openshift · p0lyn0mial · Jan 8, 2026 · Sep 2, 2025 · coderabbitai · Sep 2, 2025
diff --git a/pkg/cmd/mom/output_resources_command.go b/pkg/cmd/mom/output_resources_command.go
@@ -29,6 +29,7 @@ func runOutputResources(ctx context.Context) (*libraryoutputresources.OutputReso
 
 				libraryoutputresources.ExactConfigMap("openshift-authentication", "audit"),
 				libraryoutputresources.ExactConfigMap("openshift-authentication", "v4-0-config-system-trusted-ca-bundle"),
+				libraryoutputresources.ExactConfigMap("openshift-authentication", "v4-0-config-system-cliconfig"),
 				libraryoutputresources.ExactDeployment("openshift-authentication", "oauth-openshift"),
 				libraryoutputresources.ExactDeployment("openshift-oauth-apiserver", "apiserver"),
 				libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-session"),

diff --git a/...ion-operator/core/events/c450-body-authentication-operator.18599d2230299800.18b41977.yaml b/...ion-operator/core/events/c450-body-authentication-operator.18599d2230299800.18b41977.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+count: 1
+eventTime: null
+firstTimestamp: "2025-08-07T22:38:20Z"
+involvedObject:
+  kind: Deployment
+  name: authentication-operator
+  namespace: openshift-authentication-operator
+kind: Event
+lastTimestamp: "2025-08-07T22:38:20Z"
+message: Created ConfigMap/v4-0-config-system-cliconfig -n openshift-authentication
+  because it was missing
-message: Created ConfigMap/v4-0-config-system-cliconfig -n openshift-authentication
-  because it was missing
+message: >-
+  Created ConfigMap/v4-0-config-system-cliconfig -n openshift-authentication because it was missing
-message: Created ConfigMap/v4-0-config-system-cliconfig -n openshift-authentication
-  because it was missing
+message: >-
+  Created ConfigMap/v4-0-config-system-cliconfig -n openshift-authentication because it was missing
+metadata:
+  creationTimestamp: null
+  name: authentication-operator.18599d2230299800.18b41977
+  namespace: openshift-authentication-operator
+reason: ConfigMapCreated
+reportingComponent: ""
+reportingInstance: ""
+source:
+  component: cluster-authentication-operator-run-once-sync-context
+type: Normal
diff --git a/...operator/core/events/c450-metadata-authentication-operator.18599d2230299800.18b41977.yaml b/...operator/core/events/c450-metadata-authentication-operator.18599d2230299800.18b41977.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: ""
+generateName: ""
+name: authentication-operator.18599d2230299800.18b41977
+namespace: openshift-authentication-operator
+resourceType:
+  Group: ""
+  Resource: events
+  Version: v1
diff --git a/...aces/openshift-authentication/core/configmaps/82b1-body-v4-0-config-system-cliconfig.yaml b/...aces/openshift-authentication/core/configmaps/82b1-body-v4-0-config-system-cliconfig.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+data:
+  v4-0-config-system-cliconfig: '{"admission":{},"apiVersion":"osin.config.openshift.io/v1","auditConfig":{"auditFilePath":"","enabled":false,"logFormat":"","maximumFileRetentionDays":0,"maximumFileSizeMegabytes":0,"maximumRetainedFiles":0,"policyConfiguration":null,"policyFile":"","webHookKubeConfig":"","webHookMode":""},"corsAllowedOrigins":["//127\\.0\\.0\\.1(:|$)","//localhost(:|$)"],"kind":"OsinServerConfig","kubeClientConfig":{"connectionOverrides":{"acceptContentTypes":"","burst":400,"contentType":"","qps":400},"kubeConfig":""},"oauthConfig":{"alwaysShowProviderSelection":false,"assetPublicURL":"https://console-openshift-console.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","grantConfig":{"method":"deny","serviceAccountMethod":"prompt"},"identityProviders":null,"loginURL":"https://api.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX:6443","masterCA":"/var/config/system/configmaps/v4-0-config-system-service-ca/service-ca.crt","masterPublicURL":"https://oauth-openshift.