Merge pull request #679 from securesign/make-sure-operator-can-run-lo…

…cally fix: Resolving rekor pub key locally against openshift
securesign · Oct 23, 2024 · 80e5d05 · 80e5d05
2 parents cf329cd + bf2fccc
commit 80e5d05
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/internal/controller/rekor/actions/server/resolve_pub_key.go b/internal/controller/rekor/actions/server/resolve_pub_key.go
@@ -17,6 +17,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog/v2"
 	"k8s.io/utils/ptr"
 )
 
@@ -127,9 +128,19 @@ func (i resolvePubKeyAction) resolvePubKey(instance rhtasv1alpha1.Rekor) ([]byte
 	var (
 		data []byte
 		err  error
+		url  = fmt.Sprintf("http://%s.%s.svc", actions.ServerDeploymentName, instance.Namespace)
 	)
 
-	if data, err = i.requestPublicKey(fmt.Sprintf("http://%s.%s.svc", actions.ServerDeploymentName, instance.Namespace)); err == nil {
+	inContainer, err := k8sutils.ContainerMode()
+	if err == nil {
+		if !inContainer && instance.Status.Url != "" {
+			url = instance.Status.Url
+		}
+	} else {
+		klog.Info("Can't recognise operator mode - expecting in-container run")
+	}
+
+	if data, err = i.requestPublicKey(url); err == nil {
 		return data, nil
 	}
 	i.Logger.Info("retrying to get rekor public key")

diff --git a/internal/controller/rekor/rekor_controller_test.go b/internal/controller/rekor/rekor_controller_test.go
@@ -157,7 +157,7 @@ var _ = Describe("Rekor controller", func() {
 			Expect(err).To(Succeed())
 
 			httpmock.SetMockTransport(http.DefaultClient, map[string]httpmock.RoundTripFunc{
-				"http://rekor-server.default.svc/api/v1/log/publicKey": func(req *http.Request) *http.Response {
+				"http://rekor.local/api/v1/log/publicKey": func(req *http.Request) *http.Response {
 					return &http.Response{
 						StatusCode: http.StatusOK,
 						Body:       io.NopCloser(bytes.NewReader(pubKeyData)),