From 4da44568594548d1bbdcb1edf6b287d3547f05d9 Mon Sep 17 00:00:00 2001
From: Nahshon Unna-Tsameret <nunnatsa@redhat.com>
Date: Mon, 19 Aug 2024 08:58:40 +0300
Subject: [PATCH] convert openshift TLSSecurityProfile to the CDI type

CDI new API redefined the TLSSecurityProfile type, originally from
openshift. These two types are identicle, but each sub-type is
redefined, and so each field requires castings.

Signed-off-by: Nahshon Unna-Tsameret <nunnatsa@redhat.com>
---
 .../hyperconverged_controller_test.go         | 24 +++++++++++++++++--
 controllers/operands/cdi.go                   | 23 +++++++++++++++++-
 controllers/operands/cdi_test.go              |  8 +++----
 3 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/controllers/hyperconverged/hyperconverged_controller_test.go b/controllers/hyperconverged/hyperconverged_controller_test.go
index e53464f2f7..1b37fdb7cf 100644
--- a/controllers/hyperconverged/hyperconverged_controller_test.go
+++ b/controllers/hyperconverged/hyperconverged_controller_test.go
@@ -1193,7 +1193,7 @@ var _ = Describe("HyperconvergedController", func() {
 							cdi),
 					).To(Succeed())
 
-					Expect(cdi.Spec.Config.TLSSecurityProfile).To(Equal(initialTLSSecurityProfile))
+					Expect(cdi.Spec.Config.TLSSecurityProfile).To(Equal(openshift2CdiSecProfile(initialTLSSecurityProfile)))
 
 				})
 				By("Verify that CNA was properly configured with initialTLSSecurityProfile", func() {
@@ -1265,7 +1265,7 @@ var _ = Describe("HyperconvergedController", func() {
 							cdi),
 					).To(Succeed())
 
-					Expect(cdi.Spec.Config.TLSSecurityProfile).To(Equal(customTLSSecurityProfile))
+					Expect(cdi.Spec.Config.TLSSecurityProfile).To(Equal(openshift2CdiSecProfile(customTLSSecurityProfile)))
 
 				})
 				By("Verify that CNA was properly updated with customTLSSecurityProfile", func() {
@@ -3911,3 +3911,23 @@ func searchInRelatedObjects(relatedObjects []corev1.ObjectReference, kind, name
 	}
 	return false
 }
+
+func openshift2CdiSecProfile(hcProfile *openshiftconfigv1.TLSSecurityProfile) *cdiv1beta1.TLSSecurityProfile {
+	var custom *cdiv1beta1.CustomTLSProfile
+	if hcProfile.Custom != nil {
+		custom = &cdiv1beta1.CustomTLSProfile{
+			TLSProfileSpec: cdiv1beta1.TLSProfileSpec{
+				Ciphers:       hcProfile.Custom.TLSProfileSpec.Ciphers,
+				MinTLSVersion: cdiv1beta1.TLSProtocolVersion(hcProfile.Custom.TLSProfileSpec.MinTLSVersion),
+			},
+		}
+	}
+
+	return &cdiv1beta1.TLSSecurityProfile{
+		Type:         cdiv1beta1.TLSProfileType(hcProfile.Type),
+		Old:          (*cdiv1beta1.OldTLSProfile)(hcProfile.Old),
+		Intermediate: (*cdiv1beta1.IntermediateTLSProfile)(hcProfile.Intermediate),
+		Modern:       (*cdiv1beta1.ModernTLSProfile)(hcProfile.Modern),
+		Custom:       custom,
+	}
+}
diff --git a/controllers/operands/cdi.go b/controllers/operands/cdi.go
index 4dcc85c594..88492ee7e3 100644
--- a/controllers/operands/cdi.go
+++ b/controllers/operands/cdi.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"reflect"
 
+	openshiftconfigv1 "github.com/openshift/api/config/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -104,7 +105,7 @@ func NewCDI(hc *hcov1beta1.HyperConverged, opts ...string) (*cdiv1beta1.CDI, err
 		UninstallStrategy: &uninstallStrategy,
 		Config: &cdiv1beta1.CDIConfigSpec{
 			FeatureGates:       getDefaultFeatureGates(),
-			TLSSecurityProfile: hcoutil.GetClusterInfo().GetTLSSecurityProfile(hc.Spec.TLSSecurityProfile),
+			TLSSecurityProfile: openshift2CdiSecProfile(hcoutil.GetClusterInfo().GetTLSSecurityProfile(hc.Spec.TLSSecurityProfile)),
 		},
 		CertConfig: &cdiv1beta1.CDICertConfig{
 			CA: &cdiv1beta1.CertConfig{
@@ -169,3 +170,23 @@ func NewCDIWithNameOnly(hc *hcov1beta1.HyperConverged, opts ...string) *cdiv1bet
 		},
 	}
 }
+
+func openshift2CdiSecProfile(hcProfile *openshiftconfigv1.TLSSecurityProfile) *cdiv1beta1.TLSSecurityProfile {
+	var custom *cdiv1beta1.CustomTLSProfile
+	if hcProfile.Custom != nil {
+		custom = &cdiv1beta1.CustomTLSProfile{
+			TLSProfileSpec: cdiv1beta1.TLSProfileSpec{
+				Ciphers:       hcProfile.Custom.TLSProfileSpec.Ciphers,
+				MinTLSVersion: cdiv1beta1.TLSProtocolVersion(hcProfile.Custom.TLSProfileSpec.MinTLSVersion),
+			},
+		}
+	}
+
+	return &cdiv1beta1.TLSSecurityProfile{
+		Type:         cdiv1beta1.TLSProfileType(hcProfile.Type),
+		Old:          (*cdiv1beta1.OldTLSProfile)(hcProfile.Old),
+		Intermediate: (*cdiv1beta1.IntermediateTLSProfile)(hcProfile.Intermediate),
+		Modern:       (*cdiv1beta1.ModernTLSProfile)(hcProfile.Modern),
+		Custom:       custom,
+	}
+}
diff --git a/controllers/operands/cdi_test.go b/controllers/operands/cdi_test.go
index 95dee86c2b..b572daf157 100644
--- a/controllers/operands/cdi_test.go
+++ b/controllers/operands/cdi_test.go
@@ -1323,7 +1323,7 @@ var _ = Describe("CDI Operand", func() {
 			It("should modify TLSSecurityProfile on CDI CR according to ApiServer or HCO CR", func() {
 				existingResource, err := NewCDI(hco)
 				Expect(err).ToNot(HaveOccurred())
-				Expect(existingResource.Spec.Config.TLSSecurityProfile).To(Equal(intermediateTLSSecurityProfile))
+				Expect(existingResource.Spec.Config.TLSSecurityProfile).To(Equal(openshift2CdiSecProfile(intermediateTLSSecurityProfile)))
 
 				// now, modify HCO's TLSSecurityProfile
 				hco.Spec.TLSSecurityProfile = modernTLSSecurityProfile
@@ -1342,7 +1342,7 @@ var _ = Describe("CDI Operand", func() {
 						foundResource),
 				).ToNot(HaveOccurred())
 
-				Expect(foundResource.Spec.Config.TLSSecurityProfile).To(Equal(modernTLSSecurityProfile))
+				Expect(foundResource.Spec.Config.TLSSecurityProfile).To(Equal(openshift2CdiSecProfile(modernTLSSecurityProfile)))
 
 				Expect(req.Conditions).To(BeEmpty())
 			})
@@ -1356,7 +1356,7 @@ var _ = Describe("CDI Operand", func() {
 				req.HCOTriggered = false
 
 				// now, modify CDI node placement
-				existingResource.Spec.Config.TLSSecurityProfile = modernTLSSecurityProfile
+				existingResource.Spec.Config.TLSSecurityProfile = openshift2CdiSecProfile(modernTLSSecurityProfile)
 
 				cl := commontestutils.InitClient([]client.Object{hco, existingResource})
 				handler := (*genericOperand)(newCdiHandler(cl, commontestutils.GetScheme()))
@@ -1373,7 +1373,7 @@ var _ = Describe("CDI Operand", func() {
 						foundResource),
 				).ToNot(HaveOccurred())
 
-				Expect(foundResource.Spec.Config.TLSSecurityProfile).To(Equal(hco.Spec.TLSSecurityProfile))
+				Expect(foundResource.Spec.Config.TLSSecurityProfile).To(Equal(openshift2CdiSecProfile(hco.Spec.TLSSecurityProfile)))
 				Expect(foundResource.Spec.Config.TLSSecurityProfile).ToNot(Equal(existingResource.Spec.Config.TLSSecurityProfile))
 
 				Expect(req.Conditions).To(BeEmpty())