Skip to content

Wait for authenticators to be initialized#4122

Merged
kcp-ci-bot merged 1 commit into
kcp-dev:mainfrom
ntnn:fix-lazy-authenticators
May 13, 2026
Merged

Wait for authenticators to be initialized#4122
kcp-ci-bot merged 1 commit into
kcp-dev:mainfrom
ntnn:fix-lazy-authenticators

Conversation

@ntnn
Copy link
Copy Markdown
Member

@ntnn ntnn commented May 12, 2026

Summary

The authenticators do have a healthcheck, however this healthcheck is not exposed and it is not easy to expose without intrusive changes.

An alternative would've been to use the update function returned by kubeAuthConfig.New which does wait until the authenticator's healthcheck are ready, however that would create each authenticator twice and just discard the first iteration.

Instead the authenticator is validated by continually authenticating a dummy token created with the first issuer until the error is no longer "not initialized".

What Type of PR Is This?

/kind bug

/cherry-pick release-0.31

Related Issue(s)

Fixes #4115

Release Notes

NONE

@ntnn ntnn self-assigned this May 12, 2026
@kcp-ci-bot kcp-ci-bot added release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/bug Categorizes issue or PR as related to a bug. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 12, 2026
@ntnn
Wait for authenticators to be initialized
e0c0e61 
The authenticators do have a healthcheck, however this healthcheck is not exposed
and it is not easy to expose without intrusive changes.

An alternative would've been to use the update function returned by kubeAuthConfig.New
which _does_ wait until the authenticator's healthcheck are ready, however that would
create each authenticator twice and just discard the first iteration.

Instead the authenticator is validated by continually authenticating a dummy token
created with the first issuer until the error is no longer "not initialized".

Signed-off-by: Nelo-T. Wallus <red.brush9525@fastmail.com>
Signed-off-by: Nelo-T. Wallus <n.wallus@sap.com>
@ntnn ntnn force-pushed the fix-lazy-authenticators branch from 560c984 to e0c0e61 Compare May 12, 2026 15:25
@ntnn
Copy link
Copy Markdown
Member Author

ntnn commented May 12, 2026

/cherry-pick release-0.31

@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented May 12, 2026

@ntnn: once the present PR merges, I will cherry-pick it on top of release-0.31 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-0.31

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ntnn ntnn added this to tbd May 12, 2026
@ntnn ntnn moved this to In review in tbd May 12, 2026
@kcp-ci-bot kcp-ci-bot added the lgtm Indicates that a PR is ready to be merged. label May 12, 2026
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented May 12, 2026

LGTM label has been added.

DetailsGit tree hash: 63c6e66a7890849fdcc9b8b510e65cea4ecbe9c8

mjudeikis
mjudeikis approved these changes May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mjudeikis mjudeikis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented May 13, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mjudeikis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 13, 2026
@kcp-ci-bot kcp-ci-bot merged commit 6f475c9 into kcp-dev:main May 13, 2026
14 checks passed
@github-project-automation github-project-automation Bot moved this from In review to Done in tbd May 13, 2026
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented May 13, 2026

@ntnn: new pull request created: #4123

Details

In response to this:

/cherry-pick release-0.31

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kcp-ci-bot kcp-ci-bot mentioned this pull request May 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjudeikis mjudeikis mjudeikis approved these changes

+1 more reviewer

@cnvergence cnvergence cnvergence approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mjudeikis mjudeikis

@ntnn ntnn

@cnvergence cnvergence

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: TokenReview oidc authenticator isn't initialized when workspace is initialized

4 participants

@ntnn @kcp-ci-bot @mjudeikis @cnvergence