diff --git a/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/__tests__/operator-hub-utils.spec.ts b/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/__tests__/operator-hub-utils.spec.ts index 7ad96a03b56..6b8d1b9821a 100644 --- a/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/__tests__/operator-hub-utils.spec.ts +++ b/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/__tests__/operator-hub-utils.spec.ts @@ -481,6 +481,7 @@ describe('getInfrastructureFeatures', () => { const result = getInfrastructureFeatures( { [OLMAnnotation.InfrastructureFeatures]: '["tokenAuth"]', + [OLMAnnotation.TokenAuthAWS]: 'true', }, { clusterIsAWSSTS, clusterIsAzureWIF, clusterIsGCPWIF }, ); @@ -493,6 +494,7 @@ describe('getInfrastructureFeatures', () => { const result = getInfrastructureFeatures( { [OLMAnnotation.InfrastructureFeatures]: '["TokenAuth"]', + [OLMAnnotation.TokenAuthAWS]: 'true', }, { clusterIsAWSSTS, clusterIsAzureWIF, clusterIsGCPWIF }, ); @@ -505,6 +507,7 @@ describe('getInfrastructureFeatures', () => { const result = getInfrastructureFeatures( { [OLMAnnotation.InfrastructureFeatures]: '["tokenAuth"]', + [OLMAnnotation.TokenAuthAzure]: 'true', }, { clusterIsAWSSTS, clusterIsAzureWIF, clusterIsGCPWIF }, ); @@ -517,6 +520,7 @@ describe('getInfrastructureFeatures', () => { const result = getInfrastructureFeatures( { [OLMAnnotation.InfrastructureFeatures]: '["TokenAuth"]', + [OLMAnnotation.TokenAuthAzure]: 'true', }, { clusterIsAWSSTS, clusterIsAzureWIF, clusterIsGCPWIF }, ); @@ -615,6 +619,30 @@ describe('getInfrastructureFeatures', () => { }); expect(result).toEqual([InfrastructureFeature.FIPSMode]); }); + it(`excludes TokenAuth when token-auth-aws is explicitly false on AWS STS cluster`, () => { + const clusterIsAWSSTS = true; + const clusterIsAzureWIF = false; + const clusterIsGCPWIF = false; + const result = getInfrastructureFeatures( + { + [OLMAnnotation.TokenAuthAWS]: 'false', + }, + { clusterIsAWSSTS, clusterIsAzureWIF, clusterIsGCPWIF }, + ); + expect(result).toEqual([]); + }); + it(`excludes TokenAuth when token-auth-aws annotation is missing on AWS STS cluster`, () => { + const clusterIsAWSSTS = true; + const clusterIsAzureWIF = false; + const clusterIsGCPWIF = false; + const result = getInfrastructureFeatures( + { + [OLMAnnotation.Disconnected]: 'true', + }, + { clusterIsAWSSTS, clusterIsAzureWIF, clusterIsGCPWIF }, + ); + expect(result).toEqual([InfrastructureFeature.Disconnected]); + }); it(`returns empty array when ${OLMAnnotation.InfrastructureFeatures} is empty`, () => { const result = getInfrastructureFeatures({ [OLMAnnotation.InfrastructureFeatures]: '[]', diff --git a/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-utils.ts b/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-utils.ts index 69f42114d15..3b3d5226664 100644 --- a/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-utils.ts +++ b/frontend/packages/operator-lifecycle-manager/src/components/operator-hub/operator-hub-utils.ts @@ -222,9 +222,9 @@ export const getInfrastructureFeatures: AnnotationParser< onError, }); const azureTokenAuthIsSupported = - clusterIsAzureWIF && annotations[OLMAnnotation.TokenAuthAzure] !== 'false'; + clusterIsAzureWIF && annotations[OLMAnnotation.TokenAuthAzure] === 'true'; const awsTokenAuthIsSupported = - clusterIsAWSSTS && annotations[OLMAnnotation.TokenAuthAWS] !== 'false'; + clusterIsAWSSTS && annotations[OLMAnnotation.TokenAuthAWS] === 'true'; return [...parsedInfrastructureFeatures, ...Object.keys(annotations ?? {})].reduce( (supportedFeatures, key) => { const feature = infrastructureFeatureMap[key];