Skip to content

OCPBUGS-62173: Add TLSSecurityProfile controller #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tmshort wants to merge 1 commit into from
Closed

OCPBUGS-62173: Add TLSSecurityProfile controller #143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion cmd/cluster-olm-operator/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
_ "github.com/openshift/api/operator/v1/zz_generated.crd-manifests"
"github.com/openshift/library-go/pkg/controller/controllercmd"
"github.com/openshift/library-go/pkg/controller/factory"
"github.com/openshift/library-go/pkg/operator/apiserver/controller/tlssecurityprofile"
"github.com/openshift/library-go/pkg/operator/loglevel"
"github.com/openshift/library-go/pkg/operator/status"
"github.com/openshift/library-go/pkg/operator/v1helpers"
Expand Down Expand Up @@ -182,6 +183,15 @@ func runOperator(ctx context.Context, cc *controllercmd.ControllerContext) error
cc.EventRecorder.ForComponent(olmProxyController),
)

tlsProfileController := tlssecurityprofile.NewTLSSecurityProfileControllerWithPaths(
"OLM",
controller.UpdateTLSProfileCallback,
cl.OperatorClient,
cl.ConfigInformerFactory,
cc.EventRecorder.ForComponent("OLM"),
controller.TLSMinVersionPath, controller.TLSCipherSuitesPath, controller.TLSProfileTypePath,
)

versionGetter := status.NewVersionGetter()
versionGetter.SetVersion("operator", status.VersionForOperatorFromEnv())

Expand Down Expand Up @@ -216,7 +226,7 @@ func runOperator(ctx context.Context, cc *controllercmd.ControllerContext) error
return errors.New("timed out waiting for FeatureGate detection")
}

for _, c := range append(staticResourceControllerList, upgradeableConditionController, incompatibleOperatorController, clusterOperatorController, operatorLoggingController, proxyController) {
for _, c := range append(staticResourceControllerList, upgradeableConditionController, incompatibleOperatorController, clusterOperatorController, operatorLoggingController, proxyController, tlsProfileController) {
go func(c factory.Controller) {
defer runtime.HandleCrash()
c.Run(ctx, 1)
Expand Down
18 changes: 10 additions & 8 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,19 @@ require (
github.com/TwiN/deepmerge v0.2.2
github.com/blang/semver/v4 v4.0.0
github.com/go-logr/logr v1.4.2
github.com/openshift/api v0.0.0-20250710004639-926605d3338b
github.com/openshift/api v0.0.0-20251002150504-230d0e045316
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee
github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee
github.com/openshift/library-go v0.0.0-20250710113040-3dc9410ead2d
github.com/openshift/library-go v0.0.0-20251003131124-f838eb5c6019
github.com/operator-framework/catalogd v1.0.0-rc1
github.com/operator-framework/helm-operator-plugins v0.7.0
github.com/operator-framework/operator-controller v1.0.0-rc1
github.com/operator-framework/operator-registry v1.48.0
github.com/spf13/cobra v1.9.1
github.com/spf13/pflag v1.0.6
github.com/stretchr/testify v1.11.1
golang.org/x/net v0.40.0
golang.org/x/text v0.26.0
golang.org/x/net v0.43.0
golang.org/x/text v0.29.0
gopkg.in/yaml.v3 v3.0.1
helm.sh/helm/v3 v3.18.4
k8s.io/api v0.33.2
Expand Down Expand Up @@ -154,12 +154,12 @@ require (
go.opentelemetry.io/proto/otlp v1.4.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.39.0 // indirect
golang.org/x/crypto v0.42.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/oauth2 v0.28.0 // indirect
golang.org/x/sync v0.15.0 // indirect
golang.org/x/sys v0.33.0 // indirect
golang.org/x/term v0.32.0 // indirect
golang.org/x/sync v0.17.0 // indirect
golang.org/x/sys v0.36.0 // indirect
golang.org/x/term v0.35.0 // indirect
golang.org/x/time v0.9.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
Expand All @@ -184,3 +184,5 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)

replace github.com/openshift/library-go => github.com/tmshort/library-go v0.0.0-20251014204838-15fb782c15e8
40 changes: 20 additions & 20 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,14 +269,12 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/openshift/api v0.0.0-20250710004639-926605d3338b h1:A8OY6adT2aZNp7tsGsilHuQ3RqhzrFx5dzGr/UwXfJg=
github.com/openshift/api v0.0.0-20250710004639-926605d3338b/go.mod h1:SPLf21TYPipzCO67BURkCfK6dcIIxx0oNRVWaOyRcXM=
github.com/openshift/api v0.0.0-20251002150504-230d0e045316 h1:p3AsHallQSuqx/8qYgFLYso/iGKSuuIezkNCGOfQNUQ=
github.com/openshift/api v0.0.0-20251002150504-230d0e045316/go.mod h1:SPLf21TYPipzCO67BURkCfK6dcIIxx0oNRVWaOyRcXM=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee h1:tOtrrxfDEW8hK3eEsHqxsXurq/D6LcINGfprkQC3hqY=
github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee/go.mod h1:zhRiYyNMk89llof2qEuGPWPD+joQPhCRUc2IK0SB510=
github.com/openshift/library-go v0.0.0-20250710113040-3dc9410ead2d h1:fuwDoHAl1OBYi+B2UzDSecc+QBhsKE9j+zrcmpB+ppg=
github.com/openshift/library-go v0.0.0-20250710113040-3dc9410ead2d/go.mod h1:tptKNust9MdRI0p90DoBSPHIrBa9oh+Rok59tF0vT8c=
github.com/operator-framework/api v0.27.0 h1:OrVaGKZJvbZo58HTv2guz7aURkhVKYhFqZ/6VpifiXI=
github.com/operator-framework/api v0.27.0/go.mod h1:lg2Xx+S8NQWGYlEOvFwQvH46E5EK5IrAIL7HWfAhciM=
github.com/operator-framework/catalogd v1.0.0-rc1 h1:wuM8yLy52lwrfyVJJ++l8zV+pxJOnuQLC84fO0UTbts=
Expand Down Expand Up @@ -360,6 +358,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
github.com/tmshort/library-go v0.0.0-20251014204838-15fb782c15e8 h1:k7Vt7NGjX6HLTqZ4WcBBwe98qMgoa72kBTdAOm8ZJlw=
github.com/tmshort/library-go v0.0.0-20251014204838-15fb782c15e8/go.mod h1:2812XAOu30VBDzkZ9ShKa5F++VUsf8kDZfl06nH5QRU=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
Expand Down Expand Up @@ -448,27 +448,27 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
Expand All @@ -478,22 +478,22 @@ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
Expand Down
9 changes: 9 additions & 0 deletions manifests/0000_51_olm_02_operator_clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ rules:
- config.openshift.io
resources:
- clusteroperators
- apiservers
verbs:
- list
- watch
Expand All @@ -74,6 +75,14 @@ rules:
verbs:
- update
- patch
- apiGroups:
- config.openshift.io
resources:
- apiservers
resourceNames:
- cluster
verbs:
- get
- apiGroups:
- coordination.k8s.io
resources:
Expand Down
2 changes: 2 additions & 0 deletions pkg/clients/clients.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ type Clients struct {
KubeInformersForNamespaces v1helpers.KubeInformersForNamespaces
FeatureGatesAccessor featuregates.FeatureGateAccess
FeatureGateMapper internalfeatures.MapperInterface
APIServerClient configinformerv1.APIServerInformer
}

func New(cc *controllercmd.ControllerContext) (*Clients, error) {
Expand Down Expand Up @@ -131,6 +132,7 @@ func New(cc *controllercmd.ControllerContext) (*Clients, error) {
ConfigInformerFactory: configInformerFactory,
FeatureGatesAccessor: setupFeatureGatesAccessor(kubeClient, configInformerFactory, cc.OperatorNamespace),
FeatureGateMapper: internalfeatures.NewMapper(),
APIServerClient: configInformerFactory.Config().V1().APIServers(),
}, nil
}

