Skip to content

NO-JIRA: Bump openshift/api and openshift/client-go#2320

Open
jubittajohn wants to merge 6 commits into
openshift:masterfrom
jubittajohn:bump-api
Open

NO-JIRA: Bump openshift/api and openshift/client-go#2320
jubittajohn wants to merge 6 commits into
openshift:masterfrom
jubittajohn:bump-api

Conversation

@jubittajohn

@jubittajohn jubittajohn commented Jun 22, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

The openshift/api bump brings the Mozilla Server Side TLS guidelines update from v5.7 to v5.8, which adds three ciphers to the Old TLS profile (ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, AES256-SHA256) that Go's crypto/tls does not implement.

This PR:

  • Bumps openshift/api and openshift/client-go to pick up KMS-related changes
  • Adds a ciphersUnsupportedByGo skip list so TestTLSProfileCipherSuitesHaveMappings
    tolerates ciphers that Go cannot negotiate
  • Adds TestCiphersUnsupportedByGoAreActuallyUnsupported, a self-validating test
    that checks the skip list against the ciphers map (kept in sync with Go's
    crypto/tls by TestConstantMaps). If a future Go release adds support for a
    skipped cipher, this test fails and prompts migration to openSSLToIANACiphersMap

Test plan

  • TestTLSProfileCipherSuitesHaveMappings passes (previously failing)
 go test ./pkg/crypto/ -run TestTLSProfileCipherSuitesHaveMappings
 ok  	github.com/openshift/library-go/pkg/crypto	0.372s

Failure before fix:

go test ./pkg/crypto/ -run TestTLSProfileCipherSuitesHaveMappings
--- FAIL: TestTLSProfileCipherSuitesHaveMappings (0.00s)
  crypto_test.go:589: The following cipher suites from TLS profiles are missing mappings in openSSLToIANACiphersMap:
      AES256-SHA256 (profile: Old)
      ECDHE-ECDSA-AES256-SHA384 (profile: Old)
      ECDHE-RSA-AES256-SHA384 (profile: Old)
      If Go's crypto/tls does not support this cipher, add it to ciphersUnsupportedByGo instead.
FAIL
FAIL	github.com/openshift/library-go/pkg/crypto	0.867s
FAIL
  • TestCiphersUnsupportedByGoAreActuallyUnsupported passes
go test ./pkg/crypto/ -run TestCiphersUnsupportedByGoAreActuallyUnsupported
ok  	github.com/openshift/library-go/pkg/crypto	0.661s

Self-validation example

go test ./pkg/crypto/ -run TestCiphersUnsupportedByGoAreActuallyUnsupported
--- FAIL: TestCiphersUnsupportedByGoAreActuallyUnsupported (0.00s)
  crypto_test.go:609: cipher "ECDHE-ECDSA-AES128-SHA" (IANA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA") is in ciphersUnsupportedByGo but Go now supports it — remove it from ciphersUnsupportedByGo and add a mapping to openSSLToIANACiphersMap
FAIL
FAIL	github.com/openshift/library-go/pkg/crypto	1.042s
  • TestConstantMaps passes
go test ./pkg/crypto/ -run TestConstantMaps
ok  	github.com/openshift/library-go/pkg/crypto	0.829s
  • Full pkg/crypto test suite passes

Summary by CodeRabbit

  • Chores
    • Updated Go module dependencies to newer versions, including Kubernetes, networking, and cryptography libraries.
  • Tests
    • Strengthened TLS cipher/version validation by aligning checks with the package’s current mappings from Go’s crypto/tls.
    • Added coverage to ensure explicitly unsupported ciphers are truly unavailable.
    • Refined tests to handle profile-related cipher suites more accurately.
  • Bug Fixes
    • Improved handling of unknown OpenSSL cipher suites by emitting higher-verbosity logs when they can’t be mapped.

@jubittajohn
Bump openshift/api and openshift/client-go
b5ddf21 
Signed-off-by: jubittajohn <jujohn@redhat.com>
@jubittajohn
Handle TLS profile ciphers unsupported by Go's crypto/tls
baafe22 
The Mozilla 5.7→5.8 guidelines update in openshift/api added three
ciphers to the Old TLS profile (ECDHE-ECDSA-AES256-SHA384,
ECDHE-RSA-AES256-SHA384, AES256-SHA256) that Go's crypto/tls does
not implement. Add a ciphersUnsupportedByGo skip list so
TestTLSProfileCipherSuitesHaveMappings tolerates them, and a
self-validating test that will fail if a future Go release adds
support, prompting migration to openSSLToIANACiphersMap.
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 22, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 22, 2026

Copy link
Copy Markdown

@jubittajohn: This pull request explicitly references no jira issue.

Details

In response to this:

The openshift/api bump brings the Mozilla Server Side TLS guidelines update from v5.7 to v5.8, which adds three ciphers to the Old TLS profile (ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, AES256-SHA256) that Go's crypto/tls does not implement.

This PR:

  • Bumps openshift/api and openshift/client-go to pick up KMS-related changes
  • Adds a ciphersUnsupportedByGo skip list so TestTLSProfileCipherSuitesHaveMappings
    tolerates ciphers that Go cannot negotiate
  • Adds TestCiphersUnsupportedByGoAreActuallyUnsupported, a self-validating test
    that checks the skip list against the ciphers map (kept in sync with Go's
    crypto/tls by TestConstantMaps). If a future Go release adds support for a
    skipped cipher, this test fails and prompts migration to openSSLToIANACiphersMap

Test plan

  • TestTLSProfileCipherSuitesHaveMappings passes (previously failing)
 go test ./pkg/crypto/ -run TestTLSProfileCipherSuitesHaveMappings
 ok  	github.com/openshift/library-go/pkg/crypto	0.372s

Failure before fix:

go test ./pkg/crypto/ -run TestTLSProfileCipherSuitesHaveMappings
--- FAIL: TestTLSProfileCipherSuitesHaveMappings (0.00s)
  crypto_test.go:589: The following cipher suites from TLS profiles are missing mappings in openSSLToIANACiphersMap:
      AES256-SHA256 (profile: Old)
      ECDHE-ECDSA-AES256-SHA384 (profile: Old)
      ECDHE-RSA-AES256-SHA384 (profile: Old)
      If Go's crypto/tls does not support this cipher, add it to ciphersUnsupportedByGo instead.
FAIL
FAIL	github.com/openshift/library-go/pkg/crypto	0.867s
FAIL
  • TestCiphersUnsupportedByGoAreActuallyUnsupported passes
go test ./pkg/crypto/ -run TestCiphersUnsupportedByGoAreActuallyUnsupported
ok  	github.com/openshift/library-go/pkg/crypto	0.661s

Self-validation example

go test ./pkg/crypto/ -run TestCiphersUnsupportedByGoAreActuallyUnsupported
--- FAIL: TestCiphersUnsupportedByGoAreActuallyUnsupported (0.00s)
  crypto_test.go:609: cipher "ECDHE-ECDSA-AES128-SHA" (IANA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA") is in ciphersUnsupportedByGo but Go now supports it — remove it from ciphersUnsupportedByGo and add a mapping to openSSLToIANACiphersMap
FAIL
FAIL	github.com/openshift/library-go/pkg/crypto	1.042s
  • TestConstantMaps passes
go test ./pkg/crypto/ -run TestConstantMaps
ok  	github.com/openshift/library-go/pkg/crypto	0.829s
  • Full pkg/crypto test suite passes

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 43ed316f-3d00-4067-82e3-3c81fabea77d

📥 Commits

Reviewing files that changed from the base of the PR and between 17ee659 and fd024d0.

📒 Files selected for processing (2)
  • pkg/crypto/crypto.go
  • pkg/crypto/crypto_test.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • pkg/crypto/crypto_test.go
  • pkg/crypto/crypto.go

Walkthrough

The PR bumps direct and indirect Go module dependencies across OpenShift and Kubernetes ecosystems, and refactors the crypto package's internal TLS and cipher lookup maps with clearer naming, introduces a ciphersUnsupportedByGo allowlist, adds logging for dropped ciphers during OpenSSL translation, and updates all functions and tests to validate the new structure.

Changes

Dependency Updates and Crypto Package Refactoring

Layer / File(s) Summary
Go module dependency updates
go.mod		 Direct dependencies bumped: github.com/openshift/api, github.com/openshift/client-go, github.com/spf13/pflag, golang.org/x/{crypto,net,sys}, k8s.io/klog/v2, and k8s.io/utils. Indirect dependencies updated: github.com/emicklei/go-restful/v3 bumped, github.com/go-openapi/swag upgraded from v0.23.0 to v0.25.4 with expanded submodule entries, github.com/josharian/intern and github.com/mailru/easyjson removed, golang.org/x/{sync,term,text,tools}, k8s.io/kube-openapi, and sigs.k8s.io/structured-merge-diff/v6 advanced.
TLS version maps refactoring and function updates
pkg/crypto/crypto.go		 TLS version lookup tables renamed: versionsgoTLSVersions, supportedVersionsenabledTLSVersions. Functions TLSVersionToNameOrDie, TLSVersion, GolangTLSVersions, and ValidTLSVersions updated to read from the new maps.
Cipher suite maps refactoring and function updates
pkg/crypto/crypto.go		 Cipher lookup and translation maps renamed: ciphersgoCipherSuites, openSSLToIANACiphersMapopenSSLToIANACiphers. New ciphersUnsupportedByGo map tracks API-defined ciphers not supported by current Go. Functions CipherSuiteToNameOrDie, CipherSuite, and ValidCipherSuites read from goCipherSuites. OpenSSLToIANACipherSuites translates via openSSLToIANACiphers and logs dropped ciphers at klog.V(4) instead of silently omitting them.
Crypto test validation for refactored maps
pkg/crypto/crypto_test.go		 TestConstantMaps validates sync against goCipherSuites, goTLSVersions, and enabledTLSVersions. TestTLSProfileCipherSuitesHaveMappings skips ciphers in ciphersUnsupportedByGo and references openSSLToIANACiphers. New TestCiphersUnsupportedByGoAreActuallyUnsupported ensures no unsupported cipher has gained Go support.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Title check ⚠️ Warning The PR title describes the main dependency bumps but fails to capture the substantive changes made to address TLS cipher incompatibility issues and test infrastructure. Consider revising the title to reflect the actual main work: e.g., 'Add TLS cipher skip list for unsupported Go ciphers' or 'Handle unsupported TLS ciphers in crypto tests', as the test refactoring and cipher mapping updates are the core technical changes.
Docstring Coverage ⚠️ Warning Docstring coverage is 53.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (13 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR uses standard Go testing (testing.T), not Ginkgo. No Ginkgo test declarations found. Test names are static and deterministic.
Test Structure And Quality ✅ Passed PR contains standard Go tests (testing.T), not Ginkgo tests. Custom check is specific to Ginkgo test code and is not applicable to this PR.
Microshift Test Compatibility ✅ Passed The PR adds no new Ginkgo e2e tests. The new test (TestCiphersUnsupportedByGoAreActuallyUnsupported) is a standard Go unit test using testing.T, not a Ginkgo e2e test. The custom check only applies...
Single Node Openshift (Sno) Test Compatibility ✅ Passed This PR does not add any Ginkgo e2e tests. It only modifies unit tests in the library-go crypto package, which are outside the scope of the SNO compatibility check.
Topology-Aware Scheduling Compatibility ✅ Passed PR modifies only cryptographic utility functions and dependency versions in go.mod. No deployment manifests, operator code, controllers, or scheduling constraints are introduced.
Ote Binary Stdout Contract ✅ Passed This is a library package with no process-level stdout writes. The PR adds klog.V(4).Infof() logging in regular functions called at runtime, which writes to stderr by default per klog v2 documentat...
Ipv6 And Disconnected Network Test Compatibility ✅ Passed The PR adds no Ginkgo e2e tests. It only modifies unit tests in pkg/crypto/, which are standard Go tests. The custom check is not applicable to unit tests.
No-Weak-Crypto ✅ Passed The PR adds crypto.go which references weak algorithms (RC4, 3DES, SHA1) but does NOT implement them. SHA1 is used for certificate key IDs (not secrets), and RC4/3DES are mappings to Go's standard...
Container-Privileges ✅ Passed PR modifies only Go source code (go.mod, crypto.go, crypto_test.go), not container/K8s manifests. The container-privileges check is not applicable to this PR type.
No-Sensitive-Data-In-Logs ✅ Passed The PR adds logging of cipher suite names (not sensitive data) at verbosity V(4), consistent with existing logging patterns that log file paths; no passwords, tokens, API keys, PII, or secret mater...

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from bertinatto and p0lyn0mial June 22, 2026 03:53
@jubittajohn jubittajohn mentioned this pull request Jun 22, 2026
Closed
coderabbitai[bot]
coderabbitai Bot reviewed Jun 22, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 21-36: Update three golang.org/x dependencies in go.mod to patch
known CVEs: upgrade golang.org/x/crypto from v0.48.0 to v0.52.0 or later,
golang.org/x/net from v0.50.0 to v0.56.0 or later, and golang.org/x/sys from
v0.41.0 to v0.46.0 or later. You can do this by running go get with the specific
versions (e.g., go get golang.org/x/crypto@v0.52.0) or by manually editing the
go.mod file and running go mod tidy to resolve any transitive dependency
changes.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9de30e1d-b926-46df-bb56-1b98b396ae51

📥 Commits

Reviewing files that changed from the base of the PR and between b0f5231 and baafe22.

⛔ Files ignored due to path filters (298)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/.codecov.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/.golangci.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/.mockery.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/cmdutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/cmdutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/cmdutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/convert.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/convert_types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/format.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/sizeof.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv/type_constraints.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/conv_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/convert.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/convert_types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/file.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/fileutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/fileutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/fileutils/file.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/fileutils/path.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/fileutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/go.work.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/initialism_index.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/json.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/concat.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/json.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/errors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/json.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/loading.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/options.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading/yaml.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/loading_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/initialism_index.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/name_lexem.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/name_mangler.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/options.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/pools.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/split.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/string_bytes.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/mangling_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/name_lexem.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/net.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/netutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/netutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/netutils/net.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/netutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/split.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/stringutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/stringutils/collection_formats.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/stringutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/stringutils/strings.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/stringutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/typeutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/typeutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/typeutils/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/typeutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yaml.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yamlutils/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yamlutils/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yamlutils/errors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yamlutils/yaml.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/yamlutils_iface.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/josharian/intern/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/josharian/intern/intern.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/josharian/intern/license.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/buffer/pool.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/jlexer/bytestostr.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/jlexer/bytestostr_nounsafe.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/jlexer/error.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/jlexer/lexer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mailru/easyjson/jwriter/writer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/apiserver/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/apiserver/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/apps/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/apps/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/authorization/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/authorization/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/build/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/build/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/cloudnetwork/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha2/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/console/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/etcd/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/etcd/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/helm/v1beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/image/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/image/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/imageregistry/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/imageregistry/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/legacyconfig/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/machine/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/machine/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/machine/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/machine/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/monitoring/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/monitoring/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/network/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/network/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/network/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/network/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/networkoperator/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/networkoperator/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/oauth/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/oauth/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/operator/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_etcd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/operator/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/osin/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/osin/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/project/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/project/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/quota/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/quota/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/route/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/route/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/samples/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/samples/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/security/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/security/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/template/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/template/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/user/v1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/user/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientcredentialconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientsecretsecretreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalclaimssource.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourceauthentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcecertificateauthorityconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcepredicate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcetls.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkobservabilityspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourcedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourceurl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierrequestloggingconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/etcdspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmsencryptionstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmspluginhealthreport.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kubeapiserverstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/oauthapiserverstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/openshiftapiserverstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/spf13/pflag/flag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/nodetype_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/client_priority_go126.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/client_priority_go127.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/internal/httpsfv/httpsfv.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/websocket/hybi.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_other_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_x86.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ioctl_signed.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ioctl_unsigned.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (2)
  • go.mod
  • pkg/crypto/crypto_test.go

Comment thread go.mod
ardaguclu
ardaguclu reviewed Jun 22, 2026
View reviewed changes
Comment thread pkg/crypto/crypto_test.go Outdated
// Registry (https://www.iana.org/assignments/tls-parameters/) and are retained so
// TestCiphersUnsupportedByGoAreActuallyUnsupported can detect when a future Go
// release adds support.
var ciphersUnsupportedByGo = map[string]string{

@ardaguclu ardaguclu Jun 22, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we update

library-go/pkg/crypto/crypto.go

Line 151 in b0f5231

var openSSLToIANACiphersMap = map[string]string{
?

@ardaguclu ardaguclu Jun 22, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are intentionally excluded from openSSLToIANACiphersMap and silently filtered out during profile translation I missed this documentation. So ignore my comment.

@p0lyn0mial

p0lyn0mial commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

/approve

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 22, 2026
This was referenced Jun 22, 2026
Closed
Merged
sanchezl
sanchezl suggested changes Jun 22, 2026
View reviewed changes
Comment thread pkg/crypto/crypto.go Outdated
// Ciphers defined in the API but absent from Go are tracked in
// ciphersUnsupportedByGo (below) so tests detect when Go gains support.
var openSSLToIANACiphers = map[string]string{
// TLS 1.3 ciphers - not configurable in go 1.13, all of them are used in TLSv1.3 flows

@sanchezl sanchezl Jun 22, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: the Go 1.13 reference is stale

Suggested change
// TLS 1.3 ciphers - not configurable in go 1.13, all of them are used in TLSv1.3 flows
// TLS 1.3 ciphers - always negotiated by Go; not individually configurable.

Comment thread pkg/crypto/crypto.go Outdated
@@ -99,7 +113,7 @@ func GolangTLSVersions() []string {
// Returns the build enabled TLS versions.

@sanchezl sanchezl Jun 22, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: match the enabledTLSVersions comment

Suggested change
// Returns the build enabled TLS versions.
// ValidTLSVersions returns the TLS versions that OpenShift allows in configurations.

sanchezl added 4 commits June 22, 2026 15:35
@sanchezl @jubittajohn
crypto: clarify cipher mapping documentation and co-locate skip list
8dafa58 
Add a section header explaining the TLS configuration bridge between
OpenSSL cipher names (used by the OpenShift API) and IANA names (used
by Go's crypto/tls). Fix the openSSLToIANACiphersMap contract comment
to reflect that it only covers ciphers Go can negotiate.

Remove the large commented-out cipher block and replace it with a
pointer to ciphersUnsupportedByGo, which is moved from crypto_test.go
into crypto.go so production code and tests share a single source of
truth for unsupported ciphers.
@sanchezl @jubittajohn
crypto: rename unexported maps for clarity
b4f44d7 
Rename ciphers -> goCipherSuites to clarify that keys are IANA names
and values are Go uint16 constants.

Rename openSSLToIANACiphersMap -> openSSLToIANACiphers to drop the
redundant Map suffix.

No exported API changes.
@sanchezl @jubittajohn
crypto: rename TLS version maps for clarity
41b9dc5 
Rename versions -> goTLSVersions (all versions Go knows) and
supportedVersions -> enabledTLSVersions (subset OpenShift allows).

The two maps are intentionally separate: removing an entry from
enabledTLSVersions phases out a version in configs, while keeping
it in goTLSVersions preserves parsing of legacy references.

Deprecate GolangTLSVersions() in favor of ValidTLSVersions().
@sanchezl @jubittajohn
crypto: log silently dropped ciphers at V(4)
fd024d0 
When OpenSSLToIANACipherSuites encounters a cipher that Go's
crypto/tls cannot negotiate, log it at V(4) so operators can
see what was filtered out without raising noise in normal operation.
sanchezl
sanchezl approved these changes Jun 22, 2026
View reviewed changes

@sanchezl sanchezl left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 22, 2026
@openshift-ci

openshift-ci Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jubittajohn, p0lyn0mial, sanchezl

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jubittajohn

jubittajohn commented Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

/hold
adding hold until we get consensus from everyone involved

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 22, 2026
@openshift-ci

openshift-ci Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

@jubittajohn: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@bertinatto bertinatto Awaiting requested review from bertinatto

@p0lyn0mial p0lyn0mial Awaiting requested review from p0lyn0mial

+2 more reviewers

@ardaguclu ardaguclu ardaguclu left review comments

@sanchezl sanchezl sanchezl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@sanchezl sanchezl

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jubittajohn @openshift-ci-robot @p0lyn0mial @sanchezl @ardaguclu