Merge pull request #1032 from everettraven/bugfix/ocpbugs-60219

openshift-merge-bot[bot] · web-flow · commit 19038d5337ee · 2025-08-10T18:31:07.000Z
OCPBUGS-60219: make console operator responsible for creating oauth client
diff --git a/manifests/01-oauth.yaml b/manifests/01-oauth.yaml
diff --git a/manifests/03-rbac-role-cluster.yaml b/manifests/03-rbac-role-cluster.yaml
@@ -25,6 +25,7 @@ rules:
       - get
       - list
       - watch
+      - create
   - apiGroups:
       - oauth.openshift.io
     resources:
diff --git a/pkg/console/controllers/oauthclients/oauthclients.go b/pkg/console/controllers/oauthclients/oauthclients.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	corev1informers "k8s.io/client-go/informers/core/v1"
@@ -15,6 +16,7 @@ import (
 	"k8s.io/klog/v2"
 
 	configv1 "github.com/openshift/api/config/v1"
+	oauthv1 "github.com/openshift/api/oauth/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	configv1informers "github.com/openshift/client-go/config/informers/externalversions/config/v1"
 	configv1lister "github.com/openshift/client-go/config/listers/config/v1"
@@ -40,7 +42,7 @@ import (
 // oauthClientsController:
 //
 //	updates:
-//	- oauthclient.oauth.openshift.io/console (created by CVO)
+//	- oauthclient.oauth.openshift.io/console (creates if doesn't exist)
 //	writes:
 //	- consoles.operator.openshift.io/cluster .status.conditions:
 //		- type=OAuthClientSyncProgressing
@@ -207,10 +209,21 @@ func (c *oauthClientsController) syncOAuthClient(
 	consoleURL string,
 ) (reason string, err error) {
 	oauthClient, err := c.oauthClientLister.Get(oauthsub.Stub().Name)
-	if err != nil {
+	if err != nil && !errors.IsNotFound(err) {
 		// at this point we must die & wait for someone to fix the lack of an outhclient. there is nothing we can do.
-		return "FailedGet", fmt.Errorf("oauth client for console does not exist and cannot be created (%w)", err)
+		return "FailedGet", fmt.Errorf("getting console oauth client (%w)", err)
+	}
+
+	if errors.IsNotFound(err) {
+		oauthClient = &oauthv1.OAuthClient{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: oauthsub.Stub().Name,
+			},
+			GrantMethod:           oauthv1.GrantHandlerAuto,
+			RespondWithChallenges: false,
+		}
 	}
+
 	clientCopy := oauthClient.DeepCopy()
 	oauthsub.RegisterConsoleToOAuthClient(clientCopy, consoleURL, secretsub.GetSecretString(sec))
 	_, _, oauthErr := oauthsub.CustomApplyOAuth(c.oauthClient, clientCopy, ctx)
@@ -234,5 +247,4 @@ func (c *oauthClientsController) deregisterClient(ctx context.Context) error {
 	updated := oauthsub.DeRegisterConsoleFromOAuthClient(existingOAuthClient.DeepCopy())
 	_, err = c.oauthClient.OAuthClients().Update(ctx, updated, metav1.UpdateOptions{})
 	return err
-
 }
