Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sequence and Parallel: announce correct OIDC identities in authstatus #7902

Merged
merged 8 commits into from
May 14, 2024
Merged

Sequence and Parallel: announce correct OIDC identities in authstatus #7902

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e80b652
Update CRDs to include AuthStatus serviceAccountNames
creydr May 7, 2024
862a579
Revert "support auto generation of Sequence identity service account …
creydr May 7, 2024
7ab72b8
Update Sequence to expose OIDC identities of underlying Subscriptions
creydr May 7, 2024
0ea5d8c
Revert "Add serviceaccount in parallel (#7373)"
creydr May 7, 2024
0599d49
Update Parallel to expose OIDC identities of underlying Subscriptions
creydr May 7, 2024
32f59d4
Add e2e test for Parallel
creydr May 7, 2024
b8c7756
Add e2e test for Sequence
creydr May 7, 2024
c7953fc
Add unit tests
creydr May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 10 additions & 0 deletions config/channels/in-memory-channel/resources/in-memory-channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
status:
description: Status represents the current state of the Channel. This data may be out of date.
type: object
Expand Down Expand Up @@ -286,6 +291,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
additionalPrinterColumns:
- name: URL
type: string
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/apiserversource.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
ceAttributes:
description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.
type: array
Expand Down
10 changes: 10 additions & 0 deletions config/core/resources/channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
status:
description: Status represents the current state of the Channel. This data may be out of date.
type: object
Expand Down Expand Up @@ -321,6 +326,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
names:
kind: Channel
plural: channels
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/containersource.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
ceAttributes:
description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.
type: array
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/parallel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
branchStatuses:
description: BranchStatuses is an array of corresponding to branch
statuses. Matches the Spec.Branches array in the order.
Expand Down
10 changes: 10 additions & 0 deletions config/core/resources/pingsource.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
ceAttributes:
description: 'CloudEventAttributes are the specific attributes that
the Source uses as part of its CloudEvents.'
Expand Down Expand Up @@ -316,6 +321,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
ceAttributes:
description: 'CloudEventAttributes are the specific attributes that
the Source uses as part of its CloudEvents.'
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/sequence.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
channelStatuses:
description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order.
type: array
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/sinkbindings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
ceAttributes:
description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.
type: array
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/subscription.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
Expand Down
5 changes: 5 additions & 0 deletions config/core/resources/trigger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,11 @@ spec:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string
serviceAccountNames:
description: ServiceAccountNames is the list of names of the generated service accounts used for this components OIDC authentication.
type: array
items:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
Expand Down
35 changes: 16 additions & 19 deletions pkg/apis/flows/v1/parallel_lifecycle.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import (
pkgduckv1 "knative.dev/pkg/apis/duck/v1"
)

var pCondSet = apis.NewLivingConditionSet(ParallelConditionReady, ParallelConditionChannelsReady, ParallelConditionSubscriptionsReady, ParallelConditionAddressable, ParallelConditionOIDCIdentityCreated)
var pCondSet = apis.NewLivingConditionSet(ParallelConditionReady, ParallelConditionChannelsReady, ParallelConditionSubscriptionsReady, ParallelConditionAddressable)

const (
// ParallelConditionReady has status True when all subconditions below have been set to True.
Expand All @@ -41,8 +41,7 @@ const (

// ParallelConditionAddressable has status true when this Parallel meets
// the Addressable contract and has a non-empty hostname.
ParallelConditionAddressable apis.ConditionType = "Addressable"
ParallelConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated"
ParallelConditionAddressable apis.ConditionType = "Addressable"
)

// GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
Expand Down Expand Up @@ -81,6 +80,7 @@ func (ps *ParallelStatus) PropagateSubscriptionStatuses(filterSubscriptions []*m
if ps.BranchStatuses == nil || len(subscriptions) != len(ps.BranchStatuses) {
ps.BranchStatuses = make([]ParallelBranchStatus, len(subscriptions))
}
ps.Auth = nil
allReady := true
// If there are no subscriptions, treat that as a False branch. Could go either way, but this seems right.
if len(subscriptions) == 0 {
Expand Down Expand Up @@ -126,6 +126,19 @@ func (ps *ParallelStatus) PropagateSubscriptionStatuses(filterSubscriptions []*m
allReady = false
}

if fs.Status.Auth != nil && fs.Status.Auth.ServiceAccountName != nil {
if ps.Auth == nil {
ps.Auth = &pkgduckv1.AuthStatus{}
}
ps.Auth.ServiceAccountNames = append(ps.Auth.ServiceAccountNames, *fs.Status.Auth.ServiceAccountName)
}

if s.Status.Auth != nil && s.Status.Auth.ServiceAccountName != nil {
if ps.Auth == nil {
ps.Auth = &pkgduckv1.AuthStatus{}
}
ps.Auth.ServiceAccountNames = append(ps.Auth.ServiceAccountNames, *s.Status.Auth.ServiceAccountName)
}
}
if allReady {
pCondSet.Manage(ps).MarkTrue(ParallelConditionSubscriptionsReady)
Expand Down Expand Up @@ -196,22 +209,6 @@ func (ps *ParallelStatus) MarkAddressableNotReady(reason, messageFormat string,
pCondSet.Manage(ps).MarkFalse(ParallelConditionAddressable, reason, messageFormat, messageA...)
}

func (ps *ParallelStatus) MarkOIDCIdentityCreatedSucceeded() {
pCondSet.Manage(ps).MarkTrue(ParallelConditionOIDCIdentityCreated)
}

func (ps *ParallelStatus) MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{}) {
pCondSet.Manage(ps).MarkTrueWithReason(ParallelConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
}

func (ps *ParallelStatus) MarkOIDCIdentityCreatedFailed(reason, messageFormat string, messageA ...interface{}) {
pCondSet.Manage(ps).MarkFalse(ParallelConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
}

func (ps *ParallelStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
pCondSet.Manage(ps).MarkUnknown(ParallelConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
}

func (ps *ParallelStatus) setAddress(address *pkgduckv1.Addressable) {
ps.Address = address
if address == nil {
Expand Down