Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1493

RFE: Guardrails on IdP configuration

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • Auth
    • False
    • False
    • Undefined

      1. Proposed title of this feature request

      Guardrails on IdP configuration

      2. What is the nature and description of the request?

      We had an alert come in to SRE that the cluster-version-operator was telling us that there were errors in the openshift-authentication operator. This was seemingly due to an invalid configuration on one or multiple of their IdP configurations. See the errors below.

      3. Why does the customer need this? (List the business requirements here)

      It's a better customer experience to validate the configuration of the IdP before it starts throwing alerts to SREs.

      4. List any affected packages or components.

      Cluster-Authentication Operator

      E1222 15:09:31.702217       1 oauth.go:75] failed to honor IDP v1.IdentityProvider{Name:"OpenID", MappingMethod:"claim", IdentityProviderConfig:v1.IdentityProviderConfig{Type:"OpenID", BasicAuth:(*v1.BasicAuthIdentityProvider)(nil), GitHub:(*v1.GitHubIdentityProvider)(nil), GitLab:(*v1.GitLabIdentityProvider)(nil), Google:(*v1.GoogleIdentityProvider)(nil), HTPasswd:(*v1.HTPasswdIdentityProvider)(nil), Keystone:(*v1.KeystoneIdentityProvider)(nil), LDAP:(*v1.LDAPIdentityProvider)(nil), OpenID:(*v1.OpenIDIdentityProvider)(0xc000103ef0), RequestHeader:(*v1.RequestHeaderIdentityProvider)(nil)}}: couldn't get https://login.microsoftonline.com/[UUID-REDACTED]/v2.0/.well-known/openid-configuration/.well-known/openid-configuration: unexpected response status 404
E1222 15:09:31.745329       1 oauth.go:75] failed to honor IDP v1.IdentityProvider{Name:"azure", MappingMethod:"claim", IdentityProviderConfig:v1.IdentityProviderConfig{Type:"OpenID", BasicAuth:(*v1.BasicAuthIdentityProvider)(nil), GitHub:(*v1.GitHubIdentityProvider)(nil), GitLab:(*v1.GitLabIdentityProvider)(nil), Google:(*v1.GoogleIdentityProvider)(nil), HTPasswd:(*v1.HTPasswdIdentityProvider)(nil), Keystone:(*v1.KeystoneIdentityProvider)(nil), LDAP:(*v1.LDAPIdentityProvider)(nil), OpenID:(*v1.OpenIDIdentityProvider)(0xc0011ae000), RequestHeader:(*v1.RequestHeaderIdentityProvider)(nil)}}: couldn't get https://login.microsoftonline.com/[UUID-REDACTED]/v2.0/.well-known/openid-configuration/.well-known/openid-configuration: unexpected response status 404

      If this is not the appropriate venue for such a request, please let me know where I can submit this.

      Edit:

      Today we're also seeing a similar problem with CloudCredential Operator, there was a provisioning issue that's causing errors in the operator, which is bubbling back up to us as an alert that Cloud-Credential Operator is down.

              anachand Anandnatraj Chandramohan (Inactive)
              iamkirkbater Kirk Bater
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: