@@ -12,15 +12,19 @@ import (
1212 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1313 "k8s.io/apimachinery/pkg/types"
1414 "k8s.io/apimachinery/pkg/util/wait"
15+ "k8s.io/client-go/informers"
1516 corev1listers "k8s.io/client-go/listers/core/v1"
1617 "k8s.io/klog/v2"
1718
1819 configv1 "github.com/openshift/api/config/v1"
1920 routev1 "github.com/openshift/api/route/v1"
2021 applyconfigv1 "github.com/openshift/client-go/config/applyconfigurations/config/v1"
2122 configsetterv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
22- configinformers "github.com/openshift/client-go/config/informers/externalversions/config/v1"
23+ configinformers "github.com/openshift/client-go/config/informers/externalversions"
24+ configinformersv1 "github.com/openshift/client-go/config/informers/externalversions/config/v1"
2325 configlistersv1 "github.com/openshift/client-go/config/listers/config/v1"
26+ operatorv1informers "github.com/openshift/client-go/operator/informers/externalversions/operator/v1"
27+ operatorv1listers "github.com/openshift/client-go/operator/listers/operator/v1"
2428 routeclient "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
2529 routeinformer "github.com/openshift/client-go/route/informers/externalversions/route/v1"
2630 routev1lister "github.com/openshift/client-go/route/listers/route/v1"
@@ -51,18 +55,25 @@ type customRouteController struct {
5155 secretLister corev1listers.SecretLister
5256 resourceSyncer resourcesynccontroller.ResourceSyncer
5357 operatorClient v1helpers.OperatorClient
58+
59+ authLister configlistersv1.AuthenticationLister
60+ kasLister operatorv1listers.KubeAPIServerLister
61+ kasConfigMapLister corev1listers.ConfigMapLister
5462}
5563
5664func NewCustomRouteController (
5765 componentRouteNamespace string ,
5866 componentRouteName string ,
5967 destSecretNamespace string ,
6068 destSecretName string ,
61- ingressInformer configinformers .IngressInformer ,
69+ ingressInformer configinformersv1 .IngressInformer ,
6270 ingressClient configsetterv1.IngressInterface ,
6371 routeInformer routeinformer.RouteInformer ,
6472 routeClient routeclient.RouteInterface ,
6573 kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces ,
74+ operatorConfigInformers configinformers.SharedInformerFactory ,
75+ kasInformer operatorv1informers.KubeAPIServerInformer ,
76+ kasConfigMapInformer informers.SharedInformerFactory ,
6677 operatorClient v1helpers.OperatorClient ,
6778 eventRecorder events.Recorder ,
6879 resourceSyncer resourcesynccontroller.ResourceSyncer ,
@@ -83,6 +94,10 @@ func NewCustomRouteController(
8394 secretLister : kubeInformersForNamespaces .SecretLister (),
8495 operatorClient : operatorClient ,
8596 resourceSyncer : resourceSyncer ,
97+
98+ authLister : operatorConfigInformers .Config ().V1 ().Authentications ().Lister (),
99+ kasLister : kasInformer .Lister (),
100+ kasConfigMapLister : kasConfigMapInformer .Core ().V1 ().ConfigMaps ().Lister (),
86101 }
87102
88103 return factory .New ().
@@ -91,6 +106,8 @@ func NewCustomRouteController(
91106 routeInformer .Informer (),
92107 kubeInformersForNamespaces .InformersFor ("openshift-config" ).Core ().V1 ().Secrets ().Informer (),
93108 kubeInformersForNamespaces .InformersFor ("openshift-authentication" ).Core ().V1 ().Secrets ().Informer (),
109+ operatorConfigInformers .Config ().V1 ().Authentications ().Informer (),
110+ kasInformer .Informer (),
94111 ).
95112 WithSyncDegradedOnError (operatorClient ).
96113 WithSync (controller .sync ).
@@ -116,6 +133,12 @@ func (c *customRouteController) sync(ctx context.Context, syncCtx factory.SyncCo
116133 return fmt .Errorf ("custom route configuration failed verification: %v" , errors )
117134 }
118135
136+ if oidcAvailable , err := common .ExternalOIDCConfigAvailable (c .authLister , c .kasLister , c .kasConfigMapLister ); err != nil {
137+ return err
138+ } else if oidcAvailable {
139+ return c .removeOperands (ctx , ingressConfigCopy , secretName )
140+ }
141+
119142 // create or modify the existing route
120143 if err = c .applyRoute (ctx , expectedRoute ); err != nil {
121144 return err
@@ -289,3 +312,46 @@ func (c *customRouteController) getFieldManager() string {
289312 // TODO find a way to get the client name and combine it with the controller name automatically
290313 return "AuthenticationCustomRouteController"
291314}
315+
316+ func (c * customRouteController ) removeOperands (ctx context.Context , ingressConfig * configv1.Ingress , secretName string ) error {
317+ if _ , err := c .routeLister .Routes (c .componentRoute .Namespace ).Get (c .componentRoute .Name ); err != nil && ! errors .IsNotFound (err ) {
318+ return err
319+ } else if ! errors .IsNotFound (err ) {
320+ if err := c .routeClient .Delete (ctx , c .componentRoute .Name , metav1.DeleteOptions {}); err != nil && ! errors .IsNotFound (err ) {
321+ return err
322+ }
323+ }
324+
325+ ingressStatus , err := applyconfigv1 .ExtractIngressStatus (ingressConfig , c .getFieldManager ())
326+ if err != nil {
327+ return err
328+ }
329+
330+ if ingressStatus != nil && ingressStatus .Status != nil {
331+ componentRoutes := make ([]applyconfigv1.ComponentRouteStatusApplyConfiguration , 0 )
332+ routeFound := false
333+ for _ , cr := range ingressStatus .Status .ComponentRoutes {
334+ if * cr .Name == c .componentRoute .Name && * cr .Namespace == c .componentRoute .Namespace {
335+ routeFound = true
336+ continue
337+ }
338+
339+ componentRoutes = append (componentRoutes , cr )
340+ }
341+
342+ if routeFound {
343+ ingressStatus .Status .ComponentRoutes = componentRoutes
344+ ingress := applyconfigv1 .Ingress (ingressConfig .Name ).WithStatus (ingressStatus .Status )
345+ if _ , err := c .ingressClient .ApplyStatus (ctx , ingress , c .forceApply ()); err != nil {
346+ return err
347+ }
348+ }
349+ }
350+
351+ // delete secret by syncing an empty source
352+ if err := c .syncSecret ("" ); err != nil {
353+ return err
354+ }
355+
356+ return nil
357+ }
0 commit comments