Update post-renderer to verify secret data for existing secrets

cli/cmd/destroy.go

@@ -40,6 +40,10 @@ var destroyCmd = &cobra.Command{
 
 			// If Zarf didn't deploy the cluster, only delete the ZarfNamespace
 			k8s.DeleteZarfNamespace()
+
+			// Delete the zarf-registry secret in the default namespace
+			defaultSecret, _ := k8s.GetSecret("default", "zarf-registry")
+			k8s.DeleteSecret(defaultSecret)
 		}
 	},
 }

cli/internal/helm/post-render.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"reflect"
 	"time"
 
 	"github.com/defenseunicorns/zarf/cli/config"
@@ -186,11 +187,14 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) {
 			}
 		}
 
-		// Try to get an existing secret
-		if secret, _ := k8s.GetSecret(name, secretName); secret.Name != secretName {
-			// create the missing zarf secret
-			secret = k8s.GenerateRegistryPullCreds(name, secretName)
-			if err := k8s.CreateSecret(secret); err != nil {
+		// Create the secret
+		validSecret := k8s.GenerateRegistryPullCreds(name, secretName)
+
+		// Try to get a valid existing secret
+		currentSecret, _ := k8s.GetSecret(name, secretName)
+		if currentSecret.Name != secretName || !reflect.DeepEqual(currentSecret.Data, validSecret.Data) {
+			// create/update the missing zarf secret
+			if err := k8s.ReplaceSecret(validSecret); err != nil {
 				message.Errorf(err, "Problem creating registry secret for the %s namespace", name)
 			}
 		}

cli/internal/k8s/namespace.go

@@ -2,7 +2,6 @@ package k8s
 
 import (
 	"context"
-	"os"
 	"time"
 
 	"github.com/defenseunicorns/zarf/cli/internal/message"
@@ -76,7 +75,7 @@ func DeleteZarfNamespace() {
 		_, err := clientset.CoreV1().Namespaces().Get(context.TODO(), ZarfNamespace, metav1.GetOptions{})
 		if errors.IsNotFound(err) {
 			spinner.Successf("Zarf removed from this cluster")
-			os.Exit(0)
+			return
 		}
 		time.Sleep(1 * time.Second)
 	}