-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.15.0
-
None
Description of problem:
OAuth-Proxy breaks when it's using Service Account as an oauth-client as documented in https://docs.openshift.com/container-platform/4.15/authentication/using-service-accounts-as-oauth-client.html
Version-Release number of selected component (if applicable):
4.15
How reproducible:
100%
Steps to Reproduce:
1. install an OCP cluster without the ImageRegistry capability 2. deploy an oauth-proxy that uses an SA as its OAuth2 client 3. try to login to the oauth-proxy using valid credentials
Actual results:
The login fails, the oauth-server logs: 2024-02-05T13:30:56.059910994Z E0205 13:30:56.059873 1 osinserver.go:91] internal error: system:serviceaccount:my-namespace:my-sa has no tokens
Expected results:
The login succeeds
Additional info:
- clones
-
OCPBUGS-30319 ServiceAccounts can no longer be used as OAuth2 clients
- Closed
- depends on
-
OCPBUGS-30319 ServiceAccounts can no longer be used as OAuth2 clients
- Closed
- links to
-
RHBA-2024:3327 OpenShift Container Platform 4.15.z bug fix update
(1 links to)