open-component-model
diff --git a/‎api/v1alpha1/componentsubscription_types.go‎
Lines changed: 7 additions & 27 deletions b/‎api/v1alpha1/componentsubscription_types.go‎
Lines changed: 7 additions & 27 deletions
diff --git a/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 3 additions & 39 deletions b/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 3 additions & 39 deletions
diff --git a/‎config/crd/bases/delivery.ocm.software_componentsubscriptions.yaml‎
Lines changed: 20 additions & 22 deletions b/‎config/crd/bases/delivery.ocm.software_componentsubscriptions.yaml‎
Lines changed: 20 additions & 22 deletions
diff --git a/‎controllers/componentsubscription_controller.go‎
Lines changed: 6 additions & 3 deletions b/‎controllers/componentsubscription_controller.go‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎docs/release_notes/v0.12.0.md‎
Lines changed: 3 additions & 0 deletions b/‎docs/release_notes/v0.12.0.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 8 additions & 8 deletions b/‎go.mod‎
Lines changed: 8 additions & 8 deletions
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/open-component-model/ocm-controller/api/v1alpha1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -49,28 +50,7 @@ type ComponentSubscriptionSpec struct {
 	// Verify specifies a list signatures that must be verified before a ComponentVersion
 	// is replicated.
 	// +optional
-	Verify []Signature `json:"verify,omitempty"`
-}
-
-// Signature defines the details of a signature to use for verification.
-type Signature struct {
-	// Name specifies the name of the signature. An OCM component may have multiple
-	// signatures.
-	Name string `json:"name"`
-
-	// PublicKey provides a reference to a Kubernetes Secret that contains a public key
-	// which will be used to validate the named signature.
-	//+optional
-	PublicKey SecretRef `json:"publicKey,omitempty"`
-
-	// PublicKeyBlob defines an inlined public key.
-	//+optional
-	PublicKeyBlob []byte `json:"publicKeyBlob,omitempty"`
-}
-
-// SecretRef clearly denotes that the requested option is a Secret.
-type SecretRef struct {
-	SecretRef v1.LocalObjectReference `json:"secretRef"`
+	Verify []v1alpha1.Signature `json:"verify,omitempty"`
 }
 
 // OCMRepository specifies access details for an OCI based OCM Repository.
@@ -89,24 +69,24 @@ type ComponentSubscriptionStatus struct {
 	// LastAttemptedVersion defines the latest version encountered while checking component versions.
 	// This might be different from last applied version which should be the latest applied/replicated version.
 	// The difference might be caused because of semver constraint or failures during replication.
-	//+optional
+	// +optional
 	LastAttemptedVersion string `json:"lastAttemptedVersion,omitempty"`
 
 	// ObservedGeneration is the last reconciled generation.
 	// +optional
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
 
 	// LastAppliedVersion defines the final version that has been applied to the destination component version.
-	//+optional
+	// +optional
 	LastAppliedVersion string `json:"lastAppliedVersion,omitempty"`
 
 	// ReplicatedRepositoryURL defines the final location of the reconciled Component.
-	//+optional
+	// +optional
 	ReplicatedRepositoryURL string `json:"replicatedRepositoryURL,omitempty"`
 
 	// Signature defines a set of internal keys that were used to sign the Component once transferred to the Destination.
-	//+optional
-	Signature []Signature `json:"signature,omitempty"`
+	// +optional
+	Signature []v1alpha1.Signature `json:"signature,omitempty"`
 
 	// Digest contains the digest of the subscription's spec.
 	Digest uint64 `json:"specDigest,omitempty"`
 
