OCPBUGS-29510: Fix console crash-loop with OIDC auth config

[TheRealJon]

When the "user-auth" flag is set to disabled, the web console should display a message indicating that authentication is required for the console to function, with the exception where a static user configuration is being used.

[openshift-ci-robot]

@TheRealJon: This pull request references Jira Issue OCPBUGS-29510, which is invalid:

• expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

When the "user-auth" flag is set to disabled, the web console should display a message indicating that authentication is required for the console to function.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[TheRealJon]

/jira refresh

[openshift-ci-robot]

@TheRealJon: This pull request references Jira Issue OCPBUGS-29510, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @yanpzhan

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[TheRealJon]

Hmm, yeah, we might need to detect the case where "user-auth" is disabled, but still allow the console to run when a static user is defined.

[TheRealJon]

@stlaz @jhadvig I've updated. Console should work when running with a static user now.

[openshift-bot]

@TheRealJon: This pull request references Jira Issue OCPBUGS-29510, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @yanpzhan

In response to this:

When the "user-auth" flag is set to disabled, the web console should display a message indicating that authentication is required for the console to function, with the exception where a static user configuration is being used.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[stlaz]

/hold I want to take some time to think about this a bit more

[yanpzhan]

@TheRealJon @stlaz The bug is set as release blocker, if there will be update for the pr?

[TheRealJon]

@yapei No more updates. I just had to rebase.

[yanpzhan]

@TheRealJon @stlaz will the fix for the bug be available for 4.16.0?

[stlaz]

It should be, I've already started working on it.

[TheRealJon]

@stlaz @jhadvig I've made some changes, PTAL.

@standa I incorporated the changes from your WIP PR and added a few tweaks.

[TheRealJon]

/label tide/merge-method-squash

[stlaz]

/remove-label tide/merge-method-squash

[TheRealJon]

@stlaz I've made some changes, mind taking another look?

[TheRealJon]

@stlaz I've separated the auth type flag and PR feedback into separate commits. PTAL.

[yanpzhan]

Checked on HCP cluster with the pr code, when AUTH type is OIDC and oidcClients is null, console operator won't degrade, console pod can run normally. Access console, it shows "Please configure authentication to use the web console." on the page. @TheRealJon @stlaz The target branching is MAY 17, if there is not further update could the pr merge before that?

[yanpzhan]

Checked on HCP cluster with the pr code, when AUTH type is OIDC and oidcClients is null, console operator won't degrade, console pod can run normally. Access console, it shows "Please configure authentication to use the web console." on the page. @TheRealJon @stlaz The target branching is MAY 17, if there is not further update could the pr merge before that?

[TheRealJon]

@yanpzhan There should be no further changes unless @stlaz has any further comments.

[stlaz]

/lgtm

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stlaz, TheRealJon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [TheRealJon]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/jira refresh

The requirements for Jira bugs have changed (Jira issues linked to PRs on main branch need to target different OCP), recalculating validity.

[openshift-ci-robot]

@openshift-bot: This pull request references Jira Issue OCPBUGS-29510, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @yanpzhan

In response to this:

/jira refresh

The requirements for Jira bugs have changed (Jira issues linked to PRs on main branch need to target different OCP), recalculating validity.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[stlaz]

/cherry-pick release-4.16

[openshift-cherrypick-robot]

@stlaz: once the present PR merges, I will cherry-pick it on top of release-4.16 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[stlaz]

/unhold

[openshift-bot]

/jira refresh

The requirements for Jira bugs have changed (Jira issues linked to PRs on main branch need to target different OCP), recalculating validity.

[openshift-ci-robot]

@openshift-bot: This pull request references Jira Issue OCPBUGS-29510, which is invalid:

• expected the bug to target either version "4.17." or "openshift-4.17.", but it targets "4.16.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

The requirements for Jira bugs have changed (Jira issues linked to PRs on main branch need to target different OCP), recalculating validity.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[stlaz]

/jira refresh

[openshift-ci-robot]

@stlaz: This pull request references Jira Issue OCPBUGS-29510, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @yanpzhan

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.