Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30319

ServiceAccounts can no longer be used as OAuth2 clients

XMLWordPrintable

    • Important
    • Yes
    • Approved
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          OAuth-Proxy breaks when it's using Service Account as an oauth-client as documented in https://docs.openshift.com/container-platform/4.15/authentication/using-service-accounts-as-oauth-client.html

      Version-Release number of selected component (if applicable):

          4.15

      How reproducible:

          100%

      Steps to Reproduce:

          1. install an OCP cluster without the ImageRegistry capability
    2. deploy an oauth-proxy that uses an SA as its OAuth2 client
    3. try to login to the oauth-proxy using valid credentials

      Actual results:

          The login fails, the oauth-server logs:

2024-02-05T13:30:56.059910994Z E0205 13:30:56.059873       1 osinserver.go:91] internal error: system:serviceaccount:my-namespace:my-sa has no tokens

      Expected results:

          The login succeeds

      Additional info:

            rh-ee-irinis Ilias Rinis
            slaznick@redhat.com Stanislav Laznicka
            Deepak Punia Deepak Punia
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated: