github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/pkg/clients/tekton/signing_secret.go

github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/pkg/clients/tekton/signing_secret.go (about)

     1  package tekton
     2  
     3  import (
     4  	"context"
     5  
     6  	corev1 "k8s.io/api/core/v1"
     7  	"k8s.io/apimachinery/pkg/api/errors"
     8  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     9  )
    10  
    11  // CreateOrUpdateSigningSecret creates a signing secret if it doesn't exist, otherwise updates the existing one.
    12  func (t *TektonController) CreateOrUpdateSigningSecret(publicKey []byte, name, namespace string) (err error) {
    13  	api := t.KubeInterface().CoreV1().Secrets(namespace)
    14  	ctx := context.Background()
    15  
    16  	expectedSecret := &corev1.Secret{
    17  		ObjectMeta: metav1.ObjectMeta{Name: name},
    18  		Data:       map[string][]byte{"cosign.pub": publicKey},
    19  	}
    20  
    21  	s, err := api.Get(ctx, name, metav1.GetOptions{})
    22  	if err != nil {
    23  		if !errors.IsNotFound(err) {
    24  			return
    25  		}
    26  		if _, err = api.Create(ctx, expectedSecret, metav1.CreateOptions{}); err != nil {
    27  			return
    28  		}
    29  	} else {
    30  		if string(s.Data["cosign.pub"]) != string(publicKey) {
    31  			if _, err = api.Update(ctx, expectedSecret, metav1.UpdateOptions{}); err != nil {
    32  				return
    33  			}
    34  		}
    35  	}
    36  	return
    37  }