diff --git a/pkg/cmd/mom/output_resources_command.go b/pkg/cmd/mom/output_resources_command.go index 23c0dbc30..12f6e7cc4 100644 --- a/pkg/cmd/mom/output_resources_command.go +++ b/pkg/cmd/mom/output_resources_command.go @@ -30,6 +30,7 @@ func runOutputResources(ctx context.Context) (*libraryoutputresources.OutputReso libraryoutputresources.ExactConfigMap("openshift-authentication", "audit"), libraryoutputresources.ExactConfigMap("openshift-authentication", "v4-0-config-system-trusted-ca-bundle"), libraryoutputresources.ExactDeployment("openshift-authentication", "oauth-openshift"), + libraryoutputresources.ExactDeployment("openshift-oauth-apiserver", "apiserver"), libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-session"), libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-ocp-branding-template"), libraryoutputresources.ExactService("openshift-authentication", "oauth-openshift"), diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-body-cluster.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-body-cluster.yaml new file mode 100644 index 000000000..92d380320 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-body-cluster.yaml @@ -0,0 +1,30 @@ +apiVersion: operator.openshift.io/v1 +kind: Authentication +metadata: + name: cluster +status: + conditions: + - lastTransitionTime: "2024-10-14T22:38:20Z" + message: no apiserver.openshift-oauth-apiserver pods available on any node. + reason: NoPod + status: "False" + type: APIServerDeploymentAvailable + - lastTransitionTime: "2025-09-09T00:08:37Z" + reason: AsExpected + status: "False" + type: APIServerDeploymentDegraded + - lastTransitionTime: "2024-10-14T22:38:20Z" + message: 'deployment/apiserver.openshift-oauth-apiserver: 0/1 pods have been updated + to the latest generation and 0/1 pods are available' + reason: PodsUpdating + status: "True" + type: APIServerDeploymentProgressing + - lastTransitionTime: "2025-09-09T00:08:37Z" + status: "False" + type: APIServerWorkloadDegraded + generations: + - group: apps + lastGeneration: 0 + name: apiserver + namespace: openshift-oauth-apiserver + resource: deployments diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-metadata-cluster.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-metadata-cluster.yaml new file mode 100644 index 000000000..fddfc9c82 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-metadata-cluster.yaml @@ -0,0 +1,9 @@ +action: ApplyStatus +controllerInstanceName: OAuthAPIServerController-WorkloadWorkloadController +fieldManager: OAuthAPIServerController-Workload +generateName: "" +name: cluster +resourceType: + Group: operator.openshift.io + Resource: authentications + Version: v1 diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-options-cluster.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-options-cluster.yaml new file mode 100644 index 000000000..46e6a0d53 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-options-cluster.yaml @@ -0,0 +1,2 @@ +fieldManager: OAuthAPIServerController-Workload +force: true diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/638b-body-authentication-operator.17fe72c59b829800.a1874ea9.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/638b-body-authentication-operator.17fe72c59b829800.a1874ea9.yaml new file mode 100644 index 000000000..bd0866fa4 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/638b-body-authentication-operator.17fe72c59b829800.a1874ea9.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +count: 1 +eventTime: null +firstTimestamp: "2024-10-14T22:38:20Z" +involvedObject: + kind: Deployment + name: authentication-operator + namespace: openshift-authentication-operator +kind: Event +lastTimestamp: "2024-10-14T22:38:20Z" +message: Created Deployment.apps/apiserver -n openshift-oauth-apiserver because it + was missing +metadata: + name: authentication-operator.17fe72c59b829800.a1874ea9 + namespace: openshift-authentication-operator +reason: DeploymentCreated +reportingComponent: "" +reportingInstance: "" +source: + component: cluster-authentication-operator-run-once-sync-context +type: Normal diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/638b-metadata-authentication-operator.17fe72c59b829800.a1874ea9.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/638b-metadata-authentication-operator.17fe72c59b829800.a1874ea9.yaml new file mode 100644 index 000000000..31ed0e9d6 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/638b-metadata-authentication-operator.17fe72c59b829800.a1874ea9.yaml @@ -0,0 +1,9 @@ +action: Create +controllerInstanceName: "" +generateName: "" +name: authentication-operator.17fe72c59b829800.a1874ea9 +namespace: openshift-authentication-operator +resourceType: + Group: "" + Resource: events + Version: v1 diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-body-apiserver.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-body-apiserver.yaml new file mode 100644 index 000000000..8a8f62609 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-body-apiserver.yaml @@ -0,0 +1,215 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + openshiftapiservers.operator.openshift.io/operator-pull-spec: "" + operator.openshift.io/spec-hash: b8ea01ab9a9bcf14e72373c020dfae9a968e1b8e5cd4b467a3fc6ae9fdbacff1 + labels: + apiserver: "true" + app: openshift-oauth-apiserver + revision: "1" + name: apiserver + namespace: openshift-oauth-apiserver +spec: + replicas: 0 + selector: + matchLabels: + apiserver: "true" + app: openshift-oauth-apiserver + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + openshift.io/required-scc: privileged + target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' + labels: + apiserver: "true" + app: openshift-oauth-apiserver + oauth-apiserver-anti-affinity: "true" + revision: "1" + name: openshift-oauth-apiserver + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + apiserver: "true" + app: openshift-oauth-apiserver + oauth-apiserver-anti-affinity: "true" + topologyKey: kubernetes.io/hostname + containers: + - args: + - | + if [ -s /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem ]; then + echo "Copying system trust bundle" + cp -f /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + fi + exec oauth-apiserver start \ + --secure-port=8443 \ + --audit-log-path=/var/log/oauth-apiserver/audit.log \ + --audit-log-format=json \ + --audit-log-maxsize=100 \ + --audit-log-maxbackup=10 \ + --audit-policy-file=/var/run/configmaps/audit/policy.yaml \ + --etcd-cafile=/var/run/configmaps/etcd-serving-ca/ca-bundle.crt \ + --etcd-keyfile=/var/run/secrets/etcd-client/tls.key \ + --etcd-certfile=/var/run/secrets/etcd-client/tls.crt \ + --etcd-healthcheck-timeout=9s \ + --etcd-readycheck-timeout=9s \ + --shutdown-delay-duration=50s \ + --shutdown-send-retry-after=true \ + --tls-private-key-file=/var/run/secrets/serving-cert/tls.key \ + --tls-cert-file=/var/run/secrets/serving-cert/tls.crt \ + --enable-priority-and-fairness=false \ + --api-audiences=https://kubernetes.default.svc \ + --cors-allowed-origins='//127\.0\.0\.1(:|$)' \ + --cors-allowed-origins='//localhost(:|$)' \ + --etcd-servers=https://10.0.0.3:2379 \ + --etcd-servers=https://10.0.0.4:2379 \ + --etcd-servers=https://10.0.0.5:2379 \ + --tls-cipher-suites=TLS_AES_128_GCM_SHA256 \ + --tls-cipher-suites=TLS_AES_256_GCM_SHA384 \ + --tls-cipher-suites=TLS_CHACHA20_POLY1305_SHA256 \ + --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ + --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ + --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \ + --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ + --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ + --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ + --tls-min-version=VersionTLS12 \ + --v=2 + command: + - /bin/bash + - -ec + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: livez?exclude=etcd + port: 8443 + scheme: HTTPS + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + name: oauth-apiserver + ports: + - containerPort: 8443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: readyz?exclude=etcd&exclude=etcd-readiness + port: 8443 + scheme: HTTPS + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 150m + memory: 200Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 30 + httpGet: + path: livez + port: 8443 + scheme: HTTPS + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/configmaps/audit + name: audit-policies + - mountPath: /var/run/secrets/etcd-client + name: etcd-client + - mountPath: /var/run/configmaps/etcd-serving-ca + name: etcd-serving-ca + - mountPath: /var/run/configmaps/trusted-ca-bundle + name: trusted-ca-bundle + - mountPath: /var/run/secrets/serving-cert + name: serving-cert + - mountPath: /var/run/secrets/encryption-config + name: encryption-config + - mountPath: /var/log/oauth-apiserver + name: audit-dir + initContainers: + - command: + - sh + - -c + - chmod 0700 /var/log/oauth-apiserver && touch /var/log/oauth-apiserver/audit.log + && chmod 0600 /var/log/oauth-apiserver/* + imagePullPolicy: IfNotPresent + name: fix-audit-permissions + resources: + requests: + cpu: 15m + memory: 50Mi + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/log/oauth-apiserver + name: audit-dir + nodeSelector: + node-role.kubernetes.io/master: "" + priorityClassName: system-node-critical + serviceAccountName: oauth-apiserver-sa + terminationGracePeriodSeconds: 120 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 120 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 120 + volumes: + - configMap: + name: audit-1 + name: audit-policies + - name: etcd-client + secret: + secretName: etcd-client + - configMap: + name: etcd-serving-ca + name: etcd-serving-ca + - name: serving-cert + secret: + secretName: serving-cert + - configMap: + items: + - key: ca-bundle.crt + path: tls-ca-bundle.pem + name: trusted-ca-bundle + optional: true + name: trusted-ca-bundle + - name: encryption-config + secret: + optional: true + secretName: encryption-config-1 + - hostPath: + path: /var/log/oauth-apiserver + name: audit-dir +status: {} diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-metadata-apiserver.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-metadata-apiserver.yaml new file mode 100644 index 000000000..6ea3347fa --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-metadata-apiserver.yaml @@ -0,0 +1,9 @@ +action: Create +controllerInstanceName: OAuthAPIServerController-WorkloadWorkloadController +generateName: "" +name: apiserver +namespace: openshift-oauth-apiserver +resourceType: + Group: apps + Resource: deployments + Version: v1 diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/controller-results.