Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix (kubernetes-client-api) : OpenIDConnectionUtils uses caCertFile and caCertData as a fallback option when idp-certificate-authority-data is not specified #5818

Merged
merged 1 commit into from
Apr 9, 2024
Merged

fix (kubernetes-client-api) : OpenIDConnectionUtils uses caCertFile and caCertData as a fallback option when idp-certificate-authority-data is not specified #5818

merged 1 commit into from
Apr 9, 2024
+47 −1

Conversation

rohanKanojia
Copy link
Member

@rohanKanojia rohanKanojia commented Mar 19, 2024
edited
Loading

Description

Fix #5817

Currently, we fall back to caCertData specified in Config when idp-certificate-authority-data is not specified. We should also consider reading cert data from caCertFile. From discussion in redhat-developer/intellij-kubernetes#726 , user had cert data specified in caCertFile

The fix was tested by @adietish in build of IntelliJ Plugin and it seems to fix the issue for the user #5817 (comment)

I have tested the token refresh flow on EKS cluster (thanks to @adietish) , it seems to be working.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change
  • Chore (non-breaking change which doesn't affect codebase;
    test, version modification, documentation, etc.)

Checklist

  • Code contributed by me aligns with current project license: Apache 2.0
  • I Added CHANGELOG entry regarding this change
  • I have implemented unit tests to cover my changes
  • I have added/updated the javadocs and other documentation accordingly
  • No new bugs, code smells, etc. in SonarCloud report
  • I tested my code in Kubernetes
  • I tested my code in OpenShift

@rohanKanojia rohanKanojia force-pushed the pr/openid-cert-data-or-file branch 2 times, most recently from a29197b to 88b9815 Compare March 19, 2024 20:10
manusa added a commit that referenced this pull request Mar 25, 2024
@manusa
chore: fix changelog entry for #5818
62dde7f
@adietish adietish mentioned this pull request Apr 2, 2024
Closed
@rohanKanojia rohanKanojia force-pushed the pr/openid-cert-data-or-file branch 2 times, most recently from 631d870 to 17dff46 Compare April 2, 2024 17:28
@rohanKanojia rohanKanojia marked this pull request as ready for review April 3, 2024 06:07
shawkins
shawkins approved these changes Apr 3, 2024
View reviewed changes
Copy link
Contributor

@shawkins shawkins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rohanKanojia
Copy link
Member Author

I tested that refresh works on EKS + OIDC cluster (Thanks to cluster provided by @adietish) with this fix. More details can be found in this document.

@rohanKanojia
fix (kubernetes-client-api) : OpenIDConnectionUtils uses caCertFile a…
621885e 
…nd caCertData as a fallback option when `idp-certificate-authority-data` is not specified

Related to fabric8io#5817

Currently, we fall back to caCertData specified in Config when
`idp-certificate-authority-data` is not specified. We should also
consider reading cert data from caCertFile.

Signed-off-by: Rohan Kumar <[email protected]>
@rohanKanojia rohanKanojia force-pushed the pr/openid-cert-data-or-file branch from 17dff46 to 621885e Compare April 9, 2024 09:00
@manusa manusa added this to the 6.12.0 milestone Apr 9, 2024 — with automated-tasks
manusa
manusa approved these changes Apr 9, 2024
View reviewed changes
Copy link
Member

@manusa manusa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx!

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Apr 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
93.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@manusa manusa merged commit d2bd4e1 into fabric8io:main Apr 9, 2024
17 of 19 checks passed
@rohanKanojia rohanKanojia deleted the pr/openid-cert-data-or-file branch April 9, 2024 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oscerd oscerd oscerd approved these changes

@shawkins shawkins shawkins approved these changes

@manusa manusa manusa approved these changes

@sunix sunix Awaiting requested review from sunix

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
6.12.0
Development

Successfully merging this pull request may close these issues.

NPE when token is to be refreshed
4 participants
@rohanKanojia @manusa @shawkins @oscerd