Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-12350

OAuth Proxy SAR cannot be overridden in Fuse Online 1.5

    Details

    • Type: Bug
    • Status: Done
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: fuse-7.5-GA
    • Fix Version/s: None
    • Component/s: Fuse Online
    • Labels:
      None
    • Sprint:
      Fuse 7.6 - Sprint 56 (2/4)
    • Steps to Reproduce:
      • Deploy Fuse Online via it's Operator (1.5)
      • Attempt to modify or remove the SAR setting from the OAuth Proxy that's deployed
      • The Operator will revert the change

      Description

      In previous releases of Fuse Online (1.4.x) we have been able to modify the OAuth Proxy DeploymentConfig that is set up by the Syndesis Operator, to remove any SAR checks.

      In Fuse Online 1.5 this appears to have changed, and continuous reconciliation of the OAuth Proxy means that we can no longer override the DeploymentConfig. The Syndesis Operator will revert the change.

      There is a DisableSarCheck flag on master, however this is not available in 1.5, so cannot be used as a workaround to implement the same functionality.

      This results in there being no way to allow any user logged into OpenShift to access the same console, as the SAR check is enforced. Which has resulted in a broken migration path when taking our (RHMI) clusters from 1.4 to 1.5.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  phantomjinx Paul Richardson
                  Reporter:
                  akeating1 Aiden Keating
                  Tester:
                  Andrej Vano
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: