From f170762140a1312a875f7177820a6ddb545279f3 Mon Sep 17 00:00:00 2001
From: Catherine Chan-Tse <cchantse@redhat.com>
Date: Mon, 22 Jan 2024 15:54:24 -0500
Subject: [PATCH] Rapid reset scaffold remediation

Signed-off-by: Catherine Chan-Tse <cchantse@redhat.com>
---
 internal/flags/flags.go | 55 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/internal/flags/flags.go b/internal/flags/flags.go
index cc374cf..99b4799 100644
--- a/internal/flags/flags.go
+++ b/internal/flags/flags.go
@@ -14,7 +14,62 @@
 
 package flags
 
+import (
+	"crypto/tls"
+
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
 // global command-line flags
 const (
 	VerboseOpt = "verbose"
 )
+
+// Flags - Options to be used by a helm operator
+type Flags struct {
+	EnableHTTP2             bool
+	SecureMetrics           bool
+}
+
+// AddTo - Add the ansible operator flags to the the flagset
+func (f *Flags) AddTo(flagSet *pflag.FlagSet) {
+	// Store flagset internally to be used for lookups later.
+	f.flagSet = flagSet
+
+	flagSet.BoolVar(&f.EnableHTTP2,
+		"enable-http2",
+		false,
+		"enables HTTP/2 on the webhook and metrics servers",
+	)
+
+	flagSet.BoolVar(&f.SecureMetrics,
+		"metrics-secure",
+		false,
+		"enables secure serving of the metrics endpoint",
+	)
+}
+
+// ToManagerOptions uses the flag set in f to configure options.
+// Values of options take precedence over flag defaults,
+// as values are assume to have been explicitly set.
+func (f *Flags) ToManagerOptions(options manager.Options) manager.Options {
+	// Alias FlagSet.Changed so options are still updated when fields are empty.
+	changed := func(flagName string) bool {
+		return f.flagSet.Changed(flagName)
+	}
+	if f.flagSet == nil {
+		changed = func(flagName string) bool { return false }
+	}
+
+	disableHTTP2 := func(c *tls.Config) {
+		c.NextProtos = []string{"http/1.1"}
+	}
+	if !f.EnableHTTP2 {
+		options.WebhookServer = webhook.NewServer(webhook.Options{
+			TLSOpts: []func(*tls.Config){disableHTTP2},
+		})
+		options.Metrics.TLSOpts = append(options.Metrics.TLSOpts, disableHTTP2)
+	}
+	options.Metrics.SecureServing = f.SecureMetrics
+	return options
+}