METAL-1780: Gate TLS profile enforcement on APIServer tlsAdherence field by hroyrh · Pull Request #582 · openshift/cluster-baremetal-operator

hroyrh · 2026-03-26T09:51:59Z

Read the tlsAdherence field from the APIServer CR and use ShouldHonorClusterTLSProfile() to determine whether to enforce the cluster-wide TLS security profile. When tlsAdherence is NoOpinion or LegacyAdheringComponentsOnly, CBO skips injecting TLS profile env vars into Ironic/httpd containers, TLS args into BMO, and TLS config into the webhook server. Components fall back to their built-in defaults.

Also bumps openshift/api and openshift/client-go to versions that include the TLSAdherence API types.

coderabbitai · 2026-03-26T09:52:16Z

Walkthrough

Reads the cluster APIServer CR to decide whether to honor the cluster TLS security profile, exposes ShouldHonorClusterTLSProfile, makes ProvisioningInfo.TLSProfileSpec optional (pointer), and conditionally fetches/applies TLS profile data and injects TLS env/args only when honoring the profile.

Changes

Cohort / File(s)	Summary
TLS decision helper & ProvisioningInfo `provisioning/tls_profile.go`, `provisioning/provisioning_info.go`	Added exported `ShouldHonorClusterTLSProfile(...)` and changed `ProvisioningInfo.TLSProfileSpec` from a value to a pointer to allow omission when the cluster policy indicates not to honor the profile.
Controller / main logic `controllers/provisioning_controller.go`, `main.go`	Now reads the cluster-scoped `APIServer` CR and uses `ShouldHonorClusterTLSProfile` to decide whether to fetch/apply the APIServer TLS profile; TLS profile fetch/conversion and TLS watcher/controller setup occur only when honoring the profile; APIServer read failures exit the process.
Pod/container creation `provisioning/baremetal_pod.go`, `provisioning/bmo_pod.go`	TLS-derived Apache env vars and BMO CLI args are appended only when `info.TLSProfileSpec` is non-nil, preventing nil dereferences and omitting TLS settings when profile is not honored.
Unit tests `provisioning/baremetal_pod_test.go`, `provisioning/bmo_pod_test.go`, `provisioning/tls_profile_test.go`	Updated tests to provide a non-nil `TLSProfileSpec` where intended; added tests asserting behavior when `TLSProfileSpec` is nil; added table-driven tests for `ShouldHonorClusterTLSProfile`.
Dependencies `go.mod`	Bumped Go toolchain to `1.25.0` and updated OpenShift/Kubernetes dependency versions.
Other `provisioning/bmo_pod_test.go` (new test functions)	Added new tests verifying BMO container args for different TLS profile variants and absence of TLS args when `TLSProfileSpec` is nil.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

🧹 Nitpick comments (1)

provisioning/bmo_pod_test.go (1)

247-252: Assertion may miss flags in combined format.

The check uses exact equality (assert.NotEqual(t, "--tls-min-version", arg, ...)), which will not catch args formatted as --tls-min-version=<value>. Consider using strings.HasPrefix for a more robust check:

♻️ Proposed fix using prefix matching

+	import "strings"
+	...
 	for _, arg := range container.Args {
-		assert.NotEqual(t, "--tls-min-version", arg,
+		assert.False(t, strings.HasPrefix(arg, "--tls-min-version"),
 			"BMO container should not have --tls-min-version when HonorTLSProfile is false")
-		assert.NotEqual(t, "--tls-cipher-suites", arg,
+		assert.False(t, strings.HasPrefix(arg, "--tls-cipher-suites"),
 			"BMO container should not have --tls-cipher-suites when HonorTLSProfile is false")
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@provisioning/bmo_pod_test.go` around lines 247 - 252, The test iterates over
container.Args and uses assert.NotEqual to check for flags, which misses
combined forms like "--tls-min-version=1.2"; update the checks in the test (the
loop over container.Args in provisioning/bmo_pod_test.go, related to
HonorTLSProfile) to use strings.HasPrefix(arg, "--tls-min-version") and
strings.HasPrefix(arg, "--tls-cipher-suites") (or include the "=" suffix if you
prefer "--tls-min-version=" and "--tls-cipher-suites=") and assert that those
prefixes are false/absent; import the strings package if needed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@provisioning/bmo_pod_test.go`:
- Around line 247-252: The test iterates over container.Args and uses
assert.NotEqual to check for flags, which misses combined forms like
"--tls-min-version=1.2"; update the checks in the test (the loop over
container.Args in provisioning/bmo_pod_test.go, related to HonorTLSProfile) to
use strings.HasPrefix(arg, "--tls-min-version") and strings.HasPrefix(arg,
"--tls-cipher-suites") (or include the "=" suffix if you prefer
"--tls-min-version=" and "--tls-cipher-suites=") and assert that those prefixes
are false/absent; import the strings package if needed.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bd756494-a27c-4071-938a-889435873393

📥 Commits

Reviewing files that changed from the base of the PR and between 570a5ec and 9cef801.

