ACM-30179: Use TLS configuration from the APIServer when available by giladravid16 · Pull Request #801 · openshift/image-based-install-operator

giladravid16 · 2026-04-19T15:22:12Z

OCP 4.22 indroduces a new feature in the APIServer for configuring TLS configuration, and we want our components to also use the same TLS configuration that is defined in the APIServer.

When starting a components we will attempt to get the APIServer and check its TLSAdherencePolicy (decides whether we should apply the TLS configuration) and TLSProfileSpec (the actual TLS configuration).
For our operator we also add a controller called SecurityProfileWatcher (provided by openshift/controller-runtime-common) in order to force a restart when these values change.
For our server we implement a similar behavior ourselves.

This also required updating a lot of packages including the client-go which further required setting the environment variable KUBE_FEATURE_WatchListClient to false on the operator in order to fix a known bug where controllers don't start due to a cache sync issue.

Summary by CodeRabbit

New Features
- TLS‑protected metrics endpoint exposed on port 8080 via a new Service
- Metrics and webhook servers now use cluster-derived TLS and will restart automatically when cluster TLS/profile changes
Chores
- Operator RBAC expanded to support token reviews, subject access reviews, and API server read access
- Dependency upgrades and maintenance across the project

openshift-ci-robot · 2026-04-19T15:22:16Z

@giladravid16: This pull request references ACM-30179 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-04-19T15:22:28Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

Walkthrough

Adds cluster-driven TLS resolution and applies it to metrics and webhook secure serving, introduces a watcher that cancels and restarts the process on APIServer TLS/profile changes, mounts metrics serving certs and exposes metrics via a Service, expands RBAC for token/subjectaccess reviews and apiserver reads, and updates dependencies.

Changes

Cohort / File(s)	Summary
TLS config package `internal/tlsconfig/tlsconfig.go`	New package exporting `TLSConfigResult` and `ResolveTLSConfig(ctx, restConfig)` to fetch APIServer TLS adherence and TLSProfile spec, derive a TLS mutator, and return fetched/fallback metadata.
Manager binary & Deployment manifest `cmd/manager/main.go`, `config/manager/manager.yaml`	Manager startup now resolves cluster TLS, uses a cancellable context, wires TLS into metrics and webhook secure serving (cert dir `/metrics-certs`), registers a SecurityProfileWatcher that cancels on TLS/profile change, sets `KUBE_FEATURE_WatchListClient="false"`, and mounts secret `ibi-metrics-serving-certs`.
Server binary `cmd/server/main.go`	Server resolves TLS when HTTPS creds are provided, installs zap logging flags, watches `configv1.APIServer` for TLS/profile changes, and performs graceful shutdown (30s timeout) on OS signal or watcher-triggered change.
Metrics Service manifests `bundle/manifests/image-based-install-metrics_v1_service.yaml`, `config/manager/manager.yaml`	Adds `Service` `image-based-install-metrics` exposing TCP `8080`, annotated `service.beta.openshift.io/serving-cert-secret-name: ibi-metrics-serving-certs`, selecting `app: image-based-install-operator`.
CSV / Deployment updates `bundle/manifests/image-based-install-operator.clusterserviceversion.yaml`	Updates CSV `createdAt`; expands `clusterPermissions` to include `tokenreviews`, `subjectaccessreviews`, and `apiservers`; adds `metrics-certs` secret volume and mounts it into the manager container at `/metrics-certs`.
RBAC & kubebuilder markers `config/rbac/role.yaml`, `controllers/imageclusterinstall_controller.go`	Adds ClusterRole rules for `authentication.k8s.io: tokenreviews (create)`, `authorization.k8s.io: subjectaccessreviews (create)`, and `config.openshift.io: apiservers (get,list,watch)`; adds corresponding kubebuilder markers.
Dependencies `go.mod`	Large dependency upgrades: Kubernetes/controller-runtime, OpenShift modules, OpenTelemetry, and many transitive updates; updated `replace` directives for OpenShift client and assisted-service modules. Review build implications.
Minor manifest/markup other YAMLs and small import edit	Small manifest additions/annotations and a blank-line import cleanup in controller file.

Sequence Diagram(s)

sequenceDiagram
    actor Operator
    participant Manager as "Manager"
    participant TLS as "TLS Resolver"
    participant API as "Kubernetes API (config.openshift.io)"
    participant Watcher as "SecurityProfileWatcher"

    Operator->>Manager: start (create cancellable ctx)
    Manager->>TLS: ResolveTLSConfig(ctx, restConfig)
    TLS->>API: GET TLSAdherencePolicy
    TLS->>API: GET TLSProfileSpec
    API-->>TLS: return policy & profile
    TLS->>TLS: build TLS mutator (cluster or default)
    TLS-->>Manager: TLSConfigResult (mutator + metadata)
    Manager->>Manager: configure secure serving (metrics/webhook TLS, CertDir=/metrics-certs)
    Manager->>Watcher: register APIServer watcher
    Watcher->>API: watch APIServer
    API-->>Watcher: Modified event (adherence/profile)
    rect rgba(255, 100, 100, 0.5)
    Watcher->>Manager: request graceful shutdown (cancel)
    end

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective of the PR: adopting TLS configuration from the APIServer when available, which aligns with the substantive changes across manifests, Go code, and RBAC configurations.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains no test file modifications; all existing Ginkgo test names use stable, descriptive strings without dynamic content.
Test Structure And Quality	✅ Passed	This PR modifies production code but does not add or modify any Ginkgo test files, making this test quality check not applicable.
Microshift Test Compatibility	✅ Passed	New Ginkgo tests are unit tests using fake/mock clients, not e2e tests. Unit tests don't interact with real clusters and don't require MicroShift compatibility checks.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not introduce any new Ginkgo e2e tests. The new internal/tlsconfig/tlsconfig.go file is a library providing TLS configuration resolution functionality, not a test file.
Topology-Aware Scheduling Compatibility	✅ Passed	PR introduces TLS configuration, dependencies, RBAC changes, and metrics service without topology-incompatible scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	PR modifications use controller-runtime logr.Logger backed by zap loggers writing to stderr. No direct stdout writes or Print statements detected in main-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This pull request does not add any new Ginkgo e2e tests. The PR modifies infrastructure code including TLS configuration, Kubernetes manifests, RBAC rules, and dependencies, but does not introduce any test files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-04-19T15:23:01Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giladravid16

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [giladravid16]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Actionable comments posted: 4

🧹 Nitpick comments (2)

internal/tlsconfig/tlsconfig.go (1)

38-48: Consider logging at Info level when defaulting TLS settings.

