From a180796ce2382fa70305cd95c65f846a7e9f60ec Mon Sep 17 00:00:00 2001
From: Lukasz Szaszkiewicz <lukasz.szaszkiewicz@gmail.com>
Date: Tue, 2 Sep 2025 09:58:00 +0200
Subject: [PATCH] test/oauth-server-configobserver: adds a test to show which
 input resources are required to run the operator and the configObserver
 controller

---
 ...shift-COLON-openshift-authenticator-.yaml} |   2 +-
 ...shift-COLON-openshift-authenticator-.yaml} |   0
 .../authentications/9509-body-cluster.yaml    |   9 +
 .../9509-metadata-cluster.yaml                |   9 +
 .../authentications/9509-options-cluster.yaml |   2 +
 ...on-operator.18599d2230299800.5f2cc1a1.yaml |  32 ++++
 ...on-operator.18599d2230299800.5f2cc1a1.yaml |   9 +
 ...on-operator.18599d2230299800.6182ed8c.yaml |  21 +++
 ...on-operator.18599d2230299800.6182ed8c.yaml |   9 +
 ...on-operator.18599d2230299800.1d05f9ac.yaml |  21 +++
 ...on-operator.18599d2230299800.1d05f9ac.yaml |   9 +
 ...on-operator.18599d2230299800.6d9ca9b2.yaml |  23 +++
 ...on-operator.18599d2230299800.6d9ca9b2.yaml |   9 +
 ...on-operator.18599d2230299800.44a05c38.yaml |  21 +++
 ...on-operator.18599d2230299800.44a05c38.yaml |   9 +
 ...on-operator.18599d2230299800.a8ecfbce.yaml |  22 +++
 ...on-operator.18599d2230299800.a8ecfbce.yaml |   9 +
 ...on-operator.18599d2230299800.49fb0e36.yaml |  24 +++
 ...on-operator.18599d2230299800.49fb0e36.yaml |   9 +
 ...on-operator.18599d2230299800.2df24af9.yaml |  21 +++
 ...on-operator.18599d2230299800.2df24af9.yaml |   9 +
 .../authentications/ad90-body-cluster.yaml    |  52 ++++++
 .../ad90-metadata-cluster.yaml                |   8 +
 .../expected-output/controller-results.yaml   |  81 +++++++++
 .../config.openshift.io/apiservers.yaml       |  50 ++++++
 .../config.openshift.io/clusterversions.yaml  | 168 ++++++++++++++++++
 .../config.openshift.io/consoles.yaml         |  54 ++++++
 .../config.openshift.io/infrastructures.yaml  |  75 ++++++++
 .../config.openshift.io/oauths.yaml           |  42 +++++
 .../authentications/cluster.yaml              |  14 ++
 .../core/secrets.yaml                         |  28 +++
 .../oauth-server-configobserver/test.yaml     |  18 ++
 32 files changed, 868 insertions(+), 1 deletion(-)
 rename test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/{64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml => 90a1-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml} (60%)
 rename test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/{64b2-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml => 90a1-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml} (100%)
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-body-cluster.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-metadata-cluster.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-options-cluster.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-body-authentication-operator.18599d2230299800.5f2cc1a1.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-metadata-authentication-operator.18599d2230299800.5f2cc1a1.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-body-authentication-operator.18599d2230299800.6182ed8c.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-metadata-authentication-operator.18599d2230299800.6182ed8c.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-body-authentication-operator.18599d2230299800.1d05f9ac.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-metadata-authentication-operator.18599d2230299800.1d05f9ac.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-body-authentication-operator.18599d2230299800.6d9ca9b2.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-metadata-authentication-operator.18599d2230299800.6d9ca9b2.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-body-authentication-operator.18599d2230299800.44a05c38.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-metadata-authentication-operator.18599d2230299800.44a05c38.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-body-authentication-operator.18599d2230299800.a8ecfbce.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-metadata-authentication-operator.18599d2230299800.a8ecfbce.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-body-authentication-operator.18599d2230299800.49fb0e36.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-metadata-authentication-operator.18599d2230299800.49fb0e36.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-body-authentication-operator.18599d2230299800.2df24af9.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-metadata-authentication-operator.18599d2230299800.2df24af9.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-body-cluster.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-metadata-cluster.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/controller-results.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/apiservers.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/consoles.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/oauths.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/namespaces/openshift-authentication/core/secrets.yaml
 create mode 100644 test-data/apply-configuration/overall/oauth-server-configobserver/test.yaml

diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/90a1-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml
similarity index 60%
rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml
rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/90a1-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml
index 8046c48ba4..02e8892476 100644
--- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml
+++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/90a1-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     authentication.openshift.io/csr: openshift-authenticator
 spec:
-  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkRUQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk1RUkx4S1BYZklJZHFYQUlMcmpidHNJRmVTZDRPQW8KNFFZbFAvWGlTTEVpNnJydWRCa2xuVVl1UTM3N2g4Mnh0Vk43QnhLUUkxVWFYeDg2R3hreFgwNmdBREFLQmdncQpoa2pPUFFRREFnTklBREJGQWlBVGUwZjMyQStJa2NSS0djN25zU2dRaytCVXRQejlyWU55TVljNmN2Q3A0QUloCkFOdVI2TFhmcXBOYUYyYTBadzNzdWV0Vms5dElUaXQ3WXlWeE1Ka2dtSHhyCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
+  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkREQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkxrK2xGVG9CT2dGTDNjY0tKRXh2SmVOUXJLbGg0MVIKN0E2Qzk3eDFta0ZJY2NkWUEzTVNPRkdObkNURzRTNjBKUzJsWndDREJneFpPZkllT0R5TXlrbWdBREFLQmdncQpoa2pPUFFRREFnTkhBREJFQWlBbmJmQ3pzSFZHRlF2ak5Oemh1VFd2dFJXUXZiT0lQZnkvRUNRZnBWZldyd0lnClNEZXh5UGFsM1A2WnhNU21qN1dsSnEySlZac3dranA0ckpaempTRlFON3c9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
   signerName: kubernetes.io/kube-apiserver-client
   usages:
   - digital signature
diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/90a1-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml
similarity index 100%
rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml
rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/90a1-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-body-cluster.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-body-cluster.yaml
new file mode 100644
index 0000000000..54da605769
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-body-cluster.yaml
@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1
+kind: Authentication
+metadata:
+  name: cluster
+status:
+  conditions:
+  - lastTransitionTime: "2025-08-07T22:38:20Z"
+    status: "False"
+    type: OAuthServerConfigObservationDegraded
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-metadata-cluster.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-metadata-cluster.yaml
new file mode 100644
index 0000000000..fa787e5f79
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-metadata-cluster.yaml
@@ -0,0 +1,9 @@
+action: ApplyStatus
+controllerInstanceName: TODO-configObserver
+fieldManager: oauth-server-ConfigObserver
+generateName: ""
+name: cluster
+resourceType:
+  Group: operator.openshift.io
+  Resource: authentications
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-options-cluster.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-options-cluster.yaml
new file mode 100644
index 0000000000..0cd8b20d7b
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9509-options-cluster.yaml
@@ -0,0 +1,2 @@
+fieldManager: oauth-server-ConfigObserver
+force: true
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-body-authentication-operator.18599d2230299800.5f2cc1a1.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-body-authentication-operator.18599d2230299800.5f2cc1a1.yaml
new file mode 100644
index 0000000000..5cc0b5ee4c
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-body-authentication-operator.18599d2230299800.5f2cc1a1.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: 'Writing updated section ("oauthServer") of observed config: "\u00a0\u00a0map[string]any{\n+\u00a0\t\"corsAllowedOrigins\":
+  []any{string(`//127\\.0\\.0\\.1(:|$)`), string(\"//localhost(:|$)\")},\n+\u00a0\t\"oauthConfig\":
+  map[string]any{\n+\u00a0\t\t\"assetPublicURL\": string(\"https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX\"),\n+\u00a0\t\t\"loginURL\":       string(\"https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443\"),\n+\u00a0\t\t\"tokenConfig\":
+  map[string]any{\n+\u00a0\t\t\t\"accessTokenMaxAgeSeconds\":    float64(86400),\n+\u00a0\t\t\t\"authorizeTokenMaxAgeSeconds\":
+  float64(300),\n+\u00a0\t\t},\n+\u00a0\t},\n-\u00a0\t\"serverArguments\": nil,\n+\u00a0\t\"serverArguments\":
+  map[string]any{\n+\u00a0\t\t\"audit-log-format\":    []any{string(\"json\")},\n+\u00a0\t\t\"audit-log-maxbackup\":
+  []any{string(\"10\")},\n+\u00a0\t\t\"audit-log-maxsize\":   []any{string(\"100\")},\n+\u00a0\t\t\"audit-log-path\":      []any{string(\"/var/log/oauth-server/audit.log\")},\n+\u00a0\t\t\"audit-policy-file\":   []any{string(\"/var/run/configmaps/audit/audit.yaml\")},\n+\u00a0\t},\n+\u00a0\t\"servingInfo\":
