From f60e578959da4cd38a27952290e2f379eb337803 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Fri, 2 Jul 2021 10:15:34 -0700
Subject: [PATCH] pkg/cvo/egress: Load HTTPS proxy from Proxy status

Since 4.2's ea5e3bc86e (Add http transport for cincinnati to enable
proxy, 2019-07-16, #219), the CVO has been loading proxy config from
the spec property.  We should be loading from status instead, so we
benefit from the network operator's validation.  Risk is small,
because unlike some other in-cluster components, the CVO is unlikely
to break things if it is temporarily consuming a broken proxy
configuration.

This is similar to c9fab435c1 (pkg/cvo: Fetch proxy CA certs from
openshift-config-managed/trusted-ca-bundle, 2020-01-31, #311), where
we moved our trusted CA source from the user-configured ConfigMap to
the network-operator-validated ConfigMap.
---
 pkg/cvo/egress.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/cvo/egress.go b/pkg/cvo/egress.go
index eabadf876..3ab33fb8c 100644
--- a/pkg/cvo/egress.go
+++ b/pkg/cvo/egress.go
@@ -21,8 +21,8 @@ func (optr *Operator) getHTTPSProxyURL() (*url.URL, error) {
 		return nil, err
 	}
 
-	if proxy.Spec.HTTPSProxy != "" {
-		proxyURL, err := url.Parse(proxy.Spec.HTTPSProxy)
+	if proxy.Status.HTTPSProxy != "" {
+		proxyURL, err := url.Parse(proxy.Status.HTTPSProxy)
 		if err != nil {
 			return nil, err
 		}