Skip to content

[WIP]: CNTRLPLANE-311: Add missing fields to auth config #2304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

[WIP]: CNTRLPLANE-311: Add missing fields to auth config #2304

wants to merge 7 commits into from

Conversation

ShazaAldawamneh
Copy link

Add new fields to the Authentication API

@ShazaAldawamneh
Add missing fields to auth config
7045b71 
Signed-off-by: Shaza Aldawamneh <[email protected]>
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 2, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 2, 2025

Hello @ShazaAldawamneh! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

@openshift-ci openshift-ci bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 2, 2025
@openshift-ci openshift-ci bot requested review from deads2k and JoelSpeed May 2, 2025 11:07
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 2, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ShazaAldawamneh
Once this PR has been reviewed and has the lgtm label, please assign joelspeed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ShazaAldawamneh ShazaAldawamneh changed the title [WIP]Add missing fields to auth config [WIP]: CNTRLPLANE-311: Add missing fields to auth config May 2, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented May 2, 2025
edited by openshift-ci bot
Loading

@ShazaAldawamneh: This pull request references CNTRLPLANE-311 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

In response to this:

Add new fields to the Authentication API

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 2, 2025
everettraven
everettraven suggested changes May 2, 2025
View reviewed changes
Copy link
Contributor

@everettraven everettraven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new fields will need to go behind a new feature-gate as well.

@openshift-ci openshift-ci bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 6, 2025
JoelSpeed
JoelSpeed reviewed May 9, 2025
View reviewed changes
config/v1/types_authentication.go
// requiredClaim allows configuring a required claim name and its expected
// value
// requiredClaim allows configuring a required claim name and its expected value.
// RequiredClaim is used when type is RequiredClaim.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if type: RequiredClaim and requiredClaim == nil today?

@openshift-ci openshift-ci bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 9, 2025
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 11, 2025
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

everettraven
everettraven reviewed May 12, 2025
View reviewed changes
everettraven
everettraven reviewed May 12, 2025
View reviewed changes
config/v1/types_authentication.go Outdated
// +optional
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? isURL(self) : true",message="discoveryURL must be a valid URL"
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? url(self).scheme == 'https' : true",message="discoveryURL must use https scheme"
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? url(self).query == '' : true",message="discoveryURL must not contain query parameters"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would need to be:

Suggested change
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? url(self).query == '' : true",message="discoveryURL must not contain query parameters"
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? url(self).getQuery() == '' : true",message="discoveryURL must not contain query parameters"

config/v1/types_authentication.go Outdated
Comment on lines 280 to 281
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? url(self).user == '' : true",message="discoveryURL must not contain user info"
// +kubebuilder:validation:XValidation:rule="self.size() > 0 ? url(self).fragment == '' : true",message="discoveryURL must not contain a fragment"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There doesn't appear to be a helper for user or fragment pieces of the URL - we should try to implement a Regular Expression that gets us the same validation we are looking for.

@ShazaAldawamneh
made adjusments to cover review comments
fd43f10 
Signed-off-by: Shaza Aldawamneh <[email protected]>
@ShazaAldawamneh
made adjusments to cover review comments
8b450f7 
Signed-off-by: Shaza Aldawamneh <[email protected]>
@ShazaAldawamneh
fixing tests
a9bdac7 
Signed-off-by: Shaza Aldawamneh <[email protected]>
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 16, 2025

@ShazaAldawamneh: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-serial-techpreview 8b450f7 link true /test e2e-aws-serial-techpreview
ci/prow/e2e-aws-serial 8b450f7 link true /test e2e-aws-serial
ci/prow/verify-feature-promotion a9bdac7 link true /test verify-feature-promotion
ci/prow/verify a9bdac7 link true /test verify
ci/prow/unit a9bdac7 link true /test unit
ci/prow/verify-deps a9bdac7 link true /test verify-deps
ci/prow/verify-client-go a9bdac7 link true /test verify-client-go
ci/prow/minor-images a9bdac7 link true /test minor-images
ci/prow/e2e-aws-ovn-hypershift a9bdac7 link true /test e2e-aws-ovn-hypershift
ci/prow/e2e-gcp a9bdac7 link false /test e2e-gcp
ci/prow/e2e-aws-ovn a9bdac7 link true /test e2e-aws-ovn
ci/prow/minor-e2e-upgrade-minor a9bdac7 link true /test minor-e2e-upgrade-minor
ci/prow/build a9bdac7 link true /test build
ci/prow/e2e-aws-serial-techpreview-2of2 a9bdac7 link true /test e2e-aws-serial-techpreview-2of2
ci/prow/e2e-upgrade a9bdac7 link true /test e2e-upgrade
ci/prow/e2e-aws-serial-1of2 a9bdac7 link true /test e2e-aws-serial-1of2
ci/prow/e2e-upgrade-out-of-change a9bdac7 link true /test e2e-upgrade-out-of-change
ci/prow/e2e-aws-serial-techpreview-1of2 a9bdac7 link true /test e2e-aws-serial-techpreview-1of2
ci/prow/e2e-aws-ovn-hypershift-conformance a9bdac7 link true /test e2e-aws-ovn-hypershift-conformance
ci/prow/e2e-azure a9bdac7 link false /test e2e-azure
ci/prow/lint a9bdac7 link true /test lint
ci/prow/integration a9bdac7 link true /test integration
ci/prow/images a9bdac7 link true /test images
ci/prow/e2e-aws-serial-2of2 a9bdac7 link true /test e2e-aws-serial-2of2
ci/prow/verify-crd-schema a9bdac7 link true /test verify-crd-schema
ci/prow/okd-scos-e2e-aws-ovn a9bdac7 link false /test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-ovn-techpreview a9bdac7 link true /test e2e-aws-ovn-techpreview

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed left review comments

@everettraven everettraven everettraven requested changes

@deads2k deads2k Awaiting requested review from deads2k

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ShazaAldawamneh @openshift-ci-robot @openshift-merge-robot @JoelSpeed @everettraven