Skip to content

Do Not Merge: feat(resource builder): allow to inject tls configuration into annotated config maps: Rework#1350

Draft
DavidHurta wants to merge 7 commits intoopenshift:mainfrom
DavidHurta:fork/ingvagabund/configmap-tls-injection-rework
Draft

Do Not Merge: feat(resource builder): allow to inject tls configuration into annotated config maps: Rework#1350
DavidHurta wants to merge 7 commits intoopenshift:mainfrom
DavidHurta:fork/ingvagabund/configmap-tls-injection-rework

Conversation

@DavidHurta
Copy link
Contributor

@DavidHurta DavidHurta commented Mar 15, 2026
edited
Loading

Testing potential changes for #1322 🔨

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 15, 2026
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 15, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@coderabbitai
Copy link

coderabbitai bot commented Mar 15, 2026
edited
Loading

Walkthrough

This pull request introduces TLS configuration injection logic for ConfigMaps in the resource builder package. The changes add Kubernetes API dependencies, register a ConfigMap modifier in the generator, implement TLS profile observation and injection into GenericOperatorConfig entries within annotated ConfigMaps, integrate the modifier into the build workflow, and provide comprehensive test coverage for the injection mechanism.

Changes

Cohort / File(s) Summary
Module Dependencies
go.mod		 Added direct dependencies on kustomize/kyaml v0.13.6 and yaml v1.6.0; added indirect dependencies for go-errors, mergo, and kube-storage-version-migrator; removed sigs.k8s.io/yaml v1.6.0 from secondary require block.
Generator Configuration
hack/generate-lib-resources.py		 Registered ConfigMap modifier mapping ('k8s.io/api/core/v1', 'ConfigMap') to 'b.modifyConfigMap' in the modifiers dictionary.
TLS Injection Implementation
lib/resourcebuilder/core.go, lib/resourcebuilder/resourcebuilder.go		 Implemented modifyConfigMap method to observe APIServer TLS security profiles and inject minTLSVersion and cipherSuites into GenericOperatorConfig entries within ConfigMap data; integrated modifier invocation before ConfigMap application in the build process.
TLS Injection Test Coverage
lib/resourcebuilder/core_test.go, lib/resourcebuilder/resourcebuilder_test.go		 Added comprehensive unit and integration tests covering TLS injection scenarios, annotation handling, YAML preservation, edge cases, and end-to-end builder workflows with fake Kubernetes and OpenShift clients.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📝 Coding Plan
  • Generate coding plan for human review comments

Comment @coderabbitai help to get the list of available commands and usage tips.

Tip

CodeRabbit can approve the review once all CodeRabbit's comments are resolved.

Enable the reviews.request_changes_workflow setting to automatically approve the review once all CodeRabbit's comments are resolved.

@DavidHurta
Copy link
Contributor Author

DavidHurta commented Mar 15, 2026

/test ?

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 15, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DavidHurta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 15, 2026
@DavidHurta
Copy link
Contributor Author

DavidHurta commented Mar 15, 2026

@coderabbitai review

@coderabbitai
Copy link

coderabbitai bot commented Mar 15, 2026

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@DavidHurta
Copy link
Contributor Author

DavidHurta commented Mar 15, 2026

/test all

coderabbitai[bot]
coderabbitai bot reviewed Mar 15, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/resourcebuilder/resourcebuilder_test.go`:
- Line 69: Remove the leftover debug print: delete the fmt.Printf("tt.apiServer:
%v\n", tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec) line from the
test; if you want non-verbose test output keep it as t.Logf(...) but otherwise
simply remove the statement so the test contains no debug prints referencing
tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c0192a13-329d-4386-980f-c97c6e358561

📥 Commits

Reviewing files that changed from the base of the PR and between 6d31e54 and d259329.

⛔ Files ignored due to path filters (294)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/go-errors/errors/.travis.yml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-errors/errors/LICENSE.MIT is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-errors/errors/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-errors/errors/cover.out is excluded by !**/*.out, !vendor/**, !**/vendor/**
  • vendor/github.com/go-errors/errors/error.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-errors/errors/parse_panic.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-errors/errors/stackframe.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/.deepsource.toml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/.gitignore is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/.travis.yml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/CODE_OF_CONDUCT.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/LICENSE is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/map.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/merge.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/imdario/mergo/mergo.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.gitattributes is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.gitignore is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.golangci.go-validated.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.golangci.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/AGENTS.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/annotations/annotations.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/consts.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/deprecated_consts.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/codec.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/consts.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_cli_download.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_link.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_notification.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_quick_start.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_sample.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/image/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/image/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/image/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/serialization.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/stringsource.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/common.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/types_alibabaprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/types_aws.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/types_powervsprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1alpha1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1alpha1/types_openstack.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_machine.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_provider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/constants.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operator/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operator/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/osin/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/osin/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/osin/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/osin/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/osin/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/osin/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/pkg/serialization/serialization.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/register.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/quota/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/.codegen.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/OWNERS is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/install.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/v1/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/v1/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/route/v1/legacy.go is excluded by !vendor/**, !**/vendor/**
📒 Files selected for processing (6)
  • go.mod
  • hack/generate-lib-resources.py
  • lib/resourcebuilder/core.go
  • lib/resourcebuilder/core_test.go
  • lib/resourcebuilder/resourcebuilder.go
  • lib/resourcebuilder/resourcebuilder_test.go

lib/resourcebuilder/resourcebuilder_test.go
var configObjs []runtime.Object
if tt.apiServer != nil {
configObjs = append(configObjs, tt.apiServer)
fmt.Printf("tt.apiServer: %v\n", tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec)
Copy link

@coderabbitai coderabbitai bot Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Remove debug print statement.

