diff --git a/pkg/cmd/mom/output_resources_command.go b/pkg/cmd/mom/output_resources_command.go index 23c0dbc304..84f11db8d0 100644 --- a/pkg/cmd/mom/output_resources_command.go +++ b/pkg/cmd/mom/output_resources_command.go @@ -29,6 +29,7 @@ func runOutputResources(ctx context.Context) (*libraryoutputresources.OutputReso libraryoutputresources.ExactConfigMap("openshift-authentication", "audit"), libraryoutputresources.ExactConfigMap("openshift-authentication", "v4-0-config-system-trusted-ca-bundle"), + libraryoutputresources.ExactConfigMap("openshift-authentication", "v4-0-config-system-cliconfig"), libraryoutputresources.ExactDeployment("openshift-authentication", "oauth-openshift"), libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-session"), libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-ocp-branding-template"), diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2e46-body-authentication-operator.17fe72c59b829800.b2cdb588.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2e46-body-authentication-operator.17fe72c59b829800.b2cdb588.yaml new file mode 100644 index 0000000000..74c49be1c7 --- /dev/null +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2e46-body-authentication-operator.17fe72c59b829800.b2cdb588.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +count: 1 +eventTime: null +firstTimestamp: "2024-10-14T22:38:20Z" +involvedObject: + kind: Deployment + name: authentication-operator + namespace: openshift-authentication-operator +kind: Event +lastTimestamp: "2024-10-14T22:38:20Z" +message: 'Writing updated section ("oauthServer") of observed config: "\u00a0\u00a0map[string]any(\n-\u00a0\tnil,\n+\u00a0\t{\n+\u00a0\t\t\"corsAllowedOrigins\": + []any{string(`//127\\.0\\.0\\.1(:|$)`), string(\"//localhost(:|$)\")},\n+\u00a0\t\t\"oauthConfig\": + map[string]any{\n+\u00a0\t\t\t\"loginURL\": string(\"https://api.ostest.test.metalkube.org:6443\"),\n+\u00a0\t\t\t\"tokenConfig\": + map[string]any{\n+\u00a0\t\t\t\t\"accessTokenMaxAgeSeconds\": float64(86400),\n+\u00a0\t\t\t\t\"authorizeTokenMaxAgeSeconds\": + float64(300),\n+\u00a0\t\t\t},\n+\u00a0\t\t},\n+\u00a0\t\t\"serverArguments\": map[string]any{\n+\u00a0\t\t\t\"audit-log-format\": []any{string(\"json\")},\n+\u00a0\t\t\t\"audit-log-maxbackup\": + []any{string(\"10\")},\n+\u00a0\t\t\t\"audit-log-maxsize\": []any{string(\"100\")},\n+\u00a0\t\t\t\"audit-log-path\": []any{string(\"/var/log/oauth-server/audit.log\")},\n+\u00a0\t\t\t\"audit-policy-file\": []any{string(\"/var/run/configmaps/audit/audit.\"...)},\n+\u00a0\t\t},\n+\u00a0\t\t\"servingInfo\": + map[string]any{\n+\u00a0\t\t\t\"cipherSuites\": []any{\n+\u00a0\t\t\t\tstring(\"TLS_AES_128_GCM_SHA256\"), + string(\"TLS_AES_256_GCM_SHA384\"),\n+\u00a0\t\t\t\tstring(\"TLS_CHACHA20_POLY1305_SHA256\"),\n+\u00a0\t\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM\"...), + ...,\n+\u00a0\t\t\t},\n+\u00a0\t\t\t\"minTLSVersion\": string(\"VersionTLS12\"),\n+\u00a0\t\t},\n+\u00a0\t},\n\u00a0\u00a0)\n"' +metadata: + creationTimestamp: null + name: authentication-operator.17fe72c59b829800.b2cdb588 + namespace: openshift-authentication-operator +reason: ObservedConfigChanged +reportingComponent: "" +reportingInstance: "" +source: + component: cluster-authentication-operator-run-once-sync-context +type: Normal diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-metadata-authentication-operator.17fe72c59b829800.57eb8535.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2e46-metadata-authentication-operator.17fe72c59b829800.b2cdb588.yaml similarity index 74% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-metadata-authentication-operator.17fe72c59b829800.57eb8535.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2e46-metadata-authentication-operator.17fe72c59b829800.b2cdb588.yaml index 208ed73bd5..55b33f320c 100644 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-metadata-authentication-operator.17fe72c59b829800.57eb8535.yaml +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2e46-metadata-authentication-operator.17fe72c59b829800.b2cdb588.yaml @@ -1,7 +1,7 @@ action: Create controllerInstanceName: "" generateName: "" -name: authentication-operator.17fe72c59b829800.57eb8535 +name: authentication-operator.17fe72c59b829800.b2cdb588 namespace: openshift-authentication-operator resourceType: Group: "" diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-body-authentication-operator.17fe72c59b829800.57eb8535.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-body-authentication-operator.17fe72c59b829800.57eb8535.yaml deleted file mode 100644 index a240af1a54..0000000000 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-body-authentication-operator.17fe72c59b829800.57eb8535.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -count: 1 -eventTime: null -firstTimestamp: "2024-10-14T22:38:20Z" -involvedObject: - kind: Deployment - name: authentication-operator - namespace: openshift-authentication-operator -kind: Event -lastTimestamp: "2024-10-14T22:38:20Z" -message: 'Writing updated section ("oauthServer") of observed config: " map[string]any(\n- - \tnil,\n+ \t{\n+ \t\t\"corsAllowedOrigins\": []any{string(`//127\\.0\\.0\\.1(:|$)`), - string(\"//localhost(:|$)\")},\n+ \t\t\"oauthConfig\": map[string]any{\n+ \t\t\t\"loginURL\": - string(\"https://api.ostest.test.metalkube.org:6443\"),\n+ \t\t\t\"tokenConfig\": - map[string]any{\n+ \t\t\t\t\"accessTokenMaxAgeSeconds\": float64(86400),\n+ \t\t\t\t\"authorizeTokenMaxAgeSeconds\": - float64(300),\n+ \t\t\t},\n+ \t\t},\n+ \t\t\"serverArguments\": map[string]any{\n+ - \t\t\t\"audit-log-format\": []any{string(\"json\")},\n+ \t\t\t\"audit-log-maxbackup\": - []any{string(\"10\")},\n+ \t\t\t\"audit-log-maxsize\": []any{string(\"100\")},\n+ - \t\t\t\"audit-log-path\": []any{string(\"/var/log/oauth-server/audit.log\")},\n+ - \t\t\t\"audit-policy-file\": []any{string(\"/var/run/configmaps/audit/audit.\"...)},\n+ - \t\t},\n+ \t\t\"servingInfo\": map[string]any{\n+ \t\t\t\"cipherSuites\": []any{\n+ - \t\t\t\tstring(\"TLS_AES_128_GCM_SHA256\"), string(\"TLS_AES_256_GCM_SHA384\"),\n+ - \t\t\t\tstring(\"TLS_CHACHA20_POLY1305_SHA256\"),\n+ \t\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM\"...), - ...,\n+ \t\t\t},\n+ \t\t\t\"minTLSVersion\": string(\"VersionTLS12\"),\n+ \t\t},\n+ - \t},\n )\n"' -metadata: - creationTimestamp: null - name: authentication-operator.17fe72c59b829800.57eb8535 - namespace: openshift-authentication-operator -reason: ObservedConfigChanged -reportingComponent: "" -reportingInstance: "" -source: - component: cluster-authentication-operator-run-once-sync-context -type: Normal diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/86b1-body-authentication-operator.17fe72c59b829800.5aa4f723.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/86b1-body-authentication-operator.17fe72c59b829800.5aa4f723.yaml new file mode 100644 index 0000000000..a60c45ee20 --- /dev/null +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/86b1-body-authentication-operator.17fe72c59b829800.5aa4f723.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +count: 1 +eventTime: null +firstTimestamp: "2024-10-14T22:38:20Z" +involvedObject: + kind: Deployment + name: authentication-operator + namespace: openshift-authentication-operator +kind: Event +lastTimestamp: "2024-10-14T22:38:20Z" +message: 'Writing updated section ("oauthAPIServer") of observed config: "\u00a0\u00a0map[string]any(\n-\u00a0\tnil,\n+\u00a0\t{\n+\u00a0\t\t\"apiServerArguments\": + map[string]any{\n+\u00a0\t\t\t\"api-audiences\": []any{string(\"https://kubernetes.default.svc\")},\n+\u00a0\t\t\t\"cors-allowed-origins\": + []any{string(`//127\\.0\\.0\\.1(:|$)`), string(\"//localhost(:|$)\")},\n+\u00a0\t\t\t\"feature-gates\": []any{},\n+\u00a0\t\t\t\"tls-cipher-suites\": + []any{\n+\u00a0\t\t\t\tstring(\"TLS_AES_128_GCM_SHA256\"), string(\"TLS_AES_256_GCM_SHA384\"),\n+\u00a0\t\t\t\tstring(\"TLS_CHACHA20_POLY1305_SHA256\"),\n+\u00a0\t\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM\"...), + ...,\n+\u00a0\t\t\t},\n+\u00a0\t\t\t\"tls-min-version\": string(\"VersionTLS12\"),\n+\u00a0\t\t},\n+\u00a0\t},\n\u00a0\u00a0)\n"' +metadata: + creationTimestamp: null + name: authentication-operator.17fe72c59b829800.5aa4f723 + namespace: openshift-authentication-operator +reason: ObservedConfigChanged +reportingComponent: "" +reportingInstance: "" +source: + component: cluster-authentication-operator-run-once-sync-context +type: Normal diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-metadata-authentication-operator.17fe72c59b829800.2a24f1b5.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/86b1-metadata-authentication-operator.17fe72c59b829800.5aa4f723.yaml similarity index 74% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-metadata-authentication-operator.17fe72c59b829800.2a24f1b5.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/86b1-metadata-authentication-operator.17fe72c59b829800.5aa4f723.yaml index e940eb94f4..cafb48bbf3 100644 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-metadata-authentication-operator.17fe72c59b829800.2a24f1b5.yaml +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/86b1-metadata-authentication-operator.17fe72c59b829800.5aa4f723.yaml @@ -1,7 +1,7 @@ action: Create controllerInstanceName: "" generateName: "" -name: authentication-operator.17fe72c59b829800.2a24f1b5 +name: authentication-operator.17fe72c59b829800.5aa4f723 namespace: openshift-authentication-operator resourceType: Group: "" diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-body-authentication-operator.17fe72c59b829800.2a24f1b5.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-body-authentication-operator.17fe72c59b829800.2a24f1b5.yaml deleted file mode 100644 index 0692bf920c..0000000000 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-body-authentication-operator.17fe72c59b829800.2a24f1b5.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -count: 1 -eventTime: null -firstTimestamp: "2024-10-14T22:38:20Z" -involvedObject: - kind: Deployment - name: authentication-operator - namespace: openshift-authentication-operator -kind: Event -lastTimestamp: "2024-10-14T22:38:20Z" -message: 'Writing updated section ("oauthAPIServer") of observed config: " map[string]any(\n- - \tnil,\n+ \t{\n+ \t\t\"apiServerArguments\": map[string]any{\n+ \t\t\t\"api-audiences\": []any{string(\"https://kubernetes.default.svc\")},\n+ - \t\t\t\"cors-allowed-origins\": []any{string(`//127\\.0\\.0\\.1(:|$)`), string(\"//localhost(:|$)\")},\n+ - \t\t\t\"feature-gates\": []any{},\n+ \t\t\t\"tls-cipher-suites\": []any{\n+ - \t\t\t\tstring(\"TLS_AES_128_GCM_SHA256\"), string(\"TLS_AES_256_GCM_SHA384\"),\n+ - \t\t\t\tstring(\"TLS_CHACHA20_POLY1305_SHA256\"),\n+ \t\t\t\tstring(\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM\"...), - ...,\n+ \t\t\t},\n+ \t\t\t\"tls-min-version\": string(\"VersionTLS12\"),\n+ \t\t},\n+ - \t},\n )\n"' -metadata: - creationTimestamp: null - name: authentication-operator.17fe72c59b829800.2a24f1b5 - namespace: openshift-authentication-operator -reason: ObservedConfigChanged -reportingComponent: "" -reportingInstance: "" -source: - component: cluster-authentication-operator-run-once-sync-context -type: Normal diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/3ed4-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml similarity index 66% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/3ed4-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml index 8046c48ba4..cf331f5d57 100644 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/3ed4-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml @@ -6,7 +6,7 @@ metadata: labels: authentication.openshift.io/csr: openshift-authenticator spec: - request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkRUQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk1RUkx4S1BYZklJZHFYQUlMcmpidHNJRmVTZDRPQW8KNFFZbFAvWGlTTEVpNnJydWRCa2xuVVl1UTM3N2g4Mnh0Vk43QnhLUUkxVWFYeDg2R3hreFgwNmdBREFLQmdncQpoa2pPUFFRREFnTklBREJGQWlBVGUwZjMyQStJa2NSS0djN25zU2dRaytCVXRQejlyWU55TVljNmN2Q3A0QUloCkFOdVI2TFhmcXBOYUYyYTBadzNzdWV0Vms5dElUaXQ3WXlWeE1Ka2dtSHhyCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= + request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkRUQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkxRT3F0QlYyVnpFTEpPak5MSGdDeTV1aTNMb0VqYUoKYmpUNVZtamN0WGVhZm9tN2Z1LzQ1UkZuSG1USFFaTkVZS2R5VHVhWE1CWHpDYThaM05QOGowS2dBREFLQmdncQpoa2pPUFFRREFnTklBREJGQWlFQTFXRFdBNzNkaVhEb1l0dFpqM2RCcVRUUnBaVlh5bFhzWmhPamdPTjdmUzBDCklEbXY2bUFsNzBxaUZjL1dmWnM0ekZSRVpxTEt0bXVjQ2hxTS93RGExRWhBCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= signerName: kubernetes.io/kube-apiserver-client usages: - digital signature diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/3ed4-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/64b2-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/3ed4-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/c450-body-authentication-operator.18599d2230299800.18b41977.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/c450-body-authentication-operator.18599d2230299800.18b41977.yaml new file mode 100644 index 0000000000..352ecc418e --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/c450-body-authentication-operator.18599d2230299800.18b41977.