Skip to content

CCO-819: Add TLSAdherence tracking#13

Merged
openshift-merge-bot[bot] merged 2 commits intoopenshift:mainfrom
jstuever:tlsadherence
Mar 18, 2026
Merged

CCO-819: Add TLSAdherence tracking#13
openshift-merge-bot[bot] merged 2 commits intoopenshift:mainfrom
jstuever:tlsadherence

Conversation

@jstuever
Copy link
Copy Markdown
Contributor

@jstuever jstuever commented Mar 5, 2026

This change adds the ability to track and fetch the TLSAdherence from the apiserver configuration.

Assisted-by: gemini-3.1-pro-preview

@openshift-ci openshift-ci bot requested review from mdbooth and sdodson March 5, 2026 23:17
@jstuever jstuever marked this pull request as draft March 5, 2026 23:17
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 5, 2026
@jstuever
Copy link
Copy Markdown
Contributor Author

jstuever commented Mar 5, 2026

This PR is a draft until openshift/api/pull/2680 has merged

@jstuever jstuever mentioned this pull request Mar 5, 2026
Open
@jstuever jstuever changed the title Add TLSAdherence tracking CCO-819: Add TLSAdherence tracking Mar 17, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 17, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Mar 17, 2026
edited by openshift-ci bot
Loading

@jstuever: This pull request references CCO-819 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This change adds the ability to track and fetch the TLSAdherence from the apiserver configuration.

Assisted-by: gemini-3.1-pro-preview

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 17, 2026
jstuever added 2 commits March 17, 2026 15:58
@jstuever
feat: add TLS adherence policy change tracking
3d72d89 
Add InitialTLSAdherencePolicy and OnAdherencePolicyChange callback to
the SecurityProfileWatcher to detect and handle changes to the
APIServer's TLS adherence policy. This enables the operator to react
appropriately when the TLS adherence policy is modified. Tests have been
updated to cover the new policy tracking behavior.

Assisted-by: gemini-3.1-pro-preview
@jstuever
feat: add FetchAPIServerTLSAdherencePolicy function
b569ff0 
Add the FetchAPIServerTLSAdherencePolicy function to the tls package to
allow retrieving the TLS adherence policy configured in the APIServer
resource. This enables consumers to determine the expected TLS adherence
behavior directly from the OpenShift cluster configuration.

Assisted-by: gemini-3.1-pro-preview
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 17, 2026
@jstuever
Copy link
Copy Markdown
Contributor Author

jstuever commented Mar 17, 2026

/cc @damdo

@openshift-ci openshift-ci bot requested a review from damdo March 17, 2026 23:10
@jstuever jstuever marked this pull request as ready for review March 17, 2026 23:10
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 17, 2026
@openshift-ci openshift-ci bot requested a review from joelanford March 17, 2026 23:10
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Mar 17, 2026

@jstuever: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jstuever
Copy link
Copy Markdown
Contributor Author

jstuever commented Mar 18, 2026

I tested this locally using openshift/cloud-credential-operator#965 and it works as I would expect.

damdo
damdo reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@damdo damdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 18, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Mar 18, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: damdo, jstuever

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 18, 2026
@openshift-merge-bot openshift-merge-bot bot merged commit 1812aed into openshift:main Mar 18, 2026
4 checks passed
@jzding jzding mentioned this pull request Mar 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@damdo damdo damdo left review comments

@mdbooth mdbooth Awaiting requested review from mdbooth

@sdodson sdodson Awaiting requested review from sdodson

@joelanford joelanford Awaiting requested review from joelanford

Assignees

@damdo damdo

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jstuever @openshift-ci-robot @damdo @openshift-merge-robot