WIP: Central tls profile by DavidHurta · Pull Request #1338 · openshift/cluster-version-operator

DavidHurta · 2026-03-07T22:46:00Z

Summary by CodeRabbit

New Features
- Added support for dynamic TLS profile handling in the metrics server, enabling centralized TLS configuration management from the cluster's APIServer.
- Introduced a new configuration option to control TLS profile synchronization behavior.
Chores
- Updated multiple Go module dependencies to newer versions, including logging, testing, Kubernetes, Prometheus, and related utilities.

openshift-ci · 2026-03-07T22:46:04Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

DavidHurta · 2026-03-07T22:46:10Z

/test ?

coderabbitai · 2026-03-07T22:46:18Z

Walkthrough

The PR adds dynamic TLS profile handling to the metrics server by integrating APIServerLister throughout the codebase. The manifest.Include() method signature is extended with an additional parameter, requiring updates across multiple call sites. The metrics server now optionally fetches, caches, and applies TLS profiles from the APIServer resource when the RespectCentralTLSProfile flag is enabled.

Changes

Cohort / File(s)	Summary
Dependency Updates `go.mod`	Version bumps and module replacements for logging, testing, OpenShift, Prometheus, Kubernetes, and transitive dependencies.
APIServerLister Integration `pkg/cvo/cvo.go`, `pkg/start/start.go`	Added APIServerLister field and getter to Operator; updated constructor signatures to accept and wire APIServerInformer through the initialization chain.
Dynamic TLS Profile Handling `pkg/cvo/metrics.go`	Introduced cachedTLSProfile mechanism with fetch, cache, compare, and lazy-apply logic. RunMetrics now accepts apiServerLister parameter and applies central TLS profiles on handshake when RespectCentralTLSProfile is enabled. Added RespectCentralTLSProfile flag to MetricsOptions.
manifest.Include Signature Updates `lib/manifest/manifest.go`, `pkg/cvo/featuregate_integration_test.go`, `pkg/cvo/sync_worker.go`, `pkg/payload/payload.go`, `pkg/payload/render.go`	Extended manifest.Include() calls with additional trailing nil parameter across multiple call sites to accommodate new method signature.

Sequence Diagram(s)

sequenceDiagram
    participant TLS as TLS Handshake
    participant Metrics as Metrics Server
    participant Cache as TLS Profile Cache
    participant Lister as APIServerLister
    participant APIServer as APIServer Resource
    
    TLS->>Metrics: GetConfigForClient()
    alt RespectCentralTLSProfile enabled
        Metrics->>Lister: Get APIServer resource
        Lister->>APIServer: Fetch current APIServer
        APIServer-->>Lister: Return resource
        Lister-->>Metrics: Return APIServer spec
        
        Metrics->>Metrics: Extract TLS profile
        Metrics->>Cache: Compare with cached profile
        
        alt Profile changed or first time
            Metrics->>Metrics: Apply new TLS config
            Metrics->>Cache: Store new profile
            Metrics-->>TLS: Return updated config
        else Profile unchanged
            Metrics-->>TLS: Return cached config
        end
    else Use fallback
        Metrics->>Cache: Fetch last valid profile
        Cache-->>Metrics: Return cached profile
        Metrics-->>TLS: Return config
    end

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 72.73% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'WIP: Central tls profile' is directly related to the main changes in the PR, which implement central TLS profile handling for the metrics server and APIServer integration.
Stable And Deterministic Test Names	✅ Passed	The pull request does not modify Ginkgo test names or introduce dynamic information into test titles. Test files remain unchanged with stable, deterministic test names.
Test Structure And Quality	✅ Passed	Tests use standard Go testing package with testing.T, not Ginkgo BDD-style testing as specified in the custom check requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-03-07T22:46:23Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DavidHurta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [DavidHurta]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

DavidHurta · 2026-03-07T22:47:29Z

/test e2e-agnostic-operator
/test e2e-agnostic-ovn
/test e2e-hypershift
/test gofmt
/test images
/test lint
/test unit
/test verify-update
/test verify-yaml

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

pkg/start/start.go (1)

358-363: ⚠️ Potential issue | 🟠 Major

Wait for the APIServer informer before starting metrics.

RunMetrics now reads the TLS profile through controllerCtx.CVO.APIServerLister(), but this path still only blocks on ClusterVersionInformerFactory.WaitForCacheSync above. The APIServer informer is created later in NewControllerContext, so on a fresh leader transition its cache can still be cold here and the first handshakes will race an empty/NotFound profile. Please gate metrics startup on the APIServer informer, or the full ConfigInformerFactory, being synced when RespectCentralTLSProfile is enabled.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/start/start.go` around lines 358 - 363, The metrics server is started
without ensuring the APIServer informer (or the full ConfigInformerFactory) has
synced, causing races when RunMetrics reads TLS profiles via
controllerCtx.CVO.APIServerLister(); update the metrics startup to, when
RespectCentralTLSProfile is enabled, wait for the APIServer informer (or
controllerCtx.ConfigInformerFactory) to be synced before spawning the goroutine
that calls cvo.RunMetrics (check o.MetricsOptions.ListenAddress and
o.RespectCentralTLSProfile, then call the appropriate WaitForCacheSync on the
APIServer informer or ConfigInformerFactory from controllerCtx and only start
the metrics goroutine after that returns true).

pkg/cvo/metrics.go (2)

353-360: ⚠️ Potential issue | 🟠 Major

Reject missing apiServerLister at startup.

If RespectCentralTLSProfile is true and apiServerLister is nil, the process won't fail until Line 485, where the first handshake dereferences it. Please turn that into an early configuration error.

Suggested fix

 func RunMetrics(runContext context.Context, shutdownContext context.Context, restConfig *rest.Config, apiServerLister configlistersv1.APIServerLister, options MetricsOptions) error {
 	if options.ListenAddress == "" {
 		return errors.New("listen address is required to serve metrics")
 	}
 
 	if options.DisableAuthentication && !options.DisableAuthorization {
 		return errors.New("invalid configuration: cannot enable authorization without authentication")
 	}
+	if options.RespectCentralTLSProfile && apiServerLister == nil {
+		return errors.New("apiServerLister is required when RespectCentralTLSProfile is enabled")
+	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cvo/metrics.go` around lines 353 - 360, Add an early validation in
RunMetrics to reject a nil apiServerLister when options.RespectCentralTLSProfile
is true: after the existing ListenAddress and auth checks, check if
options.RespectCentralTLSProfile && apiServerLister == nil and return a clear
configuration error (e.g. "apiServerLister is required when
RespectCentralTLSProfile is true"). This prevents the later nil dereference in
TLS handshake code that relies on apiServerLister.

467-490: ⚠️ Potential issue | 🔴 Critical

Synchronize lastValidProfile in the TLS callback.

lastValidProfile is captured by GetConfigForClient and then read and overwritten on each handshake without synchronization. That is a data race, and concurrent handshakes can also write back an older snapshot after a profile change.

Suggested fix

 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"slices"
+	"sync"
 	"time"
@@
-	var lastValidProfile *cachedTLSProfile
+	var (
+		lastValidProfile   *cachedTLSProfile
+		lastValidProfileMu sync.Mutex
+	)
@@
 			if options.RespectCentralTLSProfile {
+				lastValidProfileMu.Lock()
 				profile, err := getAPIServerTLSProfile(apiServerLister, lastValidProfile)
+				if err == nil {
+					lastValidProfile = profile
+				}
+				lastValidProfileMu.Unlock()
 				if err != nil {
 					return nil, fmt.Errorf("failed to get TLS profile for metrics server: %w", err)
 				}
-				lastValidProfile = profile
 				profile.apply(config)
 			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cvo/metrics.go` around lines 467 - 490, The TLS callback captures and
mutates lastValidProfile unsafely; add synchronization (e.g., a package-local
sync.RWMutex like lastValidProfileMu) and use RLock when reading and Lock when
updating to prevent data races and stale overwrites in GetConfigForClient; wrap
the call to getAPIServerTLSProfile and the assignment lastValidProfile = profile
(and the subsequent profile.apply(config) if it relies on the stored state)
inside the mutex so readers/writers are serialized and the cachedTLSProfile is
updated atomically.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/cvo/metrics.go`:
- Around line 176-180: The log at the klog.Infof call prints profile.Ciphers
using %s which causes invalid formatting; update the klog.Infof in the TLS
profile change block (after tlsprofile.NewTLSConfigFromProfile and the
unsupportedCiphers check) to format the cipher list correctly by using a verbs
that match the type (e.g., %v) or join the slice into a string (e.g.,
strings.Join(profile.Ciphers, ",")). Ensure you import strings if you choose
Join and keep the rest of the message unchanged.