Expand Down
79 changes: 79 additions & 0 deletions pkg/controller/builder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,13 @@ import (
"errors"
"fmt"
"io/fs"
"maps"
"os"
"path/filepath"
"slices"
"strconv"
"strings"
"sync"

configv1 "github.com/openshift/api/config/v1"
operatorv1 "github.com/openshift/api/operator/v1"
Expand Down Expand Up @@ -126,11 +128,13 @@ func (b *Builder) BuildControllers(subDirectories ...string) (map[string]factory
b.Clients.KubeInformerFactory.Apps().V1().Deployments(),
[]factory.Informer{
b.Clients.ProxyClient.Informer(),
b.Clients.APIServerClient.Informer(),
},
[]deploymentcontroller.ManifestHookFunc{
replaceVerbosityHook("${LOG_VERBOSITY}"),
},
UpdateDeploymentProxyHook(b.Clients.ProxyClient),
UpdateDeploymentTLSProfileHook(),
)
return nil
}
Expand Down Expand Up @@ -317,3 +321,78 @@ func UpdateDeploymentProxyHook(pc clients.ProxyClientInterface) deploymentcontro
return nil
}
}

var (
tlsConfig map[string]interface{}
tlsConfigMutex = sync.Mutex{}
TLSMinVersionPath = []string{"tls-min-version"}
TLSCipherSuitesPath = []string{"tls-cipher-suites"}
TLSProfileTypePath = []string{"tls-profile-type"}
)

func UpdateTLSProfileCallback(config map[string]interface{}) {
// This is a shallow map, so Clone will work
tlsConfigMutex.Lock()
defer tlsConfigMutex.Unlock()
tlsConfig = maps.Clone(config)
}

func getTLSConfig() ([]string, error) {
var tlsVersionMap = map[string]string{
"VersionTLS10": "TLSv1.0",
"VersionTLS11": "TLSv1.1",
"VersionTLS12": "TLSv1.2",
"VersionTLS13": "TLSv1.3",
}
args := []string{}

tlsConfigMutex.Lock()
defer tlsConfigMutex.Unlock()

tlsProfileType, found, err := unstructured.NestedString(tlsConfig, TLSProfileTypePath...)
if err != nil {
return nil, fmt.Errorf("unable to find %v: %w", TLSProfileTypePath, err)
}
if found && tlsProfileType != "" {
args = append(args, fmt.Sprintf("--tls-profile=%s", strings.ToLower(tlsProfileType)))
}

if tlsProfileType != string(configv1.TLSProfileCustomType) {
return args, nil
}
tlsVersion, found, err := unstructured.NestedString(tlsConfig, TLSMinVersionPath...)
if err != nil {
return nil, fmt.Errorf("unable to find %v: %w", TLSMinVersionPath, err)
}
if found {
if verArg, ok := tlsVersionMap[tlsVersion]; ok {
args = append(args, fmt.Sprintf("--tls-custom-version=%s", verArg))
}
}

tlsCipherSuites, found, err := unstructured.NestedStringSlice(tlsConfig, TLSCipherSuitesPath...)
if err != nil {
return nil, fmt.Errorf("unable to find %v: %w", TLSCipherSuitesPath, err)
}
if found {
args = append(args, fmt.Sprintf("--tls-custom-ciphers=%s", strings.Join(tlsCipherSuites, ",")))
}
return args, nil
}

func UpdateDeploymentTLSProfileHook() deploymentcontroller.DeploymentHookFunc {
return func(_ *operatorv1.OperatorSpec, deployment *appsv1.Deployment) error {
args, err := getTLSConfig()
if err != nil {
return err
}

klog.FromContext(context.Background()).WithName("builder").V(1).Info("TLSProfileHook updating arguments", "deployment", deployment.Name, "arguments", args)

for i := range deployment.Spec.Template.Spec.Containers {
deployment.Spec.Template.Spec.Containers[i].Args = append(deployment.Spec.Template.Spec.Containers[i].Args, args...)
}

return nil
}
}
26 changes: 22 additions & 4 deletions vendor/github.com/openshift/api/.golangci.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 5 additions & 1 deletion vendor/github.com/openshift/api/Makefile
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/github.com/openshift/api/OWNERS
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading