Safely consume TLSSecurityProfile from APIServer CR

[tiraboschi]

APIServer CR is validating TLSSecurityProfile
less strictly than CNAO.
HCO in general delegates the validation
to the operators that is managing,
but this is not true for values directly
read from the APIServer CR
that are not passing into our validating
webhook.
So if the cluster admin requires
a custom configuration for TLSSecurityProfile
on the APIServer CR all the components
but CNAO will accept it while CNAO
will refuse it continuously.
Let's prevent this sanitizing the input.
this is not validated

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=2137896

TODO: add unit tests

Signed-off-by: Simone Tiraboschi stirabos@redhat.com

Reviewer Checklist

Reviewers are supposed to review the PR for every aspect below one by one. To check an item means the PR is either "OK" or "Not Applicable" in terms of that item. All items are supposed to be checked before merging a PR.

• PR Message
• Commit Messages
• How to test
• Unit Tests
• Functional Tests
• User Documentation
• Developer Documentation
• Upgrade Scenario
• Uninstallation Scenario
• Backward Compatibility
• Troubleshooting Friendly

Release note:

Safely consume TLSSecurityProfile from APIServer CR

[coveralls]

Pull Request Test Coverage Report for Build 3525527586

• 49 of 54 (90.74%) changed or added relevant lines in 1 file are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage increased (+0.02%) to 85.456%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/util/cluster.go	49	54	90.74%

Files with Coverage Reduction	New Missed Lines	%
controllers/operands/operandHandler.go	1	84.34%

Totals
Change from base Build 3495979789:	0.02%
Covered Lines:	4671
Relevant Lines:	5466

---

💛 - Coveralls

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[hco-bot]

hco-e2e-image-index-aws lane succeeded.
/override ci/prow/hco-e2e-image-index-gcp

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-image-index-gcp

In response to this:

hco-e2e-image-index-aws lane succeeded.
/override ci/prow/hco-e2e-image-index-gcp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[hco-bot]

hco-e2e-upgrade-index-sno-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-index-sno-azure
hco-e2e-upgrade-prev-index-sno-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-prev-index-sno-azure

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-index-sno-azure, ci/prow/hco-e2e-upgrade-prev-index-sno-azure

In response to this:

hco-e2e-upgrade-index-sno-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-index-sno-azure
hco-e2e-upgrade-prev-index-sno-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-prev-index-sno-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[hco-bot]

hco-e2e-upgrade-prev-index-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-prev-index-azure

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-prev-index-azure

In response to this:

hco-e2e-upgrade-prev-index-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-prev-index-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[hco-bot]

hco-e2e-upgrade-index-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-index-azure

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-index-azure

In response to this:

hco-e2e-upgrade-index-aws lane succeeded.
/override ci/prow/hco-e2e-upgrade-index-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[hco-bot]

hco-e2e-image-index-aws lane succeeded.
/override ci/prow/hco-e2e-image-index-azure

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-image-index-azure

In response to this:

hco-e2e-image-index-aws lane succeeded.
/override ci/prow/hco-e2e-image-index-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[tiraboschi]

/retest

[hco-bot]

hco-e2e-kv-smoke-gcp lane succeeded.
/override ci/prow/hco-e2e-kv-smoke-azure

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure

In response to this:

hco-e2e-kv-smoke-gcp lane succeeded.
/override ci/prow/hco-e2e-kv-smoke-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@tiraboschi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/hco-e2e-image-index-gcp	46834de	link	true	/test hco-e2e-image-index-gcp
ci/prow/hco-e2e-upgrade-prev-index-sno-azure	46834de	link	false	/test hco-e2e-upgrade-prev-index-sno-azure
ci/prow/hco-e2e-upgrade-index-sno-azure	46834de	link	false	/test hco-e2e-upgrade-index-sno-azure
ci/prow/hco-e2e-upgrade-prev-index-azure	46834de	link	true	/test hco-e2e-upgrade-prev-index-azure
ci/prow/hco-e2e-upgrade-index-azure	46834de	link	true	/test hco-e2e-upgrade-index-azure
ci/prow/hco-e2e-image-index-azure	46834de	link	true	/test hco-e2e-image-index-azure
ci/prow/hco-e2e-kv-smoke-azure	46834de	link	true	/test hco-e2e-kv-smoke-azure
ci/prow/hco-e2e-image-index-sno-azure	46834de	link	false	/test hco-e2e-image-index-sno-azure

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[hco-bot]

hco-e2e-image-index-sno-aws lane succeeded.
/override ci/prow/hco-e2e-image-index-sno-azure

[kubevirt-bot]

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-image-index-sno-azure

In response to this:

hco-e2e-image-index-sno-aws lane succeeded.
/override ci/prow/hco-e2e-image-index-sno-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[orenc1]

/approve

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: orenc1

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [orenc1]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[tiraboschi]

/cherry-pick release-1.8

[kubevirt-bot]

@tiraboschi: new pull request created: #2158

In response to this:

/cherry-pick release-1.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.