From a6d8c95a81fc3771d144bf5cd93ff1aa020841ea Mon Sep 17 00:00:00 2001
From: richardsonnick <nic.rr@icloud.com>
Date: Tue, 16 Jun 2026 14:29:34 +0000
Subject: [PATCH] Log unknown TLSAdherencePolicy values and add support for
 legacy adhering components to ShouldHonorClusterTLSProfile

---
 pkg/crypto/tls_adherence.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/crypto/tls_adherence.go b/pkg/crypto/tls_adherence.go
index ef0e1af51a..a732c60469 100644
--- a/pkg/crypto/tls_adherence.go
+++ b/pkg/crypto/tls_adherence.go
@@ -2,6 +2,7 @@ package crypto
 
 import (
 	configv1 "github.com/openshift/api/config/v1"
+	"k8s.io/klog/v2"
 )
 
 // ShouldHonorClusterTLSProfile returns true if the component should honor the
@@ -13,10 +14,15 @@ import (
 //
 // Unknown enum values are treated as StrictAllComponents for forward compatibility
 // and to default to the more secure behavior.
-func ShouldHonorClusterTLSProfile(tlsAdherence configv1.TLSAdherencePolicy) bool {
+func ShouldHonorClusterTLSProfile(tlsAdherence configv1.TLSAdherencePolicy, isLegacyAdheringComponent bool, logger klog.Logger) bool {
+	if isLegacyAdheringComponent {
+		return true
+	}
 	switch tlsAdherence {
 	case configv1.TLSAdherencePolicyNoOpinion, configv1.TLSAdherencePolicyLegacyAdheringComponentsOnly:
 		return false
+	case configv1.TLSAdherencePolicyStrictAllComponents:
+		return true
 	default:
 		return true
 	}