⛔ Files ignored due to path filters (290)

go.sum is excluded by !**/*.sum
vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/AGENTS.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/Makefile is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/types.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (10)

controllers/provisioning_controller.go
go.mod
main.go
provisioning/baremetal_pod.go
provisioning/baremetal_pod_test.go
provisioning/bmo_pod.go
provisioning/bmo_pod_test.go
provisioning/provisioning_info.go
provisioning/tls_profile.go
provisioning/tls_profile_test.go

hroyrh · 2026-03-26T13:46:46Z

/retest-required

openshift-ci-robot · 2026-03-26T16:12:03Z

@hroyrh: This pull request references METAL-1780 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Read the tlsAdherence field from the APIServer CR and use ShouldHonorClusterTLSProfile() to determine whether to enforce the cluster-wide TLS security profile. When tlsAdherence is NoOpinion or LegacyAdheringComponentsOnly, CBO skips injecting TLS profile env vars into Ironic/httpd containers, TLS args into BMO, and TLS config into the webhook server. Components fall back to their built-in defaults.

Also bumps openshift/api and openshift/client-go to versions that include the TLSAdherence API types.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

hroyrh · 2026-03-26T16:13:14Z

/jira refresh

openshift-ci-robot · 2026-03-26T16:13:18Z

@hroyrh: This pull request references METAL-1780 which is a valid jira issue.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

MahnoorAsghar · 2026-03-27T10:02:35Z

provisioning/bmo_pod_test.go

+				Images:          &images,
+				ProvConfig:      &metal3iov1alpha1.Provisioning{Spec: *tc.config},
+				SSHKey:          tc.sshkey,
+				HonorTLSProfile: true,


We should probably check for TLS profile container args

dtantsur · 2026-03-30T07:12:06Z

controllers/provisioning_controller.go

 		Images:                  images,
 		Proxy:                   proxy,
 		TLSProfileSpec:          tlsProfileSpec,
+		HonorTLSProfile:         honorTLS,


nit: I'd merge these two by changing the first to *TLSProfileSpec and use nil as indicator that the profile is not required.

dtantsur · 2026-03-30T07:14:17Z

/approve

openshift-ci · 2026-03-30T07:15:12Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dtantsur, hroyrh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [dtantsur]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (2)

provisioning/bmo_pod_test.go (1)
198-203: Consider adding a bounds check for robustness.

The pattern here accesses bmoContainer.Args[i+1] without first checking if i+1 is within bounds. While tlsProfileToBMOArgs always provides a value, the test at lines 283-290 uses an explicit bounds check (assert.Less(t, i+1, len(container.Args), ...)), which is more defensive.
♻️ Suggested improvement
 			for i, arg := range bmoContainer.Args {
 				if arg == "--tls-min-version" {
+					assert.Less(t, i+1, len(bmoContainer.Args), "--tls-min-version must have a value")
 					assert.Equal(t, "TLS12", bmoContainer.Args[i+1])
 					break
 				}
 			}
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@provisioning/bmo_pod_test.go` around lines 198 - 203, The test loop in
provisioning/bmo_pod_test.go reads bmoContainer.Args[i+1] without checking
bounds; update the loop that iterates over bmoContainer.Args in the test to
assert (or guard) that i+1 < len(bmoContainer.Args) before accessing the next
element, similar to the pattern used in the other test (assert.Less(t, i+1,
len(container.Args), ...)); specifically modify the block that checks for
"--tls-min-version" to perform a bounds check on bmoContainer.Args before
calling bmoContainer.Args[i+1] to avoid potential out-of-range panics.
provisioning/baremetal_pod_test.go (1)
590-595: Consider adding missing VMEDIA cipher env vars to the check list.

