Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-22868

accessTokenInactivityTimeout field is required when configuring oauth identity providers

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Major
    • 4.15.0
    • 4.15
    • HyperShift
    • None
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause – configuring htpasswd without setting accessTokenInactivityTimeout field
      Consequence – Failed to apply cluster manifest
      Fix – change accessTokenInactivityTimeout to be an optional field
      Result – htpasswd can be configured without setting accessTokenInactivityTimeout field.
      Show
      Cause – configuring htpasswd without setting accessTokenInactivityTimeout field Consequence – Failed to apply cluster manifest Fix – change accessTokenInactivityTimeout to be an optional field Result – htpasswd can be configured without setting accessTokenInactivityTimeout field.
    • Bug Fix
    • In Progress

    Description

      Description of problem:

      It failed to configure oauth identity providers in the HostedCluster when accessTokenInactivityTimeout is not set

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      always

      Steps to Reproduce:

      1. Create a cluster
2. configure htpasswd without accessTokenInactivityTimeout field in the HostedCluster CR
3. it failed to apply

      Actual results:

       

      jiezhao-mac:hypershift jiezhao$ oc get hostedcluster -n clusters -o yaml > cluster.yaml 
  spec:
    configuration:
      oauth:
        identityProviders:
        - htpasswd:
            fileData:
              name: htpass-secret
          mappingMethod: claim
          name: my_htpasswd_provider
          type: HTPasswd
      secretRefs:
      - name: htpass-secret
jiezhao-mac:hypershift jiezhao$ oc apply -f cluster.yaml
The HostedCluster "jie-test" is invalid: spec.configuration.oauth: Invalid value: "object": no such key: tokenConfig evaluating rule: spec.configuration.oauth.tokenConfig.accessTokenInactivityTimeout minimum acceptable token timeout value is 300 seconds

       

       

      Expected results:

      htpasswd should be configured successfully without accessTokenInactivityTimeout field

      Additional info:

      When accessTokenInactivityTimeout it set to 300s, htpasswd is configured in the HostedCluster successfully.

jiezhao-mac:hypershift jiezhao$ oc get hostedcluster -n clusters -o yaml > cluster.yaml

  spec:
    configuration:
      oauth:
        identityProviders:
        - htpasswd:
            fileData:
              name: htpass-secret
          mappingMethod: claim
          name: my_htpasswd_provider
          type: HTPasswd
        tokenConfig:
          accessTokenInactivityTimeout: 300s
      secretRefs:
      - name: htpass-secret

jiezhao-mac:hypershift jiezhao$ oc apply -f cluster.yaml 
hostedcluster.hypershift.openshift.io/jie-test configured
jiezhao-mac:hypershift jiezhao$ 

jiezhao-mac:hypershift jiezhao$ oc get hostedcluster/jie-test -n clusters -ojsonpath='{.spec.configuration}' | jq
{
  "oauth": {
    "identityProviders": [
      {
        "htpasswd": {
          "fileData": {
            "name": "htpass-secret"
          }
        },
        "mappingMethod": "claim",
        "name": "my_htpasswd_provider",
        "type": "HTPasswd"
      }
    ],
    "tokenConfig": {
      "accessTokenInactivityTimeout": "300s"
    }
  }
}

      Attachments

        Activity

          People

            rh-ee-mraee Mulham Raee
            rhn-support-jiezhao Jie Zhao
            Jie Zhao Jie Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: