fix(tests): update imagetrust tests to use mock service

- use secretsManagerMock and secretsManagerCacheMock to avoid failing
because of "already exists" error when running multiple times
image_trust_test on the same localstack instance

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

THIRD-PARTY-LICENSES.md

@@ -65,28 +65,28 @@ github.com/aquasecurity/tml|https://github.com/aquasecurity/tml/blob/v0.6.1/LICE
 github.com/asaskevich/govalidator|https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE|MIT
 github.com/aws/aws-sdk-go-v2/config|https://github.com/aws/aws-sdk-go-v2/blob/config/v1.18.44/config/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/credentials|https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.13.42/credentials/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue|https://github.com/aws/aws-sdk-go-v2/blob/feature/dynamodb/attributevalue/v1.10.41/feature/dynamodb/attributevalue/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue|https://github.com/aws/aws-sdk-go-v2/blob/feature/dynamodb/attributevalue/v1.10.42/feature/dynamodb/attributevalue/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds|https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.13.12/feature/ec2/imds/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/internal/configsources|https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.1.42/internal/configsources/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2|https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.4.36/internal/endpoints/v2/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/configsources|https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.1.43/internal/configsources/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2|https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.4.37/internal/endpoints/v2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/internal/ini|https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.3.44/internal/ini/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/internal/sync/singleflight|https://github.com/aws/aws-sdk-go-v2/blob/v1.21.1/internal/sync/singleflight/LICENSE|BSD-3-Clause
-github.com/aws/aws-sdk-go-v2/service/dynamodb/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.22.1/service/dynamodb/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.15.6/service/dynamodbstreams/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.15.6/service/dynamodbstreams/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodb|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.22.1/service/dynamodb/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/sync/singleflight|https://github.com/aws/aws-sdk-go-v2/blob/v1.21.2/internal/sync/singleflight/LICENSE|BSD-3-Clause
+github.com/aws/aws-sdk-go-v2/service/dynamodb/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.22.2/service/dynamodb/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.15.7/service/dynamodbstreams/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.15.7/service/dynamodbstreams/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodb|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.22.2/service/dynamodb/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ebs|https://github.com/aws/aws-sdk-go-v2/blob/service/ebs/v1.18.1/service/ebs/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ec2|https://github.com/aws/aws-sdk-go-v2/blob/service/ec2/v1.98.0/service/ec2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ecrpublic|https://github.com/aws/aws-sdk-go-v2/blob/service/ecrpublic/v1.12.0/service/ecrpublic/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ecr|https://github.com/aws/aws-sdk-go-v2/blob/service/ecr/v1.17.18/service/ecr/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.9.15/service/internal/accept-encoding/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/endpoint-discovery/v1.7.36/service/internal/endpoint-discovery/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/endpoint-discovery/v1.7.37/service/internal/endpoint-discovery/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.9.36/service/internal/presigned-url/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/secretsmanager|https://github.com/aws/aws-sdk-go-v2/blob/service/secretsmanager/v1.21.4/service/secretsmanager/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/secretsmanager|https://github.com/aws/aws-sdk-go-v2/blob/service/secretsmanager/v1.21.5/service/secretsmanager/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ssooidc|https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.17.2/service/ssooidc/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/sso|https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.15.1/service/sso/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/sts|https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.23.1/service/sts/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2|https://github.com/aws/aws-sdk-go-v2/blob/v1.21.1/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2|https://github.com/aws/aws-sdk-go-v2/blob/v1.21.2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go/internal/sync/singleflight|https://github.com/aws/aws-sdk-go/blob/v1.45.24/internal/sync/singleflight/LICENSE|BSD-3-Clause
 github.com/aws/aws-sdk-go|https://github.com/aws/aws-sdk-go/blob/v1.45.24/LICENSE.txt|Apache-2.0
 github.com/aws/smithy-go/internal/sync/singleflight|https://github.com/aws/smithy-go/blob/v1.15.0/internal/sync/singleflight/LICENSE|BSD-3-Clause
@@ -192,7 +192,7 @@ github.com/golang/protobuf|https://github.com/golang/protobuf/blob/v1.5.3/LICENS
 github.com/golang/snappy|https://github.com/golang/snappy/blob/v0.0.4/LICENSE|BSD-3-Clause
 github.com/google/btree|https://github.com/google/btree/blob/v1.1.2/LICENSE|Apache-2.0
 github.com/google/certificate-transparency-go|https://github.com/google/certificate-transparency-go/blob/v1.1.6/LICENSE|Apache-2.0
-github.com/google/go-cmp/cmp|https://github.com/google/go-cmp/blob/v0.5.9/LICENSE|BSD-3-Clause
+github.com/google/go-cmp/cmp|https://github.com/google/go-cmp/blob/v0.6.0/LICENSE|BSD-3-Clause
 github.com/google/go-querystring/query|https://github.com/google/go-querystring/blob/v1.1.0/LICENSE|BSD-3-Clause
 github.com/google/gofuzz|https://github.com/google/gofuzz/blob/v1.2.0/LICENSE|Apache-2.0
 github.com/google/licenseclassifier/v2|https://github.com/google/licenseclassifier/blob/v2.0.0/v2/LICENSE|Apache-2.0
@@ -391,7 +391,7 @@ github.com/yashtewari/glob-intersection|https://github.com/yashtewari/glob-inter
 github.com/zclconf/go-cty-yaml|https://github.com/zclconf/go-cty-yaml/blob/v1.0.3/LICENSE|Apache-2.0
 github.com/zclconf/go-cty/cty|https://github.com/zclconf/go-cty/blob/v1.13.0/LICENSE|MIT
 github.com/zeebo/errs|https://github.com/zeebo/errs/blob/v1.3.0/LICENSE|MIT
-github.com/zitadel/oidc|https://github.com/zitadel/oidc/blob/v1.13.4/LICENSE|Apache-2.0
+github.com/zitadel/oidc|https://github.com/zitadel/oidc/blob/v1.13.5/LICENSE|Apache-2.0
 go.etcd.io/bbolt|https://github.com/etcd-io/bbolt/blob/v1.3.7/LICENSE|MIT
 go.mongodb.org/mongo-driver|https://github.com/mongodb/mongo-go-driver/blob/v1.11.3/LICENSE|Apache-2.0
 go.mozilla.org/pkcs7|https://github.com/mozilla-services/pkcs7/blob/33d05740a352/LICENSE|MIT
@@ -412,13 +412,12 @@ golang.org/x/crypto/sha3|https://cs.opensource.google/go/x/crypto/+/v0.14.0:LICE
 golang.org/x/crypto|https://cs.opensource.google/go/x/crypto/+/v0.14.0:LICENSE|BSD-3-Clause
 golang.org/x/exp/constraints|https://cs.opensource.google/go/x/exp/+/92128663:LICENSE|BSD-3-Clause
 golang.org/x/exp|https://cs.opensource.google/go/x/exp/+/92128663:LICENSE|BSD-3-Clause
-golang.org/x/mod/semver|https://cs.opensource.google/go/x/mod/+/v0.12.0:LICENSE|BSD-3-Clause
-golang.org/x/mod|https://cs.opensource.google/go/x/mod/+/v0.12.0:LICENSE|BSD-3-Clause
-golang.org/x/net/context|https://cs.opensource.google/go/x/net/+/v0.16.0:LICENSE|BSD-3-Clause
-golang.org/x/net/html|https://cs.opensource.google/go/x/net/+/v0.16.0:LICENSE|BSD-3-Clause
-golang.org/x/net/publicsuffix|https://cs.opensource.google/go/x/net/+/v0.16.0:LICENSE|BSD-3-Clause
-golang.org/x/net/webdav|https://cs.opensource.google/go/x/net/+/v0.16.0:LICENSE|BSD-3-Clause
-golang.org/x/net|https://cs.opensource.google/go/x/net/+/v0.16.0:LICENSE|BSD-3-Clause
+golang.org/x/mod/semver|https://cs.opensource.google/go/x/mod/+/v0.13.0:LICENSE|BSD-3-Clause
+golang.org/x/mod|https://cs.opensource.google/go/x/mod/+/v0.13.0:LICENSE|BSD-3-Clause
+golang.org/x/net/html|https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE|BSD-3-Clause
+golang.org/x/net/publicsuffix|https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE|BSD-3-Clause
+golang.org/x/net/webdav|https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE|BSD-3-Clause
+golang.org/x/net|https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE|BSD-3-Clause
 golang.org/x/oauth2|https://cs.opensource.google/go/x/oauth2/+/v0.13.0:LICENSE|BSD-3-Clause
 golang.org/x/sync/errgroup|https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE|BSD-3-Clause
 golang.org/x/sync/semaphore|https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE|BSD-3-Clause
@@ -435,7 +434,7 @@ golang.org/x/xerrors|https://cs.opensource.google/go/x/xerrors/+/04be3eba:LICENS
 google.golang.org/api/googleapi|https://github.com/googleapis/google-api-go-client/blob/v0.143.0/LICENSE|BSD-3-Clause
 google.golang.org/api/internal/third_party/uritemplates|https://github.com/googleapis/google-api-go-client/blob/v0.143.0/internal/third_party/uritemplates/LICENSE|BSD-3-Clause
 google.golang.org/api|https://github.com/googleapis/google-api-go-client/blob/v0.143.0/LICENSE|BSD-3-Clause
-google.golang.org/appengine|https://github.com/golang/appengine/blob/v1.6.7/LICENSE|Apache-2.0
+google.golang.org/appengine|https://github.com/golang/appengine/blob/v1.6.8/LICENSE|Apache-2.0
 google.golang.org/genproto/googleapis/api|https://github.com/googleapis/go-genproto/blob/007df8e322eb/googleapis/api/LICENSE|Apache-2.0
 google.golang.org/genproto/googleapis/rpc/status|https://github.com/googleapis/go-genproto/blob/e6e6cdab5c13/googleapis/rpc/LICENSE|Apache-2.0
 google.golang.org/genproto/googleapis/rpc|https://github.com/googleapis/go-genproto/blob/e6e6cdab5c13/googleapis/rpc/LICENSE|Apache-2.0

go.mod

@@ -306,7 +306,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 // indirect
-	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/aws/smithy-go v1.15.0
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect

pkg/extensions/imagetrust/cosign.go

@@ -256,11 +256,11 @@ func (cloud *PublicKeyAWSStorage) StorePublicKey(name godigest.Digest, publicKey
 	}
 
 	_, err := cloud.secretsManagerClient.CreateSecret(context.Background(), secretInputParam)
-	if err != nil {
-		return err
+	if err != nil && IsResourceExistsException(err) {
+		return nil
 	}
 
-	return nil
+	return err
 }
 
 func validatePublicKey(publicKeyContent []byte) (bool, error) {

pkg/extensions/imagetrust/image_trust.go

@@ -9,13 +9,16 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/transport/http"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	aws1 "github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/session"
 	smanager "github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/aws/aws-secretsmanager-caching-go/secretcache"
+	smithy "github.com/aws/smithy-go"
 	godigest "github.com/opencontainers/go-digest"
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
 
@@ -140,6 +143,20 @@ func GetSecretsManagerRetrieval(region, endpoint string) *secretcache.Cache {
 	return cache
 }
 
+func IsResourceExistsException(err error) bool {
+	if opErr, ok := err.(*smithy.OperationError); ok { //nolint: errorlint
+		if resErr, ok := opErr.Err.(*http.ResponseError); ok { //nolint: errorlint
+			if _, ok := resErr.Err.(*types.ResourceExistsException); ok { //nolint: errorlint
+				return true
+			}
+		}
+
+		return false
+	}
+
+	return false
+}
+
 func (imgTrustStore *ImageTrustStore) VerifySignature(
 	signatureType string, rawSignature []byte, sigKey string, manifestDigest godigest.Digest, manifestContent []byte,
 	repo string,