LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown

Co-authored-by: Ryan Richard <richardry@vmware.com>
2026-01-06 21:47:45 +00:00 · 2024-08-06 13:03:00 -05:00
parent 1c59a41cc5
commit afa3aa2232
10 changed files with 58 additions and 32 deletions
--- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go
+++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go
@@ -64,8 +64,6 @@ const (
 	reasonInvalidAuthenticator                      = "InvalidAuthenticator"
 	reasonInvalidCouldNotFetchJWKS                  = "InvalidCouldNotFetchJWKS"

-	msgUnableToValidate = "unable to validate; see other conditions for details"
-
 	// These default values come from the way that the Supervisor issues and signs tokens. We make these
 	// the defaults for a JWTAuthenticator so that they can easily integrate with the Supervisor.
 	defaultUsernameClaim = oidcapi.IDTokenClaimUsername
@@ -462,7 +460,7 @@ func (c *jwtCacheFillerController) validateProviderDiscovery(ctx context.Context
 			Type:    typeDiscoveryValid,
 			Status:  metav1.ConditionUnknown,
 			Reason:  conditionsutil.ReasonUnableToValidate,
-			Message: msgUnableToValidate,
+			Message: conditionsutil.MessageUnableToValidate,
 		})
 		return nil, nil, conditions, nil
 	}
@@ -500,7 +498,7 @@ func (c *jwtCacheFillerController) validateProviderJWKSURL(provider *coreosoidc.
 			Type:    typeJWKSURLValid,
 			Status:  metav1.ConditionUnknown,
 			Reason:  conditionsutil.ReasonUnableToValidate,
-			Message: msgUnableToValidate,
+			Message: conditionsutil.MessageUnableToValidate,
 		})
 		return "", conditions, nil
 	}
@@ -567,7 +565,7 @@ func (c *jwtCacheFillerController) validateJWKSFetch(ctx context.Context, jwksUR
 			Type:    typeJWKSFetchValid,
 			Status:  metav1.ConditionUnknown,
 			Reason:  conditionsutil.ReasonUnableToValidate,
-			Message: msgUnableToValidate,
+			Message: conditionsutil.MessageUnableToValidate,
 		})
 		return nil, conditions, nil
 	}
@@ -646,7 +644,7 @@ func (c *jwtCacheFillerController) newCachedJWTAuthenticator(
 			Type:    typeAuthenticatorValid,
 			Status:  metav1.ConditionUnknown,
 			Reason:  conditionsutil.ReasonUnableToValidate,
-			Message: msgUnableToValidate,
+			Message: conditionsutil.MessageUnableToValidate,
 		})
 		return nil, conditions, nil
 	}
--- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go
+++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go
@@ -54,8 +54,6 @@ const (
 	reasonUnableToInstantiateWebhook = "UnableToInstantiateWebhook"
 	reasonInvalidEndpointURL         = "InvalidEndpointURL"
 	reasonInvalidEndpointURLScheme   = "InvalidEndpointURLScheme"
-
-	msgUnableToValidate = "unable to validate; see other conditions for details"
 )

 type cachedWebhookAuthenticator struct {
@@ -344,7 +342,7 @@ func newWebhookAuthenticator(
 			Type:    typeAuthenticatorValid,
 			Status:  metav1.ConditionUnknown,
 			Reason:  conditionsutil.ReasonUnableToValidate,
-			Message: msgUnableToValidate,
+			Message: conditionsutil.MessageUnableToValidate,
 		})
 		return nil, conditions, nil
 	}
@@ -425,7 +423,7 @@ func (c *webhookCacheFillerController) validateConnection(
 			Type:    typeWebhookConnectionValid,
 			Status:  metav1.ConditionUnknown,
 			Reason:  conditionsutil.ReasonUnableToValidate,
-			Message: msgUnableToValidate,
+			Message: conditionsutil.MessageUnableToValidate,
 		})
 		return conditions, nil
 	}