From 8bac63f95160b17e3a14319e80f52f2846e4a1c7 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Thu, 6 May 2021 13:35:57 -0700
Subject: [PATCH] Don't publish OIDC discovery if DiscoveryStore not set

---
 pkg/apis/kops/validation/legacy.go | 2 +-
 pkg/model/issuerdiscovery.go       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/apis/kops/validation/legacy.go b/pkg/apis/kops/validation/legacy.go
index 76ea4a2229..ff761f5cce 100644
--- a/pkg/apis/kops/validation/legacy.go
+++ b/pkg/apis/kops/validation/legacy.go
@@ -374,7 +374,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 	}
 
 	said := c.Spec.ServiceAccountIssuerDiscovery
-	if said != nil {
+	if said != nil && said.DiscoveryStore != "" {
 		saidStore := said.DiscoveryStore
 		saidStoreField := fieldSpec.Child("serviceAccountIssuerDiscovery", "discoveryStore")
 		base, err := vfs.Context.BuildVfsPath(saidStore)
diff --git a/pkg/model/issuerdiscovery.go b/pkg/model/issuerdiscovery.go
index 93194a23e8..2fb8e2be6d 100644
--- a/pkg/model/issuerdiscovery.go
+++ b/pkg/model/issuerdiscovery.go
@@ -53,7 +53,7 @@ type oidcDiscovery struct {
 
 func (b *IssuerDiscoveryModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	said := b.Cluster.Spec.ServiceAccountIssuerDiscovery
-	if said == nil {
+	if said == nil || said.DiscoveryStore == "" {
 		return nil
 	}