Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.14.z, 4.15.z, 4.17.0, 4.16.z
Component/s: HyperShift
Labels:

Severity:
Moderate
Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, when a hosted cluster proxy used an IDP that had an HTTP or HTTPS endpoint, the hostname of the IDP was not resolved before it was sent through the proxy. As a consequence, hostnames that could be resolved only by the data plane failed to be resolved for IDPs. With this fix, the DNS lookup is completed before IDP traffic is sent through the Konnectivity channel. As a result, the control plane Operator can verify IDPs with hostnames that can be resolved only by the data plane. (link:https://issues.redhat.com/browse/OCPBUGS-38349[*OCPBUGS-38349*])

Show
* Previously, when a hosted cluster proxy used an IDP that had an HTTP or HTTPS endpoint, the hostname of the IDP was not resolved before it was sent through the proxy. As a consequence, hostnames that could be resolved only by the data plane failed to be resolved for IDPs. With this fix, the DNS lookup is completed before IDP traffic is sent through the Konnectivity channel. As a result, the control plane Operator can verify IDPs with hostnames that can be resolved only by the data plane. (link: https://issues.redhat.com/browse/OCPBUGS-38349 [* OCPBUGS-38349 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.18.0
Target Backport Versions:

4.14.z, 4.15.z, 4.17.z, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

When using configuring an OpenID idp that can only be accessed via the data plane, if the hostname of the provider can only be resolved by the data plane, reconciliation of the idp fails.

Version-Release number of selected component (if applicable):

    4.16

How reproducible:

    always

Steps to Reproduce:

    1. Configure an OpenID idp on a HostedCluster with a URL that points to a service in the dataplane (like https://keycloak.keycloak.svc)

Actual results:

    The oauth server fails to be reconciled

Expected results:

    The oauth server reconciles and functions properly

Additional info:

    Follow up to OCPBUGS-37753

blocks

OCPBUGS-41371 [release-4.17] OpenID IDP endpoint verification fails when hostname can only be resolved by data plane

Closed

is cloned by

OCPBUGS-41371 [release-4.17] OpenID IDP endpoint verification fails when hostname can only be resolved by data plane

Closed

links to

openshift/hypershift#4516: OCPBUGS-38349: CPO oauth idp converter: resolve names before dialing

RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update

Assignee:: Cesar Wong

Reporter:: Cesar Wong

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/08/12 1:35 PM

Updated:: 2025/01/27 9:50 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates