From c817ee3024794dac896333703b77c0161e5c8c2d Mon Sep 17 00:00:00 2001
From: Varsha Prasad Narsing <varshaprasad96@gmail.com>
Date: Tue, 11 Jun 2024 00:25:57 -0700
Subject: [PATCH] Add annotation to set insecureSkipTLSVerify

Signed-off-by: Varsha Prasad Narsing <varshaprasad96@gmail.com>
---
 .../controllers/clusterextension_controller.go  | 17 ++++++++++++++++-
 test/e2e/cluster_extension_install_test.go      |  3 +++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go
index e0a1e9a2..e298fc66 100644
--- a/internal/controllers/clusterextension_controller.go
+++ b/internal/controllers/clusterextension_controller.go
@@ -97,6 +97,10 @@ type InstalledBundleGetter interface {
 	GetInstalledBundle(ctx context.Context, acg helmclient.ActionClientGetter, allBundles []*catalogmetadata.Bundle, ext *ocv1alpha1.ClusterExtension) (*catalogmetadata.Bundle, error)
 }
 
+const (
+	bundleConnectionAnnotation string = "bundle.connection.config/insecureSkipTLSVerify"
+)
+
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update
@@ -532,13 +536,24 @@ func (r *ClusterExtensionReconciler) generateBundleDeploymentForUnpack(bundlePat
 				Type: rukpakv1alpha2.SourceTypeImage,
 				Image: &rukpakv1alpha2.ImageSource{
 					Ref:                   bundlePath,
-					InsecureSkipTLSVerify: true,
+					InsecureSkipTLSVerify: isInsecureSkipTLSVerifySet(ce),
 				},
 			},
 		},
 	}
 }
 
+func isInsecureSkipTLSVerifySet(ce *ocv1alpha1.ClusterExtension) bool {
+	if ce == nil {
+		return false
+	}
+	value, ok := ce.Annotations[bundleConnectionAnnotation]
+	if !ok {
+		return false
+	}
+	return value == "true"
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *ClusterExtensionReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	controller, err := ctrl.NewControllerManagedBy(mgr).
diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go
index 470048d4..2042190a 100644
--- a/test/e2e/cluster_extension_install_test.go
+++ b/test/e2e/cluster_extension_install_test.go
@@ -45,6 +45,9 @@ func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.Catalog) {
 	clusterExtension := &ocv1alpha1.ClusterExtension{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: clusterExtensionName,
+			Annotations: map[string]string{
+				"bundle.connection.config/insecureSkipTLSVerify": "true",
+			},
 		},
 	}
 	return clusterExtension, extensionCatalog