+  map[string]any{\n+\u00a0\t\t\"cipherSuites\": []any{\n+\u00a0\t\t\tstring(\"TLS_AES_128_GCM_SHA256\"),
+  string(\"TLS_AES_256_GCM_SHA384\"),\n+\u00a0\t\t\tstring(\"TLS_CHACHA20_POLY1305_SHA256\"),\n+\u00a0\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\"),\n+\u00a0\t\t\tstring(\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\"),\n+\u00a0\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\"),\n+\u00a0\t\t\tstring(\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\"),\n+\u00a0\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\"),
+  ...,\n+\u00a0\t\t},\n+\u00a0\t\t\"minTLSVersion\": string(\"VersionTLS12\"),\n+\u00a0\t\t\"namedCertificates\":
+  []any{\n+\u00a0\t\t\tmap[string]any{\n+\u00a0\t\t\t\t\"certFile\": string(\"/var/config/system/secrets/v4-0-\"...),\n+\u00a0\t\t\t\t\"keyFile\":  string(\"/var/config/system/secrets/v4-0-\"...),\n+\u00a0\t\t\t\t\"names\":    []any{...},\n+\u00a0\t\t\t},\n+\u00a0\t\t},\n+\u00a0\t},\n+\u00a0\t\"volumesToMount\":
+  map[string]any{\"identityProviders\": string(\"{}\")},\n\u00a0\u00a0}\n"'
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.5f2cc1a1
+  namespace: openshift-authentication-operator
+reason: ObservedConfigChanged
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-metadata-authentication-operator.18599d2230299800.5f2cc1a1.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-metadata-authentication-operator.18599d2230299800.5f2cc1a1.yaml
new file mode 100644
index 0000000000..d0a68d18ee
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-metadata-authentication-operator.18599d2230299800.5f2cc1a1.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.5f2cc1a1
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-body-authentication-operator.18599d2230299800.6182ed8c.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-body-authentication-operator.18599d2230299800.6182ed8c.yaml
new file mode 100644
index 0000000000..8c8e346b61
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-body-authentication-operator.18599d2230299800.6182ed8c.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: assetPublicURL changed from  to https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.6182ed8c
+  namespace: openshift-authentication-operator
+reason: ObserveConsoleURL
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-metadata-authentication-operator.18599d2230299800.6182ed8c.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-metadata-authentication-operator.18599d2230299800.6182ed8c.yaml
new file mode 100644
index 0000000000..1261aeb81a
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1125-metadata-authentication-operator.18599d2230299800.6182ed8c.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.6182ed8c
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-body-authentication-operator.18599d2230299800.1d05f9ac.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-body-authentication-operator.18599d2230299800.1d05f9ac.yaml
new file mode 100644
index 0000000000..8c1d265bfd
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-body-authentication-operator.18599d2230299800.1d05f9ac.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: loginURL changed from  to https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.1d05f9ac
+  namespace: openshift-authentication-operator
+reason: ObserveAPIServerURL
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-metadata-authentication-operator.18599d2230299800.1d05f9ac.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-metadata-authentication-operator.18599d2230299800.1d05f9ac.yaml
new file mode 100644
index 0000000000..6f1e7dee06
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5d38-metadata-authentication-operator.18599d2230299800.1d05f9ac.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.1d05f9ac
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-body-authentication-operator.18599d2230299800.6d9ca9b2.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-body-authentication-operator.18599d2230299800.6d9ca9b2.yaml
new file mode 100644
index 0000000000..a00ce78375
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-body-authentication-operator.18599d2230299800.6d9ca9b2.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: namedCertificates changed to []interface {}{map[string]interface {}{"certFile":"/var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX",
+  "keyFile":"/var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX",
+  "names":[]interface {}{"*.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX"}}}
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.6d9ca9b2
+  namespace: openshift-authentication-operator
+reason: ObserveRouterSecret
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-metadata-authentication-operator.18599d2230299800.6d9ca9b2.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-metadata-authentication-operator.18599d2230299800.6d9ca9b2.yaml