This fmt.Printf appears to be leftover debug code that should be removed before merging.

🧹 Proposed fix 
 			if tt.apiServer != nil {
 				configObjs = append(configObjs, tt.apiServer)
-				fmt.Printf("tt.apiServer: %v\n", tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec)
 			}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
fmt.Printf("tt.apiServer: %v\n", tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec)
if tt.apiServer != nil {
configObjs = append(configObjs, tt.apiServer)
}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@lib/resourcebuilder/resourcebuilder_test.go` at line 69, Remove the leftover
debug print: delete the fmt.Printf("tt.apiServer: %v\n",
tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec) line from the test;
if you want non-verbose test output keep it as t.Logf(...) but otherwise simply
remove the statement so the test contains no debug prints referencing
tt.apiServer.Spec.TLSSecurityProfile.Custom.TLSProfileSpec.

@DavidHurta
Copy link
Contributor Author

DavidHurta commented Mar 15, 2026

/testwith openshift/cluster-version-operator/main/e2e-agnostic-ovn openshift/cluster-image-registry-operator#1297

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 15, 2026

@DavidHurta: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-agnostic-ovn-techpreview-serial-3of3 d259329 link true /test e2e-agnostic-ovn-techpreview-serial-3of3
ci/prow/e2e-agnostic-ovn-techpreview-serial-1of3 d259329 link true /test e2e-agnostic-ovn-techpreview-serial-1of3

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@DavidHurta
Copy link
Contributor Author

DavidHurta commented Mar 15, 2026

/testwith openshift/cluster-version-operator/main/e2e-agnostic-ovn openshift/cluster-image-registry-operator#1297

@DavidHurta DavidHurta mentioned this pull request Mar 16, 2026
Open
ricardomaraschini
ricardomaraschini suggested changes Mar 18, 2026
View reviewed changes
lib/resourcebuilder/core.go
}

// Check if this is a supported GenericOperatorConfig kind
if rnode.GetKind() != "GenericOperatorConfig" || rnode.GetApiVersion() != operatorv1alpha1.GroupVersion.String() {
Copy link

@ricardomaraschini ricardomaraschini Mar 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It turns out that GenericOperatorConfig is something that has been left alone in v1alpha1 and has been replaced by GenericControllerConfig on configv1. We need to support both, specially now we want to keep things consistent with the work we are doing on hypershift.

cc @ingvagabund

DavidHurta
DavidHurta commented Mar 19, 2026
View reviewed changes
lib/resourcebuilder/core.go
if kind != "GenericOperatorConfig" {
klog.V(4).Infof("ConfigMap's %q entry is not a GenericOperatorConfig, skipping this entry", key)
// Check if this is a supported GenericOperatorConfig kind
if rnode.GetKind() != "GenericOperatorConfig" || rnode.GetApiVersion() != operatorv1alpha1.GroupVersion.String() {
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apiVersion check

lib/resourcebuilder/core.go
klog.V(4).Infof("Error injecting the TLS configuration: %v", err)
return err
if err := updateRNodeWithTLSSettings(rnode, tlsConf); err != nil {
return fmt.Errorf("failed to inject the TLS configuration: %v", err)
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bubbling up some context of errors

lib/resourcebuilder/core.go
cm.Data[key] = modifiedYAML
klog.V(2).Infof("ConfigMap %s/%s updated GenericOperatorConfig in key %s with %d ciphers and minTLSVersion=%s",
cm.Namespace, cm.Name, key, len(cipherSuites), minTLSVersion)
klog.V(2).Infof("ConfigMap %s/%s updated GenericOperatorConfig with TLS profile in key %s", cm.Namespace, cm.Name, key)
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the tls configuration remains the same across all keys, no need to log it on every processed key

lib/resourcebuilder/core.go
for _, err := range errs {
klog.Errorf("ConfigMap %s/%s: error observing TLS profile: %v", cm.Namespace, cm.Name, err)
}
return nil, fmt.Errorf("error observing TLS profile for ConfigMap %s/%s: %w", cm.Namespace, cm.Name, errors.Join(errs...))
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hard failure; here i would like us to be defensive with testing to make sure any future bumps won't cause issues

Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

however, we already have extensive testing, I believe

lib/resourcebuilder/core.go Outdated
}

if ciphersFound {
currentCiphers, err := getSortedCipherSuites(servingInfo)
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to sort and check; the main idea of the modify functions is to communicate the required state of an object. Thus, we can just inject the TLS profile. My goal is also to keep the YAML processing logic minimal if possible.

lib/resourcebuilder/core.go
}
ciphers = append(ciphers, value)
} else {
if err := servingInfo.PipeE(yaml.Clear("minTLSVersion")); err != nil {
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clearing if not found to honor the observeTLSConfiguration function

lib/resourcebuilder/core.go
func updateRNodeWithTLSSettings(rnode *yaml.RNode, minTLSVersion string, minTLSFound bool, cipherSuites []string, ciphersFound bool) error {
// updateRNodeWithTLSSettings injects TLS settings into a GenericOperatorConfig RNode while preserving structure.
// If a field in tlsConf is not found, the corresponding field will be deleted from the RNode.
func updateRNodeWithTLSSettings(rnode *yaml.RNode, tlsConf *tlsConfig) error {
Copy link
Contributor Author

@DavidHurta DavidHurta Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New unit tests to ensure the YAML processing remains functional.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

+1 more reviewer

@ricardomaraschini ricardomaraschini ricardomaraschini requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ricardomaraschini ricardomaraschini

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DavidHurta @ricardomaraschini @ingvagabund