When the TLS adherence policy or profile cannot be fetched, the code logs at Error level but continues with defaults. Since this is expected behavior during startup (before APIServer is readable), consider using Info or Warning level instead to avoid alarming operators.

♻️ Suggested change

 	tlsAdherencePolicy, err := crtls.FetchAPIServerTLSAdherencePolicy(ctx, k8sClient)
 	if err != nil {
-		log.Error(err, "unable to get TLS adherence policy from API server; defaulting until APIServer is readable")
+		log.Info("unable to get TLS adherence policy from API server; defaulting until APIServer is readable", "error", err)
 		tlsAdherencePolicy = ""
 	}

 	tlsProfileSpec, err := crtls.FetchAPIServerTLSProfile(ctx, k8sClient)
 	if err != nil {
-		log.Error(err, "unable to get TLS profile from API server; defaulting until APIServer is readable")
+		log.Info("unable to get TLS profile from API server; defaulting until APIServer is readable", "error", err)
 		tlsProfileSpec = configv1.TLSProfileSpec{}
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/tlsconfig/tlsconfig.go` around lines 38 - 48, The current error logs
inside FetchAPIServerTLSAdherencePolicy and FetchAPIServerTLSProfile error
branches use log.Error while the code then defaults and continues; change those
calls (the log.Error invocations referencing tlsAdherencePolicy and
tlsProfileSpec in internal/tlsconfig/tlsconfig.go) to a non-error level such as
log.Info or log.Warn to reflect expected startup behavior—update the two places
where FetchAPIServerTLSAdherencePolicy and FetchAPIServerTLSProfile errors are
handled to call log.Info/log.Warn with the same message and error context
instead of log.Error.

cmd/manager/main.go (1)

105-113: Consider using the cancellable context for TLS resolution.

Line 109 uses context.Background() instead of ctx. If this is intentional to ensure TLS setup completes regardless of signals, consider adding an explicit timeout to prevent potential indefinite blocking if there are network issues reaching the API server.
💡 Suggested alternative with timeout
-	tlsResult, err := tlsconfig.ResolveTLSConfig(context.Background(), restCfg)
+	tlsCtx, tlsCancel := context.WithTimeout(ctx, 30*time.Second)
+	defer tlsCancel()
+	tlsResult, err := tlsconfig.ResolveTLSConfig(tlsCtx, restCfg)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@cmd/manager/main.go` around lines 105 - 113, The TLS resolution is using
context.Background() which ignores the cancellable signal context (ctx) — change
the call to use the existing ctx or a derived context with a timeout so TLS
resolution honors cancellation and cannot block indefinitely; specifically
update the call to tlsconfig.ResolveTLSConfig to pass ctx (or
context.WithTimeout(ctx, <reasonable duration>) and use that cancel) while still
using restCfg, and ensure you call the derived cancel when done and handle err
as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/server/main.go`:
- Around line 125-151: The watch loop using for event := range w.ResultChan()
currently stops silently when the watch channel closes; change it to an explicit
receive (event, ok := <-w.ResultChan()) and when ok is false log a warning/info
that the watch closed and re-establish the watch (recreate/assign w by calling
the same watch-creation logic used earlier, with a small backoff/retry) so TLS
change monitoring resumes; ensure the retry replaces the w variable used by the
loop and preserves existing handling of current, crtls.GetTLSProfileSpec and
equality.Semantic.DeepEqual checks.
- Around line 116-122: In watchAndExitOnTLSChange, the call to
configClient.ConfigV1().APIServers().Watch(...) can fail silently; update the
error path to log the failure before returning by using the provided log
(*logrus.Logger) — e.g., call log.WithError(err).Error("failed to establish
watch for APIServers") or similar — referencing the existing function name
watchAndExitOnTLSChange and the Watch invocation so the failure is recorded for
operators and debugging.

In `@go.mod`:
- Line 265: The dependency go.opentelemetry.io/otel/sdk is pinned to v1.39.0
which has a PATH hijacking vulnerability; update the module version to v1.40.0
or later in go.mod (replace the v1.39.0 entry for go.opentelemetry.io/otel/sdk),
then run the Go tooling (go get with the chosen version and go mod tidy) to
ensure the newer version is fetched and the module graph is clean; after
updating, run your test suite or build to verify nothing breaks.
- Line 288: Update the grpc dependency to a fixed version to remediate the
GHSA-p77j-4mvh-x3m3 vulnerability: change the google.golang.org/grpc module
referenced in go.mod to v1.79.3 or later (prefer v1.80.0) and then refresh your
modules with the Go toolchain (e.g., use go get/update and go mod tidy) so the
new version is recorded and vendored; verify compilation and run tests that
exercise HTTP/2 handlers to confirm no regressions.

---

Nitpick comments:
In `@cmd/manager/main.go`:
- Around line 105-113: The TLS resolution is using context.Background() which
ignores the cancellable signal context (ctx) — change the call to use the
existing ctx or a derived context with a timeout so TLS resolution honors
cancellation and cannot block indefinitely; specifically update the call to
tlsconfig.ResolveTLSConfig to pass ctx (or context.WithTimeout(ctx, <reasonable
duration>) and use that cancel) while still using restCfg, and ensure you call
the derived cancel when done and handle err as before.

In `@internal/tlsconfig/tlsconfig.go`:
- Around line 38-48: The current error logs inside
FetchAPIServerTLSAdherencePolicy and FetchAPIServerTLSProfile error branches use
log.Error while the code then defaults and continues; change those calls (the
log.Error invocations referencing tlsAdherencePolicy and tlsProfileSpec in
internal/tlsconfig/tlsconfig.go) to a non-error level such as log.Info or
log.Warn to reflect expected startup behavior—update the two places where
FetchAPIServerTLSAdherencePolicy and FetchAPIServerTLSProfile errors are handled
to call log.Info/log.Warn with the same message and error context instead of
log.Error.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1ca3bcd2-7d09-4248-a937-c41822e2c4e7

📥 Commits

Reviewing files that changed from the base of the PR and between 99a951c and b97a361.

⛔ Files ignored due to path filters (291)

go.sum is excluded by !**/*.sum
vendor/github.com/AlecAivazis/survey/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/confirm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/template.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/input.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/multiselect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/password.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/renderer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/select.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/survey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/output.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/transform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/to.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/char_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/comparators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/configuration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_strategy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/file_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/input_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/int_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/interval_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/jcollect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/ll1_analyzer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex_nomutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/nostatistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/recognizer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/semantic_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/statistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/stats_data.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_source.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tokenstream_rewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trace_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/transition.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trees.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeletePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentityConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfileConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroupConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControlConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKeyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCachePolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCloudFrontOriginAccessIdentities.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListConflictingAliases.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListContinuousDeploymentPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByCachePolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByOriginRequestPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByResponseHeadersPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByWebACLId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionProfiles.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFunctions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListInvalidations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyGroups.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyValueStores.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginAccessControls.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginRequestPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListPublicKeys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListRealtimeLogConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListResponseHeadersPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListStreamingDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListTagsForResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_PublishFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TestFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UntagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistributionWithStagingConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/deserializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/generated.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/serializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/enums.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/validators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptAddressTransfer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptCapacityReservationBillingOwnership.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptReservedInstancesExchangeQuote.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayMulticastDomainAssociations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayPeeringAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayVpcAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcEndpointConnections.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcPeeringConnection.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AdvertiseByoipCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateHosts.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ApplySecurityGroupsToClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignIpv6Addresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateIpAddresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateCapacityReservationBillingOwner.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateEnclaveCertificateIamRole.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIamInstanceProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamByoasn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamResourceDiscovery.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateRouteServer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateRouteTable.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateSecurityGroupVpc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateSubnetCidrBlock.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayMulticastDomain.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

bundle/manifests/image-based-install-metrics_v1_service.yaml
bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
cmd/manager/main.go
cmd/server/main.go
config/manager/manager.yaml
config/rbac/role.yaml
controllers/imageclusterinstall_controller.go
go.mod
internal/tlsconfig/tlsconfig.go

coderabbitai

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Around line 28-32: The replace directive forcing
sigs.k8s.io/controller-runtime to v0.19.3 conflicts with the declared dependency
sigs.k8s.io/controller-runtime v0.23.3 and causes TLS/logger call sites (e.g.,
in cmd/manager/main.go TLS-related calls and logger setup in both managers) to
be built against the older API; update or remove the replace directive so
controller-runtime resolves to v0.23.3 (i.e., change the replace from v0.19.3 to
v0.23.3 or delete the replace if not needed) and then run `go mod tidy` to
ensure the dependency graph is consistent.

In `@internal/tlsconfig/tlsconfig.go`:
- Around line 44-64: When FetchAPIServerTLSProfile fails you currently assign a
zero-value tlsProfileSpec which leads to empty ciphers; instead assign the
actual default profile: set tlsProfileSpec =
*configv1.TLSProfiles[libgocrypto.DefaultTLSProfileType] so later calls to
crtls.NewTLSConfigFromProfile(tlsProfileSpec) produce the expected default
ciphers. Update the error branch that handles FetchAPIServerTLSProfile; keep the
existing logging and ensure references to tlsProfileSpec,
FetchAPIServerTLSProfile, ShouldHonorClusterTLSProfile, NewTLSConfigFromProfile,
configv1.TLSProfiles and libgocrypto.DefaultTLSProfileType are used to locate
and change the assignment.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 74cd2db7-97ea-495c-92a0-bd6ac54265b3

📥 Commits

Reviewing files that changed from the base of the PR and between b97a361 and 410f70c.

⛔ Files ignored due to path filters (291)

go.sum is excluded by !**/*.sum
vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**, !vendor/**
vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/confirm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/template.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/input.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/multiselect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/password.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/renderer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/select.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/survey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/output.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/transform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/to.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/char_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/comparators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/configuration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_strategy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/file_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/input_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/int_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/interval_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/jcollect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/ll1_analyzer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex_nomutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/nostatistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/recognizer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/semantic_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/statistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/stats_data.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_source.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tokenstream_rewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trace_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/transition.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trees.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeletePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentityConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfileConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroupConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControlConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKeyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCachePolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCloudFrontOriginAccessIdentities.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListConflictingAliases.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListContinuousDeploymentPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByCachePolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByOriginRequestPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByResponseHeadersPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByWebACLId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionProfiles.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFunctions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListInvalidations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyGroups.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyValueStores.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginAccessControls.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginRequestPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListPublicKeys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListRealtimeLogConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListResponseHeadersPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListStreamingDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListTagsForResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_PublishFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TestFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UntagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistributionWithStagingConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/deserializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/generated.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/serializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/enums.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/validators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptAddressTransfer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptCapacityReservationBillingOwnership.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptReservedInstancesExchangeQuote.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayMulticastDomainAssociations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayPeeringAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayVpcAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcEndpointConnections.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcPeeringConnection.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AdvertiseByoipCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateHosts.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ApplySecurityGroupsToClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignIpv6Addresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateIpAddresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateCapacityReservationBillingOwner.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateEnclaveCertificateIamRole.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIamInstanceProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamByoasn.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

bundle/manifests/image-based-install-metrics_v1_service.yaml
bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
cmd/manager/main.go
cmd/server/main.go
config/manager/manager.yaml
config/rbac/role.yaml
controllers/imageclusterinstall_controller.go
go.mod
internal/tlsconfig/tlsconfig.go

✅ Files skipped from review due to trivial changes (2)

config/rbac/role.yaml
bundle/manifests/image-based-install-metrics_v1_service.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

controllers/imageclusterinstall_controller.go
bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
cmd/manager/main.go

coderabbitai · 2026-04-20T07:53:56Z

+	k8s.io/api v0.35.2
+	k8s.io/apimachinery v0.35.2
+	k8s.io/client-go v0.35.2
+	k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2
+	sigs.k8s.io/controller-runtime v0.23.3


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail printf 'controller-runtime entries in go.mod:\n' rg -n 'sigs\.k8s\.io/controller-runtime' go.mod printf '\nKubernetes dependency versions in go.mod:\n' rg -n 'k8s\.io/(api|apimachinery|client-go)\s+v' go.mod printf '\ncontroller-runtime-dependent call sites introduced in the codebase:\n' rg -n 'TLSOpts|SetLogger|UseFlagOptions|GetConfigOrDie' cmd internal

Repository: openshift/image-based-install-operator

Length of output: 871

Align the controller-runtime replace directive with the version required in the dependency tree.

Lines 28–30 and line 32 update the Kubernetes stack to v0.35.2 and require sigs.k8s.io/controller-runtime v0.23.3. However, line 327 replaces controller-runtime with v0.19.3, which means the TLS-related call sites introduced in cmd/manager/main.go (lines 122, 130) and the logger setup in both managers are built against the older version. This version mismatch can cause API or behavior incompatibilities. Update the replace directive to match v0.23.3 or remove it if no longer necessary.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@go.mod` around lines 28 - 32, The replace directive forcing sigs.k8s.io/controller-runtime to v0.19.3 conflicts with the declared dependency sigs.k8s.io/controller-runtime v0.23.3 and causes TLS/logger call sites (e.g., in cmd/manager/main.go TLS-related calls and logger setup in both managers) to be built against the older API; update or remove the replace directive so controller-runtime resolves to v0.23.3 (i.e., change the replace from v0.19.3 to v0.23.3 or delete the replace if not needed) and then run `go mod tidy` to ensure the dependency graph is consistent.

giladravid16 · 2026-04-20T12:18:46Z

/retest-required

giladravid16 · 2026-04-20T13:36:16Z

/retest-required

giladravid16 · 2026-04-20T14:44:41Z

/retest-required

giladravid16 · 2026-04-20T15:04:55Z

/cc @carbonin

carbonin

For my own curiosity, could you include something (even just a reference) about exactly what this changes? What do TLSAdherencePolicy and TLSProfileSpec actually indicate? Why would someone want to use them?

Also given that we're using service serving certificates to actually generate the certs, wouldn't whatever cluster operator (network operator?) is generating those already create certs that comply with whatever policy is required?

carbonin · 2026-04-22T14:28:14Z

+apiVersion: v1
+kind: Service
+metadata:
+  name: image-based-install-metrics


If we didn't even have a metrics service before can we just stop serving metrics rather than working to expose a TLS endpoint that we don't care about?

Right now we don't create a service for metrics, but it's exposted via http. Users can create a service for it right now if they wanted to. Do you prefer disabling it? Or leaving it as http?

rccrdpccl · 2026-04-23T07:54:44Z

@giladravid16 in general it would be great if huge PRs as this one would split the vendor change into a separate commit, so that we can be easily review the actual change

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (1)

internal/tlsconfig/tlsconfig.go (1)
44-48: ⚠️ Potential issue | 🟠 Major

Fallback to empty TLSProfileSpec{} can lead to unexpected behavior.

When FetchAPIServerTLSProfile fails, the code assigns an empty configv1.TLSProfileSpec{}. If the adherence policy was successfully fetched and indicates the cluster profile should be honored, NewTLSConfigFromProfile receives this empty spec, potentially resulting in missing cipher configuration.

Additionally, the returned TLSConfigResult.TLSProfileSpec will be empty, which misrepresents the actual configuration in use to callers (like the watcher).

Consider using the default profile as the fallback:
🛡️ Proposed fix to use the actual default profile on fetch failure
 tlsProfileSpec, err := crtls.FetchAPIServerTLSProfile(ctx, k8sClient)
 if err != nil {
   log.Error(err, "unable to get TLS profile from API server; defaulting until APIServer is readable")
-  tlsProfileSpec = configv1.TLSProfileSpec{}
+  tlsProfileSpec = *configv1.TLSProfiles[libgocrypto.DefaultTLSProfileType]
 }
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@internal/tlsconfig/tlsconfig.go` around lines 44 - 48, The current failure
path assigns an empty configv1.TLSProfileSpec{} when
crtls.FetchAPIServerTLSProfile(ctx, k8sClient) errors, which can pass an empty
spec into NewTLSConfigFromProfile and return an inaccurate
TLSConfigResult.TLSProfileSpec; change the fallback to use the real default TLS
profile instead of an empty struct (e.g., obtain the cluster default profile
value and assign that to tlsProfileSpec on error), ensure
NewTLSConfigFromProfile is called with that default profile, and set
TLSConfigResult.TLSProfileSpec to the default so callers (watcher) see the
actual profile in use.

🧹 Nitpick comments (1)

internal/tlsconfig/tlsconfig.go (1)

52-64: Consider simplifying by removing the else branch.

The else at line 58 is stylistically unnecessary since the if block assigns to tlsConfig and doesn't return. You could assign the default first, then override in the if block, or just leave as-is since it's clear.

♻️ Optional: Simplify by assigning default first

 var tlsConfig func(*tls.Config)
+defaultTLSConfig, unsupportedCiphers := crtls.NewTLSConfigFromProfile(*configv1.TLSProfiles[libgocrypto.DefaultTLSProfileType])
+if len(unsupportedCiphers) > 0 {
+  log.Info("TLS configuration contains unsupported ciphers that will be ignored", "unsupportedCiphers", unsupportedCiphers)
+}
+tlsConfig = defaultTLSConfig

 if libgocrypto.ShouldHonorClusterTLSProfile(tlsAdherencePolicy) {
   profileTLSConfig, unsupportedCiphers := crtls.NewTLSConfigFromProfile(tlsProfileSpec)
   if len(unsupportedCiphers) > 0 {
     log.Info("TLS configuration contains unsupported ciphers that will be ignored", "unsupportedCiphers", unsupportedCiphers)
   }
   tlsConfig = profileTLSConfig
-} else {
-  defaultTLSConfig, unsupportedCiphers := crtls.NewTLSConfigFromProfile(*configv1.TLSProfiles[libgocrypto.DefaultTLSProfileType])
-  if len(unsupportedCiphers) > 0 {
-    log.Info("TLS configuration contains unsupported ciphers that will be ignored", "unsupportedCiphers", unsupportedCiphers)
-  }
-  tlsConfig = defaultTLSConfig
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/tlsconfig/tlsconfig.go` around lines 52 - 64, The current if/else in
tlsconfig.go is stylistically verbose: both branches set tlsConfig and log
identical unsupported-ciphers messages; simplify by assigning the default TLS
config first (call crtls.NewTLSConfigFromProfile with
configv1.TLSProfiles[libgocrypto.DefaultTLSProfileType] and set
tlsConfig/default logging), then call
libgocrypto.ShouldHonorClusterTLSProfile(tlsAdherencePolicy) and, if true,
create profileTLSConfig via crtls.NewTLSConfigFromProfile(tlsProfileSpec), log
unsupportedCiphers if any, and override tlsConfig with profileTLSConfig; this
removes the else branch while preserving behavior and logs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 265: The go.mod currently pins go.opentelemetry.io/otel/sdk at v1.40.0
which is affected by GHSA-hfvc-g4fc-pqhx; update the module version reference
for go.opentelemetry.io/otel/sdk to v1.43.0 and then run the module tooling
(e.g., go get go.opentelemetry.io/otel/sdk@v1.43.0 && go mod tidy) to update
go.sum and vendor files so the project uses the patched v1.43.0 release.

---

Duplicate comments:
In `@internal/tlsconfig/tlsconfig.go`:
- Around line 44-48: The current failure path assigns an empty
configv1.TLSProfileSpec{} when crtls.FetchAPIServerTLSProfile(ctx, k8sClient)
errors, which can pass an empty spec into NewTLSConfigFromProfile and return an
inaccurate TLSConfigResult.TLSProfileSpec; change the fallback to use the real
default TLS profile instead of an empty struct (e.g., obtain the cluster default
profile value and assign that to tlsProfileSpec on error), ensure
NewTLSConfigFromProfile is called with that default profile, and set
TLSConfigResult.TLSProfileSpec to the default so callers (watcher) see the
actual profile in use.

---

Nitpick comments:
In `@internal/tlsconfig/tlsconfig.go`:
- Around line 52-64: The current if/else in tlsconfig.go is stylistically
verbose: both branches set tlsConfig and log identical unsupported-ciphers
messages; simplify by assigning the default TLS config first (call
crtls.NewTLSConfigFromProfile with
configv1.TLSProfiles[libgocrypto.DefaultTLSProfileType] and set
tlsConfig/default logging), then call
libgocrypto.ShouldHonorClusterTLSProfile(tlsAdherencePolicy) and, if true,
create profileTLSConfig via crtls.NewTLSConfigFromProfile(tlsProfileSpec), log
unsupportedCiphers if any, and override tlsConfig with profileTLSConfig; this
removes the else branch while preserving behavior and logs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: cc56b407-660f-406b-a579-ac86950b031c

📥 Commits

Reviewing files that changed from the base of the PR and between 410f70c and caf8233.

⛔ Files ignored due to path filters (291)

go.sum is excluded by !**/*.sum
vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**, !vendor/**
vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/confirm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/template.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/input.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/multiselect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/password.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/renderer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/select.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/survey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/output.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/transform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/to.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/char_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/comparators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/configuration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_strategy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/file_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/input_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/int_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/interval_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/jcollect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/ll1_analyzer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex_nomutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/nostatistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/recognizer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/semantic_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/statistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/stats_data.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_source.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tokenstream_rewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trace_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/transition.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trees.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeletePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentityConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfileConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroupConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControlConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKeyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCachePolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCloudFrontOriginAccessIdentities.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListConflictingAliases.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListContinuousDeploymentPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByCachePolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByOriginRequestPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByResponseHeadersPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByWebACLId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionProfiles.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFunctions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListInvalidations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyGroups.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyValueStores.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginAccessControls.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginRequestPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListPublicKeys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListRealtimeLogConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListResponseHeadersPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListStreamingDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListTagsForResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_PublishFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TestFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UntagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistributionWithStagingConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/deserializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/generated.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/serializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/enums.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/validators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptAddressTransfer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptCapacityReservationBillingOwnership.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptReservedInstancesExchangeQuote.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayMulticastDomainAssociations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayPeeringAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayVpcAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcEndpointConnections.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcPeeringConnection.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AdvertiseByoipCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateHosts.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ApplySecurityGroupsToClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignIpv6Addresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateIpAddresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateCapacityReservationBillingOwner.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateEnclaveCertificateIamRole.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIamInstanceProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamByoasn.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

bundle/manifests/image-based-install-metrics_v1_service.yaml
bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
cmd/manager/main.go
cmd/server/main.go
config/manager/manager.yaml
config/rbac/role.yaml
controllers/imageclusterinstall_controller.go
go.mod
internal/tlsconfig/tlsconfig.go

✅ Files skipped from review due to trivial changes (4)

config/rbac/role.yaml
bundle/manifests/image-based-install-metrics_v1_service.yaml
controllers/imageclusterinstall_controller.go
cmd/manager/main.go

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (2)

cmd/server/main.go (1)
128-171: ⚠️ Potential issue | 🟠 Major

Keep the APIServer TLS watch alive across transient failures.

The watch is created once and then abandoned on Line 132 failure or after ResultChan() closes. Those are normal watch lifecycle events in Kubernetes, so one transient API server restart can disable TLS reloads for the rest of the process.

