From e99d56aed5a96de5fb11e457ab8964258bd8d17a Mon Sep 17 00:00:00 2001 From: Ilias Rinis Date: Wed, 20 Nov 2024 11:30:30 +0100 Subject: [PATCH] operator: enable or disable API services depending on whether OIDC is enabled --- pkg/operator/starter.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index 1e0012fd6..c42b47cc0 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -587,9 +587,7 @@ func prepareOauthAPIServerOperator( ).WithAPIServiceController( "openshift-apiserver", "openshift-oauth-apiserver", - func() ([]*apiregistrationv1.APIService, []*apiregistrationv1.APIService, error) { - return apiServices(), nil, nil - }, + apiServicesFuncWrapper(authLister, kasLister, kasConfigMapLister), informerFactories.apiregistrationInformers, authOperatorInput.apiregistrationv1Client.ApiregistrationV1(), informerFactories.kubeInformersForNamespaces, @@ -884,6 +882,20 @@ func extractOperatorStatus(obj *unstructured.Unstructured, fieldManager string) return &ret.Status.OperatorStatusApplyConfiguration, nil } +func apiServicesFuncWrapper(authLister configv1listers.AuthenticationLister, kasLister operatorv1listers.KubeAPIServerLister, kasConfigMapLister corev1listers.ConfigMapLister) func() ([]*apiregistrationv1.APIService, []*apiregistrationv1.APIService, error) { + return func() ([]*apiregistrationv1.APIService, []*apiregistrationv1.APIService, error) { + apiServices := apiServices() + if oidcAvailable, err := common.ExternalOIDCConfigAvailable(authLister, kasLister, kasConfigMapLister); err != nil { + return nil, nil, err + } else if oidcAvailable { + // return apiServices as disabled + return nil, apiServices, nil + } + + return apiServices, nil, nil + } +} + func countNodesFuncWrapper(nodeLister corev1listers.NodeLister, authLister configv1listers.AuthenticationLister, kasLister operatorv1listers.KubeAPIServerLister, kasConfigMapLister corev1listers.ConfigMapLister) func(nodeSelector map[string]string) (*int32, error) { return func(nodeSelector map[string]string) (*int32, error) { if oidcAvailable, err := common.ExternalOIDCConfigAvailable(authLister, kasLister, kasConfigMapLister); err != nil {