upgrade to latest dependencies (#3404)

bumping knative.dev/pkg 058f699...d6ab729:
  > d6ab729 upgrade to latest dependencies (# 2870)
  > 283df0b Don't migrate storage version if CRD has one storage version (# 2861)
  > d0c133d Revert "Fix potential redefined error with kubeconfig flag (# 2855)" (# 2869)
  > 44a8a5e Use `DialTLSContextFunc` instead of `tls.Config` for `NewProxyAutoTLSTransport` (# 2842)
  > 0d0cd4e Print each line separately in shell executor (# 2867)
bumping knative.dev/reconciler-test 65a4c59...999d077:
  > 999d077 upgrade to latest dependencies (# 611)
  > aa521b7 upgrade to latest dependencies (# 610)
  > 93ac412 upgrade to latest dependencies (# 609)
bumping knative.dev/eventing cf6b140...f9314d8:
  > f9314d8 [main] Upgrade to latest dependencies (# 7372)
  > 4a07fdc Move OIDC e2e tests to test/auth (# 7363)
  > 0933c11 Expose audience of an InMemoryChannel in its status (# 7371)
  > 169542f OIDC - Support auto generation of ApiServerSource identity service account and expose in AuthStatus (# 7330)
  > 62ec33b Support auto generation of Subscriptions identity service account and… (# 7338)
  > 0af3ef6 [main] Upgrade to latest dependencies (# 7370)

Signed-off-by: Knative Automation <[email protected]>

go.mod

@@ -35,10 +35,10 @@ require (
 	k8s.io/apiserver v0.27.6
 	k8s.io/client-go v0.27.6
 	k8s.io/utils v0.0.0-20230209194617-a36077c30491
-	knative.dev/eventing v0.38.1-0.20231016131100-cf6b140be688
+	knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0
 	knative.dev/hack v0.0.0-20231016131700-2c938d4918da
-	knative.dev/pkg v0.0.0-20231016131056-058f699b3d10
-	knative.dev/reconciler-test v0.0.0-20231016131647-65a4c59d859a
+	knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5
+	knative.dev/reconciler-test v0.0.0-20231017131250-999d077826b7
 	sigs.k8s.io/controller-runtime v0.12.3
 	sigs.k8s.io/yaml v1.3.0
 )

go.sum

@@ -1251,14 +1251,14 @@ k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.38.1-0.20231016131100-cf6b140be688 h1:29nCspSU9rFfieh6N6/tlLsbII7OKhNePvnRSSDpwQ0=
-knative.dev/eventing v0.38.1-0.20231016131100-cf6b140be688/go.mod h1:oqW1TAc9aARrSM4/Xf/RQkUxd2/JfBAhdjvd9WXM02A=
+knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0 h1:CKeg+12rcm3FhN/MYcbe/EDVScgXjhWObnGxrjeOOVw=
+knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0/go.mod h1:Ug/SwaXMZVkP17peh2SvKA6I3FSjd8RrXdJuJNyBS2Y=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da h1:xy+fvuz2LDOMsZ5UwXRaMF70NYUs9fsG+EF5/ierYBg=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/pkg v0.0.0-20231016131056-058f699b3d10 h1:+kam6UYp2ESUkJBTqVO/H69bEWjuP62ts6O4QoC8O4Q=
-knative.dev/pkg v0.0.0-20231016131056-058f699b3d10/go.mod h1:khuxKBM4WqjcCIeCIm+4VDNBmzMsl0ZspXGMm5i/fFA=
-knative.dev/reconciler-test v0.0.0-20231016131647-65a4c59d859a h1:pv3LWoyb+ZseslF3Ib1YIQTrkXeMHzr4EZRT0BXjzOs=
-knative.dev/reconciler-test v0.0.0-20231016131647-65a4c59d859a/go.mod h1:O6m795/qJO9+FaNCOQMuKb3veDjpPKvc626ZLXcrjlU=
+knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5 h1:9AvFZdEtuwKWDcTV1VSwmrgrRR9f38wbIAm+sNwLivQ=
+knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
+knative.dev/reconciler-test v0.0.0-20231017131250-999d077826b7 h1:zcFdS5167SauAvKmmPPUmXJtUxlBdKUWmO/a+F67+IM=
+knative.dev/reconciler-test v0.0.0-20231017131250-999d077826b7/go.mod h1:0jsKqMXLCIQNdceLuL2SL1LaAZSFtqUY7cLyHt0V2xY=
 pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