The tlsEnvNames list is missing IRONIC_VMEDIA_TLS_12_CIPHERS and IRONIC_VMEDIA_TLS_13_CIPHERS which are also generated by tlsProfileToApacheEnvVars (see provisioning/tls_profile.go:58-88).
♻️ Suggested fix
 	tlsEnvNames := []string{
 		"IRONIC_SSL_PROTOCOL",
 		"IRONIC_VMEDIA_SSL_PROTOCOL",
 		"IRONIC_TLS_12_CIPHERS",
 		"IRONIC_TLS_13_CIPHERS",
+		"IRONIC_VMEDIA_TLS_12_CIPHERS",
+		"IRONIC_VMEDIA_TLS_13_CIPHERS",
 	}
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@provisioning/baremetal_pod_test.go` around lines 590 - 595, tlsEnvNames in
baremetal_pod_test.go omits VMEDIA cipher env vars generated by
tlsProfileToApacheEnvVars; update the tlsEnvNames slice to include
"IRONIC_VMEDIA_TLS_12_CIPHERS" and "IRONIC_VMEDIA_TLS_13_CIPHERS" so the test
covers all env vars produced by tlsProfileToApacheEnvVars (refer to the
tlsEnvNames variable and the tlsProfileToApacheEnvVars function to locate the
change).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@provisioning/bmo_pod_test.go`:
- Around line 213-218: The tCases test table declaration (the tCases variable in
provisioning/bmo_pod_test.go) is misformatted per gofmt; run gofmt (or gofmt -w)
or goimports on the file and correct the spacing/indentation around the tCases
[]struct { ... } declaration so the struct fields (name, profile, expectVersion,
expectCiphers) align and the braces follow gofmt conventions; ensure the file is
saved after formatting and re-run tests.

---

Nitpick comments:
In `@provisioning/baremetal_pod_test.go`:
- Around line 590-595: tlsEnvNames in baremetal_pod_test.go omits VMEDIA cipher
env vars generated by tlsProfileToApacheEnvVars; update the tlsEnvNames slice to
include "IRONIC_VMEDIA_TLS_12_CIPHERS" and "IRONIC_VMEDIA_TLS_13_CIPHERS" so the
test covers all env vars produced by tlsProfileToApacheEnvVars (refer to the
tlsEnvNames variable and the tlsProfileToApacheEnvVars function to locate the
change).

In `@provisioning/bmo_pod_test.go`:
- Around line 198-203: The test loop in provisioning/bmo_pod_test.go reads
bmoContainer.Args[i+1] without checking bounds; update the loop that iterates
over bmoContainer.Args in the test to assert (or guard) that i+1 <
len(bmoContainer.Args) before accessing the next element, similar to the pattern
used in the other test (assert.Less(t, i+1, len(container.Args), ...));
specifically modify the block that checks for "--tls-min-version" to perform a
bounds check on bmoContainer.Args before calling bmoContainer.Args[i+1] to avoid
potential out-of-range panics.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a89b5e3d-539f-4c2b-8bea-106d3c85cc3f

📥 Commits

Reviewing files that changed from the base of the PR and between 9cef801 and 7959f10.

⛔ Files ignored due to path filters (290)

go.sum is excluded by !**/*.sum
vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/AGENTS.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/Makefile is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/types.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (10)

controllers/provisioning_controller.go
go.mod
main.go
provisioning/baremetal_pod.go
provisioning/baremetal_pod_test.go
provisioning/bmo_pod.go
provisioning/bmo_pod_test.go
provisioning/provisioning_info.go
provisioning/tls_profile.go
provisioning/tls_profile_test.go

✅ Files skipped from review due to trivial changes (3)

provisioning/baremetal_pod.go
provisioning/tls_profile_test.go
go.mod

🚧 Files skipped from review as they are similar to previous changes (3)

provisioning/bmo_pod.go
provisioning/tls_profile.go
controllers/provisioning_controller.go

coderabbitai · 2026-03-30T15:25:31Z

provisioning/bmo_pod_test.go

+	tCases := []struct {
+		name            string
+		profile         *osconfigv1.TLSProfileSpec
+		expectVersion   string
+		expectCiphers   bool
+	}{


⚠️ Potential issue | 🟡 Minor

Fix formatting issue flagged by gofmt.

Static analysis indicates this line is not properly formatted.

