fixup! Certificate support for image registry

Signed-off-by: Todd Short <tshort@redhat.com>

internal/controllers/clusterextension_controller.go

@@ -22,8 +22,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"os"
-	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
@@ -75,6 +73,7 @@ import (
 	catalogfilter "github.com/operator-framework/operator-controller/internal/catalogmetadata/filter"
 	catalogsort "github.com/operator-framework/operator-controller/internal/catalogmetadata/sort"
 	"github.com/operator-framework/operator-controller/internal/conditionsets"
+	"github.com/operator-framework/operator-controller/internal/httputil"
 	"github.com/operator-framework/operator-controller/internal/labels"
 )
 
@@ -533,7 +532,7 @@ func SetDeprecationStatus(ext *ocv1alpha1.ClusterExtension, bundle *catalogmetad
 }
 
 func (r *ClusterExtensionReconciler) generateBundleDeploymentForUnpack(ctx context.Context, bundlePath string, ce *ocv1alpha1.ClusterExtension) *rukpakv1alpha2.BundleDeployment {
-	certData, err := r.getCertificateData(ce)
+	certData, err := httputil.LoadCerts(r.CaCertDir)
 	if err != nil {
 		log.FromContext(ctx).WithName("operator-controller").WithValues("cluster-extension", ce.GetName()).Error(err, "unable to get TLS certificate")
 	}
@@ -560,29 +559,6 @@ func (r *ClusterExtensionReconciler) generateBundleDeploymentForUnpack(ctx conte
 	}
 }
 
-func (r *ClusterExtensionReconciler) getCertificateData(ce *ocv1alpha1.ClusterExtension) (string, error) {
-	if r.CaCertDir == "" {
-		return "", nil
-	}
-
-	var certs []string
-	err := filepath.Walk(r.CaCertDir, func(path string, info os.FileInfo, err error) error {
-		if info.IsDir() {
-			return nil
-		}
-		data, err := os.ReadFile(path)
-		if err != nil {
-			return err
-		}
-		certs = append(certs, string(data))
-		return nil
-	})
-	if err != nil {
-		return "", err
-	}
-	return strings.Join(certs, "\n"), nil
-}
-
 // SetupWithManager sets up the controller with the Manager.
 func (r *ClusterExtensionReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	controller, err := ctrl.NewControllerManagedBy(mgr).

internal/httputil/httputil.go

@@ -10,6 +10,32 @@ import (
 	"time"
 )
 
+func LoadCerts(caDir string) (string, error) {
+	if caDir == "" {
+		return "", nil
+	}
+
+	var certs []string
+	err := filepath.Walk(caDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			return nil
+		}
+		data, err := os.ReadFile(path)
+		if err != nil {
+			return err
+		}
+		certs = append(certs, string(data))
+		return nil
+	})
+	if err != nil {
+		return "", err
+	}
+	return strings.Join(certs, "\n"), nil
+}
+
 func BuildHTTPClient(caDir string) (*http.Client, error) {
 	httpClient := &http.Client{Timeout: 10 * time.Second}
 
@@ -19,24 +45,12 @@ func BuildHTTPClient(caDir string) (*http.Client, error) {
 		return nil, err
 	}
 
-	if caDir != "" {
-		var certs []string
-		err := filepath.Walk(caDir, func(path string, info os.FileInfo, err error) error {
-			if info.IsDir() {
-				return nil
-			}
-			data, err := os.ReadFile(path)
-			if err != nil {
-				return err
-			}
-			certs = append(certs, string(data))
-			return nil
-		})
-		if err != nil {
-			return nil, err
-		}
-		caCertPool.AppendCertsFromPEM([]byte(strings.Join(certs, "\n")))
+	certs, err := LoadCerts(caDir)
+	if err != nil {
+		return nil, err
 	}
+
+	caCertPool.AppendCertsFromPEM([]byte(certs))
 	tlsConfig := &tls.Config{
 		RootCAs:    caCertPool,
 		MinVersion: tls.VersionTLS12,