vendor/knative.dev/eventing/pkg/apis/eventing/v1/test_helper.go

@@ -53,6 +53,7 @@ func (testHelper) ReadySubscriptionStatus() *messagingv1.SubscriptionStatus {
 	ss.MarkChannelReady()
 	ss.MarkReferencesResolved()
 	ss.MarkAddedToChannel()
+	ss.MarkOIDCIdentityCreatedSucceeded()
 	return ss
 }
 

vendor/knative.dev/eventing/pkg/apis/messaging/v1/subscription_lifecycle.go

@@ -22,7 +22,7 @@ import (
 
 // SubCondSet is a condition set with Ready as the happy condition and
 // ReferencesResolved and ChannelReady as the dependent conditions.
-var SubCondSet = apis.NewLivingConditionSet(SubscriptionConditionReferencesResolved, SubscriptionConditionAddedToChannel, SubscriptionConditionChannelReady)
+var SubCondSet = apis.NewLivingConditionSet(SubscriptionConditionReferencesResolved, SubscriptionConditionAddedToChannel, SubscriptionConditionChannelReady, SubscriptionConditionOIDCIdentityCreated)
 
 const (
 	// SubscriptionConditionReady has status True when all subconditions below have been set to True.
@@ -37,6 +37,8 @@ const (
 
 	// SubscriptionConditionChannelReady has status True when the channel has marked the subscriber as 'ready'
 	SubscriptionConditionChannelReady apis.ConditionType = "ChannelReady"
+
+	SubscriptionConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated"
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -113,3 +115,19 @@ func (ss *SubscriptionStatus) MarkChannelUnknown(reason, messageFormat string, m
 func (ss *SubscriptionStatus) MarkNotAddedToChannel(reason, messageFormat string, messageA ...interface{}) {
 	SubCondSet.Manage(ss).MarkFalse(SubscriptionConditionAddedToChannel, reason, messageFormat, messageA...)
 }
+
+func (ss *SubscriptionStatus) MarkOIDCIdentityCreatedSucceeded() {
+	SubCondSet.Manage(ss).MarkTrue(SubscriptionConditionOIDCIdentityCreated)
+}
+
+func (ss *SubscriptionStatus) MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{}) {
+	SubCondSet.Manage(ss).MarkTrueWithReason(SubscriptionConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}
+
+func (ss *SubscriptionStatus) MarkOIDCIdentityCreatedFailed(reason, messageFormat string, messageA ...interface{}) {
+	SubCondSet.Manage(ss).MarkFalse(SubscriptionConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}
+
+func (ss *SubscriptionStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
+	SubCondSet.Manage(ss).MarkUnknown(SubscriptionConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}

vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_lifecycle.go

@@ -37,12 +37,16 @@ const (
 
 	// ApiServerConditionSufficientPermissions has status True when the ApiServerSource has sufficient permissions to access resources.
 	ApiServerConditionSufficientPermissions apis.ConditionType = "SufficientPermissions"
+
+	// ApiServerConditionOIDCIdentityCreated has status True when the ApiServerSource has created an OIDC identity.
+	ApiServerConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated"
 )
 