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","masterURL":"https://oauth-openshift.openshift-authentication.svc","sessionConfig":{"sessionMaxAgeSeconds":300,"sessionName":"ssn","sessionSecretsFile":"/var/config/system/secrets/v4-0-config-system-session/v4-0-config-system-session"},"templates":{"error":"/var/config/system/secrets/v4-0-config-system-ocp-branding-template/errors.html","login":"/var/config/system/secrets/v4-0-config-system-ocp-branding-template/login.html","providerSelection":"/var/config/system/secrets/v4-0-config-system-ocp-branding-template/providers.html"},"tokenConfig":{"accessTokenMaxAgeSeconds":86400,"authorizeTokenMaxAgeSeconds":300}},"servingInfo":{"bindAddress":"0.0.0.0:6443","bindNetwork":"tcp","certFile":"/var/config/system/secrets/v4-0-config-system-serving-cert/tls.crt","cipherSuites":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"],"keyFile":"/var/config/system/secrets/v4-0-config-system-serving-cert/tls.key","maxRequestsInFlight":1000,"minTLSVersion":"VersionTLS12","namedCertificates":[{"certFile":"/var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","keyFile":"/var/config/system/secrets/v4-0-config-system-router-certs/apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX","names":["*.apps.ci-op-gn2pz6q7-69aee.XXXXXXXXXXXXXXXXXXXXXX"]}],"requestTimeoutSeconds":300},"storageConfig":{"ca":"","certFile":"","keyFile":"","storagePrefix":""}}'
+kind: ConfigMap
+metadata:
+  labels:
+    app: oauth-openshift
+  name: v4-0-config-system-cliconfig
+  namespace: openshift-authentication
diff --git a/.../openshift-authentication/core/configmaps/82b1-metadata-v4-0-config-system-cliconfig.yaml b/.../openshift-authentication/core/configmaps/82b1-metadata-v4-0-config-system-cliconfig.yaml
@@ -0,0 +1,9 @@
+action: Create
+controllerInstanceName: TODO-payloadConfigController
+generateName: ""
+name: v4-0-config-system-cliconfig
+namespace: openshift-authentication
+resourceType:
+  Group: ""
+  Resource: configmaps
+  Version: v1
diff --git a/...figuration/overall/oauth-server-payloadcontroller/expected-output/controller-results.yaml b/...figuration/overall/oauth-server-payloadcontroller/expected-output/controller-results.yaml
@@ -0,0 +1,81 @@
+controllerResults:
+- controllerName: APIServerStaticResources-StaticResources
+  status: Skipped
+- controllerName: NamespaceFinalizerController_openshift-oauth-apiserver
+  status: Skipped
+- controllerName: OAuthAPIServerController-WorkloadWorkloadController
+  status: Skipped
+- controllerName: RevisionController
+  status: Skipped
+- controllerName: SecretRevisionPruneController
+  status: Skipped
+- controllerName: TODO-authRouteCheckController
+  status: Skipped
+- controllerName: TODO-authServiceCheckController
+  status: Skipped
+- controllerName: TODO-authServiceEndpointCheckController
+  status: Skipped
+- controllerName: TODO-authenticatorCertRequester
+  status: Skipped
+- controllerName: TODO-configObserver
+  status: Skipped
+- controllerName: TODO-configOverridesController
+  status: Skipped
+- controllerName: TODO-customRouteController
+  status: Skipped
+- controllerName: TODO-deploymentController
+  status: Skipped
+- controllerName: TODO-ingressStateController
+  status: Skipped
+- controllerName: TODO-logLevelController
+  status: Skipped
+- controllerName: TODO-managementStateController
+  status: Skipped
+- controllerName: TODO-metadataController
+  status: Skipped
+- controllerName: TODO-oauthClientsSwitchedController
+  status: Skipped
+- controllerName: TODO-other-configObserver
+  status: Skipped
+- controllerName: TODO-other-externalOIDCController
+  status: Skipped
+- controllerName: TODO-payloadConfigController
+  status: Succeeded
+- controllerName: TODO-proxyConfigController
+  status: Skipped
+- controllerName: TODO-resourceSyncer
+  status: Skipped
+- controllerName: TODO-routerCertsController
+  status: Skipped
+- controllerName: TODO-serviceCAController
+  status: Skipped
+- controllerName: TODO-staleConditions
+  status: Skipped
+- controllerName: TODO-staticResourceController
+  status: Skipped
+- controllerName: TODO-trustDistributionController
+  status: Skipped
+- controllerName: TODO-webhookAuthController
+  status: Skipped
+- controllerName: TODO-webhookCertsApprover
+  status: Skipped
+- controllerName: TODO-wellKnownReadyController
+  status: Skipped
+- controllerName: TODO-workersAvailableController
+  status: Skipped
+- controllerName: auditPolicyController
+  status: Skipped
+- controllerName: authentication
+  status: Skipped
+- controllerName: openshift-apiserver-APIService
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionCondition
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionKey
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionMigration
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionPrune
+  status: Skipped
+- controllerName: openshift-oauth-apiserver-EncryptionState
+  status: Skipped
diff --git a/...oadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/authentications.yaml b/...oadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/authentications.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: Authentication
+  metadata:
+    annotations:
+      include.release.openshift.io/ibm-cloud-managed: "true"
+      include.release.openshift.io/self-managed-high-availability: "true"
+      release.openshift.io/create-only: "true"
+    creationTimestamp: "2025-08-01T18:29:45Z"
+    generation: 2
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:metadata:
+          f:annotations:
+            .: {}
+            f:include.release.openshift.io/ibm-cloud-managed: {}
+            f:include.release.openshift.io/self-managed-high-availability: {}
+            f:release.openshift.io/create-only: {}
+          f:ownerReferences:
+            .: {}
+            k:{"uid":"fd412cff-9592-4cb6-b0e9-97a5c376f29e"}: {}
+        f:spec: {}
+      manager: cluster-version-operator
+      operation: Update
+      time: "2025-08-01T18:29:45Z"
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:spec:
+          f:oauthMetadata:
+            .: {}
+            f:name: {}
+          f:serviceAccountIssuer: {}
+          f:type: {}
+          f:webhookTokenAuthenticator:
+            .: {}
+            f:kubeConfig:
+              .: {}
+              f:name: {}
+      manager: authentication-operator
+      operation: Update
+      time: "2025-08-01T18:35:35Z"
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:status:
+          .: {}
+          f:integratedOAuthMetadata:
+            .: {}
+            f:name: {}
+      manager: authentication-operator
+      operation: Update
+      subresource: status
+      time: "2025-08-01T18:44:36Z"
+    name: cluster
+    ownerReferences:
+    - apiVersion: config.openshift.io/v1
+      kind: ClusterVersion
+      name: version
+      uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e
+    resourceVersion: "20310"
+    uid: 7adc5a7e-47eb-41c7-af2e-9faa138dccc5
+  spec:
+    oauthMetadata:
+      name: ""
+    serviceAccountIssuer: ""
+    type: ""
+    webhookTokenAuthenticator:
+      kubeConfig:
+        name: webhook-authentication-integrated-oauth
+  status:
+    integratedOAuthMetadata:
+      name: oauth-openshift
+kind: AuthenticationList
+metadata:
+  continue: ""
+  resourceVersion: "269028"
diff --git a/...oadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml b/...oadcontroller/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml
@@ -0,0 +1,168 @@
+---
+apiVersion: config.openshift.io/v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: ClusterVersion
+  metadata:
+    creationTimestamp: "2025-08-01T18:29:12Z"
+    generation: 2
+    managedFields:
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:spec:
+          .: {}
+          f:clusterID: {}
+      manager: cluster-bootstrap
+      operation: Update
+      time: "2025-08-01T18:29:12Z"
+    - apiVersion: config.openshift.io/v1
+      fieldsType: FieldsV1
+      fieldsV1:
+        f:status:
+          .: {}
+          f:availableUpdates: {}
+          f:capabilities:
+            .: {}
+            f:enabledCapabilities: {}
+            f:knownCapabilities: {}
+          f:conditions:
+            .: {}
+            k:{"type":"Available"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"Failing"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"ImplicitlyEnabledCapabilities"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:reason: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"Progressing"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"ReleaseAccepted"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:reason: {}
+              f:status: {}
+              f:type: {}
+            k:{"type":"RetrievedUpdates"}:
+              .: {}
+              f:lastTransitionTime: {}
+              f:message: {}
+              f:reason: {}
+              f:status: {}
+              f:type: {}
+          f:desired:
+            .: {}
+            f:image: {}
+            f:version: {}
+          f:history: {}
+          f:observedGeneration: {}
+          f:versionHash: {}
+      manager: cluster-version-operator
+      operation: Update
+      subresource: status
+      time: "2025-08-01T18:56:59Z"
+    name: version
+    resourceVersion: "31637"
+    uid: fd412cff-9592-4cb6-b0e9-97a5c376f29e
+  spec:
+    clusterID: 190ba3d3-45b9-4976-aa21-92d473f597b5
+  status:
+    availableUpdates: null
+    capabilities:
+      enabledCapabilities:
+      - Build
+      - CSISnapshot
+      - CloudControllerManager
+      - CloudCredential
+      - Console
+      - DeploymentConfig
+      - ImageRegistry
+      - Ingress
+      - Insights
+      - MachineAPI
+      - NodeTuning
+      - OperatorLifecycleManager
+      - OperatorLifecycleManagerV1
+      - Storage
+      - baremetal
+      - marketplace
+      - openshift-samples
+      knownCapabilities:
+      - Build
+      - CSISnapshot
+      - CloudControllerManager
+      - CloudCredential
+      - Console
+      - DeploymentConfig
+      - ImageRegistry
+      - Ingress
+      - Insights
+      - MachineAPI
+      - NodeTuning
+      - OperatorLifecycleManager
+      - OperatorLifecycleManagerV1
+      - Storage
+      - baremetal
+      - marketplace
+      - openshift-samples
+    conditions:
+    - lastTransitionTime: "2025-08-01T18:29:17Z"
+      message: The update channel has not been configured.
+      reason: NoChannel
+      status: "False"
+      type: RetrievedUpdates
+    - lastTransitionTime: "2025-08-01T18:29:17Z"
+      message: Capabilities match configured spec
+      reason: AsExpected
+      status: "False"
+      type: ImplicitlyEnabledCapabilities
+    - lastTransitionTime: "2025-08-01T18:29:17Z"
+      message: Payload loaded version="4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest"
+        image="registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336"
+        architecture="amd64"
+      reason: PayloadLoaded
+      status: "True"
+      type: ReleaseAccepted
+    - lastTransitionTime: "2025-08-01T18:56:59Z"
+      message: Done applying 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+      status: "True"
+      type: Available
+    - lastTransitionTime: "2025-08-01T18:56:59Z"
+      status: "False"
+      type: Failing
+    - lastTransitionTime: "2025-08-01T18:56:59Z"
+      message: Cluster version is 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+      status: "False"
+      type: Progressing
+    desired:
+      image: registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336
+      version: 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+    history:
+    - completionTime: "2025-08-01T18:56:59Z"
+      image: registry.build06.ci.openshift.org/ci-op-gn2pz6q7/release@sha256:4cb12a9c632d1745527b1c4c87f44c8a6c4d60d0a2b89b75b23c5fc8fde73336
+      startedTime: "2025-08-01T18:29:17Z"
+      state: Completed
+      verified: false
+      version: 4.20.0-0.ci-2025-08-01-181332-test-ci-op-gn2pz6q7-latest
+    observedGeneration: 2
+    versionHash: yySvC9w70rw=
+kind: ClusterVersionList
+metadata:
+  continue: ""
+  resourceVersion: "269027"