
   additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"]
-  gcs_use_grpc                               = true
   garbage_collection_interval                = "10s"
   extra_tesseract_flags                      = []
   log_db_name_override                       = "${local.base_name}-db"

@@ -21,7 +21,6 @@ locals {
   log_public_key_secret_name                 = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-public-key/versions/1"  # Legacy key name pattern.
   log_private_key_secret_name                = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-private-key/versions/1" # Legacy key name pattern.
   additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"]
-  gcs_use_grpc                               = true
   garbage_collection_interval                = "10s"
   extra_tesseract_flags                      = []
   log_db_name_override                       = "${local.base_name}-db"

@@ -21,7 +21,6 @@ locals {
   log_public_key_secret_name                 = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-public-key/versions/1"  # Legacy key name pattern.
   log_private_key_secret_name                = "projects/${include.root.locals.project_id}/secrets/${local.base_name}-ecdsa-p256-private-key/versions/1" # Legacy key name pattern.
   additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"]
-  gcs_use_grpc                               = true
   garbage_collection_interval                = "10s"
   extra_tesseract_flags                      = []
   log_db_name_override                       = "${local.base_name}-db"

@@ -62,7 +62,6 @@ resource "google_cloud_run_v2_service" "default" {
         "--batch_max_age=${var.batch_max_age}",
         "--roots_remote_fetch_url=${var.roots_remote_fetch_url}",
         "--roots_remote_fetch_interval=${var.roots_remote_fetch_interval}",
-        "--gcs_use_grpc=true",
       ])
       ports {
         container_port = 6962

@@ -67,7 +67,6 @@ locals {
     length(var.roots_reject_fingerprints) == 0 ? "" : join(" ", formatlist("-roots_reject_fingerprints=%s", var.roots_reject_fingerprints)),
     var.witness_policy == "" ? "" : "-witness_policy_file=${local.witness_policy_file}",
     length(var.additional_signer_private_key_secret_names) == 0 ? "" : join(" ", formatlist("-additional_signer_private_key_secret_name=%s", var.additional_signer_private_key_secret_names)),
-    "-gcs_use_grpc=${var.gcs_use_grpc}",
     var.garbage_collection_interval == null ? "" : "-garbage_collection_interval=${var.garbage_collection_interval}",
   ], var.extra_tesseract_flags)
 

@@ -158,12 +158,6 @@ variable "roots_reject_fingerprints" {
   default     = []
 }
 
-variable "gcs_use_grpc" {
-  description = "Use gRPC for GCS access."
-  type        = bool
-  default     = false
-}
-
 variable "garbage_collection_interval" {
   description = "Interval between garbage collection runs, e.g. \"10s\"."
   type        = string

@@ -55,7 +55,6 @@ module "gce" {
   roots_remote_fetch_url                     = var.roots_remote_fetch_url
   roots_remote_fetch_interval                = var.roots_remote_fetch_interval
   roots_reject_fingerprints                  = var.roots_reject_fingerprints
-  gcs_use_grpc                               = var.gcs_use_grpc
   garbage_collection_interval                = var.garbage_collection_interval
   extra_tesseract_flags                      = var.extra_tesseract_flags
 

@@ -168,12 +168,6 @@ variable "roots_reject_fingerprints" {
   default     = []
 }
 
-variable "gcs_use_grpc" {
-  description = "Use gRPC for GCS access."
-  type        = bool
-  default     = false
-}
-
 variable "garbage_collection_interval" {
   description = "Interval between garbage collection runs, e.g. \"10s\"."
   type        = string