tests: Remove hacks that were needed before staging rekorv2 (#1519)

Author: jku

test/assets/trust_config/staging-but-sign-with-rekor-v2.json

@@ -140,7 +140,6 @@ def test_sign_success_multiple_artifacts_rekor_v2(
     sigstore(
         *get_cli_params(
             artifact_paths=artifacts,
-            trust_config_path=asset("trust_config/staging-but-sign-with-rekor-v2.json"),
             output_directory=tmp_path,
         )
     )

test/integration/cli/test_sign.py

@@ -31,7 +31,6 @@
 from id import (
     detect_credential,
 )
-from sigstore_models.trustroot.v1 import Service
 from tuf.api.exceptions import DownloadHTTPError
 from tuf.ngclient import FetcherInterface, updater
 
@@ -238,38 +237,6 @@ def signer():
     return signer, verifier, IdentityToken(token)
 
 
-@pytest.fixture
-def staging_with_rekorv2() -> tuple[
-    type[SigningContext], type[Verifier], IdentityToken
-]:
-    """
-    Returns a SigningContext, Verifier, and IdentityToken for the staging environment.
-    The signingContext will use the Rekor V2 instance even if it is not yet enabled in
-    staging signing config.
-    """
-
-    def signer():
-        trust_config = ClientTrustConfig.staging()
-        trust_config.signing_config._tlogs.append(
-            Service(
-                url="https://log2025-alpha1.rekor.sigstage.dev",
-                major_api_version=2,
-                operator="sigstage.dev",
-            )
-        )
-        return SigningContext.from_trust_config(trust_config)
-
-    verifier = Verifier.staging
-
-    # Detect env variable for local interactive tests.
-    token = os.getenv("SIGSTORE_IDENTITY_TOKEN_staging")
-    if not token:
-        # If the variable is not defined, try getting an ambient token.
-        token = detect_credential(TEST_CLIENT_ID)
-
-    return signer, verifier, IdentityToken(token)
-
-
 @pytest.fixture
 def dummy_jwt():
     def _dummy_jwt(claims: dict):

test/unit/conftest.py

@@ -22,12 +22,10 @@
 
 @pytest.mark.staging
 @pytest.mark.ambient_oidc
-def test_rekor_v2_create_entry_dsse(staging_with_rekorv2):
+def test_rekor_v2_create_entry_dsse(staging):
     # This is not a real unit test: it requires not only staging rekor but also TUF
     # fulcio and oidc -- maybe useful only until we have real integration tests in place
-    sign_ctx_cls, _, identity = staging_with_rekorv2
-
-    # Hack to run Signer.sign() with staging rekor v2
+    sign_ctx_cls, _, identity = staging
     sign_ctx = sign_ctx_cls()
 
     stmt = (
@@ -56,12 +54,10 @@ def test_rekor_v2_create_entry_dsse(staging_with_rekorv2):
 
 @pytest.mark.staging
 @pytest.mark.ambient_oidc
-def test_rekor_v2_create_entry_hashed_rekord(staging_with_rekorv2):
+def test_rekor_v2_create_entry_hashed_rekord(staging):
     # This is not a real unit test: it requires not only staging rekor but also TUF
     # fulcio and oidc -- maybe useful only until we have real integration tests in place
-    sign_ctx_cls, _, identity = staging_with_rekorv2
-
-    # Hack to run Signer.sign() with staging rekor v2
+    sign_ctx_cls, _, identity = staging
     sign_ctx = sign_ctx_cls()
 
     with sign_ctx.signer(identity) as signer:

test/unit/internal/rekor/test_client_v2.py

@@ -59,8 +59,8 @@ def test_sign_rekor_entry_consistent(request, sign_ctx_and_ident_for_env):
 
 @pytest.mark.staging
 @pytest.mark.ambient_oidc
-def test_sign_with_staging_rekor_v2(staging_with_rekorv2, null_policy):
-    ctx_cls, verifier_cls, identity = staging_with_rekorv2
+def test_sign_with_staging(staging, null_policy):
+    ctx_cls, verifier_cls, identity = staging
 
     ctx: SigningContext = ctx_cls()
     verifier = verifier_cls()