Bug 1992592

Summary: list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply
Product: OpenShift Container Platform Reporter: Simon Reber <sreber>
Component: oauth-apiserverAssignee: Emily Moss <emoss>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 4.8CC: aos-bugs, mfojtik, slaznick, surbania
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2022545 (view as bug list) Environment:
Last Closed: 2022-03-10 16:05:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2015306    

Description Simon Reber 2021-08-11 11:39:24 UTC 
Description of problem:

The definition of identityProviders in oauth.config.openshift.io is missing the list-type and list-map-keys to allow Server Side Apply. Server Side Apply is key functionality to allow proper usage of GitOps with tools such as OpenShift GitOps, kustomize or even ansible with k8s module.

See reference in https://github.com/openshift/cluster-authentication-operator/blob/release-4.8/vendor/github.com/openshift/api/config/v1/types_oauth.go#L31

Version-Release number of selected component (if applicable):

 - OpenShift Container Platform 4.8.4

How reproducible:

 - Always

Steps to Reproduce:
1. It's missing in the code in https://github.com/openshift/cluster-authentication-operator/blob/release-4.8/vendor/github.com/openshift/api/config/v1/types_oauth.go#L31 and thus Server Side Apply won't work

Actual results:

Server Side Apply can't be used to manage oauth.config.openshift.io

Expected results:

It should be possible to configure oauth.config.openshift.io with Server Side Apply once list-type and list-map-keys are set.
 
Additional info:

This bug is based on the conversation in https://issues.redhat.com/browse/RFE-2071
Comment 1 Sergiusz Urbaniak 2021-08-11 11:41:03 UTC 
lowering severity as we have no degradation in cluster functionality.
Comment 2 Sergiusz Urbaniak 2021-08-16 12:07:39 UTC 
sprint review: this bug is well understood, triaged and will be implemented. currently unplanned though.
Comment 8 liyao 2021-10-27 02:36:40 UTC 
Tested in fresh cluster 4.10.0-0.nightly-2021-10-25-190146

Check the CRD and it's found missing atomic list-type is there, moving to VERIFIED. 

$ oc get CustomResourceDefinition oauths.config.openshift.io -o yaml
/**snipped**/
                    type:
                      description: type identifies the identity provider type for
                        this entry.
                      type: string
                  type: object
                type: array
                x-kubernetes-list-type: atomic
              templates:
                description: templates allow you to customize pages like the login
                  page.
/**snipped**/
Comment 12 errata-xmlrpc 2022-03-10 16:05:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056