Skip to content

Commit 933e48a

Browse files
benluddybenluddy
committed
Wire a feature-gates config observer for oauth-apiserver.
1 parent 2db5535 commit 933e48a

File tree

3 files changed

+24
-13
lines changed

3 files changed

+24
-13
lines changed

pkg/operator/configobservation/configobservercontroller/config_observer_controller.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"github.com/openshift/library-go/pkg/operator/configobserver"
99
"github.com/openshift/library-go/pkg/operator/configobserver/apiserver"
1010
libgoetcd "github.com/openshift/library-go/pkg/operator/configobserver/etcd"
11+
"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
1112
encryptobserver "github.com/openshift/library-go/pkg/operator/encryption/observer"
1213
"github.com/openshift/library-go/pkg/operator/events"
1314
"github.com/openshift/library-go/pkg/operator/resourcesynccontroller"
@@ -28,6 +29,7 @@ func NewConfigObserverController(
2829
configInformer configinformers.SharedInformerFactory,
2930
resourceSyncer resourcesynccontroller.ResourceSyncer,
3031
eventRecorder events.Recorder,
32+
featureGateAccessor featuregates.FeatureGateAccess,
3133
) factory.Controller {
3234

3335
preRunCacheSynced := []cache.InformerSynced{
@@ -70,6 +72,7 @@ func NewConfigObserverController(
7072
observeoauth.ObserveAccessTokenInactivityTimeout,
7173
libgoetcd.ObserveStorageURLsToArguments,
7274
encryptobserver.NewEncryptionConfigObserver("openshift-oauth-apiserver", "/var/run/secrets/encryption-config/encryption-config"),
75+
featuregates.NewObserveFeatureFlagsFunc(nil, nil, []string{"apiServerArguments", "feature-gates"}, featureGateAccessor),
7376
} {
7477
observers = append(observers,
7578
configobserver.WithPrefix(o, OAuthAPIServerConfigPrefix))

pkg/operator/replacement_starter.go

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -346,9 +346,9 @@ func CreateOperatorStarter(ctx context.Context, authOperatorInput *authenticatio
346346
return ret, nil
347347
}
348348

349-
type featureGateAccessorFunc func(ctx context.Context, authOperatorInput *authenticationOperatorInput, informerFactories authenticationOperatorInformerFactories) (featuregates.FeatureGate, error)
349+
type featureGateAccessorFunc func(ctx context.Context, authOperatorInput *authenticationOperatorInput, informerFactories authenticationOperatorInformerFactories) (featuregates.FeatureGateAccess, error)
350350

351-
func defaultFeatureGateAccessor(ctx context.Context, authOperatorInput *authenticationOperatorInput, informerFactories authenticationOperatorInformerFactories) (featuregates.FeatureGate, error) {
351+
func defaultFeatureGateAccessor(ctx context.Context, authOperatorInput *authenticationOperatorInput, informerFactories authenticationOperatorInformerFactories) (featuregates.FeatureGateAccess, error) {
352352
// By default, this will exit(0) if the featuregates change
353353
featureGateAccessor := featuregates.NewFeatureGateAccess(
354354
status.VersionForOperatorFromEnv(), "0.0.1-snapshot",
@@ -359,19 +359,12 @@ func defaultFeatureGateAccessor(ctx context.Context, authOperatorInput *authenti
359359
go featureGateAccessor.Run(ctx)
360360
go informerFactories.operatorConfigInformer.Start(ctx.Done())
361361

362-
var featureGates featuregates.FeatureGate
363-
select {
364-
case <-featureGateAccessor.InitialFeatureGatesObserved():
365-
featureGates, _ = featureGateAccessor.CurrentFeatureGates()
366-
case <-time.After(1 * time.Minute):
367-
return nil, fmt.Errorf("timed out waiting for FeatureGate detection")
368-
}
369-
return featureGates, nil
362+
return featureGateAccessor, nil
370363
}
371364

372365
// staticFeatureGateAccessor is primarly used during testing to statically enable or disable features.
373366
func staticFeatureGateAccessor(enabled, disabled []ocpconfigv1.FeatureGateName) featureGateAccessorFunc {
374-
return func(_ context.Context, _ *authenticationOperatorInput, _ authenticationOperatorInformerFactories) (featuregates.FeatureGate, error) {
375-
return featuregates.NewFeatureGate(enabled, disabled), nil
367+
return func(_ context.Context, _ *authenticationOperatorInput, _ authenticationOperatorInformerFactories) (featuregates.FeatureGateAccess, error) {
368+
return featuregates.NewHardcodedFeatureGateAccess(enabled, disabled), nil
376369
}
377370
}

pkg/operator/starter.go

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ import (
4141
workloadcontroller "github.com/openshift/library-go/pkg/operator/apiserver/controller/workload"
4242
apiservercontrollerset "github.com/openshift/library-go/pkg/operator/apiserver/controllerset"
4343
"github.com/openshift/library-go/pkg/operator/certrotation"
44+
"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
4445
"github.com/openshift/library-go/pkg/operator/csr"
4546
"github.com/openshift/library-go/pkg/operator/encryption"
4647
"github.com/openshift/library-go/pkg/operator/encryption/controllers/migrators"
@@ -586,12 +587,18 @@ func prepareOauthAPIServerOperator(
586587
return nil, nil, err
587588
}
588589

590+
featureGateAccessor, err := authOperatorInput.featureGateAccessor(ctx, authOperatorInput, informerFactories)
591+
if err != nil {
592+
return nil, nil, err
593+
}
594+
589595
configObserver := oauthapiconfigobservercontroller.NewConfigObserverController(
590596
authOperatorInput.authenticationOperatorClient,
591597
informerFactories.kubeInformersForNamespaces,
592598
informerFactories.operatorConfigInformer,
593599
resourceSyncController,
594600
authOperatorInput.eventRecorder,
601+
featureGateAccessor,
595602
)
596603

597604
webhookAuthController := webhookauthenticator.NewWebhookAuthenticatorController(
@@ -680,11 +687,19 @@ func prepareExternalOIDC(
680687
informerFactories authenticationOperatorInformerFactories,
681688
) ([]libraryapplyconfiguration.NamedRunOnce, []libraryapplyconfiguration.RunFunc, error) {
682689

683-
featureGates, err := authOperatorInput.featureGateAccessor(ctx, authOperatorInput, informerFactories)
690+
featureGateAccessor, err := authOperatorInput.featureGateAccessor(ctx, authOperatorInput, informerFactories)
684691
if err != nil {
685692
return nil, nil, err
686693
}
687694

695+
var featureGates featuregates.FeatureGate
696+
select {
697+
case <-featureGateAccessor.InitialFeatureGatesObserved():
698+
featureGates, _ = featureGateAccessor.CurrentFeatureGates()
699+
case <-time.After(1 * time.Minute):
700+
return nil, nil, fmt.Errorf("timed out waiting for FeatureGate detection")
701+
}
702+
688703
if !(featureGates.Enabled(features.FeatureGateExternalOIDC) || featureGates.Enabled(features.FeatureGateExternalOIDCWithAdditionalClaimMappings)) {
689704
return nil, nil, nil
690705
}

0 commit comments

Comments
 (0)