---

Outside diff comments:
In `@pkg/cvo/metrics.go`:
- Around line 353-360: Add an early validation in RunMetrics to reject a nil
apiServerLister when options.RespectCentralTLSProfile is true: after the
existing ListenAddress and auth checks, check if
options.RespectCentralTLSProfile && apiServerLister == nil and return a clear
configuration error (e.g. "apiServerLister is required when
RespectCentralTLSProfile is true"). This prevents the later nil dereference in
TLS handshake code that relies on apiServerLister.
- Around line 467-490: The TLS callback captures and mutates lastValidProfile
unsafely; add synchronization (e.g., a package-local sync.RWMutex like
lastValidProfileMu) and use RLock when reading and Lock when updating to prevent
data races and stale overwrites in GetConfigForClient; wrap the call to
getAPIServerTLSProfile and the assignment lastValidProfile = profile (and the
subsequent profile.apply(config) if it relies on the stored state) inside the
mutex so readers/writers are serialized and the cachedTLSProfile is updated
atomically.

In `@pkg/start/start.go`:
- Around line 358-363: The metrics server is started without ensuring the
APIServer informer (or the full ConfigInformerFactory) has synced, causing races
when RunMetrics reads TLS profiles via controllerCtx.CVO.APIServerLister();
update the metrics startup to, when RespectCentralTLSProfile is enabled, wait
for the APIServer informer (or controllerCtx.ConfigInformerFactory) to be synced
before spawning the goroutine that calls cvo.RunMetrics (check
o.MetricsOptions.ListenAddress and o.RespectCentralTLSProfile, then call the
appropriate WaitForCacheSync on the APIServer informer or ConfigInformerFactory
from controllerCtx and only start the metrics goroutine after that returns
true).

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4b2ebb59-479e-4c67-b71f-fec6dbcfc90e

📥 Commits

Reviewing files that changed from the base of the PR and between 7092376 and 3f595e0.

⛔ Files ignored due to path filters (291)

go.sum is excluded by !**/*.sum
vendor/github.com/evanphx/json-patch/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/patch.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-logr/logr/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-logr/logr/funcr/funcr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/assertion.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/async_assertion.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/duration_bundle.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/gomega.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/polling_signal_error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/vetoptdesc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/and.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/assignable_to_type_of_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_directory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_regular_file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_an_existing_file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_closed_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_element_of_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_empty_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_equivalent_to_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_false_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_identical_to.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_key_of_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_nil_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_numerically_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_sent_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_temporally_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_true_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_zero_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/consist_of.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/contain_element_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/contain_elements_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/contain_substring_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/equal_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_cap_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_each_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_exact_elements.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_field.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_len_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_prefix_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_suffix_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_value.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/internal/miter/type_support_iter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/internal/miter/type_support_noiter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_json_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_regexp_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_xml_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/not.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/or.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/panic_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/receive_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/satisfy_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/semi_structured_data_support.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/succeed_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraph.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/node/node.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/type_support.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/with_transform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_backup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/manifest/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/api/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/desc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/labels.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/process_collector_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_nocgo_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/process_collector_procfsenabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/vec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/config/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/config/headers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/config/http_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/expfmt.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/fuzz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/text_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/text_parse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/alert.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/labels.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/labelset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/value.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/value_histogram.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/value_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/Makefile.common is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/arp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/fs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/fs_statfs_notype.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/fscache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/internal/fs/fs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/internal/util/parse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/mountstats.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_dev_snmp6.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_ip_socket.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_protocols.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_tcp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_cgroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_io.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_netstat.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_smaps.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_snmp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_snmp6.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_status.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_sys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/softirqs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/bool_func.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/count.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/flag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/func.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/golangflag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/ipnet_slice.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/string_to_string.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/text.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/time.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/oauth2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/oauth2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/pkce.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/PATENTS is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !**/vendor/**, !vendor/**
vendor/gomodules.xyz/jsonpatch/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/encoding/protowire/wire.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/filedesc/editions.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/filedesc/presence.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/genid/api_gen.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/impl/message_opaque.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/impl/presence.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/proto/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/gopkg.in/evanphx/json-patch.v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/evanphx/json-patch.v4/patch.go is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/LICENSE.libyaml is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/apic.go is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/emitterc.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

go.mod
lib/manifest/manifest.go
pkg/cvo/cvo.go
pkg/cvo/featuregate_integration_test.go
pkg/cvo/metrics.go
pkg/cvo/sync_worker.go
pkg/payload/payload.go
pkg/payload/render.go
pkg/start/start.go

coderabbitai · 2026-03-07T22:57:44Z

pkg/cvo/metrics.go

+	applyTLSProfile, unsupportedCiphers := tlsprofile.NewTLSConfigFromProfile(profile)
+	if len(unsupportedCiphers) > 0 {
+		klog.Warningf("TLS profile contains unsupported ciphers (will be ignored): %v", unsupportedCiphers)
+	}
+	klog.Infof("TLS profile changed to: MinTLSVersion=%s, Ciphers=%s", profile.MinTLSVersion, profile.Ciphers)


⚠️ Potential issue | 🟡 Minor

Fix the cipher list log formatting.

Line 180 formats profile.Ciphers with %s, so this log will print %!s(...) instead of the configured cipher list.

Suggested fix

- klog.Infof("TLS profile changed to: MinTLSVersion=%s, Ciphers=%s", profile.MinTLSVersion, profile.Ciphers) + klog.Infof("TLS profile changed to: MinTLSVersion=%s, Ciphers=%v", profile.MinTLSVersion, profile.Ciphers)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

applyTLSProfile, unsupportedCiphers := tlsprofile.NewTLSConfigFromProfile(profile)

if len(unsupportedCiphers) > 0 {

klog.Warningf("TLS profile contains unsupported ciphers (will be ignored): %v", unsupportedCiphers)

}

klog.Infof("TLS profile changed to: MinTLSVersion=%s, Ciphers=%s", profile.MinTLSVersion, profile.Ciphers)

applyTLSProfile, unsupportedCiphers := tlsprofile.NewTLSConfigFromProfile(profile)

if len(unsupportedCiphers) > 0 {

klog.Warningf("TLS profile contains unsupported ciphers (will be ignored): %v", unsupportedCiphers)

}

klog.Infof("TLS profile changed to: MinTLSVersion=%s, Ciphers=%v", profile.MinTLSVersion, profile.Ciphers)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@pkg/cvo/metrics.go` around lines 176 - 180, The log at the klog.Infof call prints profile.Ciphers using %s which causes invalid formatting; update the klog.Infof in the TLS profile change block (after tlsprofile.NewTLSConfigFromProfile and the unsupportedCiphers check) to format the cipher list correctly by using a verbs that match the type (e.g., %v) or join the slice into a string (e.g., strings.Join(profile.Ciphers, ",")). Ensure you import strings if you choose Join and keep the rest of the message unchanged.

openshift-ci · 2026-03-10T00:58:01Z

@DavidHurta: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-hypershift	`3f595e0`	link	true	`/test e2e-hypershift`
ci/prow/e2e-agnostic-ovn-techpreview-serial-2of3	`3f595e0`	link	true	`/test e2e-agnostic-ovn-techpreview-serial-2of3`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

DavidHurta added 5 commits March 5, 2026 23:18

go mod tidy & go mod vendor

45a052a

update due to bump; do not merge

5dfcd8b

wip

18158e8

wip: no change in hypershift

2dd7e53

drop before merging

3f595e0

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 7, 2026

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 7, 2026

coderabbitai bot reviewed Mar 7, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WIP: Central tls profile#1338

WIP: Central tls profile#1338
DavidHurta wants to merge 5 commits intoopenshift:mainfrom
DavidHurta:central-tls-profile

DavidHurta commented Mar 7, 2026 •

edited by coderabbitai bot

Loading

Uh oh!

openshift-ci bot commented Mar 7, 2026

Uh oh!

DavidHurta commented Mar 7, 2026

Uh oh!

coderabbitai bot commented Mar 7, 2026 •

edited

Loading

❌ Failed checks (1 warning)

Uh oh!

openshift-ci bot commented Mar 7, 2026

Uh oh!

DavidHurta commented Mar 7, 2026

Uh oh!

coderabbitai bot left a comment

Uh oh!

coderabbitai bot Mar 7, 2026

Uh oh!

openshift-ci bot commented Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

DavidHurta commented Mar 7, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

openshift-ci bot commented Mar 7, 2026

Uh oh!

DavidHurta commented Mar 7, 2026

Uh oh!

coderabbitai bot commented Mar 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci bot commented Mar 7, 2026

Uh oh!

DavidHurta commented Mar 7, 2026

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 7, 2026

Choose a reason for hiding this comment

Uh oh!

openshift-ci bot commented Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

DavidHurta commented Mar 7, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 7, 2026 •

edited

Loading