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/controller-results.yaml new file mode 100644 index 000000000..0aba7db04 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/controller-results.yaml @@ -0,0 +1,81 @@ +controllerResults: +- controllerName: APIServerStaticResources-StaticResources + status: Skipped +- controllerName: NamespaceFinalizerController_openshift-oauth-apiserver + status: Skipped +- controllerName: OAuthAPIServerController-WorkloadWorkloadController + status: Succeeded +- controllerName: RevisionController + status: Skipped +- controllerName: SecretRevisionPruneController + status: Skipped +- controllerName: TODO-authRouteCheckController + status: Skipped +- controllerName: TODO-authServiceCheckController + status: Skipped +- controllerName: TODO-authServiceEndpointCheckController + status: Skipped +- controllerName: TODO-authenticatorCertRequester + status: Skipped +- controllerName: TODO-configObserver + status: Skipped +- controllerName: TODO-configOverridesController + status: Skipped +- controllerName: TODO-customRouteController + status: Skipped +- controllerName: TODO-deploymentController + status: Skipped +- controllerName: TODO-ingressStateController + status: Skipped +- controllerName: TODO-logLevelController + status: Skipped +- controllerName: TODO-managementStateController + status: Skipped +- controllerName: TODO-metadataController + status: Skipped +- controllerName: TODO-oauthClientsSwitchedController + status: Skipped +- controllerName: TODO-other-configObserver + status: Skipped +- controllerName: TODO-other-externalOIDCController + status: Skipped +- controllerName: TODO-payloadConfigController + status: Skipped +- controllerName: TODO-proxyConfigController + status: Skipped +- controllerName: TODO-resourceSyncer + status: Skipped +- controllerName: TODO-routerCertsController + status: Skipped +- controllerName: TODO-serviceCAController + status: Skipped +- controllerName: TODO-staleConditions + status: Skipped +- controllerName: TODO-staticResourceController + status: Skipped +- controllerName: TODO-trustDistributionController + status: Skipped +- controllerName: TODO-webhookAuthController + status: Skipped +- controllerName: TODO-webhookCertsApprover + status: Skipped +- controllerName: TODO-wellKnownReadyController + status: Skipped +- controllerName: TODO-workersAvailableController + status: Skipped +- controllerName: auditPolicyController + status: Skipped +- controllerName: authentication + status: Skipped +- controllerName: openshift-apiserver-APIService + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionCondition + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionKey + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionMigration + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionPrune + status: Skipped +- controllerName: openshift-oauth-apiserver-EncryptionState + status: Skipped diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/authentications/cluster.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/authentications/cluster.yaml new file mode 100644 index 000000000..b28206760 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/authentications/cluster.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: config.openshift.io/v1 +kind: Authentication +metadata: + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/create-only: "true" + creationTimestamp: "2025-09-09T00:02:35Z" + generation: 2 + managedFields: + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:include.release.openshift.io/ibm-cloud-managed: {} + f:include.release.openshift.io/self-managed-high-availability: {} + f:release.openshift.io/create-only: {} + f:ownerReferences: + .: {} + k:{"uid":"4e11cec4-056d-4b95-a391-a0912318fa40"}: {} + f:spec: {} + manager: cluster-version-operator + operation: Update + time: "2025-09-09T00:02:35Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + f:oauthMetadata: + .: {} + f:name: {} + f:serviceAccountIssuer: {} + f:type: {} + f:webhookTokenAuthenticator: + .: {} + f:kubeConfig: + .: {} + f:name: {} + manager: authentication-operator + operation: Update + time: "2025-09-09T00:09:38Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + .: {} + f:integratedOAuthMetadata: + .: {} + f:name: {} + manager: authentication-operator + operation: Update + subresource: status + time: "2025-09-09T00:28:53Z" + name: cluster + ownerReferences: + - apiVersion: config.openshift.io/v1 + kind: ClusterVersion + name: version + uid: 4e11cec4-056d-4b95-a391-a0912318fa40 + resourceVersion: "28653" + uid: 754dd8b4-162a-4a2e-bb16-45b45eef47c1 +spec: + oauthMetadata: + name: "" + serviceAccountIssuer: "" + type: "" + webhookTokenAuthenticator: + kubeConfig: + name: webhook-authentication-integrated-oauth +status: + integratedOAuthMetadata: + name: oauth-openshift diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml new file mode 100644 index 000000000..ad37b8e16 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml @@ -0,0 +1,166 @@ +--- +apiVersion: config.openshift.io/v1 +items: +- apiVersion: config.openshift.io/v1 + kind: ClusterVersion + metadata: + creationTimestamp: "2024-10-17T22:22:41Z" + generation: 2 + managedFields: + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + .: {} + f:clusterID: {} + manager: cluster-bootstrap + operation: Update + time: "2024-10-17T22:22:41Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + .: {} + f:availableUpdates: {} + f:capabilities: + .: {} + f:enabledCapabilities: {} + f:knownCapabilities: {} + f:conditions: + .: {} + k:{"type":"Available"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:status: {} + f:type: {} + k:{"type":"Failing"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"ImplicitlyEnabledCapabilities"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"Progressing"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:status: {} + f:type: {} + k:{"type":"ReleaseAccepted"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"RetrievedUpdates"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + f:desired: + .: {} + f:image: {} + f:version: {} + f:history: {} + f:observedGeneration: {} + f:versionHash: {} + manager: cluster-version-operator + operation: Update + subresource: status + time: "2024-10-17T23:22:30Z" + name: version + resourceVersion: "35834" + uid: f14c83b2-12a6-41dc-b167-cf11c04cc508 + spec: + clusterID: 9b1def5e-285c-47d9-a958-c63b4a5ca9a2 + status: + availableUpdates: null + capabilities: + enabledCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - Storage + - baremetal + - marketplace + - openshift-samples + knownCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - Storage + - baremetal + - marketplace + - openshift-samples + conditions: + - lastTransitionTime: "2024-10-17T22:22:48Z" + message: The update channel has not been configured. + reason: NoChannel + status: "False" + type: RetrievedUpdates + - lastTransitionTime: "2024-10-17T22:22:48Z" + message: Capabilities match configured spec + reason: AsExpected + status: "False" + type: ImplicitlyEnabledCapabilities + - lastTransitionTime: "2024-10-17T22:22:48Z" + message: Payload loaded version="4.18.0-0.ci.test-2024-10-17-215241-ci-op-7f55686r-latest" + image="virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:f61bc6f4b95f6b485ff5f6f5fe75843ac2a4f692abf81fd000e547bd6936da32" + architecture="amd64" + reason: PayloadLoaded + status: "True" + type: ReleaseAccepted + - lastTransitionTime: "2024-10-17T23:22:30Z" + message: Done applying 4.18.0-0.ci.test-2024-10-17-215241-ci-op-7f55686r-latest + status: "True" + type: Available + - lastTransitionTime: "2024-10-17T23:22:30Z" + status: "False" + type: Failing + - lastTransitionTime: "2024-10-17T23:22:30Z" + message: Cluster version is 4.18.0-0.ci.test-2024-10-17-215241-ci-op-7f55686r-latest + status: "False" + type: Progressing + desired: + image: virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:f61bc6f4b95f6b485ff5f6f5fe75843ac2a4f692abf81fd000e547bd6936da32 + version: 4.18.0-0.ci.test-2024-10-17-215241-ci-op-7f55686r-latest + history: + - completionTime: "2024-10-17T23:22:30Z" + image: virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:f61bc6f4b95f6b485ff5f6f5fe75843ac2a4f692abf81fd000e547bd6936da32 + startedTime: "2024-10-17T22:22:48Z" + state: Completed + verified: false + version: 4.18.0-0.ci.test-2024-10-17-215241-ci-op-7f55686r-latest + observedGeneration: 2 + versionHash: 0wcpBSm4Nmo= +kind: ClusterVersionList +metadata: + continue: "" + resourceVersion: "229157" diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml new file mode 100644 index 000000000..3740c3c24 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: config.openshift.io/v1 +items: +- apiVersion: config.openshift.io/v1 + kind: Infrastructure + metadata: + creationTimestamp: "2024-10-17T22:22:35Z" + generation: 1 + managedFields: + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + .: {} + f:cloudConfig: + .: {} + f:name: {} + f:platformSpec: + .: {} + f:baremetal: + .: {} + f:apiServerInternalIPs: {} + f:ingressIPs: {} + f:machineNetworks: {} + f:type: {} + manager: cluster-bootstrap + operation: Update + time: "2024-10-17T22:22:35Z" + - apiVersion: config.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + .: {} + f:apiServerInternalURI: {} + f:apiServerURL: {} + f:controlPlaneTopology: {} + f:cpuPartitioning: {} + f:etcdDiscoveryDomain: {} + f:infrastructureName: {} + f:infrastructureTopology: {} + f:platform: {} + f:platformStatus: + .: {} + f:baremetal: + .: {} + f:apiServerInternalIP: {} + f:apiServerInternalIPs: {} + f:ingressIP: {} + f:ingressIPs: {} + f:loadBalancer: + .: {} + f:type: {} + f:machineNetworks: {} + f:type: {} + manager: cluster-bootstrap + operation: Update + subresource: status + time: "2024-10-17T22:22:35Z" + name: cluster + resourceVersion: "517" + uid: 18848356-0a92-4985-b112-2dbe8a8012dd + spec: + cloudConfig: + name: "" + platformSpec: + baremetal: + apiServerInternalIPs: + - fd2e:6f44:5dd8:c956::5 + ingressIPs: + - fd2e:6f44:5dd8:c956::4 + machineNetworks: + - fd2e:6f44:5dd8:c956::/120 + type: BareMetal + status: + apiServerInternalURI: https://api-int.ostest.test.metalkube.org:6443 + apiServerURL: https://api.ostest.test.metalkube.org:6443 + controlPlaneTopology: HighlyAvailable + cpuPartitioning: None + etcdDiscoveryDomain: "" + infrastructureName: ostest-knqsq + infrastructureTopology: HighlyAvailable + platform: BareMetal + platformStatus: + baremetal: + apiServerInternalIP: fd2e:6f44:5dd8:c956::5 + apiServerInternalIPs: + - fd2e:6f44:5dd8:c956::5 + ingressIP: fd2e:6f44:5dd8:c956::4 + ingressIPs: + - fd2e:6f44:5dd8:c956::4 + loadBalancer: + type: OpenShiftManagedDefault + machineNetworks: + - fd2e:6f44:5dd8:c956::/120 + type: BareMetal +kind: InfrastructureList +metadata: + continue: "" + resourceVersion: "229157" diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml new file mode 100644 index 000000000..98ebcd96c --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml @@ -0,0 +1,1115 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: Authentication +metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/create-only: "true" + creationTimestamp: "2025-09-09T00:02:33Z" + generation: 22 + managedFields: + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WebhookAuthenticatorCertApprover_OpenShiftAuthenticatorDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: WebhookAuthenticatorCertApprover_OpenShiftAuthenticator-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:08:13Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ManagementStateDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: authentication-ManagementState + operation: Apply + subresource: status + time: "2025-09-09T00:08:13Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"UnsupportedConfigOverridesUpgradeable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-UnsupportedConfigOverrides + operation: Apply + subresource: status + time: "2025-09-09T00:08:13Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthAPIServerConfigObservationDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-apiserver-ConfigObserver + operation: Apply + subresource: status + time: "2025-09-09T00:08:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"Encrypted"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionCondition + operation: Apply + subresource: status + time: "2025-09-09T00:08:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionKeyControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionKey + operation: Apply + subresource: status + time: "2025-09-09T00:08:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionMigrationControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"EncryptionMigrationControllerProgressing"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionMigration + operation: Apply + subresource: status + time: "2025-09-09T00:08:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionPruneControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionPrune + operation: Apply + subresource: status + time: "2025-09-09T00:08:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"EncryptionStateControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-oauth-apiserver-EncryptionState + operation: Apply + subresource: status + time: "2025-09-09T00:08:15Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthClientsController_SwitchedControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthClientsController_SwitchedController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:08:16Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ResourceSyncControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-server-ResourceSync + operation: Apply + subresource: status + time: "2025-09-09T00:08:20Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"AuditPolicyDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-apiserver-AuditPolicy + operation: Apply + subresource: status + time: "2025-09-09T00:08:21Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"RouterCertsDomainValidationControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: RouterCertsDomainValidationController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:08:22Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"AuthenticatorCertKeyProgressing"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-WebhookAuthenticator + operation: Apply + subresource: status + time: "2025-09-09T00:08:26Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"RevisionControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: RevisionController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:08:32Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:latestAvailableRevision: {} + manager: oauth-apiserver-RevisionController + operation: Apply + subresource: status + time: "2025-09-09T00:08:32Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"APIServicesAvailable"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"APIServicesDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-apiserver-APIService + operation: Apply + subresource: status + time: "2025-09-09T00:25:57Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OpenshiftAuthenticationStaticResourcesDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OpenshiftAuthenticationStaticResources-StaticResources + operation: Apply + subresource: status + time: "2025-09-09T00:26:00Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"APIServerStaticResourcesDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: APIServerStaticResources-StaticResources + operation: Apply + subresource: status + time: "2025-09-09T00:26:01Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WebhookAuthenticatorControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: WebhookAuthenticatorController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:26:02Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServiceDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"SystemServiceCAConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-ServiceCA + operation: Apply + subresource: status + time: "2025-09-09T00:26:02Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ProxyConfigControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: ProxyConfigController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:26:12Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"AuthConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"IngressConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthSystemMetadataDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-Metadata + operation: Apply + subresource: status + time: "2025-09-09T00:26:12Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthConfigDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthConfigIngressDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthConfigRouteDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthConfigServiceDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthSessionSecretDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-PayloadConfig + operation: Apply + subresource: status + time: "2025-09-09T00:26:19Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"ReadyIngressNodesAvailable"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-IngressNodesAvailable + operation: Apply + subresource: status + time: "2025-09-09T00:28:27Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointAccessibleControllerAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerService-EndpointAccessible + operation: Apply + subresource: status + time: "2025-09-09T00:29:04Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointAccessibleControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerServiceEndpointAccessibleController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:29:04Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointsEndpointAccessibleControllerAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerServiceEndpoints-EndpointAccessible + operation: Apply + subresource: status + time: "2025-09-09T00:29:04Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerServiceEndpointsEndpointAccessibleControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerServiceEndpointsEndpointAccessibleController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:29:04Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"IngressStateEndpointsDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"IngressStatePodsDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-IngressState + operation: Apply + subresource: status + time: "2025-09-09T00:29:12Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WellKnownReadyControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: WellKnownReadyController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:38:50Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"CustomRouteControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: CustomRouteController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:44:53Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"RouterCertsDegraded"}: + .: {} + f:lastTransitionTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + manager: openshift-authentication-RouterCertsDomainValidation + operation: Apply + subresource: status + time: "2025-09-09T00:44:55Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthClientsControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthClientsController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:45:58Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"WellKnownAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"WellKnownReadyControllerProgressing"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: openshift-authentication-WellKnownReady + operation: Apply + subresource: status + time: "2025-09-09T00:46:05Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerRouteEndpointAccessibleControllerAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerRoute-EndpointAccessible + operation: Apply + subresource: status + time: "2025-09-09T00:46:46Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerRouteEndpointAccessibleControllerDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + manager: OAuthServerRouteEndpointAccessibleController-reportDegraded + operation: Apply + subresource: status + time: "2025-09-09T00:46:46Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerConfigObservationDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + manager: oauth-server-ConfigObserver + operation: Apply + subresource: status + time: "2025-09-09T00:55:34Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"OAuthServerDeploymentAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthServerDeploymentDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthServerDeploymentProgressing"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"OAuthServerWorkloadDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + f:generations: + k:{"group":"apps","name":"oauth-openshift","namespace":"openshift-authentication","resource":"deployments"}: + .: {} + f:group: {} + f:lastGeneration: {} + f:name: {} + f:namespace: {} + f:resource: {} + manager: OAuthServer-Workload + operation: Apply + subresource: status + time: "2025-09-09T01:25:42Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:status: + f:conditions: + k:{"type":"APIServerDeploymentAvailable"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"APIServerDeploymentDegraded"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"APIServerDeploymentProgressing"}: + .: {} + f:lastTransitionTime: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"APIServerWorkloadDegraded"}: + .: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + f:generations: + k:{"group":"apps","name":"apiserver","namespace":"openshift-oauth-apiserver","resource":"deployments"}: + .: {} + f:group: {} + f:lastGeneration: {} + f:name: {} + f:namespace: {} + f:resource: {} + manager: OAuthAPIServerController-Workload + operation: Apply + subresource: status + time: "2025-09-09T01:26:51Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:include.release.openshift.io/self-managed-high-availability: {} + f:include.release.openshift.io/single-node-developer: {} + f:release.openshift.io/create-only: {} + f:ownerReferences: + .: {} + k:{"uid":"4e11cec4-056d-4b95-a391-a0912318fa40"}: {} + f:spec: + .: {} + f:logLevel: {} + f:managementState: {} + f:operatorLogLevel: {} + manager: cluster-version-operator + operation: Update + time: "2025-09-09T00:02:33Z" + - apiVersion: operator.openshift.io/v1 + fieldsType: FieldsV1 + fieldsV1: + f:spec: + f:observedConfig: + .: {} + f:oauthAPIServer: + .: {} + f:apiServerArguments: + .: {} + f:api-audiences: {} + f:cors-allowed-origins: {} + f:etcd-servers: {} + f:feature-gates: {} + f:tls-cipher-suites: {} + f:tls-min-version: {} + f:oauthServer: + .: {} + f:corsAllowedOrigins: {} + f:oauthConfig: + .: {} + f:assetPublicURL: {} + f:loginURL: {} + f:templates: + .: {} + f:error: {} + f:login: {} + f:providerSelection: {} + f:tokenConfig: + .: {} + f:accessTokenMaxAgeSeconds: {} + f:authorizeTokenMaxAgeSeconds: {} + f:serverArguments: + .: {} + f:audit-log-format: {} + f:audit-log-maxbackup: {} + f:audit-log-maxsize: {} + f:audit-log-path: {} + f:audit-policy-file: {} + f:servingInfo: + .: {} + f:cipherSuites: {} + f:minTLSVersion: {} + f:namedCertificates: {} + f:volumesToMount: + .: {} + f:identityProviders: {} + f:unsupportedConfigOverrides: {} + manager: authentication-operator + operation: Update + time: "2025-09-09T01:04:34Z" + name: cluster + ownerReferences: + - apiVersion: config.openshift.io/v1 + kind: ClusterVersion + name: version + uid: 4e11cec4-056d-4b95-a391-a0912318fa40 + resourceVersion: "52477" + uid: fdd77cca-3d9e-4135-a1c1-33f9a1da3077 +spec: + logLevel: Normal + managementState: Managed + observedConfig: + oauthAPIServer: + apiServerArguments: + api-audiences: + - https://kubernetes.default.svc + cors-allowed-origins: + - //127\.0\.0\.1(:|$) + - //localhost(:|$) + etcd-servers: + - https://10.0.0.3:2379 + - https://10.0.0.4:2379 + - https://10.0.0.5:2379 + feature-gates: [] + tls-cipher-suites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + tls-min-version: VersionTLS12 + oauthServer: + corsAllowedOrigins: + - //127\.0\.0\.1(:|$) + - //localhost(:|$) + oauthConfig: + assetPublicURL: https://console-openshift-console.apps.ci-op-j2wdcvij-465b4.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + loginURL: https://api.ci-op-j2wdcvij-465b4.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:6443 + templates: + error: /var/config/system/secrets/v4-0-config-system-ocp-branding-template/errors.html + login: /var/config/system/secrets/v4-0-config-system-ocp-branding-template/login.html + providerSelection: /var/config/system/secrets/v4-0-config-system-ocp-branding-template/providers.html + tokenConfig: + accessTokenMaxAgeSeconds: 86400 + authorizeTokenMaxAgeSeconds: 300 + serverArguments: + audit-log-format: + - json + audit-log-maxbackup: + - "10" + audit-log-maxsize: + - "100" + audit-log-path: + - /var/log/oauth-server/audit.log + audit-policy-file: + - /var/run/configmaps/audit/audit.yaml + servingInfo: + cipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + minTLSVersion: VersionTLS12 + namedCertificates: + - certFile: /var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-j2wdcvij-465b4.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + keyFile: /var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-j2wdcvij-465b4.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + names: + - '*.apps.ci-op-j2wdcvij-465b4.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' + volumesToMount: + identityProviders: '{}' + operatorLogLevel: Normal + unsupportedConfigOverrides: null +status: + conditions: + - lastTransitionTime: "2025-09-09T00:08:13Z" + reason: NoUnsupportedConfigOverrides + status: "True" + type: UnsupportedConfigOverridesUpgradeable + - lastTransitionTime: "2025-09-09T00:08:13Z" + status: "False" + type: ManagementStateDegraded + - lastTransitionTime: "2025-09-09T00:29:04Z" + reason: AsExpected + status: "True" + type: OAuthServerServiceEndpointsEndpointAccessibleControllerAvailable + - lastTransitionTime: "2025-09-09T00:29:04Z" + reason: AsExpected + status: "False" + type: OAuthServerServiceEndpointsEndpointAccessibleControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:13Z" + reason: AsExpected + status: "False" + type: WebhookAuthenticatorCertApprover_OpenShiftAuthenticatorDegraded + - lastTransitionTime: "2025-09-09T00:55:34Z" + status: "False" + type: OAuthServerConfigObservationDegraded + - lastTransitionTime: "2025-09-09T00:28:27Z" + message: "" + reason: "" + status: "True" + type: ReadyIngressNodesAvailable + - lastTransitionTime: "2025-09-09T00:29:04Z" + reason: AsExpected + status: "True" + type: OAuthServerServiceEndpointAccessibleControllerAvailable + - lastTransitionTime: "2025-09-09T00:29:04Z" + reason: AsExpected + status: "False" + type: OAuthServerServiceEndpointAccessibleControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:32Z" + reason: AsExpected + status: "False" + type: RevisionControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: OAuthAPIServerConfigObservationDegraded + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: EncryptionMigrationControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: EncryptionMigrationControllerProgressing + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: EncryptionKeyControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: Encrypted + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: EncryptionStateControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:15Z" + status: "False" + type: EncryptionPruneControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:16Z" + reason: AsExpected + status: "False" + type: OAuthClientsController_SwitchedControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:42Z" + message: "" + reason: "" + status: "False" + type: OAuthServiceDegraded + - lastTransitionTime: "2025-09-09T00:26:02Z" + message: "" + reason: "" + status: "False" + type: SystemServiceCAConfigDegraded + - lastTransitionTime: "2025-09-09T00:26:02Z" + reason: AsExpected + status: "False" + type: WebhookAuthenticatorControllerDegraded + - lastTransitionTime: "2025-09-09T00:25:57Z" + status: "True" + type: APIServicesAvailable + - lastTransitionTime: "2025-09-09T00:08:17Z" + status: "False" + type: APIServicesDegraded + - lastTransitionTime: "2025-09-09T00:08:52Z" + reason: AsExpected + status: "True" + type: APIServerDeploymentAvailable + - lastTransitionTime: "2025-09-09T00:08:37Z" + reason: AsExpected + status: "False" + type: APIServerDeploymentDegraded + - lastTransitionTime: "2025-09-09T01:26:51Z" + reason: AsExpected + status: "False" + type: APIServerDeploymentProgressing + - lastTransitionTime: "2025-09-09T00:08:37Z" + status: "False" + type: APIServerWorkloadDegraded + - lastTransitionTime: "2025-09-09T00:29:12Z" + message: "" + reason: "" + status: "False" + type: IngressStateEndpointsDegraded + - lastTransitionTime: "2025-09-09T00:08:18Z" + message: "" + reason: "" + status: "False" + type: IngressStatePodsDegraded + - lastTransitionTime: "2025-09-09T00:08:20Z" + status: "False" + type: ResourceSyncControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:21Z" + status: "False" + type: AuditPolicyDegraded + - lastTransitionTime: "2025-09-09T00:44:55Z" + message: "" + reason: AsExpected + status: "False" + type: RouterCertsDegraded + - lastTransitionTime: "2025-09-09T00:08:22Z" + reason: AsExpected + status: "False" + type: RouterCertsDomainValidationControllerDegraded + - lastTransitionTime: "2025-09-09T00:08:26Z" + message: All is well + reason: AsExpected + status: "False" + type: AuthenticatorCertKeyProgressing + - lastTransitionTime: "2025-09-09T00:26:01Z" + message: "" + reason: AsExpected + status: "False" + type: APIServerStaticResourcesDegraded + - lastTransitionTime: "2025-09-09T00:26:00Z" + message: "" + reason: AsExpected + status: "False" + type: OpenshiftAuthenticationStaticResourcesDegraded + - lastTransitionTime: "2025-09-09T00:29:07Z" + reason: AsExpected + status: "True" + type: OAuthServerDeploymentAvailable + - lastTransitionTime: "2025-09-09T00:28:56Z" + reason: AsExpected + status: "False" + type: OAuthServerDeploymentDegraded + - lastTransitionTime: "2025-09-09T01:25:42Z" + reason: AsExpected + status: "False" + type: OAuthServerDeploymentProgressing + - lastTransitionTime: "2025-09-09T00:28:56Z" + status: "False" + type: OAuthServerWorkloadDegraded + - lastTransitionTime: "2025-09-09T00:45:58Z" + reason: AsExpected + status: "False" + type: OAuthClientsControllerDegraded + - lastTransitionTime: "2025-09-09T00:46:46Z" + reason: AsExpected + status: "True" + type: OAuthServerRouteEndpointAccessibleControllerAvailable + - lastTransitionTime: "2025-09-09T00:26:12Z" + reason: AsExpected + status: "False" + type: ProxyConfigControllerDegraded + - lastTransitionTime: "2025-09-09T00:26:12Z" + message: "" + reason: "" + status: "False" + type: AuthConfigDegraded + - lastTransitionTime: "2025-09-09T00:26:12Z" + message: "" + reason: "" + status: "False" + type: IngressConfigDegraded + - lastTransitionTime: "2025-09-09T00:26:12Z" + message: "" + reason: "" + status: "False" + type: OAuthSystemMetadataDegraded + - lastTransitionTime: "2025-09-09T00:44:53Z" + reason: AsExpected + status: "False" + type: CustomRouteControllerDegraded + - lastTransitionTime: "2025-09-09T00:46:46Z" + reason: AsExpected + status: "False" + type: OAuthServerRouteEndpointAccessibleControllerDegraded + - lastTransitionTime: "2025-09-09T00:46:05Z" + reason: AsExpected + status: "True" + type: WellKnownAvailable + - lastTransitionTime: "2025-09-09T00:46:05Z" + status: "False" + type: WellKnownReadyControllerProgressing + - lastTransitionTime: "2025-09-09T00:38:50Z" + reason: AsExpected + status: "False" + type: WellKnownReadyControllerDegraded + - lastTransitionTime: "2025-09-09T00:26:19Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigDegraded + - lastTransitionTime: "2025-09-09T00:26:19Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigIngressDegraded + - lastTransitionTime: "2025-09-09T00:26:19Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigRouteDegraded + - lastTransitionTime: "2025-09-09T00:26:19Z" + message: "" + reason: "" + status: "False" + type: OAuthConfigServiceDegraded + - lastTransitionTime: "2025-09-09T00:26:19Z" + message: "" + reason: "" + status: "False" + type: OAuthSessionSecretDegraded + generations: + - group: apps + lastGeneration: 7 + name: apiserver + namespace: openshift-oauth-apiserver + resource: deployments + - group: apps + lastGeneration: 21 + name: oauth-openshift + namespace: openshift-authentication + resource: deployments + latestAvailableRevision: 1 diff --git a/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/test.yaml b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/test.yaml new file mode 100644 index 000000000..a0c9b7b26 --- /dev/null +++ b/test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/test.yaml @@ -0,0 +1,16 @@ +binaryName: ./authentication-operator +testName: creation of oauth-apiserver +controllers: + - "OAuthAPIServerController-WorkloadWorkloadController" +description: > + This test runs a single controller whose job is to create the oauth-apiserver Deployment. + + The purpose of this test is to find out the input the controller requires. + + input-dir: + - config.openshift.io/clusterversions: not really used by the controller, but it's required to start the operator CreateOperatorStarter/prepareOauthOperator + - config.openshift.io/authentications/cluster: required by the controller + - config.openshift.io/infrastructures/cluster: required by the controller + - operator.openshift.io/authentications/cluster: required by the controller +testType: ApplyConfiguration +now: 2024-10-14T22:38:20Z