Merge pull request #944 from jhadvig/OCPBUGS-45222

OCPBUGS-45222: Dont disable console when authConfig type is set to None

Author: openshift-merge-bot[bot]

pkg/console/controllers/oauthclients/oauthclients.go

@@ -115,7 +115,8 @@ func (c *oauthClientsController) sync(ctx context.Context, controllerContext fac
 	}
 
 	switch authnConfig.Spec.Type {
-	case "", configv1.AuthenticationTypeIntegratedOAuth:
+	// We don't disable auth since the internal OAuth server is not disabled even with auth type 'None'.
+	case "", configv1.AuthenticationTypeIntegratedOAuth, configv1.AuthenticationTypeNone:
 	default:
 		// if we're not using integrated oauth, reset all degraded conditions
 		statusHandler.AddConditions(status.HandleProgressingOrDegraded("OAuthClientSync", "", nil))

pkg/console/controllers/oauthclientsecret/oauthclientsecret.go

@@ -107,7 +107,8 @@ func (c *oauthClientSecretController) sync(ctx context.Context, syncCtx factory.
 
 	var secretString string
 	switch authConfig.Spec.Type {
-	case "", configv1.AuthenticationTypeIntegratedOAuth:
+	// We don't disable auth since the internal OAuth server is not disabled even with auth type 'None'.
+	case "", configv1.AuthenticationTypeIntegratedOAuth, configv1.AuthenticationTypeNone:
 		// in OpenShift controlled world, we generate the client secret ourselves
 		if clientSecret != nil {
 			secretString = secretsub.GetSecretString(clientSecret)

pkg/console/controllers/util/informers.go

@@ -123,11 +123,12 @@ func (s *InformerWithSwitch) sync(ctx context.Context, _ factory.SyncContext) er
 	}
 
 	switch authnConfig.Spec.Type {
-	case "", configv1.AuthenticationTypeIntegratedOAuth:
+	// We don't disable auth since the internal OAuth server is not disabled even with auth type 'None'.
+	case "", configv1.AuthenticationTypeIntegratedOAuth, configv1.AuthenticationTypeNone:
 		klog.V(4).Infof("authentication type '%s'; starting OAuth clients informer", authnConfig.Spec.Type)
 		s.ensureRunning()
 
-	case configv1.AuthenticationTypeOIDC, configv1.AuthenticationTypeNone:
+	case configv1.AuthenticationTypeOIDC:
 		klog.V(4).Infof("authentication type '%s'; stopping OAuth clients informer", authnConfig.Spec.Type)
 		s.stop()
 

pkg/console/controllers/util/informers_test.go

@@ -83,7 +83,8 @@ func TestSync(t *testing.T) {
 		{"informer running when auth type IntegratedOAuth", configv1.AuthenticationTypeIntegratedOAuth, "cluster", true, false},
 		{"informer running when auth type empty", configv1.AuthenticationType(""), "cluster", true, false},
 		{"informer not running when auth type OIDC", configv1.AuthenticationTypeOIDC, "cluster", false, false},
-		{"informer not running when auth type None", configv1.AuthenticationTypeNone, "cluster", false, false},
+		// We don't disable auth since the internal OAuth server is not disabled even with auth type 'None'.
+		{"informer running when auth type None", configv1.AuthenticationTypeNone, "cluster", true, false},
 	}
 
 	for _, tt := range tests {

pkg/console/operator/sync_v400.go

@@ -157,7 +157,8 @@ func (co *consoleOperator) sync_v400(ctx context.Context, controllerContext fact
 
 	var oauthServingCertConfigMap *corev1.ConfigMap
 	switch authnConfig.Spec.Type {
-	case "", configv1.AuthenticationTypeIntegratedOAuth:
+	// We don't disable auth since the internal OAuth server is not disabled even with auth type 'None'.
+	case "", configv1.AuthenticationTypeIntegratedOAuth, configv1.AuthenticationTypeNone:
 		var oauthServingCertErrReason string
 		var oauthServingCertErr error
 

pkg/console/subresource/consoleserver/config_builder.go

@@ -154,16 +154,13 @@ func (b *ConsoleServerCLIConfigBuilder) Capabilities(capabilities []operatorv1.C
 
 func (b *ConsoleServerCLIConfigBuilder) AuthConfig(authnConfig *configv1.Authentication, apiServerURL string) *ConsoleServerCLIConfigBuilder {
 	switch authnConfig.Spec.Type {
-	case "", configv1.AuthenticationTypeIntegratedOAuth:
+	// We don't disable auth since the internal OAuth server is not disabled even with auth type 'None'.
+	case "", configv1.AuthenticationTypeIntegratedOAuth, configv1.AuthenticationTypeNone:
 		b.authType = "openshift"
 		b.oauthClientID = api.OAuthClientName
 		b.CAFile = oauthServingCertFilePath
 		return b
 
-	case configv1.AuthenticationTypeNone:
-		b.authType = "disabled"
-		return b
-
 	case configv1.AuthenticationTypeOIDC:
 		if len(authnConfig.Spec.OIDCProviders) == 0 {
 			b.authType = "disabled"