Wrap the watch in an outer retry/re-establish loop with a small backoff so monitoring resumes automatically.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@cmd/server/main.go` around lines 128 - 171, The watch in
watchAndExitOnTLSChange currently creates a single watcher and returns whenever
Watch() fails or ResultChan() closes; wrap the entire watch creation + event
loop in an outer retry loop that retries until ctx is canceled, using a small
backoff (e.g., exponential or fixed sleep) between attempts; on each iteration
call configClient.ConfigV1().APIServers().Watch(...) again, defer/stop the
watcher for that iteration, and continue processing events (including the
existing checks that compare current.TLSAdherencePolicy vs
updated.Spec.TLSAdherence, and DeepEqual on current.TLSProfileSpec vs profile) —
only return immediately on context cancellation or when
requestGracefulShutdown(requestShutdown) is invoked for policy/profile changes;
log retry attempts and failures and break out when ctx.Err() is
context.Canceled.
go.mod (1)
28-32: ⚠️ Potential issue | 🟠 Major

controller-runtime is still being forced back to v0.19.3.

Line 32 bumps sigs.k8s.io/controller-runtime to v0.23.3, but Line 327 still overrides the build to v0.19.3. That means the new TLS/controller-runtime changes are not actually being built against the version declared in this block.

Please remove that replace or bump it to the same version.
♻️ Suggested fix
-replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.19.3
+replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.23.3
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 28 - 32, The go.mod currently declares
sigs.k8s.io/controller-runtime v0.23.3 but a later replace is forcing it back to
v0.19.3; open go.mod, locate the replace directive that references
sigs.k8s.io/controller-runtime => ... v0.19.3 and either remove that replace or
update it to v0.23.3 so the declared version is actually used, then run go mod
tidy to ensure dependencies are re-resolved and vendor/sum files are updated.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/server/main.go`:
- Around line 128-145: watchAndExitOnTLSChange currently only reacts to
watch.Modified, so if initial ResolveTLSConfig fell back to defaults the first
watch.Added is skipped; fix by performing an immediate reconcile Get of the
APIServer before entering the watch loop (use
configClient.ConfigV1().APIServers().Get(ctx, "cluster", metav1.GetOptions()))
and run the same TLS-change detection logic you use for watch.Modified (or
equivalently treat watch.Added like Modified) so the process can compare the
actual cluster TLS state to the current tlsconfig.TLSConfigResult and send on
requestShutdown when needed; reference the watchAndExitOnTLSChange function and
ResolveTLSConfig behavior when implementing.

---

Duplicate comments:
In `@cmd/server/main.go`:
- Around line 128-171: The watch in watchAndExitOnTLSChange currently creates a
single watcher and returns whenever Watch() fails or ResultChan() closes; wrap
the entire watch creation + event loop in an outer retry loop that retries until
ctx is canceled, using a small backoff (e.g., exponential or fixed sleep)
between attempts; on each iteration call
configClient.ConfigV1().APIServers().Watch(...) again, defer/stop the watcher
for that iteration, and continue processing events (including the existing
checks that compare current.TLSAdherencePolicy vs updated.Spec.TLSAdherence, and
DeepEqual on current.TLSProfileSpec vs profile) — only return immediately on
context cancellation or when requestGracefulShutdown(requestShutdown) is invoked
for policy/profile changes; log retry attempts and failures and break out when
ctx.Err() is context.Canceled.

In `@go.mod`:
- Around line 28-32: The go.mod currently declares
sigs.k8s.io/controller-runtime v0.23.3 but a later replace is forcing it back to
v0.19.3; open go.mod, locate the replace directive that references
sigs.k8s.io/controller-runtime => ... v0.19.3 and either remove that replace or
update it to v0.23.3 so the declared version is actually used, then run go mod
tidy to ensure dependencies are re-resolved and vendor/sum files are updated.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: c90a6aa4-93a1-4b74-a59f-d0433da7f001

📥 Commits

Reviewing files that changed from the base of the PR and between caf8233 and f852bdf.

⛔ Files ignored due to path filters (58)

go.sum is excluded by !**/*.sum
vendor/github.com/antlr4-go/antlr/v4/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/char_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/comparators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/configuration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_strategy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/file_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/input_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/int_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/interval_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/jcollect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/ll1_analyzer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex_nomutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/nostatistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/recognizer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/semantic_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/statistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/stats_data.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_source.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tokenstream_rewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trace_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/transition.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trees.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/utils.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

bundle/manifests/image-based-install-metrics_v1_service.yaml
bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
cmd/manager/main.go
cmd/server/main.go
config/manager/manager.yaml
config/rbac/role.yaml
controllers/imageclusterinstall_controller.go
go.mod
internal/tlsconfig/tlsconfig.go

✅ Files skipped from review due to trivial changes (5)

controllers/imageclusterinstall_controller.go
bundle/manifests/image-based-install-metrics_v1_service.yaml
config/rbac/role.yaml
config/manager/manager.yaml
cmd/manager/main.go

🚧 Files skipped from review as they are similar to previous changes (1)

bundle/manifests/image-based-install-operator.clusterserviceversion.yaml

coderabbitai · 2026-04-23T13:10:31Z

+func watchAndExitOnTLSChange(ctx context.Context, log *logrus.Logger, configClient configclientset.Interface, current tlsconfig.TLSConfigResult, requestShutdown chan<- struct{}) {
+	w, err := configClient.ConfigV1().APIServers().Watch(ctx, metav1.ListOptions{
+		FieldSelector: "metadata.name=cluster",
+	})
+	if err != nil {
+		log.WithError(err).Error("failed to watch the APIServer, TLS updates will not be monitored")
+		return
+	}
+	defer w.Stop()
+
+	for event := range w.ResultChan() {
+		if event.Type != watch.Modified {
+			continue
+		}
+		updated, ok := event.Object.(*configv1.APIServer)
+		if !ok {
+			continue
+		}


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

git ls-files cmd/server/main.go

Repository: openshift/image-based-install-operator

Length of output: 100

🏁 Script executed:

git ls-files internal/tlsconfig/tlsconfig.go

Repository: openshift/image-based-install-operator

Length of output: 113

🏁 Script executed:

cat -n cmd/server/main.go | head -200 | tail -100

Repository: openshift/image-based-install-operator

Length of output: 3938

🏁 Script executed:

cat -n internal/tlsconfig/tlsconfig.go | head -100

Repository: openshift/image-based-install-operator

Length of output: 2972

Add initial reconciliation before entering the watch loop to sync with actual cluster TLS state.

ResolveTLSConfig falls back to defaults when the initial API fetch fails (lines 40-41, 46-47), but watchAndExitOnTLSChange only processes watch.Modified events (line 139). If the startup fetch defaulted and the watch subsequently succeeds, the first watch.Added event containing the actual cluster APIServer state is skipped. The server can remain on fallback defaults indefinitely until the APIServer is modified.

Perform an immediate Get("cluster") before entering the watch loop to reconcile the current state, or handle watch.Added events the same way as watch.Modified.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@cmd/server/main.go` around lines 128 - 145, watchAndExitOnTLSChange currently only reacts to watch.Modified, so if initial ResolveTLSConfig fell back to defaults the first watch.Added is skipped; fix by performing an immediate reconcile Get of the APIServer before entering the watch loop (use configClient.ConfigV1().APIServers().Get(ctx, "cluster", metav1.GetOptions())) and run the same TLS-change detection logic you use for watch.Modified (or equivalently treat watch.Added like Modified) so the process can compare the actual cluster TLS state to the current tlsconfig.TLSConfigResult and send on requestShutdown when needed; reference the watchAndExitOnTLSChange function and ResolveTLSConfig behavior when implementing.

Updating client-go required setting the environment variable KUBE_FEATURE_WatchListClient to false on the operator in order to fix a known bug where controllers don't start due to a cache sync issue.

coderabbitai

♻️ Duplicate comments (2)

cmd/server/main.go (1)
138-145: ⚠️ Potential issue | 🟡 Minor

Consider handling watch.Added events to sync with actual cluster state.

The loop only processes watch.Modified events (line 139). If ResolveTLSConfig fell back to defaults because the APIServer wasn't readable at startup, the watch will first receive a watch.Added event containing the actual cluster TLS state. Since Added is skipped, the server could remain on fallback defaults indefinitely until someone modifies the APIServer.

Consider treating watch.Added similarly to watch.Modified, or performing an initial Get before entering the watch loop.
🛡️ Proposed fix to handle Added events
 	for event := range w.ResultChan() {
-		if event.Type != watch.Modified {
+		if event.Type != watch.Modified && event.Type != watch.Added {
 			continue
 		}
 		updated, ok := event.Object.(*configv1.APIServer)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@cmd/server/main.go` around lines 138 - 145, The watch loop only handles
watch.Modified events, so initial watch.Added events (which can contain the real
APIServer TLS state) are ignored and can leave ResolveTLSConfig using fallbacks;
update the loop that reads from w.ResultChan() to treat watch.Added the same as
watch.Modified (or perform an initial GET of the APIServer object before
entering the loop) so that the APIServer object (configv1.APIServer) is
processed on add as well as modify; ensure the branch using updated, ok :=
event.Object.(*configv1.APIServer) runs for both Added and Modified events.
go.mod (1)
32-32: ⚠️ Potential issue | 🟠 Major

Controller-runtime version mismatch between require and replace directives.

Line 32 requires sigs.k8s.io/controller-runtime v0.23.3, but line 327 replaces it with v0.19.3. This mismatch means the codebase builds against v0.19.3, which may lack APIs used by the new TLS configuration code (e.g., TLSOpts in cmd/manager/main.go). Either update the replace directive to v0.23.3 or remove it if no longer necessary.
#!/bin/bash
# Verify which controller-runtime version is actually resolved
grep -A1 'sigs.k8s.io/controller-runtime' go.sum | head -10

# Check if TLSOpts or other v0.23 APIs are used
rg -n 'TLSOpts|metricsserver\.Options' --type go
Also applies to: 327-327
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 32, The go.mod has a controller-runtime version mismatch: the
require line pins sigs.k8s.io/controller-runtime to v0.23.3 while a replace
forces v0.19.3, which can break newer APIs like TLSOpts used in
cmd/manager/main.go; locate the replace directive for
sigs.k8s.io/controller-runtime and either update it to v0.23.3 or remove the
replace so the required v0.23.3 is used, then run `go mod tidy`/`go list -m all`
to verify the resolved version and re-run the grep/rg checks for TLSOpts and
metricsserver.Options to confirm compilation against the intended version.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@cmd/server/main.go`:
- Around line 138-145: The watch loop only handles watch.Modified events, so
initial watch.Added events (which can contain the real APIServer TLS state) are
ignored and can leave ResolveTLSConfig using fallbacks; update the loop that
reads from w.ResultChan() to treat watch.Added the same as watch.Modified (or
perform an initial GET of the APIServer object before entering the loop) so that
the APIServer object (configv1.APIServer) is processed on add as well as modify;
ensure the branch using updated, ok := event.Object.(*configv1.APIServer) runs
for both Added and Modified events.

In `@go.mod`:
- Line 32: The go.mod has a controller-runtime version mismatch: the require
line pins sigs.k8s.io/controller-runtime to v0.23.3 while a replace forces
v0.19.3, which can break newer APIs like TLSOpts used in cmd/manager/main.go;
locate the replace directive for sigs.k8s.io/controller-runtime and either
update it to v0.23.3 or remove the replace so the required v0.23.3 is used, then
run `go mod tidy`/`go list -m all` to verify the resolved version and re-run the
grep/rg checks for TLSOpts and metricsserver.Options to confirm compilation
against the intended version.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 985e45e5-0716-4b35-afad-2b0051f1d183

📥 Commits

Reviewing files that changed from the base of the PR and between f852bdf and 49a11ad.

⛔ Files ignored due to path filters (284)

go.sum is excluded by !**/*.sum
vendor/github.com/AlecAivazis/survey/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/confirm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/template.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/core/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/input.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/multiselect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/password.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/renderer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/select.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/survey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/output.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/transform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/AlecAivazis/survey/v2/validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/to/to.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/logger/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/atn_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/char_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/comparators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/configuration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/dfa_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/error_strategy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/file_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/input_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/int_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/interval_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/jcollect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/ll1_analyzer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/mutex_nomutex.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/nostatistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_atn_simulator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/parser_rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_context_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/prediction_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/recognizer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/rule_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/semantic_context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/statistics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/stats_data.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_source.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/token_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tokenstream_rewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trace_listener.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/transition.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/tree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/trees.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/antlr4-go/antlr/v4/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistributionWithTags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeletePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentityConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfileConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetInvalidation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroupConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetMonitoringSubscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControlConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKeyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicyConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistributionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCachePolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCloudFrontOriginAccessIdentities.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListConflictingAliases.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListContinuousDeploymentPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByCachePolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByOriginRequestPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByResponseHeadersPolicyId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListDistributionsByWebACLId.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFieldLevelEncryptionProfiles.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListFunctions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListInvalidations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyGroups.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListKeyValueStores.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginAccessControls.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListOriginRequestPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListPublicKeys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListRealtimeLogConfigs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListResponseHeadersPolicies.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListStreamingDistributions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListTagsForResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_PublishFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_TestFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UntagResource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCachePolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateCloudFrontOriginAccessIdentity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateContinuousDeploymentPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateDistributionWithStagingConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFieldLevelEncryptionProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateFunction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyGroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateKeyValueStore.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginAccessControl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateOriginRequestPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdatePublicKey.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateRealtimeLogConfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateResponseHeadersPolicy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_UpdateStreamingDistribution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/deserializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/generated.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/serializers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/enums.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/validators.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptAddressTransfer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptCapacityReservationBillingOwnership.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptReservedInstancesExchangeQuote.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayMulticastDomainAssociations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayPeeringAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayVpcAttachment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcEndpointConnections.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcPeeringConnection.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AdvertiseByoipCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateHosts.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ApplySecurityGroupsToClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignIpv6Addresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateIpAddresses.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateAddress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateCapacityReservationBillingOwner.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateEnclaveCertificateIamRole.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIamInstanceProfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamByoasn.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

bundle/manifests/image-based-install-metrics_v1_service.yaml
bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
cmd/manager/main.go
cmd/server/main.go
config/manager/manager.yaml
config/rbac/role.yaml
controllers/imageclusterinstall_controller.go
go.mod
internal/tlsconfig/tlsconfig.go

✅ Files skipped from review due to trivial changes (2)

config/rbac/role.yaml
controllers/imageclusterinstall_controller.go

🚧 Files skipped from review as they are similar to previous changes (3)

bundle/manifests/image-based-install-metrics_v1_service.yaml
cmd/manager/main.go
config/manager/manager.yaml

OCP 4.22 indroduces a new feature in the APIServer for configuring TLS configuration, and we want our components to also use the same TLS configuration that is defined in the APIServer. When starting a components we will attempt to get the APIServer and check its TLSAdherencePolicy (decides whether we should apply the TLS configuration) and TLSProfileSpec (the actual TLS configuration). For our operator we also add a controller called SecurityProfileWatcher (provided by openshift/controller-runtime-common) in order to force a restart when these values change. For our server we implement a similar behavior ourselves.

giladravid16 · 2026-04-23T19:16:46Z

/retest

giladravid16 · 2026-04-23T20:46:44Z

/retest

giladravid16 · 2026-04-24T06:46:01Z

/retest

openshift-ci · 2026-04-24T09:23:35Z

@giladravid16: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/ibio-reinstall-v6v4	`d65de2d`	link	false	`/test ibio-reinstall-v6v4`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 19, 2026

openshift-ci Bot requested review from Missxiaoguo and tsorya April 19, 2026 15:22

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 19, 2026

coderabbitai Bot reviewed Apr 19, 2026

View reviewed changes

Comment thread cmd/server/main.go Outdated

Comment thread cmd/server/main.go

Comment thread go.mod Outdated

Comment thread go.mod Outdated

giladravid16 force-pushed the ACM-30179 branch from b97a361 to 410f70c Compare April 20, 2026 07:37

coderabbitai Bot reviewed Apr 20, 2026

View reviewed changes

openshift-ci Bot requested a review from carbonin April 20, 2026 15:05

carbonin reviewed Apr 22, 2026

View reviewed changes

rccrdpccl reviewed Apr 23, 2026

View reviewed changes

Comment thread internal/tlsconfig/tlsconfig.go Outdated

giladravid16 force-pushed the ACM-30179 branch from 410f70c to caf8233 Compare April 23, 2026 11:44

coderabbitai Bot reviewed Apr 23, 2026

View reviewed changes

Comment thread go.mod Outdated

giladravid16 force-pushed the ACM-30179 branch from caf8233 to f852bdf Compare April 23, 2026 12:54

coderabbitai Bot reviewed Apr 23, 2026

View reviewed changes

NO-ISSUE: Update go dependencies

1fcd582

Updating client-go required setting the environment variable KUBE_FEATURE_WatchListClient to false on the operator in order to fix a known bug where controllers don't start due to a cache sync issue.

giladravid16 force-pushed the ACM-30179 branch from f852bdf to 49a11ad Compare April 23, 2026 13:32

coderabbitai Bot reviewed Apr 23, 2026

View reviewed changes

giladravid16 force-pushed the ACM-30179 branch from 49a11ad to d65de2d Compare April 23, 2026 16:09

Conversation

giladravid16 commented Apr 19, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented Apr 19, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai Bot commented Apr 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented Apr 19, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Apr 20, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

giladravid16 commented Apr 20, 2026

Uh oh!

giladravid16 commented Apr 20, 2026

Uh oh!

giladravid16 commented Apr 20, 2026

Uh oh!

giladravid16 commented Apr 20, 2026

Uh oh!

carbonin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

carbonin Apr 22, 2026

Choose a reason for hiding this comment

Uh oh!

giladravid16 Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

rccrdpccl commented Apr 23, 2026

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

giladravid16 commented Apr 23, 2026

Uh oh!

giladravid16 commented Apr 23, 2026

Uh oh!

giladravid16 commented Apr 24, 2026

Uh oh!

openshift-ci Bot commented Apr 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

giladravid16 commented Apr 19, 2026 •

edited by coderabbitai Bot

Loading

openshift-ci-robot commented Apr 19, 2026 •

edited by openshift-ci Bot

Loading

coderabbitai Bot commented Apr 19, 2026 •

edited

Loading