Extract client key fetching to a seperate function

pkg/controller/lifecycle/actuator.go

@@ -22,6 +22,7 @@ import (
 	extensionssecretsmanager "github.com/gardener/gardener/extensions/pkg/util/secret/manager"
 	v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
 	v1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
+	v1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
 	resourcesv1alpha1 "github.com/gardener/gardener/pkg/apis/resources/v1alpha1"
 	"github.com/gardener/gardener/pkg/client/kubernetes"
@@ -154,38 +155,22 @@ func (a *actuator) Reconcile(ctx context.Context, logger logr.Logger, ex *extens
 		image.Tag = ptr.To[string](version.Get().GitVersion)
 	}
 
-	// TODO: ProviderConfig gets decoded to a go struct, then the public keys get marshaled back to yaml... pretty stupid
-	lakomPublicKeys := append(a.serviceConfig.CosignPublicKeys.Raw, '\n')
-	gardenerPublicKeys, err := yaml.JSONToYAML(lakomPublicKeys)
+	gardenerPublicKeys, err := yaml.JSONToYAML(a.serviceConfig.CosignPublicKeys.Raw)
 	if err != nil {
 		return fmt.Errorf("failed to convert lakom config from json to yaml, %w", err)
 	}
 
+        var clientPublicKeys []byte
 	if lakomProviderConfig.PublicKeysSecretReference != nil {
-		ref := v1beta1helper.GetResourceByName(cluster.Shoot.Spec.Resources, *lakomProviderConfig.PublicKeysSecretReference)
-		if ref == nil || ref.ResourceRef.Kind != "Secret" {
-			return fmt.Errorf("failed to find referenced resource with name %s and kind Secret", *lakomProviderConfig.PublicKeysSecretReference)
-		}
-
-		refSecret := &corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      ref.ResourceRef.Name,
-				Namespace: namespace,
-			},
-		}
-
-		if err := controller.GetObjectByReference(ctx, a.client, &ref.ResourceRef, namespace, refSecret); err != nil {
-			return fmt.Errorf("failed to read referenced secret %s%s for reference %s", v1beta1constants.ReferencedResourcesPrefix, ref.ResourceRef.Name, *lakomProviderConfig.PublicKeysSecretReference)
-		}
-
-		clientPublicKeys, ok := refSecret.Data["keys"]
-		if ok != true {
-			return fmt.Errorf("failed to extract public keys from secret")
-		}
-
-		lakomPublicKeys = append(gardenerPublicKeys, clientPublicKeys...)
+                var err error
+                clientPublicKeys, err = getClientKeys(ctx, a.client, cluster.Shoot.Spec.Resources, *lakomProviderConfig.PublicKeysSecretReference, namespace)
+                if err != nil {
+                    return fmt.Errorf("failed to find client public keys from the given reference %s", *lakomProviderConfig.PublicKeysSecretReference)
+                }
 	}
 
+        lakomPublicKeys := append(gardenerPublicKeys, clientPublicKeys...)
+
 	seedResources, err := getSeedResources(
 		getLakomReplicas(controller.IsHibernationEnabled(cluster)),
 		namespace,
@@ -741,3 +726,29 @@ func getShootResources(webhookCaBundle []byte, extensionNamespace, shootAccessSe
 
 	return shootResources, nil
 }
+
+func getClientKeys(ctx context.Context, client client.Client, resources []v1beta1.NamedResourceReference, resourceName, namespace string) ([]byte, error) {
+    ref := v1beta1helper.GetResourceByName(resources, resourceName)
+    if ref == nil || ref.ResourceRef.Kind != "Secret" {
+        return nil, fmt.Errorf("failed to find referenced resource with name %s and kind Secret", resourceName)
+    }
+
+    refSecret := &corev1.Secret{
+        ObjectMeta: metav1.ObjectMeta{
+            Name:      ref.ResourceRef.Name,
+            Namespace: namespace,
+        },
+    }
+
+    if err := controller.GetObjectByReference(ctx, client, &ref.ResourceRef, namespace, refSecret); err != nil {
+        return nil, fmt.Errorf("failed to read referenced secret %s%s for reference %s: %s", v1beta1constants.ReferencedResourcesPrefix, ref.ResourceRef.Name, resourceName, err)
+    }
+
+    clientKeys, ok := refSecret.Data["keys"]
+    if ok != true {
+        return nil, fmt.Errorf("failed to extract public keys from secret. No data with name `keys` in secret.")
+    }
+
+    return clientKeys, nil
+}
+