🔧 Suggested fix

tCases := []struct { - name string - profile *osconfigv1.TLSProfileSpec - expectVersion string - expectCiphers bool + name string + profile *osconfigv1.TLSProfileSpec + expectVersion string + expectCiphers bool }{

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

tCases := []struct {

name string

profile *osconfigv1.TLSProfileSpec

expectVersion string

expectCiphers bool

}{

tCases := []struct {

name string

profile *osconfigv1.TLSProfileSpec

expectVersion string

expectCiphers bool

}{

🧰 Tools

🪛 golangci-lint (2.11.4)

[error] 214-214: File is not properly formatted

(gofmt)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@provisioning/bmo_pod_test.go` around lines 213 - 218, The tCases test table declaration (the tCases variable in provisioning/bmo_pod_test.go) is misformatted per gofmt; run gofmt (or gofmt -w) or goimports on the file and correct the spacing/indentation around the tCases []struct { ... } declaration so the struct fields (name, profile, expectVersion, expectCiphers) align and the braces follow gofmt conventions; ensure the file is saved after formatting and re-run tests.

Read the tlsAdherence field from the APIServer CR and use ShouldHonorClusterTLSProfile() to determine whether to enforce the cluster-wide TLS security profile. When tlsAdherence is NoOpinion or LegacyAdheringComponentsOnly, CBO skips injecting TLS profile env vars into Ironic/httpd containers, TLS args into BMO, and TLS config into the webhook server. Components fall back to their built-in defaults. Also bumps openshift/api and openshift/client-go to versions that include the TLSAdherence API types. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (1)

provisioning/bmo_pod_test.go (1)
310-365: The nil-profile test bypasses the new tlsAdherence decision point.

TestNewBMOContainersNoTLSProfile injects TLSProfileSpec == nil directly, so it only covers the downstream container rendering. Please confirm there's a separate test for the code that reads APIServer.spec.tlsAdherence and decides to leave ProvisioningInfo.TLSProfileSpec unset.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@provisioning/bmo_pod_test.go` around lines 310 - 365, Add a unit test that
exercises the decision point which reads APIServer.spec.tlsAdherence and sets
ProvisioningInfo.TLSProfileSpec (rather than directly injecting
TLSProfileSpec==nil); create a fake APIServer object with tlsAdherence
unset/false, call the function that builds the ProvisioningInfo (the same
builder used by createContainerBaremetalOperator), assert
ProvisioningInfo.TLSProfileSpec is nil, then call
createContainerBaremetalOperator and assert no --tls-* args are present; also
add a complementary test with tlsAdherence set to Strict to assert
TLSProfileSpec is populated and the BMO container includes the expected --tls-*
args.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@provisioning/bmo_pod_test.go`:
- Around line 196-200: The test iterates bmoContainer.Args and dereferences
Args[i+1] unguarded which can panic; update the loop in the TLS flag assertions
(the loop iterating bmoContainer.Args that checks for "--tls-min-version") to
first assert or require that i+1 < len(bmoContainer.Args) before accessing
Args[i+1], and then assert that the value equals "TLS12"; apply the same
length-guarding change to the second occurrence of this loop (the similar check
around lines 283-286) so both checks fail with a test assertion instead of
panicking.

---

Nitpick comments:
In `@provisioning/bmo_pod_test.go`:
- Around line 310-365: Add a unit test that exercises the decision point which
reads APIServer.spec.tlsAdherence and sets ProvisioningInfo.TLSProfileSpec
(rather than directly injecting TLSProfileSpec==nil); create a fake APIServer
object with tlsAdherence unset/false, call the function that builds the
ProvisioningInfo (the same builder used by createContainerBaremetalOperator),
assert ProvisioningInfo.TLSProfileSpec is nil, then call
createContainerBaremetalOperator and assert no --tls-* args are present; also
add a complementary test with tlsAdherence set to Strict to assert
TLSProfileSpec is populated and the BMO container includes the expected --tls-*
args.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0ceaeb5b-5d65-4cb9-a4e9-55ab1a40798a

📥 Commits

Reviewing files that changed from the base of the PR and between 7959f10 and 4bd6169.

⛔ Files ignored due to path filters (290)

go.sum is excluded by !**/*.sum
vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/AGENTS.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/Makefile is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/types.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (10)

controllers/provisioning_controller.go
go.mod
main.go
provisioning/baremetal_pod.go
provisioning/baremetal_pod_test.go
provisioning/bmo_pod.go
provisioning/bmo_pod_test.go
provisioning/provisioning_info.go
provisioning/tls_profile.go
provisioning/tls_profile_test.go

✅ Files skipped from review due to trivial changes (3)

provisioning/baremetal_pod.go
provisioning/bmo_pod.go
go.mod

🚧 Files skipped from review as they are similar to previous changes (3)

provisioning/tls_profile.go
provisioning/baremetal_pod_test.go
provisioning/provisioning_info.go

coderabbitai · 2026-03-30T16:30:03Z

provisioning/bmo_pod_test.go

+			assert.Contains(t, bmoContainer.Args, "--tls-min-version",
+				"BMO container should have --tls-min-version when TLSProfileSpec is set")
+			for i, arg := range bmoContainer.Args {
+				if arg == "--tls-min-version" {
+					assert.Equal(t, "TLS12", bmoContainer.Args[i+1])


⚠️ Potential issue | 🟡 Minor

Avoid panics in the TLS flag assertions.