new file mode 100644
index 0000000000..9dbe80b8a2
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75ea-metadata-authentication-operator.18599d2230299800.6d9ca9b2.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.6d9ca9b2
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-body-authentication-operator.18599d2230299800.44a05c38.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-body-authentication-operator.18599d2230299800.44a05c38.yaml
new file mode 100644
index 0000000000..85b27b9c26
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-body-authentication-operator.18599d2230299800.44a05c38.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: minTLSVersion changed to VersionTLS12
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.44a05c38
+  namespace: openshift-authentication-operator
+reason: ObserveTLSSecurityProfile
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-metadata-authentication-operator.18599d2230299800.44a05c38.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-metadata-authentication-operator.18599d2230299800.44a05c38.yaml
new file mode 100644
index 0000000000..71dea78c61
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/aa39-metadata-authentication-operator.18599d2230299800.44a05c38.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.44a05c38
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-body-authentication-operator.18599d2230299800.a8ecfbce.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-body-authentication-operator.18599d2230299800.a8ecfbce.yaml
new file mode 100644
index 0000000000..7ac7f4702d
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-body-authentication-operator.18599d2230299800.a8ecfbce.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: AuditProfile changed from '%!s(<nil>)' to 'map[audit-log-format:[json] audit-log-maxbackup:[10]
+  audit-log-maxsize:[100] audit-log-path:[/var/log/oauth-server/audit.log] audit-policy-file:[/var/run/configmaps/audit/audit.yaml]]'
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.a8ecfbce
+  namespace: openshift-authentication-operator
+reason: ObserveAuditProfile
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-metadata-authentication-operator.18599d2230299800.a8ecfbce.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-metadata-authentication-operator.18599d2230299800.a8ecfbce.yaml
new file mode 100644
index 0000000000..8e875f7b3b
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ae22-metadata-authentication-operator.18599d2230299800.a8ecfbce.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.a8ecfbce
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-body-authentication-operator.18599d2230299800.49fb0e36.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-body-authentication-operator.18599d2230299800.49fb0e36.yaml
new file mode 100644
index 0000000000..93841c1443
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-body-authentication-operator.18599d2230299800.49fb0e36.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: cipherSuites changed to ["TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384"
+  "TLS_CHACHA20_POLY1305_SHA256" "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+  "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+  "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"]
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.49fb0e36
+  namespace: openshift-authentication-operator
+reason: ObserveTLSSecurityProfile
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-metadata-authentication-operator.18599d2230299800.49fb0e36.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-metadata-authentication-operator.18599d2230299800.49fb0e36.yaml
new file mode 100644
index 0000000000..e08c32e973
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cfad-metadata-authentication-operator.18599d2230299800.49fb0e36.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.49fb0e36
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-body-authentication-operator.18599d2230299800.2df24af9.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-body-authentication-operator.18599d2230299800.2df24af9.yaml
new file mode 100644
index 0000000000..56d7f13b8e
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-body-authentication-operator.18599d2230299800.2df24af9.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: accessTokenMaxAgeSeconds changed from %!d(float64=0) to %!d(float64=86400)
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.2df24af9
+  namespace: openshift-authentication-operator
+reason: ObserveTokenConfig
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-metadata-authentication-operator.18599d2230299800.2df24af9.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-metadata-authentication-operator.18599d2230299800.2df24af9.yaml
new file mode 100644
index 0000000000..10e8a8fa87
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ea65-metadata-authentication-operator.18599d2230299800.2df24af9.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.2df24af9
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-body-cluster.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-body-cluster.yaml
new file mode 100644
index 0000000000..da3add82b8
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-body-cluster.yaml
@@ -0,0 +1,52 @@
+apiVersion: operator.openshift.io/v1
+kind: Authentication
+metadata:
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/create-only: "true"
+  name: cluster
+spec:
+  managementState: Managed
+  observedConfig:
+    oauthServer:
+      corsAllowedOrigins:
+      - //127\.0\.0\.1(:|$)
+      - //localhost(:|$)
+      oauthConfig:
+        assetPublicURL: https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX
+        loginURL: https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443
+        tokenConfig:
+          accessTokenMaxAgeSeconds: 86400
+          authorizeTokenMaxAgeSeconds: 300
+      serverArguments:
+        audit-log-format:
+        - json
+        audit-log-maxbackup:
+        - "10"
+        audit-log-maxsize:
+        - "100"
+        audit-log-path:
+        - /var/log/oauth-server/audit.log
+        audit-policy-file:
+        - /var/run/configmaps/audit/audit.yaml
+      servingInfo:
+        cipherSuites:
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        minTLSVersion: VersionTLS12
+        namedCertificates:
+        - certFile: /var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX
+          keyFile: /var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX
+          names:
+          - '*.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX'
+      volumesToMount:
+        identityProviders: '{}'
+  unsupportedConfigOverrides: null
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-metadata-cluster.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-metadata-cluster.yaml
new file mode 100644
index 0000000000..f9ce8878d5
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/ad90-metadata-cluster.yaml
@@ -0,0 +1,8 @@
+action: Update
+controllerInstanceName: TODO-configObserver
+generateName: ""
+name: cluster
+resourceType:
+  Group: operator.openshift.io
+  Resource: authentications
+  Version: v1
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/controller-results.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/controller-results.yaml
new file mode 100644
index 0000000000..73c50e66b3
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/controller-results.yaml
@@ -0,0 +1,81 @@
+controllerResults:
+- controllerName: APIServerStaticResources-StaticResources
+  status: Skipped
+- controllerName: NamespaceFinalizerController_openshift-oauth-apiserver
+  status: Skipped
+- controllerName: OAuthAPIServerController-WorkloadWorkloadController
+  status: Skipped
+- controllerName: RevisionController
+  status: Skipped
+- controllerName: SecretRevisionPruneController
+  status: Skipped
+- controllerName: TODO-authRouteCheckController
+  status: Skipped
+- controllerName: TODO-authServiceCheckController
+  status: Skipped
+- controllerName: TODO-authServiceEndpointCheckController
+  status: Skipped
+- controllerName: TODO-authenticatorCertRequester
+  status: Skipped
+- controllerName: TODO-configObserver
+  status: Succeeded
+- controllerName: TODO-configOverridesController
+  status: Skipped
+- controllerName: TODO-customRouteController
+  status: Skipped
+- controllerName: TODO-deploymentController
+  status: Skipped
+- controllerName: TODO-ingressStateController
+  status: Skipped
+- controllerName: TODO-logLevelController
+  status: Skipped
+- controllerName: TODO-managementStateController
+  status: Skipped
+- controllerName: TODO-metadataController
+  status: Skipped
+- controllerName: TODO-oauthClientsSwitchedController
+  status: Skipped
+- controllerName: TODO-other-configObserver
+  status: Skipped
+- controllerName: TODO-other-externalOIDCController
+  status: Skipped
+- controllerName: TODO-payloadConfigController
+  status: Skipped
+- controllerName: TODO-proxyConfigController
+  status: Skipped
+- controllerName: TODO-resourceSyncer
+  status: Skipped
+- controllerName: TODO-routerCertsController
+  status: Skipped
+- controllerName: TODO-serviceCAController
+  status: Skipped
+- controllerName: TODO-staleConditions
+  status: Skipped
+- controllerName: TODO-staticResourceController
+  status: Skipped
+- controllerName: TODO-trustDistributionController
+  status: Skipped
+- controllerName: TODO-webhookAuthController
+  status: Skipped
+- controllerName: TODO-webhookCertsApprover
+  status: Skipped
+- controllerName: TODO-wellKnownReadyController
+  status: Skipped
+- controllerName: TODO-workersAvailableController
+  status: Skipped
+- controllerName: auditPolicyController
+  status: Skipped
+- controllerName: authentication
+  status: Skipped
+- controllerName: openshift-apiserver-APIService
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionCondition
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionKey
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionMigration
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionPrune
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionState
+  status: Skipped
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/apiservers.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/apiservers.yaml
new file mode 100644
index 0000000000..706f2fd175
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/apiservers.yaml
@@ -0,0 +1,50 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: APIServer
+  metadata:
+    annotations:
+      include.release.openshift.io/ibm-cloud-managed: "true"
+      include.release.openshift.io/self-managed-high-availability: "true"
+      oauth-apiserver.openshift.io/secure-token-storage: "true"
+      release.openshift.io/create-only: "true"
+    creationTimestamp: "2025-08-01T18:29:39Z"
+    generation: 1
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:metadata:
+          f:annotations:
+            .: {}
+            f:include.release.openshift.io/ibm-cloud-managed: {}
+            f:include.release.openshift.io/self-managed-high-availability: {}
+            f:oauth-apiserver.openshift.io/secure-token-storage: {}
+            f:release.openshift.io/create-only: {}
+          f:ownerReferences:
+            .: {}
+            k:{"uid":"fd412cff-9592-4cb6-b0e9-97a5c376f29e"}: {}
+        f:spec:
+          .: {}
+          f:audit:
+            .: {}
+            f:profile: {}
+      manager: cluster-version-operator
+      operation: Update
+      time: "2025-08-01T18:29:39Z"
+    name: cluster
+    ownerReferences:
+    - apiVersion: config.openshift.io/v1
+      kind: ClusterVersion
+      name: version
+      uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e
+    resourceVersion: "910"
+    uid: 5ae211a9-1169-4caa-a7b5-86a60f3aa057
+  spec:
+    audit:
+      profile: Default
+kind: APIServerList
+metadata:
+  continue: ""
+  resourceVersion: "269027"
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml
new file mode 100644
index 0000000000..742f22c1c1
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml
@@ -0,0 +1,168 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: ClusterVersion
+  metadata:
+    creationTimestamp: "2025-08-01T18:29:12Z"
+    generation: 2
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:spec:
+          .: {}
+          f:clusterID: {}
+      manager: cluster-bootstrap
+      operation: Update
+      time: "2025-08-01T18:29:12Z"
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:status:
+          .: {}
+          f:availableUpdates: {}
+          f:capabilities:
+            .: {}
+            f:enabledCapabilities: {}
+            f:knownCapabilities: {}
+          f:conditions:
+            .: {}
+            k:{"type":"Available"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"Failing"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"ImplicitlyEnabledCapabilities"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:reason: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"Progressing"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"ReleaseAccepted"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:reason: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"RetrievedUpdates"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:reason: {}
+              f:status: {}
+              f:type: {}
+          f:desired:
+            .: {}
+            f:image: {}
+            f:version: {}
+          f:history: {}
+          f:observedGeneration: {}
+          f:versionHash: {}
+      manager: cluster-version-operator
+      operation: Update
+      subresource: status
+      time: "2025-08-01T18:56:59Z"
+    name: version
+    resourceVersion: "31637"
+    uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e
+  spec:
+    clusterID: 190ba3d3-45b9-4976-aa21-92d473f597b5
+  status:
+    availableUpdates: null
+    capabilities:
+      enabledCapabilities:
+      - Build
+      - CSISnapshot
+      - CloudControllerManager
+      - CloudCredential
+      - Console
+      - DeploymentConfig
+      - ImageRegistry
+      - Ingress
+      - Insights
+      - MachineAPI
+      - NodeTuning
+      - OperatorLifecycleManager
+      - OperatorLifecycleManagerV1
+      - Storage
+      - baremetal
+      - marketplace
+      - openshift-samples
+      knownCapabilities:
+      - Build
+      - CSISnapshot
+      - CloudControllerManager
+      - CloudCredential
+      - Console
+      - DeploymentConfig
+      - ImageRegistry
+      - Ingress
+      - Insights
+      - MachineAPI
+      - NodeTuning
+      - OperatorLifecycleManager
+      - OperatorLifecycleManagerV1
+      - Storage
+      - baremetal
+      - marketplace
+      - openshift-samples
+    conditions:
+    - lastTransitionTime: "2025-08-01T18:29:17Z"
+      message: The update channel has not been configured.
+      reason: NoChannel
+      status: "False"
+      type: RetrievedUpdates
+    - lastTransitionTime: "2025-08-01T18:29:17Z"
+      message: Capabilities match configured spec
+      reason: AsExpected
+      status: "False"
+      type: ImplicitlyEnabledCapabilities
+    - lastTransitionTime: "2025-08-01T18:29:17Z"
+      message: Payload loaded version="4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest"
+        image="registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336"
+        architecture="amd64"
+      reason: PayloadLoaded
+      status: "True"
+      type: ReleaseAccepted
+    - lastTransitionTime: "2025-08-01T18:56:59Z"
+      message: Done applying 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+      status: "True"
+      type: Available
+    - lastTransitionTime: "2025-08-01T18:56:59Z"
+      status: "False"
+      type: Failing
+    - lastTransitionTime: "2025-08-01T18:56:59Z"
+      message: Cluster version is 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+      status: "False"
+      type: Progressing
+    desired:
+      image: registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336
+      version: 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+    history:
+    - completionTime: "2025-08-01T18:56:59Z"
+      image: registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336
+      startedTime: "2025-08-01T18:29:17Z"
+      state: Completed
+      verified: false
+      version: 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+    observedGeneration: 2
+    versionHash: yySvC9w70rw=
+kind: ClusterVersionList
+metadata:
+  continue: ""
+  resourceVersion: "269027"
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/consoles.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/consoles.yaml
new file mode 100644
index 0000000000..b7b8a03a38
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/consoles.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: Console
+  metadata:
+    annotations:
+      include.release.openshift.io/ibm-cloud-managed: "true"
+      include.release.openshift.io/self-managed-high-availability: "true"
+      release.openshift.io/create-only: "true"
+    creationTimestamp: "2025-08-01T18:29:50Z"
+    generation: 1
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:metadata:
+          f:annotations:
+            .: {}
+            f:include.release.openshift.io/ibm-cloud-managed: {}
+            f:include.release.openshift.io/self-managed-high-availability: {}
+            f:release.openshift.io/create-only: {}
+          f:ownerReferences:
+            .: {}
+            k:{"uid":"fd412cff-9592-4cb6-b0e9-97a5c376f29e"}: {}
+        f:spec: {}
+      manager: cluster-version-operator
+      operation: Update
+      time: "2025-08-01T18:29:50Z"
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:status:
+          .: {}
+          f:consoleURL: {}
+      manager: console
+      operation: Update
+      subresource: status
+      time: "2025-08-01T18:46:32Z"
+    name: cluster
+    ownerReferences:
+    - apiVersion: config.openshift.io/v1
+      kind: ClusterVersion
+      name: version
+      uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e
+    resourceVersion: "25363"
+    uid: 031b2179-c158-4e19-97f4-46795dd98c27
+  spec: {}
+  status:
+    consoleURL: https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX
+kind: ConsoleList
+metadata:
+  continue: ""
+  resourceVersion: "269027"
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml
new file mode 100644
index 0000000000..3fc88243fd
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml
@@ -0,0 +1,75 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: Infrastructure
+  metadata:
+    creationTimestamp: "2025-08-01T18:29:04Z"
+    generation: 1
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:spec:
+          .: {}
+          f:cloudConfig:
+            .: {}
+            f:key: {}
+            f:name: {}
+          f:platformSpec:
+            .: {}
+            f:aws: {}
+            f:type: {}
+      manager: cluster-bootstrap
+      operation: Update
+      time: "2025-08-01T18:29:04Z"
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:status:
+          .: {}
+          f:apiServerInternalURI: {}
+          f:apiServerURL: {}
+          f:controlPlaneTopology: {}
+          f:cpuPartitioning: {}
+          f:etcdDiscoveryDomain: {}
+          f:infrastructureName: {}
+          f:infrastructureTopology: {}
+          f:platform: {}
+          f:platformStatus:
+            .: {}
+            f:aws:
+              .: {}
+              f:region: {}
+            f:type: {}
+      manager: cluster-bootstrap
+      operation: Update
+      subresource: status
+      time: "2025-08-01T18:29:04Z"
+    name: cluster
+    resourceVersion: "536"
+    uid: 6acf325c-8f35-4030-83a2-24d69d22a0ad
+  spec:
+    cloudConfig:
+      key: config
+      name: cloud-provider-config
+    platformSpec:
+      aws: {}
+      type: AWS
+  status:
+    apiServerInternalURI: https://api-int.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443
+    apiServerURL: https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443
+    controlPlaneTopology: HighlyAvailable
+    cpuPartitioning: None
+    etcdDiscoveryDomain: ""
+    infrastructureName: ci-op-gn2pz6q7-69aee-7ggdj
+    infrastructureTopology: HighlyAvailable
+    platform: AWS
+    platformStatus:
+      aws:
+        region: us-west-2
+      type: AWS
+kind: InfrastructureList
+metadata:
+  continue: ""
+  resourceVersion: "269027"
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/oauths.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/oauths.yaml
new file mode 100644
index 0000000000..bb229acc96
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/config.openshift.io/oauths.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: OAuth
+  metadata:
+    annotations:
+      include.release.openshift.io/ibm-cloud-managed: "true"
+      include.release.openshift.io/self-managed-high-availability: "true"
+      release.openshift.io/create-only: "true"
+    creationTimestamp: "2025-08-01T18:29:57Z"
+    generation: 1
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:metadata:
+          f:annotations:
+            .: {}
+            f:include.release.openshift.io/ibm-cloud-managed: {}
+            f:include.release.openshift.io/self-managed-high-availability: {}
+            f:release.openshift.io/create-only: {}
+          f:ownerReferences:
+            .: {}
+            k:{"uid":"fd412cff-9592-4cb6-b0e9-97a5c376f29e"}: {}
+        f:spec: {}
+      manager: cluster-version-operator
+      operation: Update
+      time: "2025-08-01T18:29:57Z"
+    name: cluster
+    ownerReferences:
+    - apiVersion: config.openshift.io/v1
+      kind: ClusterVersion
+      name: version
+      uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e
+    resourceVersion: "1775"
+    uid: ffaa4e11-4ed6-49c4-b520-c9d79c19d6ff
+  spec: {}
+kind: OAuthList
+metadata:
+  continue: ""
+  resourceVersion: "269027"
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml
new file mode 100644
index 0000000000..0ce40ab988
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: operator.openshift.io/v1
+kind: Authentication
+metadata:
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/create-only: "true"
+  name: cluster
+spec:
+  managementState: Managed
+  observedConfig:
+    oauthServer:
+      serverArguments:
\ No newline at end of file
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/namespaces/openshift-authentication/core/secrets.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/namespaces/openshift-authentication/core/secrets.yaml
new file mode 100644
index 0000000000..65270ccbbb
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/input-dir/namespaces/openshift-authentication/core/secrets.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+items:
+  - apiVersion: v1
+    data:
+      apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX: NDEwNCBieXRlcyBsb25n
+    kind: Secret
+    metadata:
+      creationTimestamp: "2025-08-01T18:34:45Z"
+      managedFields:
+        - apiVersion: v1
+          fieldsType: FieldsV1
+          fieldsV1:
+            f:data:
+              .: {}
+              f:apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX: {}
+            f:type: {}
+          manager: authentication-operator
+          operation: Update
+          time: "2025-08-01T18:34:45Z"
+      name: v4-0-config-system-router-certs
+      namespace: openshift-authentication
+      resourceVersion: "8802"
+      uid: da379869-e11c-4267-a98d-26a516b0c511
+    type: Opaque
+kind: SecretList
+metadata:
+  resourceVersion: "269056"
\ No newline at end of file
diff --git a/test-data/apply-configuration/overall/oauth-server-configobserver/test.yaml b/test-data/apply-configuration/overall/oauth-server-configobserver/test.yaml
new file mode 100644
index 0000000000..7d9a975300
--- /dev/null
+++ b/test-data/apply-configuration/overall/oauth-server-configobserver/test.yaml
@@ -0,0 +1,18 @@
+binaryName: ./authentication-operator
+testName: creation of the oauth-server configuration
+controllers:
+  - "TODO-configObserver"
+description: >
+  This test runs only the controller, which produces the configuration for oauth-server.
+  
+  The purpose of this test is to show which input resources are required to run the operator and the controller.
+  
+  input-dir:
+  - config.openshift.io/clusterversions: required to "start the operator" (CreateOperatorStarter/prepareOauthOperator)
+  - config.openshift.io/oauths/cluster: required by observe_idps.go, observe_tokenconfig.go
+  - config.openshift.io/apiservers/cluster: required by observe_cors.go, observe_tlssecurityprofile.go
+  - config.openshift.io/consoles/cluster: required by some observer
+  - config.openshift.io/infrastructures/cluster: required by some observer
+  - core/configmaps/openshift-authentication/v4-0-config-system-router-certs: required by some observer
+testType: ApplyConfiguration
+now: 2025-08-07T22:38:20Z
\ No newline at end of file