From 80c5c173dcd88567bb2a36d0f4297055997973c2 Mon Sep 17 00:00:00 2001
From: Jonathan Perry <YrrepNoj@gmail.com>
Date: Sat, 26 Feb 2022 18:12:38 -0500
Subject: [PATCH] update postrender to validate secret contents (#331)

---
 cli/cmd/destroy.go               |  4 ++++
 cli/internal/helm/post-render.go | 14 +++++++++-----
 cli/internal/k8s/namespace.go    |  3 +--
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/cli/cmd/destroy.go b/cli/cmd/destroy.go
index e02b130c1b..a147dbc298 100644
--- a/cli/cmd/destroy.go
+++ b/cli/cmd/destroy.go
@@ -40,6 +40,10 @@ var destroyCmd = &cobra.Command{
 
 			// If Zarf didn't deploy the cluster, only delete the ZarfNamespace
 			k8s.DeleteZarfNamespace()
+
+			// Delete the zarf-registry secret in the default namespace
+			defaultSecret, _ := k8s.GetSecret("default", "zarf-registry")
+			k8s.DeleteSecret(defaultSecret)
 		}
 	},
 }
diff --git a/cli/internal/helm/post-render.go b/cli/internal/helm/post-render.go
index 834625ab95..96a63e3753 100644
--- a/cli/internal/helm/post-render.go
+++ b/cli/internal/helm/post-render.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"reflect"
 	"time"
 
 	"github.com/defenseunicorns/zarf/cli/config"
@@ -186,11 +187,14 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) {
 			}
 		}
 
-		// Try to get an existing secret
-		if secret, _ := k8s.GetSecret(name, secretName); secret.Name != secretName {
-			// create the missing zarf secret
-			secret = k8s.GenerateRegistryPullCreds(name, secretName)
-			if err := k8s.CreateSecret(secret); err != nil {
+		// Create the secret
+		validSecret := k8s.GenerateRegistryPullCreds(name, secretName)
+
+		// Try to get a valid existing secret
+		currentSecret, _ := k8s.GetSecret(name, secretName)
+		if currentSecret.Name != secretName || !reflect.DeepEqual(currentSecret.Data, validSecret.Data) {
+			// create/update the missing zarf secret
+			if err := k8s.ReplaceSecret(validSecret); err != nil {
 				message.Errorf(err, "Problem creating registry secret for the %s namespace", name)
 			}
 		}
diff --git a/cli/internal/k8s/namespace.go b/cli/internal/k8s/namespace.go
index ff63a656ca..f77ae2794e 100644
--- a/cli/internal/k8s/namespace.go
+++ b/cli/internal/k8s/namespace.go
@@ -2,7 +2,6 @@ package k8s
 
 import (
 	"context"
-	"os"
 	"time"
 
 	"github.com/defenseunicorns/zarf/cli/internal/message"
@@ -76,7 +75,7 @@ func DeleteZarfNamespace() {
 		_, err := clientset.CoreV1().Namespaces().Get(context.TODO(), ZarfNamespace, metav1.GetOptions{})
 		if errors.IsNotFound(err) {
 			spinner.Successf("Zarf removed from this cluster")
-			os.Exit(0)
+			return
 		}
 		time.Sleep(1 * time.Second)
 	}