Description of problem:
Configured challenge=false for identity provider, when run `oc login` should prompt how to generate a token but not prompt input user/password
Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.0.0-0.nightly-2019-01-30-174704 True False 19h Cluster version is 4.0.0-0.nightly-2019-01-30-174704
Steps to Reproduce:
1.Configured challenge=false for Google identity provider
2.run `oc login --server=***` from cli
There prompt to input user/password
Should prompt how to generate a token
(Sorry Gabe, did not mean to tag you on this)
Fixing this will require:
1. Address https://github.com/openshift/origin/blob/f4b9f88b0cda4dde61e1d7fa9b0b3baed03868fc/pkg/oauthserver/authenticator/password/bootstrap/bootstrap.go#L91-L96
2. Probably some finesse in the operator to track the permanently disabled state so it knows to restart the deplyoment
3. Maybe some special handling for kube:admin in https://github.com/openshift/origin/blob/610ba8d1797daeefc4d6baad0e0d56c836d39c0c/pkg/oauthserver/authenticator/challenger/placeholderchallenger/placeholder_challenger.go#L20-L33 (we can likely live without this if we go with the assumption that kube:admin will generally be disabled in production clusters)
It will be terrible UX but we can live without this in 4.1
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.