Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30319

ServiceAccounts can no longer be used as OAuth2 clients

XMLWordPrintable

    • Important
    • Yes
    • Approved
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the `ServiceAccounts` resource could not be used with OAuth clients for a cluster with the `ImageRegistry` capability enabled . With this release, this issue is fixed. (link:https://issues.redhat.com/browse/OCPBUGS-30319[*OCPBUGS-30319*])
      Show
      * Previously, the `ServiceAccounts` resource could not be used with OAuth clients for a cluster with the `ImageRegistry` capability enabled . With this release, this issue is fixed. (link: https://issues.redhat.com/browse/OCPBUGS-30319 [* OCPBUGS-30319 *])
    • Bug Fix
    • Done

      Description of problem:

          OAuth-Proxy breaks when it's using Service Account as an oauth-client as documented in https://docs.openshift.com/container-platform/4.15/authentication/using-service-accounts-as-oauth-client.html

      Version-Release number of selected component (if applicable):

          4.15

      How reproducible:

          100%

      Steps to Reproduce:

          1. install an OCP cluster without the ImageRegistry capability
          2. deploy an oauth-proxy that uses an SA as its OAuth2 client
          3. try to login to the oauth-proxy using valid credentials
          

      Actual results:

          The login fails, the oauth-server logs:
      
      2024-02-05T13:30:56.059910994Z E0205 13:30:56.059873       1 osinserver.go:91] internal error: system:serviceaccount:my-namespace:my-sa has no tokens

      Expected results:

          The login succeeds

      Additional info:

          

            rh-ee-irinis Ilias Rinis
            slaznick@redhat.com Stanislav Láznička
            Deepak Punia Deepak Punia
            Votes:
            2 Vote for this issue
            Watchers:
            17 Start watching this issue

              Created:
              Updated:
              Resolved: