test/oauth-server-creation-minimal: adds a test show which input resources are required to run the operator and the controller that creates oauth-server deployment

Author: p0lyn0mial

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/5749-body-cluster.yaml

@@ -0,0 +1,30 @@
+apiVersion: operator.openshift.io/v1
+kind: Authentication
+metadata:
+  name: cluster
+status:
+  conditions:
+  - lastTransitionTime: "2025-08-07T22:38:20Z"
+    message: no oauth-openshift.openshift-authentication pods available on any node.
+    reason: NoPod
+    status: "False"
+    type: OAuthServerDeploymentAvailable
+  - lastTransitionTime: "2025-08-01T18:45:36Z"
+    reason: AsExpected
+    status: "False"
+    type: OAuthServerDeploymentDegraded
+  - lastTransitionTime: "2025-08-07T22:38:20Z"
+    message: 'deployment/oauth-openshift.openshift-authentication: 0/1 pods have been
+      updated to the latest generation and 0/1 pods are available'
+    reason: PodsUpdating
+    status: "True"
+    type: OAuthServerDeploymentProgressing
+  - lastTransitionTime: "2025-08-01T18:45:36Z"
+    status: "False"
+    type: OAuthServerWorkloadDegraded
+  generations:
+  - group: apps
+    lastGeneration: 0
+    name: oauth-openshift
+    namespace: openshift-authentication
+    resource: deployments

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/5749-metadata-cluster.yaml

@@ -0,0 +1,9 @@
+action: ApplyStatus
+controllerInstanceName: TODO-deploymentController
+fieldManager: OAuthServer-Workload
+generateName: ""
+mame: cluster
+resourceType:
+  Group: operator.openshift.io
+  Resource: authentications
+  Version: v1

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/5749-options-cluster.yaml

@@ -0,0 +1,2 @@
+fieldManager: OAuthServer-Workload
+force: true

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6672-body-authentication-operator.18599d2230299800.64fe3b99.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: Created Deployment.apps/oauth-openshift -n openshift-authentication because
+  it was missing
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.64fe3b99
+  namespace: openshift-authentication-operator
+reason: DeploymentCreated
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6672-metadata-authentication-operator.18599d2230299800.64fe3b99.yaml

@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+mame: authentication-operator.18599d2230299800.64fe3b99
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication/apps/deployments/d461-body-oauth-openshift.yaml

@@ -0,0 +1,193 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    operator.openshift.io/rvs-hash: f4V-TOKKLhC7zxXahsybviIQ6XFZf_Ua2SFe2jckw9gL4UuCiEXYmFPtjUvFGC13xB72tEYqR0N1somiZq0-JQ
+    operator.openshift.io/spec-hash: cb88a721f1243c54f093947afdb5770c7dfca953b2cafda9e074e6268586a5ce
+  creationTimestamp: null
+  labels:
+    app: oauth-openshift
+  name: oauth-openshift
+  namespace: openshift-authentication
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: oauth-openshift
+  strategy:
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: privileged
+        operator.openshift.io/rvs-hash: f4V-TOKKLhC7zxXahsybviIQ6XFZf_Ua2SFe2jckw9gL4UuCiEXYmFPtjUvFGC13xB72tEYqR0N1somiZq0-JQ
+        target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+      creationTimestamp: null
+      labels:
+        app: oauth-openshift
+        oauth-openshift-anti-affinity: "true"
+      name: oauth-openshift
+      namespace: openshift-authentication
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: oauth-openshift
+                oauth-openshift-anti-affinity: "true"
+            topologyKey: kubernetes.io/hostname
+      containers:
+      - args:
+        - |
+          if [ -s /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle/ca-bundle.crt ]; then
+              echo "Copying system trust bundle"
+              cp -f /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle/ca-bundle.crt /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+          fi
+          exec oauth-server osinserver \
+          --config=/var/config/system/configmaps/v4-0-config-system-cliconfig/v4-0-config-system-cliconfig \
+          --v=2 \
+          --audit-log-format=json \
+          --audit-log-maxbackup=10 \
+          --audit-log-maxsize=100 \
+          --audit-log-path=/var/log/oauth-server/audit.log \
+          --audit-policy-file=/var/run/configmaps/audit/audit.yaml
+        command:
+        - /bin/bash
+        - -ec
+        lifecycle:
+          preStop:
+            exec:
+              command:
+              - sleep
+              - "25"
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 6443
+            scheme: HTTPS
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: oauth-openshift
+        ports:
+        - containerPort: 6443
+          name: https
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 6443
+            scheme: HTTPS
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        resources:
+          requests:
+            cpu: 10m
+            memory: 50Mi
+        securityContext:
+          privileged: true
+          readOnlyRootFilesystem: false
+          runAsUser: 0
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+        - mountPath: /var/run/configmaps/audit
+          name: audit-policies
+        - mountPath: /var/log/oauth-server
+          name: audit-dir
+        - mountPath: /var/config/system/secrets/v4-0-config-system-session
+          name: v4-0-config-system-session
+          readOnly: true
+        - mountPath: /var/config/system/configmaps/v4-0-config-system-cliconfig
+          name: v4-0-config-system-cliconfig
+          readOnly: true
+        - mountPath: /var/config/system/secrets/v4-0-config-system-serving-cert
+          name: v4-0-config-system-serving-cert
+          readOnly: true
+        - mountPath: /var/config/system/configmaps/v4-0-config-system-service-ca
+          name: v4-0-config-system-service-ca
+          readOnly: true
+        - mountPath: /var/config/system/secrets/v4-0-config-system-router-certs
+          name: v4-0-config-system-router-certs
+          readOnly: true
+        - mountPath: /var/config/system/secrets/v4-0-config-system-ocp-branding-template
+          name: v4-0-config-system-ocp-branding-template
+          readOnly: true
+        - mountPath: /var/config/user/template/secret/v4-0-config-user-template-login
+          name: v4-0-config-user-template-login
+          readOnly: true
+        - mountPath: /var/config/user/template/secret/v4-0-config-user-template-provider-selection
+          name: v4-0-config-user-template-provider-selection
+          readOnly: true
+        - mountPath: /var/config/user/template/secret/v4-0-config-user-template-error
+          name: v4-0-config-user-template-error
+          readOnly: true
+        - mountPath: /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle
+          name: v4-0-config-system-trusted-ca-bundle
+          readOnly: true
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      priorityClassName: system-cluster-critical
+      serviceAccountName: oauth-openshift
+      terminationGracePeriodSeconds: 40
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
+      - effect: NoExecute
+        key: node.kubernetes.io/unreachable
+        operator: Exists
+        tolerationSeconds: 120
+      - effect: NoExecute
+        key: node.kubernetes.io/not-ready
+        operator: Exists
+        tolerationSeconds: 120
+      volumes:
+      - configMap:
+          name: audit
+        name: audit-policies
+      - hostPath:
+          path: /var/log/oauth-server
+        name: audit-dir
+      - name: v4-0-config-system-session
+        secret:
+          secretName: v4-0-config-system-session
+      - configMap:
+          name: v4-0-config-system-cliconfig
+        name: v4-0-config-system-cliconfig
+      - name: v4-0-config-system-serving-cert
+        secret:
+          secretName: v4-0-config-system-serving-cert
+      - configMap:
+          name: v4-0-config-system-service-ca
+        name: v4-0-config-system-service-ca
+      - name: v4-0-config-system-router-certs
+        secret:
+          secretName: v4-0-config-system-router-certs
+      - name: v4-0-config-system-ocp-branding-template
+        secret:
+          secretName: v4-0-config-system-ocp-branding-template
+      - name: v4-0-config-user-template-login
+        secret:
+          optional: true
+          secretName: v4-0-config-user-template-login
+      - name: v4-0-config-user-template-provider-selection
+        secret:
+          optional: true
+          secretName: v4-0-config-user-template-provider-selection
+      - name: v4-0-config-user-template-error
+        secret:
+          optional: true
+          secretName: v4-0-config-user-template-error
+      - configMap:
+          name: v4-0-config-system-trusted-ca-bundle
+          optional: true
+        name: v4-0-config-system-trusted-ca-bundle
+status: {}

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication/apps/deployments/d461-metadata-oauth-openshift.yaml

@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: TODO-deploymentController
+generateName: ""
+mame: oauth-openshift
+namespace: openshift-authentication
+resourceType:
+  Group: apps
+  Resource: deployments
+  Version: v1

test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/controller-results.yaml

@@ -0,0 +1,81 @@
+controllerResults:
+- controllerName: APIServerStaticResources-StaticResources
+  status: Skipped
+- controllerName: NamespaceFinalizerController_openshift-oauth-apiserver
+  status: Skipped
+- controllerName: OAuthAPIServerController-WorkloadWorkloadController
+  status: Skipped
+- controllerName: RevisionController
+  status: Skipped
+- controllerName: SecretRevisionPruneController
+  status: Skipped
+- controllerName: TODO-authRouteCheckController
+  status: Skipped
+- controllerName: TODO-authServiceCheckController
+  status: Skipped
+- controllerName: TODO-authServiceEndpointCheckController
+  status: Skipped
+- controllerName: TODO-authenticatorCertRequester
+  status: Skipped
+- controllerName: TODO-configObserver
+  status: Skipped
+- controllerName: TODO-configOverridesController
+  status: Skipped
+- controllerName: TODO-customRouteController
+  status: Skipped
+- controllerName: TODO-deploymentController
+  status: Succeeded
+- controllerName: TODO-ingressStateController
+  status: Skipped
+- controllerName: TODO-logLevelController
+  status: Skipped
+- controllerName: TODO-managementStateController
+  status: Skipped
+- controllerName: TODO-metadataController
+  status: Skipped
+- controllerName: TODO-oauthClientsSwitchedController
+  status: Skipped
+- controllerName: TODO-other-configObserver
+  status: Skipped
+- controllerName: TODO-other-externalOIDCController
+  status: Skipped
+- controllerName: TODO-payloadConfigController
+  status: Skipped
+- controllerName: TODO-proxyConfigController
+  status: Skipped
+- controllerName: TODO-resourceSyncer
+  status: Skipped
+- controllerName: TODO-routerCertsController
+  status: Skipped
+- controllerName: TODO-serviceCAController
+  status: Skipped
+- controllerName: TODO-staleConditions
+  status: Skipped
+- controllerName: TODO-staticResourceController
+  status: Skipped
+- controllerName: TODO-trustDistributionController
+  status: Skipped
+- controllerName: TODO-webhookAuthController
+  status: Skipped
+- controllerName: TODO-webhookCertsApprover
+  status: Skipped
+- controllerName: TODO-wellKnownReadyController
+  status: Skipped
+- controllerName: TODO-workersAvailableController
+  status: Skipped
+- controllerName: auditPolicyController
+  status: Skipped
+- controllerName: authentication
+  status: Skipped
+- controllerName: openshift-apiserver-APIService
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionCondition
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionKey
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionMigration
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionPrune
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionState
+  status: Skipped