Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44201

OIDC IDP validation check should not be fatal to CPO reconcilation

XMLWordPrintable

    • Important
    • None
    • Hypershift Sprint 261
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, an invalid or unreachable identity provider (IDP) blocked updates to {hcp}. With this release, the `ValidIDPConfiguration` condition in the `HostedCluster` object now reports any IDP errors so that these errors do not block updates to {hcp}. (link:https://issues.redhat.com/browse/OCPBUGS-43840[*OCPBUGS-43840*])
      ----
      Fixes and issue where an invalid or unreachable IDP configuration can block updates to the Hosted Control Plane. IDP configuration errors are now reported on a new ValidIDPConfiguration condition on the HostedCluster.
      Show
      * Previously, an invalid or unreachable identity provider (IDP) blocked updates to {hcp}. With this release, the `ValidIDPConfiguration` condition in the `HostedCluster` object now reports any IDP errors so that these errors do not block updates to {hcp}. (link: https://issues.redhat.com/browse/OCPBUGS-43840 [* OCPBUGS-43840 *]) ---- Fixes and issue where an invalid or unreachable IDP configuration can block updates to the Hosted Control Plane. IDP configuration errors are now reported on a new ValidIDPConfiguration condition on the HostedCluster.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-43840. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-43746. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-38132. The following is the description of the original issue:

      The CPO reconciliation aborts when the OIDC/LDAP IDP validation check fails and this result in failure to reconcile for any components that are reconciled after that point in the code.

      This failure should not be fatal to the CPO reconcile and should likely be reported as a condition on the HC.

      xref

      Customer incident
      https://issues.redhat.com/browse/OCPBUGS-38071

      RFE for bypassing the check
      https://issues.redhat.com/browse/RFE-5638

      PR to proxy the IDP check through the data plane network
      https://github.com/openshift/hypershift/pull/4273

       

            agarcial@redhat.com Alberto Garcia Lamela
            openshift-crt-jira-prow OpenShift Prow Bot
            Jie Zhao Jie Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: