CCO-848: Add tls-min-version and tls-cipher-suites CLI flags to CCO#1063
CCO-848: Add tls-min-version and tls-cipher-suites CLI flags to CCO#1063dlom wants to merge 1 commit into
Conversation
|
@dlom: This pull request references CCO-848 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
🚧 Files skipped from review as they are similar to previous changes (3)
WalkthroughThis PR adds CLI flags for overriding TLS minimum version and cipher suites in the operator command, centralizes TLS setup in ChangesTLS override wiring
Estimated code review effort: 4 (Complex) | ~45 minutes 🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dlom The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/jira refresh |
|
@dlom: This pull request references CCO-848 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pkg/operator/podidentity/podidentitywebhook_controller.go`:
- Around line 243-248: The TLS profile reads in AddToManager/AddWithTLS are
using a non-cancellable startup context, so operator registration can’t be
interrupted or time-bounded if the apiserver hangs. Thread the startup context
from the caller into AddToManager/AddWithTLS, or create a bounded derived
context there, and pass it into utiltls.FetchAPIServerTLSAdherencePolicy and
utiltls.FetchAPIServerTLSProfile so these startup API calls respect cancellation
and timeouts.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 1815426b-3c0a-4fd6-97ce-7e9a4d88fced
📒 Files selected for processing (3)
pkg/cmd/operator/cmd.gopkg/operator/controller.gopkg/operator/podidentity/podidentitywebhook_controller.go
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #1063 +/- ##
==========================================
- Coverage 47.03% 46.82% -0.22%
==========================================
Files 97 97
Lines 12583 12643 +60
==========================================
+ Hits 5919 5920 +1
- Misses 6008 6066 +58
- Partials 656 657 +1
🚀 New features to boost your workflow:
|
|
/override ci/prow/security |
|
/test e2e-hypershift |
|
@dlom: Overrode contexts on behalf of dlom: ci/prow/security DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test e2e-hypershift |
|
@dlom: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/payload 5.0 nightly informing |
|
@dlom: trigger 69 job(s) of type informing for the nightly release of OCP 5.0
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a1e0bfa0-7a96-11f1-8cf1-80db4e21938d-0 |
xref: CCO-848
slack thread: https://redhat-internal.slack.com/archives/CBZHF4DHC/p1782826611730719
Summary by CodeRabbit
New Features
Bug Fixes