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +count: 1 +eventTime: null +firstTimestamp: "2025-08-07T22:38:20Z" +involvedObject: + kind: Deployment + name: authentication-operator + namespace: openshift-authentication-operator +kind: Event +lastTimestamp: "2025-08-07T22:38:20Z" +message: Created ConfigMap/v4-0-config-system-cliconfig -n openshift-authentication + because it was missing +metadata: + creationTimestamp: null + name: authentication-operator.18599d2230299800.18b41977 + namespace: openshift-authentication-operator +reason: ConfigMapCreated +reportingComponent: "" +reportingInstance: "" +source: + component: cluster-authentication-operator-run-once-sync-context +type: Normal diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/c450-metadata-authentication-operator.18599d2230299800.18b41977.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/c450-metadata-authentication-operator.18599d2230299800.18b41977.yaml new file mode 100644 index 0000000000..936c4ab95c --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/c450-metadata-authentication-operator.18599d2230299800.18b41977.yaml @@ -0,0 +1,9 @@ +action: Create +controllerInstanceName: "" +generateName: "" +name: authentication-operator.18599d2230299800.18b41977 +namespace: openshift-authentication-operator +resourceType: + Group: "" + Resource: events + Version: v1 diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/82b1-body-v4-0-config-system-cliconfig.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/82b1-body-v4-0-config-system-cliconfig.yaml new file mode 100644 index 0000000000..581b735ac5 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/82b1-body-v4-0-config-system-cliconfig.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + v4-0-config-system-cliconfig: '{"admission":{},"apiVersion":"osin.config.openshift.io/v1","auditConfig":{"auditFilePath":"","enabled":false,"logFormat":"","maximumFileRetentionDays":0,"maximumFileSizeMegabytes":0,"maximumRetainedFiles":0,"policyConfiguration":null,"policyFile":"","webHookKubeConfig":"","webHookMode":""},"corsAllowedOrigins":["//127\\.0\\.0\\.1(:|$)","//localhost(:|$)"],"kind":"OsinServerConfig","kubeClientConfig":{"connectionOverrides":{"acceptContentTypes":"","burst":400,"contentType":"","qps":400},"kubeConfig":""},"oauthConfig":{"alwaysShowProviderSelection":false,"assetPublicURL":"https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","grantConfig":{"method":"deny","serviceAccountMethod":"prompt"},"identityProviders":null,"loginURL":"https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443","masterCA":"/var/config/system/configmaps/v4-0-config-system-service-ca/service-ca.crt","masterPublicURL":"https://oauth-openshift.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","masterURL":"https://oauth-openshift.openshift-authentication.svc","sessionConfig":{"sessionMaxAgeSeconds":300,"sessionName":"ssn","sessionSecretsFile":"/var/config/system/secrets/v4-0-config-system-session/v4-0-config-system-session"},"templates":{"error":"/var/config/system/secrets/v4-0-config-system-ocp-branding-template/errors.html","login":"/var/config/system/secrets/v4-0-config-system-ocp-branding-template/login.html","providerSelection":"/var/config/system/secrets/v4-0-config-system-ocp-branding-template/providers.html"},"tokenConfig":{"accessTokenMaxAgeSeconds":86400,"authorizeTokenMaxAgeSeconds":300}},"servingInfo":{"bindAddress":"0.0.0.0:6443","bindNetwork":"tcp","certFile":"/var/config/system/secrets/v4-0-config-system-serving-cert/tls.crt","cipherSuites":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"],"keyFile":"/var/config/system/secrets/v4-0-config-system-serving-cert/tls.key","maxRequestsInFlight":1000,"minTLSVersion":"VersionTLS12","namedCertificates":[{"certFile":"/var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","keyFile":"/var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","names":["*.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX"]}],"requestTimeoutSeconds":300},"storageConfig":{"ca":"","certFile":"","keyFile":"","storagePrefix":""}}' +kind: ConfigMap +metadata: + creationTimestamp: null + labels: + app: oauth-openshift + name: v4-0-config-system-cliconfig + namespace: openshift-authentication diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/82b1-metadata-v4-0-config-system-cliconfig.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/82b1-metadata-v4-0-config-system-cliconfig.yaml new file mode 100644 index 0000000000..5f94b36115 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/82b1-metadata-v4-0-config-system-cliconfig.yaml @@ -0,0 +1,9 @@ +action: Create +controllerInstanceName: TODO-payloadConfigController +generateName: "" +name: v4-0-config-system-cliconfig +namespace: openshift-authentication +resourceType: + Group: "" + Resource: configmaps + Version: v1 diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/controller-results.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/controller-results.yaml new file mode 100644 index 0000000000..fcee3c694a --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/controller-results.yaml @@ -0,0 +1,81 @@ +controllerResults: +- controllerName: APIServerStaticResources-StaticResources + status: Skipped +- controllerName: NamespaceFinalizerController_openshift-oauth-apiserver + status: Skipped +- controllerName: OAuthAPIServerController-WorkloadWorkloadController + status: Skipped +- controllerName: RevisionController + status: Skipped +- controllerName: SecretRevisionPruneController + status: Skipped +- controllerName: TODO-authRouteCheckController + status: Skipped +- controllerName: TODO-authServiceCheckController + status: Skipped +- controllerName: TODO-authServiceEndpointCheckController + status: Skipped +- controllerName: TODO-authenticatorCertRequester + status: Skipped +- controllerName: TODO-configObserver + status: Skipped +- controllerName: TODO-configOverridesController + status: Skipped +- controllerName: TODO-customRouteController + status: Skipped +- controllerName: TODO-deploymentController + status: Skipped +- controllerName: TODO-ingressStateController + status: Skipped +- controllerName: TODO-logLevelController + status: Skipped +- controllerName: TODO-managementStateController + status: Skipped +- controllerName: TODO-metadataController + status: Skipped +- controllerName: TODO-oauthClientsSwitchedController + status: Skipped +- controllerName: TODO-other-configObserver + status: Skipped +- controllerName: TODO-other-externalOIDCController + status: Skipped +- controllerName: TODO-payloadConfigController + status: Succeeded +- controllerName: TODO-proxyConfigController + status: Skipped +- controllerName: TODO-resourceSyncer + status: Skipped +- controllerName: TODO-routerCertsController + status: Skipped +- controllerName: TODO-serviceCAController + status: Skipped +- controllerName: TODO-staleConditions + status: Skipped +- controllerName: TODO-staticResourceController + status: Skipped +- controllerName: TODO-trustDistributionController + status: Skipped +- controllerName: TODO-webhookAuthController + status: Skipped +- controllerName: TODO-webhookCertsApprover + status: Skipped +- controllerName: TODO-wellKnownReadyController + status: Skipped +- controllerName: TODO-workersAvailableController + status: Skipped +- controllerName: auditPolicyController + status: Skipped +- controllerName: authentication + status: Skipped +- controllerName: openshift-apiserver-APIService + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionCondition + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionKey + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionMigration + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionPrune + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionState + status: Skipped diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/authentications.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/authentications.yaml new file mode 100644 index 0000000000..f1ef7dda09 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/authentications.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: config.openshift.io/v1 +items: +- apiVersion: config.openshift.io/v1 + kind: Authentication + metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/create-only: "true" + creationTimestamp: "2025-08-01T18:29:45Z" + generation: 2 + managedFields: + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:include.release.openshift.io/ibm-cloud-managed: {} + f:include.release.openshift.io/self-managed-high-availability: {} + f:release.openshift.io/create-only: {} + f:ownerReferences: + .: {} + k:{"uid":"fd412cff-9592-4cb6-b0e9-97a5c376f29e"}: {} + f:spec: {} + manager: cluster-version-operator + operation: Update + time: "2025-08-01T18:29:45Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + f:oauthMetadata: + .: {} + f:name: {} + f:serviceAccountIssuer: {} + f:type: {} + f:webhookTokenAuthenticator: + .: {} + f:kubeConfig: + .: {} + f:name: {} + manager: authentication-operator + operation: Update + time: "2025-08-01T18:35:35Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + .: {} + f:integratedOAuthMetadata: + .: {} + f:name: {} + manager: authentication-operator + operation: Update + subresource: status + time: "2025-08-01T18:44:36Z" + name: cluster + ownerReferences: + - apiVersion: config.openshift.io/v1 + kind: ClusterVersion + name: version + uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e + resourceVersion: "20310" + uid: 7adc5a7e-47eb-41c7-af2e-9faa138dccc5 + spec: + oauthMetadata: + name: "" + serviceAccountIssuer: "" + type: "" + webhookTokenAuthenticator: + kubeConfig: + name: webhook-authentication-integrated-oauth + status: + integratedOAuthMetadata: + name: oauth-openshift +kind: AuthenticationList +metadata: + continue: "" + resourceVersion: "269028" diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml new file mode 100644 index 0000000000..742f22c1c1 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: config.openshift.io/v1 +items: +- apiVersion: config.openshift.io/v1 + kind: ClusterVersion + metadata: + creationTimestamp: "2025-08-01T18:29:12Z" + generation: 2 + managedFields: + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + .: {} + f:clusterID: {} + manager: cluster-bootstrap + operation: Update + time: "2025-08-01T18:29:12Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + .: {} + f:availableUpdates: {} + f:capabilities: + .: {} + f:enabledCapabilities: {} + f:knownCapabilities: {} + f:conditions: + .: {} + k:{"type":"Available"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:status: {} + f:type: {} + k:{"type":"Failing"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"ImplicitlyEnabledCapabilities"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"Progressing"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:status: {} + f:type: {} + k:{"type":"ReleaseAccepted"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"RetrievedUpdates"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + f:desired: + .: {} + f:image: {} + f:version: {} + f:history: {} + f:observedGeneration: {} + f:versionHash: {} + manager: cluster-version-operator + operation: Update + subresource: status + time: "2025-08-01T18:56:59Z" + name: version + resourceVersion: "31637" + uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e + spec: + clusterID: 190ba3d3-45b9-4976-aa21-92d473f597b5 + status: + availableUpdates: null + capabilities: + enabledCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - OperatorLifecycleManagerV1 + - Storage + - baremetal + - marketplace + - openshift-samples + knownCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - OperatorLifecycleManagerV1 + - Storage + - baremetal + - marketplace + - openshift-samples + conditions: + - lastTransitionTime: "2025-08-01T18:29:17Z" + message: The update channel has not been configured. + reason: NoChannel + status: "False" + type: RetrievedUpdates + - lastTransitionTime: "2025-08-01T18:29:17Z" + message: Capabilities match configured spec + reason: AsExpected + status: "False" + type: ImplicitlyEnabledCapabilities + - lastTransitionTime: "2025-08-01T18:29:17Z" + message: Payload loaded version="4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest" + image="registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336" + architecture="amd64" + reason: PayloadLoaded + status: "True" + type: ReleaseAccepted + - lastTransitionTime: "2025-08-01T18:56:59Z" + message: Done applying 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest + status: "True" + type: Available + - lastTransitionTime: "2025-08-01T18:56:59Z" + status: "False" + type: Failing + - lastTransitionTime: "2025-08-01T18:56:59Z" + message: Cluster version is 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest + status: "False" + type: Progressing + desired: + image: registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336 + version: 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest + history: + - completionTime: "2025-08-01T18:56:59Z" + image: registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336 + startedTime: "2025-08-01T18:29:17Z" + state: Completed + verified: false + version: 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest + observedGeneration: 2 + versionHash: yySvC9w70rw= +kind: ClusterVersionList +metadata: + continue: "" + resourceVersion: "269027" diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml new file mode 100644 index 0000000000..78a66bcd89 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml @@ -0,0 +1,1094 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: Authentication +metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/create-only: "true" + creationTimestamp: "2025-08-01T18:29:46Z" + generation: 9 + managedFields: + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WebhookAuthenticatorCertApprover_OpenShiftAuthenticatorDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: WebhookAuthenticatorCertApprover_OpenShiftAuthenticator-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:34:07Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ManagementStateDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: authentication-ManagementState + operation: Apply + subresource: status + time: "2025-08-01T18:34:07Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"UnsupportedConfigOverridesUpgradeable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-UnsupportedConfigOverrides + operation: Apply + subresource: status + time: "2025-08-01T18:34:07Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"Encrypted"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionCondition + operation: Apply + subresource: status + time: "2025-08-01T18:34:09Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionKeyControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionKey + operation: Apply + subresource: status + time: "2025-08-01T18:34:09Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionMigrationControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"EncryptionMigrationControllerProgressing"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionMigration + operation: Apply + subresource: status + time: "2025-08-01T18:34:09Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionPruneControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionPrune + operation: Apply + subresource: status + time: "2025-08-01T18:34:09Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionStateControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionState + operation: Apply + subresource: status + time: "2025-08-01T18:34:09Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthAPIServerConfigObservationDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-apiserver-ConfigObserver + operation: Apply + subresource: status + time: "2025-08-01T18:34:11Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ResourceSyncControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-server-ResourceSync + operation: Apply + subresource: status + time: "2025-08-01T18:34:13Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"AuditPolicyDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-apiserver-AuditPolicy + operation: Apply + subresource: status + time: "2025-08-01T18:34:14Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"RouterCertsDomainValidationControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: RouterCertsDomainValidationController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:34:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"AuthenticatorCertKeyProgressing"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-WebhookAuthenticator + operation: Apply + subresource: status + time: "2025-08-01T18:34:19Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"APIServerStaticResourcesDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: APIServerStaticResources-StaticResources + operation: Apply + subresource: status + time: "2025-08-01T18:34:24Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:latestAvailableRevision: {} + manager: oauth-apiserver-RevisionController + operation: Apply + subresource: status + time: "2025-08-01T18:34:24Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"RevisionControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: RevisionController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:34:25Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OpenshiftAuthenticationStaticResourcesDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OpenshiftAuthenticationStaticResources-StaticResources + operation: Apply + subresource: status + time: "2025-08-01T18:34:39Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServiceDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"SystemServiceCAConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-ServiceCA + operation: Apply + subresource: status + time: "2025-08-01T18:34:41Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerConfigObservationDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-server-ConfigObserver + operation: Apply + subresource: status + time: "2025-08-01T18:34:45Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"RouterCertsDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-RouterCertsDomainValidation + operation: Apply + subresource: status + time: "2025-08-01T18:34:45Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WebhookAuthenticatorControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: WebhookAuthenticatorController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:35:35Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ReadyIngressNodesAvailable"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-IngressNodesAvailable + operation: Apply + subresource: status + time: "2025-08-01T18:41:27Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"APIServicesAvailable"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"APIServicesDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-apiserver-APIService + operation: Apply + subresource: status + time: "2025-08-01T18:43:54Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ProxyConfigControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: ProxyConfigController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:45:32Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"IngressStateEndpointsDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"IngressStatePodsDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-IngressState + operation: Apply + subresource: status + time: "2025-08-01T18:45:39Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthConfigIngressDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthConfigRouteDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthConfigServiceDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthSessionSecretDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-PayloadConfig + operation: Apply + subresource: status + time: "2025-08-01T18:45:40Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointAccessibleControllerAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerService-EndpointAccessible + operation: Apply + subresource: status + time: "2025-08-01T18:45:51Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointAccessibleControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerServiceEndpointAccessibleController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:45:51Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"CustomRouteControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: CustomRouteController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:45:52Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerRouteEndpointAccessibleControllerAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerRoute-EndpointAccessible + operation: Apply + subresource: status + time: "2025-08-01T18:45:53Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointsEndpointAccessibleControllerAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerServiceEndpoints-EndpointAccessible + operation: Apply + subresource: status + time: "2025-08-01T18:45:53Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"AuthConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"IngressConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthSystemMetadataDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-Metadata + operation: Apply + subresource: status + time: "2025-08-01T18:45:54Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthClientsControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthClientsController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:45:55Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointsEndpointAccessibleControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerServiceEndpointsEndpointAccessibleController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:45:55Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerRouteEndpointAccessibleControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerRouteEndpointAccessibleController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:45:56Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerDeploymentAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthServerDeploymentDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthServerDeploymentProgressing"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthServerWorkloadDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + f:generations: + k:{"group":"apps","name":"oauth-openshift","namespace":"openshift-authentication","resource":"deployments"}: + .: {} + f:group: {} + f:lastGeneration: {} + f:name: {} + f:namespace: {} + f:resource: {} + manager: OAuthServer-Workload + operation: Apply + subresource: status + time: "2025-08-01T18:47:47Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"APIServerDeploymentAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"APIServerDeploymentDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"APIServerDeploymentProgressing"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"APIServerWorkloadDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + f:generations: + k:{"group":"apps","name":"apiserver","namespace":"openshift-oauth-apiserver","resource":"deployments"}: + .: {} + f:group: {} + f:lastGeneration: {} + f:name: {} + f:namespace: {} + f:resource: {} + manager: OAuthAPIServerController-Workload + operation: Apply + subresource: status + time: "2025-08-01T18:49:38Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WellKnownReadyControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: WellKnownReadyController-reportDegraded + operation: Apply + subresource: status + time: "2025-08-01T18:56:32Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WellKnownAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"WellKnownReadyControllerProgressing"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-authentication-WellKnownReady + operation: Apply + subresource: status + time: "2025-08-01T18:56:32Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:include.release.openshift.io/self-managed-high-availability: {} + f:include.release.openshift.io/single-node-developer: {} + f:release.openshift.io/create-only: {} + f:ownerReferences: + .: {} + k:{"uid":"fd412cff-9592-4cb6-b0e9-97a5c376f29e"}: {} + f:spec: + .: {} + f:logLevel: {} + f:managementState: {} + f:operatorLogLevel: {} + manager: cluster-version-operator + operation: Update + time: "2025-08-01T18:29:46Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + f:observedConfig: + .: {} + f:oauthAPIServer: + .: {} + f:apiServerArguments: + .: {} + f:api-audiences: {} + f:cors-allowed-origins: {} + f:etcd-servers: {} + f:tls-cipher-suites: {} + f:tls-min-version: {} + f:oauthServer: + .: {} + f:corsAllowedOrigins: {} + f:oauthConfig: + .: {} + f:assetPublicURL: {} + f:loginURL: {} + f:templates: + .: {} + f:error: {} + f:login: {} + f:providerSelection: {} + f:tokenConfig: + .: {} + f:accessTokenMaxAgeSeconds: {} + f:authorizeTokenMaxAgeSeconds: {} + f:serverArguments: + .: {} + f:audit-log-format: {} + f:audit-log-maxbackup: {} + f:audit-log-maxsize: {} + f:audit-log-path: {} + f:audit-policy-file: {} + f:servingInfo: + .: {} + f:cipherSuites: {} + f:minTLSVersion: {} + f:namedCertificates: {} + f:volumesToMount: + .: {} + f:identityProviders: {} + f:unsupportedConfigOverrides: {} + manager: authentication-operator + operation: Update + time: "2025-08-01T18:46:38Z" + name: cluster + ownerReferences: + - apiVersion: config.openshift.io/v1 + kind: ClusterVersion + name: version + uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e + resourceVersion: "30999" + uid: fa91c2c0-b4a8-44f5-b2bf-1d34f1ffba2d +spec: + logLevel: Normal + managementState: Managed + observedConfig: + oauthAPIServer: + apiServerArguments: + api-audiences: + - https://kubernetes.default.svc + cors-allowed-origins: + - //127\.0\.0\.1(:|$) + - //localhost(:|$) + etcd-servers: + - https://10.0.114.231:2379 + - https://10.0.34.16:2379 + - https://10.0.62.215:2379 + tls-cipher-suites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + tls-min-version: VersionTLS12 + oauthServer: + corsAllowedOrigins: + - //127\.0\.0\.1(:|$) + - //localhost(:|$) + oauthConfig: + assetPublicURL: https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX + loginURL: https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443 + templates: + error: /var/config/system/secrets/v4-0-config-system-ocp-branding-template/errors.html + login: /var/config/system/secrets/v4-0-config-system-ocp-branding-template/login.html + providerSelection: /var/config/system/secrets/v4-0-config-system-ocp-branding-template/providers.html + tokenConfig: + accessTokenMaxAgeSeconds: 86400 + authorizeTokenMaxAgeSeconds: 300 + serverArguments: + audit-log-format: + - json + audit-log-maxbackup: + - "10" + audit-log-maxsize: + - "100" + audit-log-path: + - /var/log/oauth-server/audit.log + audit-policy-file: + - /var/run/configmaps/audit/audit.yaml + servingInfo: + cipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + minTLSVersion: VersionTLS12 + namedCertificates: + - certFile: /var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX + keyFile: /var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX + names: + - '*.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX' + volumesToMount: + identityProviders: '{}' + operatorLogLevel: Normal + unsupportedConfigOverrides: null +status: + conditions: + - lastTransitionTime: "2025-08-01T18:34:07Z" + reason: NoUnsupportedConfigOverrides + status: "True" + type: UnsupportedConfigOverridesUpgradeable + - lastTransitionTime: "2025-08-01T18:34:07Z" + status: "False" + type: ManagementStateDegraded + - lastTransitionTime: "2025-08-01T18:34:07Z" + reason: AsExpected + status: "False" + type: WebhookAuthenticatorCertApprover_OpenShiftAuthenticatorDegraded + - lastTransitionTime: "2025-08-01T18:41:27Z" + message: "" + reason: "" + status: "True" + type: ReadyIngressNodesAvailable + - lastTransitionTime: "2025-08-01T18:34:25Z" + reason: AsExpected + status: "False" + type: RevisionControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:09Z" + status: "False" + type: EncryptionPruneControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:09Z" + status: "False" + type: EncryptionMigrationControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:09Z" + status: "False" + type: EncryptionMigrationControllerProgressing + - lastTransitionTime: "2025-08-01T18:34:09Z" + status: "False" + type: Encrypted + - lastTransitionTime: "2025-08-01T18:34:09Z" + status: "False" + type: EncryptionKeyControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:09Z" + status: "False" + type: EncryptionStateControllerDegraded + - lastTransitionTime: "2025-08-01T18:35:35Z" + reason: AsExpected + status: "False" + type: WebhookAuthenticatorControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:56Z" + reason: AsExpected + status: "True" + type: APIServerDeploymentAvailable + - lastTransitionTime: "2025-08-01T18:34:30Z" + reason: AsExpected + status: "False" + type: APIServerDeploymentDegraded + - lastTransitionTime: "2025-08-01T18:49:38Z" + reason: AsExpected + status: "False" + type: APIServerDeploymentProgressing + - lastTransitionTime: "2025-08-01T18:34:30Z" + status: "False" + type: APIServerWorkloadDegraded + - lastTransitionTime: "2025-08-01T18:43:54Z" + status: "True" + type: APIServicesAvailable + - lastTransitionTime: "2025-08-01T18:34:10Z" + status: "False" + type: APIServicesDegraded + - lastTransitionTime: "2025-08-01T18:34:11Z" + status: "False" + type: OAuthAPIServerConfigObservationDegraded + - lastTransitionTime: "2025-08-01T18:34:35Z" + message: "" + reason: "" + status: "False" + type: OAuthServiceDegraded + - lastTransitionTime: "2025-08-01T18:34:41Z" + message: "" + reason: "" + status: "False" + type: SystemServiceCAConfigDegraded + - lastTransitionTime: "2025-08-01T18:45:51Z" + reason: AsExpected + status: "True" + type: OAuthServerServiceEndpointAccessibleControllerAvailable + - lastTransitionTime: "2025-08-01T18:45:51Z" + reason: AsExpected + status: "True" + type: OAuthServerServiceEndpointsEndpointAccessibleControllerAvailable + - lastTransitionTime: "2025-08-01T18:45:51Z" + reason: AsExpected + status: "False" + type: OAuthServerServiceEndpointAccessibleControllerDegraded + - lastTransitionTime: "2025-08-01T18:45:54Z" + reason: AsExpected + status: "False" + type: OAuthServerServiceEndpointsEndpointAccessibleControllerDegraded + - lastTransitionTime: "2025-08-01T18:45:39Z" + message: "" + reason: "" + status: "False" + type: IngressStateEndpointsDegraded + - lastTransitionTime: "2025-08-01T18:34:12Z" + message: "" + reason: "" + status: "False" + type: IngressStatePodsDegraded + - lastTransitionTime: "2025-08-01T18:34:13Z" + status: "False" + type: ResourceSyncControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:14Z" + status: "False" + type: AuditPolicyDegraded + - lastTransitionTime: "2025-08-01T18:34:45Z" + message: "" + reason: AsExpected + status: "False" + type: RouterCertsDegraded + - lastTransitionTime: "2025-08-01T18:34:15Z" + reason: AsExpected + status: "False" + type: RouterCertsDomainValidationControllerDegraded + - lastTransitionTime: "2025-08-01T18:34:45Z" + status: "False" + type: OAuthServerConfigObservationDegraded + - lastTransitionTime: "2025-08-01T18:34:19Z" + message: All is well + reason: AsExpected + status: "False" + type: AuthenticatorCertKeyProgressing + - lastTransitionTime: "2025-08-01T18:34:24Z" + message: "" + reason: AsExpected + status: "False" + type: APIServerStaticResourcesDegraded + - lastTransitionTime: "2025-08-01T18:34:39Z" + message: "" + reason: AsExpected + status: "False" + type: OpenshiftAuthenticationStaticResourcesDegraded + - lastTransitionTime: "2025-08-01T18:56:32Z" + reason: AsExpected + status: "True" + type: WellKnownAvailable + - lastTransitionTime: "2025-08-01T18:56:32Z" + status: "False" + type: WellKnownReadyControllerProgressing + - lastTransitionTime: "2025-08-01T18:45:51Z" + reason: AsExpected + status: "True" + type: OAuthServerRouteEndpointAccessibleControllerAvailable + - lastTransitionTime: "2025-08-01T18:45:40Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigDegraded + - lastTransitionTime: "2025-08-01T18:45:40Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigIngressDegraded + - lastTransitionTime: "2025-08-01T18:45:40Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigRouteDegraded + - lastTransitionTime: "2025-08-01T18:45:40Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigServiceDegraded + - lastTransitionTime: "2025-08-01T18:45:40Z" + message: "" + reason: "" + status: "False" + type: OAuthSessionSecretDegraded + - lastTransitionTime: "2025-08-01T18:45:52Z" + reason: AsExpected + status: "False" + type: OAuthClientsControllerDegraded + - lastTransitionTime: "2025-08-01T18:45:53Z" + message: "" + reason: "" + status: "False" + type: AuthConfigDegraded + - lastTransitionTime: "2025-08-01T18:45:53Z" + message: "" + reason: "" + status: "False" + type: IngressConfigDegraded + - lastTransitionTime: "2025-08-01T18:45:53Z" + message: "" + reason: "" + status: "False" + type: OAuthSystemMetadataDegraded + - lastTransitionTime: "2025-08-01T18:45:32Z" + reason: AsExpected + status: "False" + type: ProxyConfigControllerDegraded + - lastTransitionTime: "2025-08-01T18:56:32Z" + reason: AsExpected + status: "False" + type: WellKnownReadyControllerDegraded + - lastTransitionTime: "2025-08-01T18:45:36Z" + reason: AsExpected + status: "True" + type: OAuthServerDeploymentAvailable + - lastTransitionTime: "2025-08-01T18:45:36Z" + reason: AsExpected + status: "False" + type: OAuthServerDeploymentDegraded + - lastTransitionTime: "2025-08-01T18:47:47Z" + reason: AsExpected + status: "False" + type: OAuthServerDeploymentProgressing + - lastTransitionTime: "2025-08-01T18:45:36Z" + status: "False" + type: OAuthServerWorkloadDegraded + - lastTransitionTime: "2025-08-01T18:45:55Z" + reason: AsExpected + status: "False" + type: OAuthServerRouteEndpointAccessibleControllerDegraded + - lastTransitionTime: "2025-08-01T18:45:52Z" + reason: AsExpected + status: "False" + type: CustomRouteControllerDegraded + generations: + - group: apps + lastGeneration: 5 + name: apiserver + namespace: openshift-oauth-apiserver + resource: deployments + - group: apps + lastGeneration: 4 + name: oauth-openshift + namespace: openshift-authentication + resource: deployments + latestAvailableRevision: 1 diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/core/secrets.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/core/secrets.yaml new file mode 100644 index 0000000000..8a8f214ff0 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/core/secrets.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +items: +- apiVersion: v1 + data: + v4-0-config-system-session: eyJraW5kIjoiU2Vzc2lvblNlY3JldHMiLCJhcGlWZXJzaW9uIjoib3BlcmF0b3J2MWNsaWVudCIsInNlY3JldHMiOlt7ImF1dGhlbnRpY2F0aW9uIjoiWTNteFNBZGZKdE9fQ1VYOGx4VTZnLXpENnhWNTJ6VjNuVWNweHhPX0k5NmFHZW1IUXA1RVduYmw5ZkI3LVlYbCIsImVuY3J5cHRpb24iOiJLX2ZLemNGQUt6eVBNbG1NLU9ZcVRyeG9rUW1abDhzOCJ9XX0= + kind: Secret + metadata: + creationTimestamp: "2025-08-01T18:44:36Z" + labels: + app: oauth-openshift + managedFields: + - apiVersion: v1 + fieldsType: FieldsV1 + fieldsV1: + f:data: + .: {} + f:v4-0-config-system-session: {} + f:metadata: + f:labels: + .: {} + f:app: {} + f:type: {} + manager: authentication-operator + operation: Update + time: "2025-08-01T18:44:36Z" + name: v4-0-config-system-session + namespace: openshift-authentication + resourceVersion: "20293" + uid: 1ab2c769-1f5b-4442-8652-ed0ebbded1a7 + type: Opaque +kind: SecretList +metadata: + resourceVersion: "269056" \ No newline at end of file diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/core/services/oauth-openshift.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/core/services/oauth-openshift.yaml new file mode 100644 index 0000000000..ca6502762c --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/core/services/oauth-openshift.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + operator.openshift.io/spec-hash: d9e6d53076d47ab2d123d8b1ba8ec6543488d973dcc4e02349493cd1c33bce83 + service.alpha.openshift.io/serving-cert-secret-name: v4-0-config-system-serving-cert + service.alpha.openshift.io/serving-cert-signed-by: openshift-service-serving-signer@1754073255 + service.beta.openshift.io/serving-cert-signed-by: openshift-service-serving-signer@1754073255 + creationTimestamp: "2025-08-01T18:34:31Z" + labels: + app: oauth-openshift + managedFields: + - apiVersion: v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:operator.openshift.io/spec-hash: {} + f:service.alpha.openshift.io/serving-cert-secret-name: {} + f:labels: + .: {} + f:app: {} + f:spec: + f:internalTrafficPolicy: {} + f:ports: + .: {} + k:{"port":443,"protocol":"TCP"}: + .: {} + f:name: {} + f:port: {} + f:protocol: {} + f:targetPort: {} + f:selector: {} + f:sessionAffinity: {} + f:type: {} + manager: authentication-operator + operation: Update + time: "2025-08-01T18:34:31Z" + - apiVersion: v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + f:service.alpha.openshift.io/serving-cert-signed-by: {} + f:service.beta.openshift.io/serving-cert-signed-by: {} + manager: service-ca-operator + operation: Update + time: "2025-08-01T18:34:40Z" + name: oauth-openshift + namespace: openshift-authentication + resourceVersion: "8642" + uid: 751fd500-5c7a-4b59-8c64-ea8aad587954 +spec: + clusterIP: 172.30.228.83 + clusterIPs: + - 172.30.228.83 + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: https + port: 443 + protocol: TCP + targetPort: 6443 + selector: + app: oauth-openshift + sessionAffinity: None + type: ClusterIP +status: + loadBalancer: {} diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/route.openshift.io/routes.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/route.openshift.io/routes.yaml new file mode 100644 index 0000000000..08ccd53cf3 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/input-dir/namespaces/openshift-authentication/route.openshift.io/routes.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: route.openshift.io/v1 +items: +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + creationTimestamp: "2025-08-01T18:44:36Z" + labels: + app: oauth-openshift + managedFields: + - apiVersion: route.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:labels: + .: {} + f:app: {} + f:spec: + f:host: {} + f:port: + .: {} + f:targetPort: {} + f:tls: + .: {} + f:insecureEdgeTerminationPolicy: {} + f:termination: {} + f:to: + f:kind: {} + f:name: {} + f:weight: {} + f:wildcardPolicy: {} + manager: authentication-operator + operation: Update + time: "2025-08-01T18:44:36Z" + - apiVersion: route.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:ingress: {} + manager: openshift-router + operation: Update + subresource: status + time: "2025-08-01T18:44:36Z" + name: oauth-openshift + namespace: openshift-authentication + resourceVersion: "20297" + uid: f3652ccc-9da2-49a3-8819-cf9b3cbc1fb2 + spec: + host: oauth-openshift.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX + port: + targetPort: 6443 + tls: + insecureEdgeTerminationPolicy: Redirect + termination: passthrough + to: + kind: Service + name: oauth-openshift + weight: 100 + wildcardPolicy: None + status: + ingress: + - conditions: + - lastTransitionTime: "2025-08-01T18:44:36Z" + status: "True" + type: Admitted + host: oauth-openshift.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX + routerCanonicalHostname: router-default.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX + routerName: default + wildcardPolicy: None +kind: RouteList +metadata: + resourceVersion: "269050" diff --git a/test-data/apply-configuration/overall/oauth-server-payloadcontroller/test.yaml b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/test.yaml new file mode 100644 index 0000000000..17c403416c --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-server-payloadcontroller/test.yaml @@ -0,0 +1,18 @@ +binaryName: ./authentication-operator +testName: creation of the oauth-server configuration +controllers: + - "TODO-payloadConfigController" +description: > + This test runs only the controller, which produces the configuration for oauth-server. + + The purpose of this test is to show which input resources are required to run the operator and the controller. + + input-dir: + - config.openshift.io/clusterversions: required to "start the operator" (CreateOperatorStarter/prepareOauthOperator) + - config.openshift.io/authentications/cluster: required by the controller + - operator.openshift.io/authentications/cluster: required by the controller, otherwise OAuthConfigDegraded is put and no cfg + - openshift-authentication/route.openshift.io/routes/oauth-openshift: required by the controller, otherwise OAuthConfigRouteDegraded is put and no cfg + - openshift-authentication/core/services/oauth-openshift: required by the controller, otherwise OAuthConfigServiceDegraded is put and no cfg + - openshift-authentication/core/secrets/v4-0-config-system-session: not strictly required but it makes the test stable and on a real system this artefact will be created only once (?) and then reused +testType: ApplyConfiguration +now: 2025-08-07T22:38:20Z \ No newline at end of file