Skip to content

Add TLSAdherence tracking#13

Draft
jstuever wants to merge 2 commits intoopenshift:mainfrom
jstuever:tlsadherence
Draft

Add TLSAdherence tracking#13
jstuever wants to merge 2 commits intoopenshift:mainfrom
jstuever:tlsadherence

Conversation

@jstuever
Copy link

@jstuever jstuever commented Mar 5, 2026

This change adds the ability to track and fetch the TLSAdherence from the apiserver configuration.

Assisted-by: gemini-3.1-pro-preview

jstuever added 2 commits March 5, 2026 14:30
@jstuever
feat: add TLS adherence policy change tracking
13685ff 
Add InitialTLSAdherencePolicy and OnAdherencePolicyChange callback to
the SecurityProfileWatcher to detect and handle changes to the
APIServer's TLS adherence policy. This enables the operator to react
appropriately when the TLS adherence policy is modified. Tests have been
updated to cover the new policy tracking behavior.

Assisted-by: gemini-3.1-pro-preview
@jstuever
feat: add FetchAPIServerTLSAdherencePolicy function
6110d59 
Add the FetchAPIServerTLSAdherencePolicy function to the tls package to
allow retrieving the TLS adherence policy configured in the APIServer
resource. This enables consumers to determine the expected TLS adherence
behavior directly from the OpenShift cluster configuration.

Assisted-by: gemini-3.1-pro-preview
@openshift-ci openshift-ci bot requested review from mdbooth and sdodson March 5, 2026 23:17
@openshift-ci
Copy link

openshift-ci bot commented Mar 5, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jstuever
Once this PR has been reviewed and has the lgtm label, please assign joelanford for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jstuever jstuever marked this pull request as draft March 5, 2026 23:17
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 5, 2026
@jstuever
Copy link
Author

jstuever commented Mar 5, 2026

This PR is a draft until openshift/api/pull/2680 has merged

@jstuever jstuever mentioned this pull request Mar 5, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdbooth mdbooth Awaiting requested review from mdbooth

@sdodson sdodson Awaiting requested review from sdodson

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jstuever