🌱 Replace generated mozilla_data.go with go:embed + runtime parsing#2634
🌱 Replace generated mozilla_data.go with go:embed + runtime parsing#2634tmshort wants to merge 1 commit intooperator-framework:mainfrom
Conversation
Embed mozilla_data.json and parse it at init() time using the existing cipherSuiteId()/curveId() helpers. Unsupported ciphers are skipped and recorded in skippedCiphers, validated by TestNoSkippedCiphers. Simplify update-tls-profiles.sh to a curl download and drop the gojq dependency. When the profile changes, `make verify` will show a diff of the profile. The build will still complete using the old data. The updated profile will need to be commited in order for it to be included in the build. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Todd Short <tshort@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Pull request overview
This PR replaces the generated mozilla_data.go file with an embedded JSON approach, simplifying the TLS profile management. Instead of generating Go code from the Mozilla SSL/TLS Configuration Guidelines, the PR embeds the JSON data and parses it at runtime during package initialization. This eliminates the dependency on gojq and makes profile updates clearer through simple JSON diffs.
Changes:
- Embed
mozilla_data.jsonusinggo:embedand parse at init() time instead of generating Go code - Simplify
update-tls-profiles.shto just download the JSON file, removing all jq-based code generation - Add
TestNoSkippedCiphersto validate that all ciphers in the Mozilla data are supported by Go's crypto/tls - Remove
gojqdependency from the Makefile
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
internal/shared/util/tlsprofiles/mozilla_data.go |
Rewritten to embed and parse mozilla_data.json at runtime, with helper functions to convert Mozilla cipher/curve names to Go TLS identifiers |
internal/shared/util/tlsprofiles/mozilla_data.json |
New embedded JSON file containing Mozilla TLS profile configurations for "modern" and "intermediate" profiles |
hack/tools/update-tls-profiles.sh |
Simplified from 131 lines to 12 lines - now just downloads JSON from Mozilla instead of generating Go code |
Makefile |
Removed gojq dependency from the update-tls-profiles target |
internal/shared/util/tlsprofiles/tlsprofiles_test.go |
Added TestNoSkippedCiphers to ensure all ciphers in the embedded data are supported by Go |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2634 +/- ##
==========================================
+ Coverage 68.93% 68.94% +0.01%
==========================================
Files 139 140 +1
Lines 9891 9931 +40
==========================================
+ Hits 6818 6847 +29
- Misses 2563 2569 +6
- Partials 510 515 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Embed mozilla_data.json and parse it at init() time using the existing cipherSuiteId()/curveId() helpers. Unsupported ciphers are skipped and recorded in skippedCiphers, validated by TestNoSkippedCiphers. Simplify update-tls-profiles.sh to a curl download and drop the gojq dependency.
When the profile changes,
make verifywill show a diff of the profile. The build will still complete using the old data. The updated profile will need to be commited in order for it to be included in the build.Description
Reviewer Checklist