CNTRLPLANE-945: oidc: configure an oidc client secret for the console to consume

[liouk]

When OIDC is configured, the console-operator needs a valid OIDC client config (including a client secret) in the authentication CR in .spec.oidcProviders[].oidcClients in order to configure the Console properly for OIDC. If that config is not present there, or if the secret is missing or does not contain data, the operator will go Degraded.

While setting an OIDC client is not required by the API, we must avoid breaking the cluster operator monitor tests that require operators to not go degraded during an e2e test.

Therefore this PR adds a valid OIDC secret and client configuration for the console-operator to consume.

This PR also includes a small refactoring; all test-specific resources now reuse the same random ID in order to make it easier to distinguish separate test runs in logs or while debugging.

[openshift-ci-robot]

@liouk: This pull request explicitly references no jira issue.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-945 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

Details

In response to this:

When OIDC is configured, the console-operator needs a valid OIDC client config (including a client secret) in the authentication CR in .spec.oidcProviders[].oidcClients in order to configure the Console properly for OIDC. If that config is not present there, or if the secret is missing or does not contain data, the operator will go Degraded.

While setting an OIDC client is not required by the API, we must avoid breaking the cluster operator monitor tests that require operators to not go degraded during an e2e test.

Therefore this PR adds a valid OIDC secret and client configuration for the console-operator to consume.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-945 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

Details

In response to this:

When OIDC is configured, the console-operator needs a valid OIDC client config (including a client secret) in the authentication CR in .spec.oidcProviders[].oidcClients in order to configure the Console properly for OIDC. If that config is not present there, or if the secret is missing or does not contain data, the operator will go Degraded.

While setting an OIDC client is not required by the API, we must avoid breaking the cluster operator monitor tests that require operators to not go degraded during an e2e test.

Therefore this PR adds a valid OIDC secret and client configuration for the console-operator to consume.

This PR also includes a small refactoring; all test-specific resources now reuse the same random ID in order to make it easier to distinguish separate test runs in logs or while debugging.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[kevinrizza]

/lgtm

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 8854246 and 2 for PR HEAD b9883a3 in total

[kevinrizza]

/retest-required

[liouk]

/retest-required

[liouk]

/test e2e-aws-ovn-edge-zones

[kevinrizza]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: kevinrizza, liouk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 0dc595f and 2 for PR HEAD dbdacbb in total

[openshift-ci]

@liouk: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-cgroupsv2	dbdacbb	link	false	/test e2e-aws-ovn-cgroupsv2
ci/prow/e2e-gcp-ovn-techpreview	dbdacbb	link	false	/test e2e-gcp-ovn-techpreview
ci/prow/e2e-azure	dbdacbb	link	false	/test e2e-azure
ci/prow/e2e-aws-ovn-kube-apiserver-rollout	dbdacbb	link	false	/test e2e-aws-ovn-kube-apiserver-rollout
ci/prow/e2e-metal-ipi-virtualmedia	dbdacbb	link	false	/test e2e-metal-ipi-virtualmedia
ci/prow/e2e-openstack-ovn	dbdacbb	link	false	/test e2e-openstack-ovn
ci/prow/e2e-aws-proxy	dbdacbb	link	false	/test e2e-aws-proxy
ci/prow/okd-scos-e2e-aws-ovn	dbdacbb	link	false	/test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.