New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UPSTREAM: <drop>: remove the openshift authenticator from the apiserver #822
UPSTREAM: <drop>: remove the openshift authenticator from the apiserver #822
Conversation
In 4.8, we moved the authenticator to be configured via webhookTokenAuthenticators to an endpoint in the oauth-apiserver, this should now be safe to remove.
@stlaz: the contents of this pull request could not be automatically validated. The following commits could not be validated and must be approved by a top-level approver:
|
@stlaz: the contents of this pull request could not be automatically validated. The following commits could not be validated and must be approved by a top-level approver:
|
0b89bc5
to
a94d85f
Compare
@stlaz: the contents of this pull request could not be automatically validated. The following commits could not be validated and must be approved by a top-level approver:
|
a94d85f
to
70b5a9e
Compare
@stlaz: the contents of this pull request could not be automatically validated. The following commits could not be validated and must be approved by a top-level approver:
|
// configuration service account tokens, so we just have to create and add another authenticator. | ||
// TODO make this a webhook authenticator and remove this patch. | ||
// TODO - remove in 4.7, kept here not to disrupt authentication during 4.5->4.6 upgrade | ||
tokenAuthenticators = AddOAuthServerAuthenticatorIfNeeded(tokenAuthenticators, config.APIAudiences) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the diff doesn't show everything, but is the method AddOAuthServerAuthenticatorIfNeeded
also removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah yes it is 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, in pkg/kubeapiserver/authenticator/patch_authenticator.go
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, s-urbaniak, slaskawi, stlaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
5 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
8 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
In 4.8, we moved the authenticator to be configured via
webhookTokenAuthenticators to an endpoint in the oauth-apiserver,
this should now be safe to remove.
/assign @deads2k
/cc @s-urbaniak @slaskawi