Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.19.z, 4.20.0
Component/s: HyperShift
Labels:
- triaged

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Proposed
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:
The job for testing OIDC fails to deploy hosted cluster due to invalid OIDC configuration. The configuration is applied in this step.
The Console cluster operator fails to start with this error:

- lastTransitionTime: "2025-07-18T04:12:09Z"
    message: |-
      AuthStatusHandlerDegraded: error converting obj to typed: .spec.oidcProviders[name="microsoft-entra-id"].claimMappings.extra: field not declared in schema
      CLIAuthStatusHandlerDegraded: error converting obj to typed: .spec.oidcProviders[name="microsoft-entra-id"].claimMappings.extra: field not declared in schema
    reason: AuthStatusHandler_FailedApply::CLIAuthStatusHandler_FailedApply

The console-operator fails at authentication.go#L57.
The schema for TokenClaimMappings is hardcoded in internal.go which is a vendored "client-go" dependency at version github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2 (from April 2)
However, the "extra" and "uid" config elements were merged in client-go later on April 25 as part of this PR.
The console operator needs another bump of client-go library so as to be able to consume the new elements in configuration.
The current version of client-go used by console operator doesn't included the required changes on all recent branches (main, release-4.20, release-4.19)

Version-Release number of selected component (if applicable):

4.19, 4.20

How reproducible:

Always

Steps to Reproduce:

    1. Run the job for 4.20: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/job-history/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-azure-aks-hypershift-ext-oidc-tp-guest-f14
    2. Or, run the job for 4.19: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/job-history/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.19-amd64-nightly-azure-aks-hypershift-ext-oidc-tp-guest-f14

Actual results:

The hosted cluster doesn't properly start due to Console cluster operator failing.

Expected results:

The hosted cluster starts successfully.

Additional info:

is duplicated by

OCPBUGS-57736 Console degraded with "claimMappings.extra: field not declared in schem" when set extra field in external oidc

Verified

Assignee:: Martin Gencur

Reporter:: Martin Gencur

Need Info From:: None

Contributors:: None

QA Contact:: Martin Gencur

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/07/25 11:53 AM

Updated:: 2025/07/30 2:34 AM

Resolved:: 2025/07/30 2:32 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide