Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1493

RFE: Guardrails on IdP configuration

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Undefined
    • None
    • None
    • Auth
    • False
    • False
    • 0
    • 0% 0%
    • Undefined

    Description

      1. Proposed title of this feature request

      Guardrails on IdP configuration

      2. What is the nature and description of the request?

      We had an alert come in to SRE that the cluster-version-operator was telling us that there were errors in the openshift-authentication operator. This was seemingly due to an invalid configuration on one or multiple of their IdP configurations. See the errors below.

      3. Why does the customer need this? (List the business requirements here)

      It's a better customer experience to validate the configuration of the IdP before it starts throwing alerts to SREs.

      4. List any affected packages or components.

      Cluster-Authentication Operator

      E1222 15:09:31.702217       1 oauth.go:75] failed to honor IDP v1.IdentityProvider{Name:"OpenID", MappingMethod:"claim", IdentityProviderConfig:v1.IdentityProviderConfig{Type:"OpenID", BasicAuth:(*v1.BasicAuthIdentityProvider)(nil), GitHub:(*v1.GitHubIdentityProvider)(nil), GitLab:(*v1.GitLabIdentityProvider)(nil), Google:(*v1.GoogleIdentityProvider)(nil), HTPasswd:(*v1.HTPasswdIdentityProvider)(nil), Keystone:(*v1.KeystoneIdentityProvider)(nil), LDAP:(*v1.LDAPIdentityProvider)(nil), OpenID:(*v1.OpenIDIdentityProvider)(0xc000103ef0), RequestHeader:(*v1.RequestHeaderIdentityProvider)(nil)}}: couldn't get https://login.microsoftonline.com/[UUID-REDACTED]/v2.0/.well-known/openid-configuration/.well-known/openid-configuration: unexpected response status 404
E1222 15:09:31.745329       1 oauth.go:75] failed to honor IDP v1.IdentityProvider{Name:"azure", MappingMethod:"claim", IdentityProviderConfig:v1.IdentityProviderConfig{Type:"OpenID", BasicAuth:(*v1.BasicAuthIdentityProvider)(nil), GitHub:(*v1.GitHubIdentityProvider)(nil), GitLab:(*v1.GitLabIdentityProvider)(nil), Google:(*v1.GoogleIdentityProvider)(nil), HTPasswd:(*v1.HTPasswdIdentityProvider)(nil), Keystone:(*v1.KeystoneIdentityProvider)(nil), LDAP:(*v1.LDAPIdentityProvider)(nil), OpenID:(*v1.OpenIDIdentityProvider)(0xc0011ae000), RequestHeader:(*v1.RequestHeaderIdentityProvider)(nil)}}: couldn't get https://login.microsoftonline.com/[UUID-REDACTED]/v2.0/.well-known/openid-configuration/.well-known/openid-configuration: unexpected response status 404

      If this is not the appropriate venue for such a request, please let me know where I can submit this.

      Edit:

      Today we're also seeing a similar problem with CloudCredential Operator, there was a provisioning issue that's causing errors in the operator, which is bubbling back up to us as an alert that Cloud-Credential Operator is down.

      Attachments

        Activity

          People

            anachand Anandnatraj Chandramohan (Inactive)
            iamkirkbater Kirk Bater
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: