fix: always reload certificate for refresh on rotation (#772)

Skarlso · web-flow · commit e364a5584dc0 · 2025-11-13T08:36:09.000+01:00
#### What this PR does / why we need it Closes open-component-model/ocm-project#763 #### Which issue(s) this PR is related to  Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
diff --git a/pkg/oci/repository.go b/pkg/oci/repository.go
@@ -99,10 +99,9 @@ func (c *Client) WithTransport(ctx context.Context) Option {
 			return nil
 		}
 
-		if c.certPem == nil && c.keyPem == nil {
-			if err := c.setupCertificates(ctx); err != nil {
-				return fmt.Errorf("failed to set up certificates for transport: %w", err)
-			}
+		// always refresh certificates to handle cert-manager rotation
+		if err := c.setupCertificates(ctx); err != nil {
+			return fmt.Errorf("failed to set up certificates for transport: %w", err)
 		}
 
 		o.remoteOpts = append(o.remoteOpts, remote.WithTransport(c.constructTLSRoundTripper()))

Original file line number	Diff line number	Diff line change
`@@ -99,10 +99,9 @@ func (c *Client) WithTransport(ctx context.Context) Option {`
`99`	`99`	`return nil`
`100`	`100`	`}`
`101`	`101`
`102`		`- if c.certPem == nil && c.keyPem == nil {`
`103`		`- if err := c.setupCertificates(ctx); err != nil {`
`104`		`- return fmt.Errorf("failed to set up certificates for transport: %w", err)`
`105`		`- }`
	`102`	`+ // always refresh certificates to handle cert-manager rotation`
	`103`	`+ if err := c.setupCertificates(ctx); err != nil {`
	`104`	`+ return fmt.Errorf("failed to set up certificates for transport: %w", err)`
`106`	`105`	`}`
`107`	`106`
`108`	`107`	`o.remoteOpts = append(o.remoteOpts, remote.WithTransport(c.constructTLSRoundTripper()))`