removes draft of oidc FSM state and adjusts the oidc extender

api/v1/runtime_types.go

@@ -64,7 +64,6 @@ const (
 	ConditionTypeRuntimeProvisioned       RuntimeConditionType = "Provisioned"
 	ConditionTypeRuntimeProvisionedDryRun RuntimeConditionType = "ProvisionedDryRun"
 	ConditionTypeRuntimeKubeconfigReady   RuntimeConditionType = "KubeconfigReady"
-	ConditionTypeOidcConfigured           RuntimeConditionType = "OidcConfigured"
 	ConditionTypeRuntimeConfigured        RuntimeConditionType = "Configured"
 	ConditionTypeRuntimeDeprovisioned     RuntimeConditionType = "Deprovisioned"
 )

internal/gardener/shoot/extender/oidc.go

@@ -11,28 +11,15 @@ const (
 )
 
 // Extends Shoot spec with OIDC configuration and mutates Runtime spec with necessary OIDC defaults if missing
-func ExtendWithOIDC(runtime *imv1.Runtime, shoot *gardener.Shoot) error {
+func ExtendWithOIDC(runtime imv1.Runtime, shoot *gardener.Shoot) error {
 	oidcConfig := runtime.Spec.Shoot.Kubernetes.KubeAPIServer.OidcConfig
 
-	defaultAdditionalOidcIfNotPresent(runtime)
 	setOIDCExtension(shoot)
 	setKubeAPIServerOIDCConfig(shoot, oidcConfig)
 
 	return nil
 }
 
-func defaultAdditionalOidcIfNotPresent(runtime *imv1.Runtime) {
-	oidcConfig := runtime.Spec.Shoot.Kubernetes.KubeAPIServer.OidcConfig
-	additionalOidcConfig := runtime.Spec.Shoot.Kubernetes.KubeAPIServer.AdditionalOidcConfig
-
-	if nil == additionalOidcConfig {
-		additionalOidcConfig = &[]gardener.OIDCConfig{}
-		*additionalOidcConfig = append(*additionalOidcConfig, oidcConfig)
-	}
-
-	runtime.Spec.Shoot.Kubernetes.KubeAPIServer.AdditionalOidcConfig = additionalOidcConfig
-}
-
 func setOIDCExtension(shoot *gardener.Shoot) {
 	oidcService := gardener.Extension{
 		Type:     OidcExtensionType,
@@ -57,32 +44,3 @@ func setKubeAPIServerOIDCConfig(shoot *gardener.Shoot, oidcConfig gardener.OIDCC
 		},
 	}
 }
-
-//main OIDC task https://github.com/kyma-project/kyma/issues/18305#issuecomment-2128866460
-
-func setOIDCConfig(shoot *gardener.Shoot, oidcConfig gardener.OIDCConfig) {
-	shoot.Spec.Kubernetes.KubeAPIServer = &gardener.KubeAPIServerConfig{
-		OIDCConfig: &oidcConfig,
-	}
-}
-
-func getDefaultOIDCConfig() *gardener.OIDCConfig {
-	return &gardener.OIDCConfig{
-
-		// taken from https://github.tools.sap/kyma/management-plane-config/blob/20474fc793b147845b884160954d280f75b98a85/argoenv/keb/dev/values.yaml
-
-		//TODO: move below's default configuration to:
-		// - config file for local development
-		// - management-plane-charts/config
-
-		//CABundle:    //TODO: is it needed?
-		ClientID:    ptr.To("xyz"),    //TODO: move to config file
-		GroupsClaim: ptr.To("groups"), //TODO: move to config file
-		//GroupsPrefix: TODO: is it needed?
-		IssuerURL: ptr.To("https://kymatest.accounts400.ondemand.com"), //TODO: move to config file
-		//RequiredClaims: TODO: is it needed?
-		SigningAlgs:    []string{"RS256"}, //TODO: move to config file
-		UsernameClaim:  ptr.To("sub"),     //TODO: move to config file
-		UsernamePrefix: ptr.To("-"),       //TODO: move to config file
-	}
-}

internal/gardener/shoot/extender/oidc_test.go

@@ -39,17 +39,12 @@ func TestOidcExtender(t *testing.T) {
 		}
 
 		// when
-		err := ExtendWithOIDC(&runtimeShoot, &shoot)
+		err := ExtendWithOIDC(runtimeShoot, &shoot)
 
 		// then
 		require.NoError(t, err)
 
 		assert.Equal(t, runtimeShoot.Spec.Shoot.Kubernetes.KubeAPIServer.OidcConfig, *shoot.Spec.Kubernetes.KubeAPIServer.OIDCConfig)
-
-		// Default additionalOidcConfig is set when missing
-		defaultAdditionalOidcConfig := runtimeShoot.Spec.Shoot.Kubernetes.KubeAPIServer.AdditionalOidcConfig
-		assert.Equal(t, runtimeShoot.Spec.Shoot.Kubernetes.KubeAPIServer.OidcConfig, (*defaultAdditionalOidcConfig)[0])
-
 		assert.Equal(t, false, *shoot.Spec.Extensions[0].Disabled)
 		assert.Equal(t, "shoot-oidc-service", shoot.Spec.Extensions[0].Type)
 	})