fix: reflow tls detection to avoid potential nil dereference

controllers/client/tls.go

@@ -18,15 +18,16 @@ var (
 
 // build the tls.Config object based on the content of the Grafana CR object
 func buildTLSConfiguration(ctx context.Context, c client.Client, grafana *v1beta1.Grafana) (*tls.Config, error) {
-	// if nothing is specified, ignore tls settings
-	if (grafana.Spec.Client == nil || grafana.Spec.Client.TLS == nil) && (grafana.Spec.External == nil || grafana.Spec.External.TLS == nil) {
-		return nil, nil
-	}
-	tlsConfigBlock := grafana.Spec.Client.TLS
-
-	// prefer top level if set, fall back to deprecated field
-	if tlsConfigBlock == nil && grafana.Spec.External != nil && grafana.Spec.External.TLS != nil {
+	var tlsConfigBlock *v1beta1.TLSConfig
+	if grafana.Spec.Client != nil && grafana.Spec.Client.TLS != nil {
+		// prefer top level if set, fall back to deprecated field
+		tlsConfigBlock = grafana.Spec.Client.TLS
+	} else if grafana.Spec.External != nil && grafana.Spec.External.TLS != nil {
+		// fall back to external tls field if set
 		tlsConfigBlock = grafana.Spec.External.TLS
+	} else {
+		// if nothing is specified, ignore tls settings
+		return nil, nil
 	}
 
 	if tlsConfigBlock.InsecureSkipVerify {