Bug 1670733 - Optional config maps / secrets are not handled correctly in IDP config
Summary: Optional config maps / secrets are not handled correctly in IDP config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Auth
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.1.0
Assignee: Standa Laznicka
QA Contact: Chuan Yu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-01-30 09:44 UTC by Chuan Yu
Modified: 2019-06-04 10:42 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2019-06-04 10:42:28 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 None None None 2019-06-04 10:42:36 UTC

Description Chuan Yu 2019-01-30 09:44:03 UTC
Description of problem:
when configure github idp 'ca' field, the field not handled correctly in IDP config

Version-Release number of selected component (if applicable):
oc get clusterversion
NAME      VERSION                             
version   4.0.0-0.nightly-2019-01-29-025207 

How reproducible:
always

Steps to Reproduce:
1.when configure github idp 'ca' field is optional, but pod logs display `MountVolume.SetUp failed for volume "v4-0-config-user-idp-1--ca-crt" : configmap "v4-0-config-user-idp-1--ca-crt" not found`,so after edit oauth resource, the new authentication pod can not create successfully.And set 'ca: {}',still have this problem.

'''
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: htpassidp
    challenge: true
    login: true
    mappingMethod: claim
    type: HTPasswd
    htpasswd:
      fileData:
        name: htpass-secret
  - name: github 
    challenge: false 
    login: true 
    mappingMethod: claim
    type: GitHub
    github:
      ca: {}
      clientID: c8ae7fa7fb268595719b 
      clientSecret: 
          name: my-secret 
'''
2.
3.

Actual results:
pod failed to create.

Expected results:
The pod created successfully.

Additional info:
Also tried the Google IDP, the clientSecret still could not mount to the openshift-authentication pod.

Comment 1 Standa Laznicka 2019-01-30 16:37:30 UTC
Already tracked in https://jira.coreos.com/browse/AUTH-232

Comment 4 Chuan Yu 2019-02-13 03:06:10 UTC
Since the PR has merged, moved to ON_QA to verify.

Comment 5 Chuan Yu 2019-02-13 03:07:41 UTC
The github and google IDP working now.
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE     STATUS
version   4.0.0-0.nightly-2019-02-12-005016   True        False         17h       Cluster version is 4.0.0-0.nightly-2019-02-12-005016

Comment 8 errata-xmlrpc 2019-06-04 10:42:28 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758


Note You need to log in before you can comment on or make changes to this bug.