Both loops dereference Args[i+1] unconditionally. If a regression ever emits a dangling --tls-min-version, this test will panic instead of failing with a useful assertion. Gate the value check behind the length assertion.

Suggested hardening

- assert.Equal(t, "TLS12", bmoContainer.Args[i+1]) + if assert.Less(t, i+1, len(bmoContainer.Args), "--tls-min-version must have a value") { + assert.Equal(t, "TLS12", bmoContainer.Args[i+1]) + }

- assert.Less(t, i+1, len(container.Args), "--tls-min-version must have a value") - assert.Equal(t, tc.expectVersion, container.Args[i+1]) + if assert.Less(t, i+1, len(container.Args), "--tls-min-version must have a value") { + assert.Equal(t, tc.expectVersion, container.Args[i+1]) + }

Also applies to: 283-286

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@provisioning/bmo_pod_test.go` around lines 196 - 200, The test iterates bmoContainer.Args and dereferences Args[i+1] unguarded which can panic; update the loop in the TLS flag assertions (the loop iterating bmoContainer.Args that checks for "--tls-min-version") to first assert or require that i+1 < len(bmoContainer.Args) before accessing Args[i+1], and then assert that the value equals "TLS12"; apply the same length-guarding change to the second occurrence of this loop (the similar check around lines 283-286) so both checks fail with a test assertion instead of panicking.

hroyrh · 2026-03-31T12:06:36Z

retest-required

MahnoorAsghar · 2026-03-31T12:35:18Z

/retest-required

MahnoorAsghar · 2026-03-31T17:28:16Z

/lgtm

openshift-ci · 2026-03-31T17:56:46Z

@hroyrh: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci bot requested review from dtantsur and zaneb March 26, 2026 09:53

coderabbitai bot reviewed Mar 26, 2026

View reviewed changes

hroyrh changed the title ~~Gate TLS profile enforcement on APIServer tlsAdherence field~~ METAL-1780: Gate TLS profile enforcement on APIServer tlsAdherence field Mar 26, 2026

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 26, 2026

MahnoorAsghar reviewed Mar 27, 2026

View reviewed changes

dtantsur reviewed Mar 30, 2026

View reviewed changes

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 30, 2026

hroyrh force-pushed the tlsAdherence-feature-gate branch from 9cef801 to 7959f10 Compare March 30, 2026 15:16

coderabbitai bot reviewed Mar 30, 2026

View reviewed changes

hroyrh force-pushed the tlsAdherence-feature-gate branch from 7959f10 to 4bd6169 Compare March 30, 2026 16:20

coderabbitai bot reviewed Mar 30, 2026

View reviewed changes

openshift-ci bot assigned MahnoorAsghar Mar 31, 2026

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 31, 2026

Conversation

hroyrh commented Mar 26, 2026

Uh oh!

coderabbitai bot commented Mar 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

hroyrh commented Mar 26, 2026

Uh oh!

openshift-ci-robot commented Mar 26, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

hroyrh commented Mar 26, 2026

Uh oh!

openshift-ci-robot commented Mar 26, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

MahnoorAsghar Mar 27, 2026

Choose a reason for hiding this comment

Uh oh!

dtantsur Mar 30, 2026

Choose a reason for hiding this comment

Uh oh!

dtantsur commented Mar 30, 2026

Uh oh!

openshift-ci bot commented Mar 30, 2026

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 30, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 30, 2026

Choose a reason for hiding this comment

Uh oh!

hroyrh commented Mar 31, 2026

Uh oh!

MahnoorAsghar commented Mar 31, 2026

Uh oh!

MahnoorAsghar commented Mar 31, 2026

Uh oh!

openshift-ci bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

coderabbitai bot commented Mar 26, 2026 •

edited

Loading

openshift-ci-robot commented Mar 26, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Mar 26, 2026 •

edited by openshift-ci bot

Loading