New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-30162: Introduce --issuer-url flag in oc login #1694
Conversation
@ardaguclu: This pull request references Jira Issue OCPBUGS-30162, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/cc @stlaz |
/cherry-pick release-4.15 |
@ardaguclu: once the present PR merges, I will cherry-pick it on top of release-4.15 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Failures are not related; |
/retest |
pkg/cli/login/loginoptions.go
Outdated
if err != nil { | ||
return nil, err | ||
var err error | ||
if o.OIDCIssuerURL == "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO this must always be set
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is always be set, why/what are we extracting from oauth-authorization-server endpoint?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the oc point of view, this doesn't matter too much and if in the future, it is decided that users always have to set issuer-url
, it is easy to add a validation. I think, we can move on as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is always be set, why/what are we extracting from oauth-authorization-server endpoint?
ideally we shouldn't extract anything from there
Normally, oc login extracts the issuer url from API server but in cases where multiple oidc providers exist, user may want to explicitly specify issuer url to authenticate. That's why, this PR introduces `--issuer-url` flag in oc login to be passed to `oc get-token` oidc cred exec plugin of oc.
/hold |
/lgtm |
/hold cancel |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ardaguclu, stlaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cherry-pick release-4.15 |
@stlaz: once the present PR merges, I will cherry-pick it on top of release-4.15 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
Failed e2e jobs were due to one MCO bug being fixed by openshift/os#1455 . |
/retest |
3 similar comments
/retest |
/retest |
/retest |
I don't think there is anything we can do apart from brute-force retesting; |
I have marked |
I manage to launch cluster successfully with latest build 4.16.0-0.nightly-2024-03-05-105513 without /retest |
@ardaguclu: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@ardaguclu: Jira Issue OCPBUGS-30162: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-30162 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
@ardaguclu: new pull request created: #1696 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[ART PR BUILD NOTIFIER] This PR has been included in build openshift-enterprise-cli-container-v4.16.0-202403052341.p0.g92ede80.assembly.stream.el8 for distgit openshift-enterprise-cli. |
Normally, oc login extracts the issuer url from API server but in cases where multiple oidc providers exist, user may want to explicitly specify issuer url to authenticate. That's why, this PR introduces
--issuer-url
flag in oc login to be passed tooc get-token
oidc cred exec plugin of oc.