From f5af7efaff034c77ea5446d70c3af78e2a6eaf0b Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Tue, 8 Oct 2024 17:06:02 +0200
Subject: [PATCH] certgraphanalysis: add more locations for CA locations

  CAs can be stored in a variety of keys. This commits adds more
  common used configmap key names for CAs
---
 .../certgraphanalysis/analyzer.go             | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/pkg/certs/cert-inspection/certgraphanalysis/analyzer.go b/pkg/certs/cert-inspection/certgraphanalysis/analyzer.go
index 464f761904..c0d3e7f614 100644
--- a/pkg/certs/cert-inspection/certgraphanalysis/analyzer.go
+++ b/pkg/certs/cert-inspection/certgraphanalysis/analyzer.go
@@ -2,6 +2,7 @@ package certgraphanalysis
 
 import (
 	"fmt"
+	"slices"
 
 	"github.com/openshift/library-go/pkg/certs/cert-inspection/certgraphapi"
 	certificatesv1 "k8s.io/api/certificates/v1"
@@ -13,6 +14,18 @@ import (
 	"k8s.io/client-go/util/cert"
 )
 
+var caBundleKeys = []string{
+	"ca-bundle.crt",
+	"service-ca.crt",
+	"ca.crt",
+	"client-ca-file",
+	"client-ca.crt",
+	"metrics-ca-bundle.crt",
+	"requestheader-client-ca-file",
+	"image-registry.openshift-image-registry.svc..5000",
+	"image-registry.openshift-image-registry.svc.cluster.local..5000",
+}
+
 func InspectSecret(obj *corev1.Secret) ([]*certgraphapi.CertKeyPair, error) {
 	tlsCrt, isTLS := obj.Data["tls.crt"]
 	if !isTLS || len(tlsCrt) == 0 {
@@ -60,8 +73,19 @@ func InspectConfigMap(obj *corev1.ConfigMap) (*certgraphapi.CertificateAuthority
 		return details, nil
 	}
 
-	caBundle, ok := obj.Data["ca-bundle.crt"]
-	if !ok || len(caBundle) == 0 {
+	var caBundle string
+	for key := range obj.Data {
+		if !slices.Contains(caBundleKeys, key) {
+			continue
+		}
+		value, ok := obj.Data[key]
+		if ok && len(value) > 0 {
+			caBundle = value
+			break
+		}
+	}
+
+	if len(caBundle) == 0 {
 		return nil, nil
 	}