diff --git a/Dockerfile b/Dockerfile index 6bf02af1..7290055b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,7 @@ COPY main.go main.go COPY api/ api/ COPY controllers/ controllers/ COPY pkg/ pkg/ +COPY internal/ internal/ # Build RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go diff --git a/api/v1alpha1/componentversion_types.go b/api/v1alpha1/componentversion_types.go index c8bbcb10..0d023edc 100644 --- a/api/v1alpha1/componentversion_types.go +++ b/api/v1alpha1/componentversion_types.go @@ -5,10 +5,8 @@ package v1alpha1 import ( - "bytes" "encoding/base64" "fmt" - "io" "time" "github.com/fluxcd/pkg/apis/meta" @@ -93,7 +91,7 @@ type PublicKey struct { // Value defines a PEM/base64 encoded public key value. // +optional - Value []byte `json:"value,omitempty"` + Value string `json:"value,omitempty"` } func (p *PublicKey) DecodePublicValue() ([]byte, error) { @@ -101,14 +99,7 @@ func (p *PublicKey) DecodePublicValue() ([]byte, error) { return nil, fmt.Errorf("key value not provided") } - decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(p.Value)) - - content, err := io.ReadAll(decoder) - if err != nil { - return nil, fmt.Errorf("failed to decode public key pem: %w", err) - } - - return content, nil + return base64.StdEncoding.DecodeString(p.Value) } // Version specifies version information that can be used to resolve a Component Version. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 897e5d51..e2fce4c2 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -684,11 +684,6 @@ func (in *PublicKey) DeepCopyInto(out *PublicKey) { *out = new(v1.LocalObjectReference) **out = **in } - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = make([]byte, len(*in)) - copy(*out, *in) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey. diff --git a/config/crd/bases/delivery.ocm.software_componentversions.yaml b/config/crd/bases/delivery.ocm.software_componentversions.yaml index 623e1eee..e25c4b61 100644 --- a/config/crd/bases/delivery.ocm.software_componentversions.yaml +++ b/config/crd/bases/delivery.ocm.software_componentversions.yaml @@ -126,7 +126,6 @@ spec: value: description: Value defines a PEM/base64 encoded public key value. - format: byte type: string type: object required: diff --git a/pkg/ocm/ocm.go b/pkg/ocm/ocm.go index e0b3fecc..94b75123 100644 --- a/pkg/ocm/ocm.go +++ b/pkg/ocm/ocm.go @@ -326,7 +326,7 @@ func (c *Client) VerifyComponent( err error ) - if signature.PublicKey.Value != nil { + if signature.PublicKey.Value != "" { cert, err = signature.PublicKey.DecodePublicValue() } else { if signature.PublicKey.SecretRef == nil { diff --git a/pkg/ocm/ocm_test.go b/pkg/ocm/ocm_test.go index 9ff4826b..e18c8be7 100644 --- a/pkg/ocm/ocm_test.go +++ b/pkg/ocm/ocm_test.go @@ -613,11 +613,7 @@ func TestClient_VerifyComponentWithValueKey(t *testing.T) { } require.NoError(t, octx.AddComponent(c)) //var buffer []byte - buf := bytes.Buffer{} - encoder := base64.NewEncoder(base64.StdEncoding, &buf) - _, err = encoder.Write(publicKey1) - require.NoError(t, encoder.Close()) - require.NoError(t, err) + pubKey := base64.StdEncoding.EncodeToString(publicKey1) cv := &v1alpha1.ComponentVersion{ ObjectMeta: metav1.ObjectMeta{ Name: "test-name", @@ -635,7 +631,7 @@ func TestClient_VerifyComponentWithValueKey(t *testing.T) { { Name: Signature, PublicKey: v1alpha1.PublicKey{ - Value: buf.Bytes(), + Value: pubKey, }, }, }, @@ -688,7 +684,7 @@ func TestClient_VerifyComponentWithValueKeyFailsIfValueIsEmpty(t *testing.T) { { Name: Signature, PublicKey: v1alpha1.PublicKey{ - Value: []byte{}, + Value: "", }, }, }, @@ -696,7 +692,7 @@ func TestClient_VerifyComponentWithValueKeyFailsIfValueIsEmpty(t *testing.T) { } _, err = ocmClient.VerifyComponent(context.Background(), octx, cv, "v0.0.1") - assert.EqualError(t, err, "failed to get public key for verification: key value not provided") + assert.EqualError(t, err, "kubernetes secret reference not provided") } func TestClient_VerifyComponentDifferentPublicKey(t *testing.T) {