@@ -114,29 +114,28 @@ spec:
                       type: string
                     publicKey:
                       description: PublicKey provides a reference to a Kubernetes
-                        Secret that contains a public key which will be used to validate
-                        the named signature.
+                        Secret of contain a blob of a public key that which will be
+                        used to validate the named signature.
                       properties:
                         secretRef:
-                          description: LocalObjectReference contains enough information
-                            to let you locate the referenced object inside the same
-                            namespace.
+                          description: SecretRef is a reference to a Secret that contains
+                            a public key.
                           properties:
                             name:
                               description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                 TODO: Add other useful fields. apiVersion, kind, uid?'
                               type: string
                           type: object
                           x-kubernetes-map-type: atomic
-                      required:
-                      - secretRef
+                        value:
+                          description: Value defines a PEM/base64 encoded public key
+                            value.
+                          format: byte
+                          type: string
                       type: object
-                    publicKeyBlob:
-                      description: PublicKeyBlob defines an inlined public key.
-                      format: byte
-                      type: string
                   required:
                   - name
+                  - publicKey
                   type: object
                 type: array
             required:
@@ -248,29 +247,28 @@ spec:
                       type: string
                     publicKey:
                       description: PublicKey provides a reference to a Kubernetes
-                        Secret that contains a public key which will be used to validate
-                        the named signature.
+                        Secret of contain a blob of a public key that which will be
+                        used to validate the named signature.
                       properties:
                         secretRef:
-                          description: LocalObjectReference contains enough information
-                            to let you locate the referenced object inside the same
-                            namespace.
+                          description: SecretRef is a reference to a Secret that contains
+                            a public key.
                           properties:
                             name:
                               description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                 TODO: Add other useful fields. apiVersion, kind, uid?'
                               type: string
                           type: object
                           x-kubernetes-map-type: atomic
-                      required:
-                      - secretRef
+                        value:
+                          description: Value defines a PEM/base64 encoded public key
+                            value.
+                          format: byte
+                          type: string
                       type: object
-                    publicKeyBlob:
-                      description: PublicKeyBlob defines an inlined public key.
-                      format: byte
-                      type: string
                   required:
                   - name
+                  - publicKey
                   type: object
                 type: array
               specDigest:
 
@@ -15,6 +15,7 @@ import (
 	"github.com/fluxcd/pkg/runtime/patch"
 	rreconcile "github.com/fluxcd/pkg/runtime/reconcile"
 	"github.com/mitchellh/hashstructure/v2"
+	ocmv1alpha1 "github.com/open-component-model/ocm-controller/api/v1alpha1"
 	"github.com/open-component-model/ocm-controller/pkg/status"
 	ocm2 "github.com/open-component-model/ocm/pkg/contexts/ocm"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc"
@@ -318,10 +319,12 @@ func (r *ComponentSubscriptionReconciler) signMpasComponent(
 		return fmt.Errorf("failed to sign destination component: %w", err)
 	}
 
-	obj.Status.Signature = []v1alpha1.Signature{
+	obj.Status.Signature = []ocmv1alpha1.Signature{
 		{
-			Name:          v1alpha1.InternalSignatureName,
-			PublicKeyBlob: pub,
+			Name: v1alpha1.InternalSignatureName,
+			PublicKey: ocmv1alpha1.PublicKey{
+				Value: pub,
+			},
 		},
 	}
 
 
@@ -0,0 +1,3 @@
+# Release 0.12.0
+
+- Using ocm-controller for signature tracking (#97)
@@ -32,7 +32,7 @@ require (
 	github.com/go-logr/logr v1.3.0
 	github.com/mitchellh/hashstructure/v2 v2.0.2
 	github.com/open-component-model/ocm v0.4.0
-	github.com/open-component-model/ocm-controller v0.16.1
+	github.com/open-component-model/ocm-controller v0.18.0
 	github.com/stretchr/testify v1.8.4
 	k8s.io/api v0.28.1
 	k8s.io/apimachinery v0.28.1
@@ -135,7 +135,7 @@ require (
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
@@ -159,7 +159,7 @@ require (
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/certificate-transparency-go v1.1.6 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-containerregistry v0.16.1 // indirect
 	github.com/google/go-github/v45 v45.2.0 // indirect
 	github.com/google/go-github/v50 v50.2.0 // indirect
@@ -212,9 +212,9 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/onsi/gomega v1.27.10 // indirect
+	github.com/onsi/gomega v1.30.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
@@ -274,15 +274,15 @@ require (
 	go.uber.org/zap v1.25.0 // indirect
 	golang.org/x/crypto v0.15.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.18.0 // indirect
 	golang.org/x/oauth2 v0.14.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.14.0 // indirect
 	golang.org/x/term v0.14.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
+	golang.org/x/tools v0.12.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.138.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@@ -307,5 +307,5 @@ require (
 	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/release-utils v0.7.4 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# Release 0.12.0`
	`2`	`+`
	`3`	`+- Using ocm-controller for signature tracking (#97)`