Rapid reset scaffold remediation

oceanc80 · oceanc80 · commit f170762140a1 · 2024-01-22T15:54:24.000-05:00
Signed-off-by: Catherine Chan-Tse &lt;cchantse@redhat.com&gt;
diff --git a/internal/flags/flags.go b/internal/flags/flags.go
@@ -14,7 +14,62 @@
 
 package flags
 
+import (
+	"crypto/tls"
+
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
 // global command-line flags
 const (
 	VerboseOpt = "verbose"
 )
+
+// Flags - Options to be used by a helm operator
+type Flags struct {
+	EnableHTTP2             bool
+	SecureMetrics           bool
+}
+
+// AddTo - Add the ansible operator flags to the the flagset
+func (f *Flags) AddTo(flagSet *pflag.FlagSet) {
+	// Store flagset internally to be used for lookups later.
+	f.flagSet = flagSet
+
+	flagSet.BoolVar(&f.EnableHTTP2,
+		"enable-http2",
+		false,
+		"enables HTTP/2 on the webhook and metrics servers",
+	)
+
+	flagSet.BoolVar(&f.SecureMetrics,
+		"metrics-secure",
+		false,
+		"enables secure serving of the metrics endpoint",
+	)
+}
+
+// ToManagerOptions uses the flag set in f to configure options.
+// Values of options take precedence over flag defaults,
+// as values are assume to have been explicitly set.
+func (f *Flags) ToManagerOptions(options manager.Options) manager.Options {
+	// Alias FlagSet.Changed so options are still updated when fields are empty.
+	changed := func(flagName string) bool {
+		return f.flagSet.Changed(flagName)
+	}
+	if f.flagSet == nil {
+		changed = func(flagName string) bool { return false }
+	}
+
+	disableHTTP2 := func(c *tls.Config) {
+		c.NextProtos = []string{"http/1.1"}
+	}
+	if !f.EnableHTTP2 {
+		options.WebhookServer = webhook.NewServer(webhook.Options{
+			TLSOpts: []func(*tls.Config){disableHTTP2},
+		})
+		options.Metrics.TLSOpts = append(options.Metrics.TLSOpts, disableHTTP2)
+	}
+	options.Metrics.SecureServing = f.SecureMetrics
+	return options
+}
