Bug 2111842

Summary: vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
Product: OpenShift Container Platform Reporter: Standa Laznicka <slaznick>
Component: apiserver-authAssignee: Krzysztof Ostrowski <kostrows>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: medium Docs Contact:
Priority: high    
Version: 4.10CC: mfojtik, stevsmit, surbania, wlewis
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* Previously, the Cluster Authentication Operator state was set to `progressing = false` after receiving a `workloadIsBeingUpdatedTooLong` error. At the same time, `degraded = false` was kept for the time of the `inertia` defined. Consequently, the shortened amount of progressing and increased time of degraded would create a situation where `progressing = false` and `degraded = false` were set prematurely. This caused inconsistent OpenShift CI tests because a healthy state was assumed, which was incorrect. This issue has been fixed by removing the `progressing = false` setting after the `workloadIsBeingUpdatedTooLong` error is returned. Now, because there is no `progressing = false` state, OpenShift CI tests are more consistent. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2111842#h11[*BZ2111842*]).
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:53:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Standa Laznicka 2022-07-28 10:04:49 UTC 
[Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]

is failing often in CI on vSphere, see:
https://sippy.ci.openshift.org/sippy-ng/tests/4.10/analysis?test=%5BSerial%5D%20%5Bsig-auth%5D%5BFeature%3AOAuthServer%5D%20%5BRequestHeaders%5D%20%5BIdP%5D%20test%20RequestHeaders%20IdP%20%5BSuite%3Aopenshift%2Fconformance%2Fserial%5D

Example job: 

https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ci-4.10-e2e-aws-serial/1493027293939896320

This failure is blocking some payloads from being delivered.

Seems to be showing up around 16% on vSphere serial, and is making it hard to see if things are good/bad based on job health.

https://search.ci.openshift.org/?search=unexpected+error+response+status.*+401+&maxAge=48h&context=1&type=bug%2Bjunit&name=4.10.*vsphere-serial&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job

Happens on other platforms but less often.

==============================

This BZ was created as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2054254 for fixes that should ACTUALLY fix the original bug.

The previous one got VERIFIED likely due to expected criteria being set vaguely. This test should not fail at all or in minimum of cases where the cluster-authentication-operator is not to blame for the failure, and neither are errors in the test logic.
Comment 2 Xingxing Xia 2022-10-08 04:08:37 UTC 
Checked test results in sippy.dptools.openshift.org for "Variants" of "vsphere-ipi", "100.0% (21 runs)" pass rate is shown. And regression tests since the changes did not show issues. Per this, moving to VERIFIED directly.
Comment 5 errata-xmlrpc 2023-01-17 19:53:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399