fix(oidc): fix secret lookup and add condition cleanup

This commit addresses two issues related to OIDC authentication:

1. Fixed OIDC client secret lookup in oidcsetup controller to use
   the correct namespace (openshift-config) and dynamic secret name
   from the Authentication CR, instead of hardcoded values.

2. Added condition cleanup in sync_v400 to properly clear the
   OIDCProviderTrustedAuthorityConfigGet degraded condition when
   authentication type changes from OIDC to non-OIDC (e.g.,
   IntegratedOAuth). This prevents the Console Operator
   from remaining in a Degraded state indefinitely during rollback
   scenarios.

The second fix follows the same pattern used in the oidcsetup
controller for clearing conditions when auth type is not OIDC.

Assisted-by: Claude Code 2.0.5, claude-sonnet-4-5@20250929
Signed-off-by: Ahmed Abdalla <[email protected]>

Author: devguyio

pkg/console/controllers/oidcsetup/oidcsetup.go

@@ -200,7 +200,7 @@ func (c *oidcSetupController) syncAuthTypeOIDC(ctx context.Context, authnConfig
 		return nil
 	}
 
-	clientSecret, err := c.targetNSSecretsLister.Secrets(api.TargetNamespace).Get("console-oauth-config")
+	clientSecret, err := c.targetNSSecretsLister.Secrets(api.OpenShiftConfigNamespace).Get(clientConfig.ClientSecret.Name)
 	if err != nil {
 		c.authStatusHandler.Degraded("OIDCClientSecretGet", err.Error())
 		return err

pkg/console/operator/sync_v400.go

@@ -117,6 +117,9 @@ func (co *consoleOperator) sync_v400(ctx context.Context, controllerContext fact
 		if err != nil {
 			return statusHandler.FlushAndReturn(err)
 		}
+	default:
+		// Clear OIDC-related conditions when auth type is not OIDC
+		statusHandler.AddConditions(status.HandleProgressingOrDegraded("OIDCProviderTrustedAuthorityConfigGet", "", nil))
 	}
 
 	customLogosErr, customLogosErrReason := co.SyncCustomLogos(updatedOperatorConfig)