gcpkms:// parsing is broken in 1.4.x

[woohgit]

Symptom

When trying to use cosign with GCP KMS, the --key gcpkms:// is not parsed properly and handled as a local file path.

Affected versions:

• v1.4.0
• v1.4.1

Example run error below:

$ cosign public-key --key "gcpkms://projects/xxx/locations/global/keyRings/container-images/cryptoKeys/xxx/versions/1"
Error: open gcpkms:/projects/xxx/locations/global/keyRings/container-images/cryptoKeys/xxx/versions/1: no such file or directory
main.go:46: error during command execution: open gcpkms:/projects/xxx/locations/global/keyRings/container-images/cryptoKeys/xxx/versions/1: no such file or directory

It works well with v1.3.x

[developer-guy]

thank you for letting us know about the bug @woohgit, I noticed that we called the wrong method which cause searching key from the file 🙋🏻‍♂️

[developer-guy]

Ah, I think there is an error with the key you store in GCP KMS because code will try to retrieve the key from KMS if an error occurred then it will try to download it from the file, please see.

[developer-guy]

but yeah, we can be more helpful by logging the error before searching it in disk

[woohgit]

@developer-guy Do you think that there is anything with the key?

It's working with 1.3.x with all our keys, and 1.4.x is not working with any of the keys.

I'll build a local copy from your PR and see what's the error.

[woohgit]

Nah it looks good. No error this time, probably my GSA permissions / ADC permissions.