From 35324ebefbefd051046410d95a8b20abd2f71360 Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Mon, 13 Oct 2025 14:54:27 -0400 Subject: [PATCH 1/3] (bugfix): configure status controller to remove unset versions Signed-off-by: Bryce Palmer --- pkg/operator/starter.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index 8b3f0d290..70d9ecebd 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -474,6 +474,11 @@ func prepareOauthAPIServerOperator( statusControllerOptions = append(statusControllerOptions, apiservercontrollerset.WithStatusControllerPdbCompatibleHighInertia("(APIServer|OAuthServer)")) } + // configure version removal so it removes versions it doesn't know about. + statusControllerOptions = append(statusControllerOptions, func(ss *status.StatusSyncer) *status.StatusSyncer { + return ss.WithVersionRemoval() + }) + const apiServerConditionsPrefix = "APIServer" apiServerControllers, err := apiservercontrollerset.NewAPIServerControllerSet( From 804338d4e8360e840c6c7953555bcd10a270e836 Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Mon, 13 Oct 2025 15:17:36 -0400 Subject: [PATCH 2/3] e2e: add validation to tests that operand versions get unset Signed-off-by: Bryce Palmer --- test/e2e-oidc/external_oidc_test.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/e2e-oidc/external_oidc_test.go b/test/e2e-oidc/external_oidc_test.go index 457c6f5a2..2fd9c9aff 100644 --- a/test/e2e-oidc/external_oidc_test.go +++ b/test/e2e-oidc/external_oidc_test.go @@ -704,6 +704,7 @@ func (tc *testClient) validateOAuthState(t *testing.T, ctx context.Context, requ validationErrs = append(validationErrs, validateOAuthResources(ctx, dynamicClient, requireMissing)...) validationErrs = append(validationErrs, validateOAuthRoutes(ctx, tc.routeClient, tc.configClient, requireMissing)...) validationErrs = append(validationErrs, validateOAuthControllerConditions(tc.operatorClient, requireMissing)...) + validationErrs = append(validationErrs, validateOperandVersions(ctx, tc.configClient, requireMissing)...) return len(validationErrs) == 0, nil }) @@ -849,6 +850,33 @@ func validateOAuthControllerConditions(operatorClient v1helpers.OperatorClient, return nil } +func validateOperandVersions(ctx context.Context, cfgClient *configclient.Clientset, requireMissing bool) []error { + operands := sets.New("oauth-apiserver", "oauth-openshift") + + authnClusterOperator, err := cfgClient.ConfigV1().ClusterOperators().Get(ctx, "authentication", metav1.GetOptions{}) + if err != nil { + return []error{fmt.Errorf("fetching authentication ClusterOperator: %w", err)} + } + + foundOperands := []string{} + for _, version := range authnClusterOperator.Status.Versions { + if operands.Has(version.Name) { + foundOperands = append(foundOperands, version.Name) + } + } + + if requireMissing && len(foundOperands) > 0 { + return []error{fmt.Errorf("authentication ClusterOperator status has operands %v in versions when they should be unset", foundOperands)} + } + + foundSet := sets.New(foundOperands...) + if !requireMissing && !foundSet.Equal(operands) { + return []error{fmt.Errorf("authentication ClusterOperator status expected to have operands %v in versions but got %v", operands.UnsortedList(), foundOperands)} + } + + return nil +} + func (tc *testClient) testOIDCAuthentication(t *testing.T, ctx context.Context, kcClient *test.KeycloakClient, usernameClaim, usernamePrefix string, expectAuthSuccess bool) { // re-authenticate to ensure we always have a fresh token var err error From e3ba0e03ab488f5b4710aec0394080c073c568ae Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Tue, 14 Oct 2025 11:22:22 -0400 Subject: [PATCH 3/3] manifests: remove hardcoded oauth-openshift operand version Signed-off-by: Bryce Palmer --- manifests/08_clusteroperator.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/08_clusteroperator.yaml b/manifests/08_clusteroperator.yaml index 90ccb636a..75ac7e6e2 100644 --- a/manifests/08_clusteroperator.yaml +++ b/manifests/08_clusteroperator.yaml @@ -49,5 +49,3 @@ status: versions: - name: operator version: "0.0.1-snapshot" - - name: oauth-openshift - version: "0.0.1-snapshot_openshift"