From 2e1a041ca6a7e13fd1183eea3a6ad557ea32c361 Mon Sep 17 00:00:00 2001
From: Unnati Solanki <unnati.solanki@ibm.com>
Date: Tue, 16 Dec 2025 17:30:54 +0530
Subject: [PATCH] [patch] Add function to update pull secret

---
 src/mas/devops/ocp.py | 62 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py
index 4219c5cc..c98f5be8 100644
--- a/src/mas/devops/ocp.py
+++ b/src/mas/devops/ocp.py
@@ -332,3 +332,65 @@ def execInPod(core_v1_api: client.CoreV1Api, pod_name: str, namespace, command:
     logger.debug(f"stdout: \n----------------------------------------------------------------\n{stdout}\n----------------------------------------------------------------\n")
 
     return stdout
+
+
+def updateGlobalPullSecret(dynClient: DynamicClient, registryUrl: str, username: str, password: str) -> dict:
+    """
+    Update the global pull secret in openshift-config namespace with new registry credentials.
+
+    Args:
+        dynClient: OpenShift Dynamic Client
+        registryUrl: Registry URL (e.g., "myregistry.com:5000")
+        username: Registry username
+        password: Registry password
+
+    Returns:
+        dict: Updated secret information
+    """
+    import json
+    import base64
+
+    logger.info(f"Updating global pull secret with credentials for {registryUrl}")
+
+    # Get the existing pull secret
+    secretsAPI = dynClient.resources.get(api_version="v1", kind="Secret")
+    try:
+        pullSecret = secretsAPI.get(name="pull-secret", namespace="openshift-config")
+    except NotFoundError:
+        raise Exception("Global pull-secret not found in openshift-config namespace")
+
+    # Decode the existing dockerconfigjson
+    dockerConfigJson = pullSecret.data.get(".dockerconfigjson", "")
+    dockerConfig = json.loads(base64.b64decode(dockerConfigJson).decode('utf-8'))
+
+    # Create auth string (username:password base64 encoded)
+    authString = base64.b64encode(f"{username}:{password}".encode('utf-8')).decode('utf-8')
+
+    # Add or update the registry credentials
+    if "auths" not in dockerConfig:
+        dockerConfig["auths"] = {}
+
+    dockerConfig["auths"][registryUrl] = {
+        "username": username,
+        "password": password,
+        "email": username,
+        "auth": authString
+    }
+
+    # Encode back to base64
+    updatedDockerConfig = base64.b64encode(json.dumps(dockerConfig).encode('utf-8')).decode('utf-8')
+
+    # Update the secret
+    pullSecret.data[".dockerconfigjson"] = updatedDockerConfig
+
+    # Apply the updated secret
+    updatedSecret = secretsAPI.apply(body=pullSecret.to_dict(), namespace="openshift-config")
+
+    logger.info(f"Successfully updated global pull secret with credentials for {registryUrl}")
+
+    return {
+        "name": updatedSecret.metadata.name,
+        "namespace": updatedSecret.metadata.namespace,
+        "registry": registryUrl,
+        "changed": True
+    }