SigningKey modifications to align process with SOPS

fluxcd · Mar 24, 2021 · b703129 · b703129
1 parent 71fe1a5
commit b703129
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 9 deletions.
diff --git a/api/v1alpha1/imageupdateautomation_types.go b/api/v1alpha1/imageupdateautomation_types.go
@@ -147,8 +147,8 @@ type ImageUpdateAutomationStatus struct {
 
 // SigningKey references a Kubernetes secret that contains a GPG keypair
 type SigningKey struct {
-	// SecretRef holds the name to a secret that contains a 'value' key
-	// with the ASCII Armored file (.asc) containing the GPG signing
+	// SecretRef holds the name to a secret that contains a 'git.asc' key
+	// corresponding to the ASCII Armored file containing the GPG signing
 	// keypair as the value. It must be in the same namespace as the
 	// ImageUpdateAutomation.
 	// +required

diff --git a/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml b/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml
@@ -86,9 +86,9 @@ spec:
                     properties:
                       secretRef:
                         description: SecretRef holds the name to a secret that contains
-                          a 'value' key with the ASCII Armored file (.asc) containing
-                          the GPG signing keypair as the value. It must be in the
-                          same namespace as the ImageUpdateAutomation.
+                          a 'git.asc' key corresponding to the ASCII Armored file
+                          containing the GPG signing keypair as the value. It must
+                          be in the same namespace as the ImageUpdateAutomation.
                         properties:
                           name:
                             description: Name of the referent

diff --git a/controllers/imageupdateautomation_controller.go b/controllers/imageupdateautomation_controller.go
@@ -502,9 +502,9 @@ func (r *ImageUpdateAutomationReconciler) getSigningEntity(ctx context.Context,
 	}
 
 	// get data from secret
-	data, ok := secret.Data["value"]
+	data, ok := secret.Data["git.asc"]
 	if !ok {
-		return nil, fmt.Errorf("signing key secret '%s' does not contain a 'value' key", secretName)
+		return nil, fmt.Errorf("signing key secret '%s' does not contain a 'git.asc' key", secretName)
 	}
 
 	// read entity from secret value

diff --git a/docs/api/image-automation.md b/docs/api/image-automation.md
@@ -522,7 +522,7 @@ starting point, if it doesn&rsquo;t already exist.</p>
 (<em>Appears on:</em>
 <a href="#image.toolkit.fluxcd.io/v1alpha1.CommitSpec">CommitSpec</a>)
 </p>
-<p>SigningKey references a Kubernetes secret that contains a GPG file</p>
+<p>SigningKey references a Kubernetes secret that contains a GPG keypair</p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
 <table>
@@ -543,7 +543,10 @@ github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>
-<p>SecretRef holds the name to a secret that contains a &lsquo;value&rsquo; key with the GPG file as the value. It must be in the same namespace as the ImageUpdateAutomation.</p>
+<p>SecretRef holds the name to a secret that contains a &lsquo;git.asc&rsquo; key
+corresponding to the ASCII Armored file containing the GPG signing
+keypair as the value. It must be in the same namespace as the
+ImageUpdateAutomation.</p>
 </td>
 </tr>
 </tbody>