Add command for creating notation configuration secrets

Signed-off-by: Jason <jagoodse@microsoft.com>

pkg/manifestgen/sourcesecret/options.go

@@ -40,6 +40,7 @@ const (
 	PublicKeySecretKey  = "identity.pub"
 	KnownHostsSecretKey = "known_hosts"
 	BearerTokenKey      = "bearerToken"
+	TrustPolicyKey      = "trustpolicy.json"
 
 	// Deprecated: Replaced by CACrtSecretKey, but kept for backwards
 	// compatibility with deprecated TLS flags.
@@ -70,6 +71,8 @@ type Options struct {
 	TargetPath          string
 	ManifestFile        string
 	BearerToken         string
+	VerificationCrts    []VerificationCrt
+	TrustPolicy         []byte
 
 	// Deprecated: Replaced by CACrt, but kept for backwards compatibility
 	// with deprecated TLS flags.
@@ -82,6 +85,11 @@ type Options struct {
 	KeyFile []byte
 }
 
+type VerificationCrt struct {
+	Name  string
+	CACrt []byte
+}
+
 func MakeDefaultOptions() Options {
 	return Options{
 		Name:                "flux-system",

pkg/manifestgen/sourcesecret/sourcesecret.go

@@ -181,6 +181,16 @@ func buildSecret(keypair *ssh.KeyPair, hostKey, dockerCfg []byte, options Option
 		}
 	}
 
+	if len(options.VerificationCrts) != 0 {
+		for _, crts := range options.VerificationCrts {
+			secret.StringData[crts.Name] = string(crts.CACrt)
+		}
+	}
+
+	if len(options.TrustPolicy) != 0 {
+		secret.StringData[TrustPolicyKey] = string(options.TrustPolicy)
+	}
+
 	return
 }