Fix 4.19 external oidc job failure by excluding extra and uid by xingxingxia · Pull Request #75498 · openshift/release

xingxingxia · 2026-02-28T08:27:51Z

4.19 job (e.g. https://url.corp.redhat.com/6893cf3 logs) fails with:

console          4.19.0-0.nightly-2026-02-22-194444   True   False   True    31m   AuthStatusHandlerDegraded: error converting obj to typed: .spec.oidcProviders[name="keycloak oidc server"].claimMappings.extra: field not declared in schema...
"oc get co kube-apiserver authentication console" shows some cluster operator not in good status!

This is expected for 4.19 because the related bug fix was not intended to be backported to 4.19. Updating the script by basing on cluster version.

The pj-rehearse jobs for 4.19 and > 4.19 both passed the scripts and could go the step that runs e2e cases.

openshift-ci-robot · 2026-02-28T08:30:39Z

[REHEARSALNOTIFIER]
@xingxingxia: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-cluster-authentication-operator-master-e2e-aws-external-oidc-conformance-parallel	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-aws-external-oidc-conformance-serial	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-release-5.0-e2e-aws-external-oidc-conformance-parallel	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-release-5.0-e2e-aws-external-oidc-conformance-serial	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-release-4.23-e2e-aws-external-oidc-conformance-parallel	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-release-4.23-e2e-aws-external-oidc-conformance-serial	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-release-4.22-e2e-aws-external-oidc-conformance-parallel	openshift/cluster-authentication-operator	presubmit	Registry content changed
pull-ci-openshift-cluster-authentication-operator-release-4.22-e2e-aws-external-oidc-conformance-serial	openshift/cluster-authentication-operator	presubmit	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-nightly-aws-ipi-ovn-hypershift-guest-ext-oidc-f60	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.19-amd64-stable-aws-rosa-hcp-external-auth-stage-full-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-hypershift-release-4.22-periodics-e2e-aws-external-oidc-techpreview	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-azure-ipi-external-oidc-entraid-tp-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-stable-aws-rosa-hcp-external-auth-stage-full-int-f7	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.17-amd64-nightly-aws-ipi-ovn-hypershift-guest-ext-oidc-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-aws-rosa-hcp-external-auth-int-full-f7	N/A	periodic	Registry content changed
periodic-ci-openshift-hypershift-release-4.22-periodics-e2e-aws-external-oidc	N/A	periodic	Registry content changed
periodic-ci-openshift-hypershift-release-5.0-periodics-e2e-aws-external-oidc-techpreview	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.19-amd64-stable-aws-rosa-hcp-external-auth-stage-full-int-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.18-amd64-nightly-aws-ipi-ovn-hypershift-guest-ext-oidc-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-aws-ipi-external-oidc-entraid-tp-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-hypershift-release-4.21-periodics-e2e-aws-external-oidc	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-azure-ipi-external-oidc-entraid-tp-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-aws-ipi-ovn-hypershift-guest-ext-oidc-tp-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-5.0-amd64-nightly-azure-ipi-external-oidc-entraid-tp-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.22-multi-nightly-gcp-ipi-ovn-ipsec-arm-mixarch-external-oidc-keycloak-f14	N/A	periodic	Registry content changed

A total of 64 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

xingxingxia · 2026-02-28T08:48:31Z

/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.19-amd64-nightly-gcp-upi-external-oidc-keycloak-tp-f14

openshift-ci-robot · 2026-02-28T08:48:33Z

@xingxingxia: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

xingxingxia · 2026-03-02T01:44:47Z

/pj-rehearse periodic-ci-openshift-hypershift-release-4.22-periodics-e2e-aws-external-oidc

openshift-ci-robot · 2026-03-02T01:44:50Z

@xingxingxia: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

xingxingxia · 2026-03-02T06:07:54Z

/pj-rehearse ack

openshift-ci-robot · 2026-03-02T06:07:57Z

@xingxingxia: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

xiuwang · 2026-03-03T03:16:54Z

/lgtm

xiuwang · 2026-03-03T03:26:04Z

/approve

openshift-ci · 2026-03-03T03:26:26Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: xingxingxia, xiuwang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~ci-operator/step-registry/idp/external-oidc/entraid/console-app/redirect-uri/OWNERS~~ [xingxingxia,xiuwang]
~~ci-operator/step-registry/idp/external-oidc/keycloak/server/OWNERS~~ [xingxingxia,xiuwang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

xingxingxia · 2026-03-03T05:38:26Z

/retest-required

openshift-ci · 2026-03-03T06:02:00Z

@xingxingxia: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.19-amd64-nightly-gcp-upi-external-oidc-keycloak-tp-f14	`3e23ca8`	link	unknown	`/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.19-amd64-nightly-gcp-upi-external-oidc-keycloak-tp-f14`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

xingxingxia · 2026-03-03T06:39:02Z

The CI infrastructural image registry is broken, causing core-valid failing. There is on going discussion in channels.

liangxia · 2026-03-03T09:28:45Z

/test core-valid

Fix 4.19 external oidc job failure by excluding extra and uid

3e23ca8

openshift-ci bot requested review from xiuwang and yingzhanredhat February 28, 2026 08:28

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 28, 2026

openshift-ci-robot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Mar 2, 2026

openshift-ci bot assigned xiuwang Mar 3, 2026

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 3, 2026

openshift-merge-bot bot merged commit 86aa9fe into openshift:main Mar 3, 2026
10 of 11 checks passed

Conversation

xingxingxia commented Feb 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Feb 28, 2026

Uh oh!

xingxingxia commented Feb 28, 2026

Uh oh!

openshift-ci-robot commented Feb 28, 2026

Uh oh!

xingxingxia commented Mar 2, 2026

Uh oh!

openshift-ci-robot commented Mar 2, 2026

Uh oh!

xingxingxia commented Mar 2, 2026

Uh oh!

openshift-ci-robot commented Mar 2, 2026

Uh oh!

xiuwang commented Mar 3, 2026

Uh oh!

xiuwang commented Mar 3, 2026

Uh oh!

openshift-ci bot commented Mar 3, 2026

Uh oh!

xingxingxia commented Mar 3, 2026

Uh oh!

openshift-ci bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

xingxingxia commented Mar 3, 2026

Uh oh!

liangxia commented Mar 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

xingxingxia commented Feb 28, 2026 •

edited

Loading

openshift-ci bot commented Mar 3, 2026 •

edited

Loading