MTV-2146 | Ignore TLS Cert msg when skipCertVerify

solenoci · solenoci · commit c659a2171e0a · 2025-03-12T19:18:55.000+01:00
'TLS certificate cannot be retrieved' message should be ignored when skipVerify flag is set to true.

When user specified they want to skip ceritificate verification we want to just inform the customer about failed connection and not about certificate. The reason behind this is that the GetTlsCertificate is our first attempt to connect to the provider and when connection fails, the customer will still get the certificate error even when they don't care about certificates.

Signed-off-by: Stefan Olenocin &lt;solenoci@redhat.com&gt;
diff --git a/pkg/controller/provider/validation.go b/pkg/controller/provider/validation.go
@@ -238,14 +238,29 @@ func (r *Reconciler) validateSecret(provider *api.Provider) (secret *core.Secret
 		if crt, err := util.GetTlsCertificate(url, secret); err == nil {
 			provider.Status.Fingerprint = util.Fingerprint(crt)
 		} else {
-			log.Error(err, "failed to get TLS certificate", "url", provider.Spec.URL)
-			provider.Status.SetCondition(libcnd.Condition{
-				Type:     ConnectionTestFailed,
-				Status:   True,
-				Reason:   Tested,
-				Category: Critical,
-				Message:  "TLS certificate cannot be retrieved",
-			})
+			// When user specified they want to skip ceritificate verification we want to just 
+			// inform the customer about failed connection and not about certificate.
+			// The reason behind this is that the GetTlsCertificate is our first attempt to connect 
+			// to the provider and when connection fails, the customer will still get the cert 
+			// error even when they don't care about certificates. 
+			if vsphere.GetInsecureSkipVerifyFlag(secret) {
+				log.Error(err, "failed to connect to provider", "url", provider.Spec.URL)
+				provider.Status.SetCondition(libcnd.Condition{
+					Type:     ConnectionTestFailed,
+					Status:   True,
+					Reason:   Tested,
+					Category: Critical,
+				})
+			} else {
+				log.Error(err, "failed to get TLS certificate", "url", provider.Spec.URL)
+				provider.Status.SetCondition(libcnd.Condition{
+					Type:     ConnectionTestFailed,
+					Status:   True,
+					Reason:   Tested,
+					Category: Critical,
+					Message:  "TLS certificate cannot be retrieved",
+				})
+			}
 		}
 	case api.OVirt:
 		keyList = []string{