 var apiserverCondSet = apis.NewLivingConditionSet(
 	ApiServerConditionSinkProvided,
 	ApiServerConditionDeployed,
 	ApiServerConditionSufficientPermissions,
+	ApiServerConditionOIDCIdentityCreated,
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -126,3 +130,19 @@ func (s *ApiServerSourceStatus) MarkNoSufficientPermissions(reason, messageForma
 func (s *ApiServerSourceStatus) IsReady() bool {
 	return apiserverCondSet.Manage(s).IsHappy()
 }
+
+func (s *ApiServerSourceStatus) MarkOIDCIdentityCreatedSucceeded() {
+	apiserverCondSet.Manage(s).MarkTrue(ApiServerConditionOIDCIdentityCreated)
+}
+
+func (s *ApiServerSourceStatus) MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{}) {
+	apiserverCondSet.Manage(s).MarkTrueWithReason(ApiServerConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}
+
+func (s *ApiServerSourceStatus) MarkOIDCIdentityCreatedFailed(reason, messageFormat string, messageA ...interface{}) {
+	apiserverCondSet.Manage(s).MarkFalse(ApiServerConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}
+
+func (s *ApiServerSourceStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
+	apiserverCondSet.Manage(s).MarkUnknown(ApiServerConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}

vendor/knative.dev/eventing/pkg/reconciler/testing/v1/apiserversouce.go

@@ -27,6 +27,7 @@ import (
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 	"knative.dev/pkg/kmeta"
 
+	"knative.dev/eventing/pkg/apis/feature"
 	apisources "knative.dev/eventing/pkg/apis/sources"
 	v1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/eventing/pkg/reconciler/testing"
@@ -149,3 +150,31 @@ func WithApiServerSourceStatusNamespaces(namespaces []string) ApiServerSourceOpt
 		c.Status.Namespaces = namespaces
 	}
 }
+
+func WithApiServerSourceOIDCIdentityCreatedSucceeded() ApiServerSourceOption {
+	return func(c *v1.ApiServerSource) {
+		c.Status.MarkOIDCIdentityCreatedSucceeded()
+	}
+}
+
+func WithApiServerSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled() ApiServerSourceOption {
+	return func(c *v1.ApiServerSource) {
+		c.Status.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "")
+	}
+}
+
+func WithApiServerSourceOIDCIdentityCreatedFailed(reason, message string) ApiServerSourceOption {
+	return func(c *v1.ApiServerSource) {
+		c.Status.MarkOIDCIdentityCreatedFailed(reason, message)
+	}
+}
+
+func WithApiServerSourceOIDCServiceAccountName(name string) ApiServerSourceOption {
+	return func(c *v1.ApiServerSource) {
+		if c.Status.Auth == nil {
+			c.Status.Auth = &duckv1.AuthStatus{}
+		}
+
+		c.Status.Auth.ServiceAccountName = &name
+	}
+}

vendor/knative.dev/eventing/pkg/reconciler/testing/v1/subscription.go

@@ -19,6 +19,7 @@ package testing
 import (
 	"context"
 	"errors"
+	"fmt"
 	"time"
 
 	"k8s.io/apimachinery/pkg/types"
@@ -29,6 +30,7 @@ import (
 
 	eventingduckv1 "knative.dev/eventing/pkg/apis/duck/v1"
 	eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+	"knative.dev/eventing/pkg/apis/feature"
 	v1 "knative.dev/eventing/pkg/apis/messaging/v1"
 )
 
@@ -282,3 +284,31 @@ func WithSubscriptionReply(gvk metav1.GroupVersionKind, name, namespace string)
 		}
 	}
 }
+
+func WithSubscriptionOIDCIdentityCreatedSucceeded() SubscriptionOption {
+	return func(s *v1.Subscription) {
+		s.Status.MarkOIDCIdentityCreatedSucceeded()
+	}
+}
+
+func WithSubscriptionOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled() SubscriptionOption {
+	return func(s *v1.Subscription) {
+		s.Status.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "")
+	}
+}
+
+func WithSubscriptionOIDCIdentityCreatedFailed(reason, message string) SubscriptionOption {
+	return func(s *v1.Subscription) {
+		s.Status.MarkOIDCIdentityCreatedFailed(reason, message)
+	}
+}
+
+func WithSubscriptionOIDCServiceAccountName(name string) SubscriptionOption {
+	return func(s *v1.Subscription) {
+		if s.Status.Auth == nil {
+			s.Status.Auth = &duckv1.AuthStatus{}
+		}
+
+		s.Status.Auth.ServiceAccountName = &name
+	}
+}

vendor/knative.dev/pkg/apiextensions/storageversion/migrator.go

@@ -68,6 +68,11 @@ func (m *Migrator) Migrate(ctx context.Context, gr schema.GroupResource) error {
 		return fmt.Errorf("unable to determine storage version for %s", gr)
 	}
 
+	// don't migrate storage version if CRD has a single valid storage in its status
+	if len(crd.Status.StoredVersions) == 1 && crd.Status.StoredVersions[0] == version {
+		return nil
+	}
+
 	if err := m.migrateResources(ctx, gr.WithVersion(version)); err != nil {
 		return err
 	}

vendor/knative.dev/pkg/environment/client_config.go

@@ -44,12 +44,8 @@ func (c *ClientConfig) InitFlags(fs *flag.FlagSet) {
 	fs.StringVar(&c.ServerURL, "server", "",
 		"The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.")
 
-	if f := fs.Lookup("kubeconfig"); f != nil {
-		c.Kubeconfig = f.Value.String()
-	} else {
-		fs.StringVar(&c.Kubeconfig, "kubeconfig", os.Getenv("KUBECONFIG"),
-			"Path to a kubeconfig. Only required if out-of-cluster.")
-	}
+	fs.StringVar(&c.Kubeconfig, "kubeconfig", os.Getenv("KUBECONFIG"),
+		"Path to a kubeconfig. Only required if out-of-cluster.")
 
 	fs.IntVar(&c.Burst, "kube-api-burst", int(envVarOrDefault("KUBE_API_BURST", 0)), "Maximum burst for throttle.")
 

vendor/knative.dev/pkg/network/h2c.go

@@ -59,13 +59,11 @@ func newH2CTransport(disableCompression bool) http.RoundTripper {
 
 // newH2Transport constructs a neew H2 transport. That transport will handles HTTPS traffic
 // with TLS config.
-func newH2Transport(disableCompression bool, tlsConf *tls.Config) http.RoundTripper {
+func newH2Transport(disableCompression bool, tlsContext DialTLSContextFunc) http.RoundTripper {
 	return &http2.Transport{
 		DisableCompression: disableCompression,
-		DialTLS: func(netw, addr string, tlsConf *tls.Config) (net.Conn, error) {
-			return DialTLSWithBackOff(context.Background(),
-				netw, addr, tlsConf)
+		DialTLSContext: func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) {
+			return tlsContext(ctx, network, addr)
 		},
-		TLSClientConfig: tlsConf,
 	}
 }

vendor/knative.dev/pkg/network/transports.go

@@ -127,16 +127,17 @@ func newHTTPTransport(disableKeepAlives, disableCompression bool, maxIdle, maxId
 	return transport
 }
 
-func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int, tlsConf *tls.Config) http.RoundTripper {
+type DialTLSContextFunc func(ctx context.Context, network, addr string) (net.Conn, error)
+
+func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int, tlsContext DialTLSContextFunc) http.RoundTripper {
 	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.DialContext = DialWithBackOff
 	transport.DisableKeepAlives = disableKeepAlives
 	transport.MaxIdleConns = maxIdle
 	transport.MaxIdleConnsPerHost = maxIdlePerHost
 	transport.ForceAttemptHTTP2 = false
 	transport.DisableCompression = disableCompression
+	transport.DialTLSContext = tlsContext
 
-	transport.TLSClientConfig = tlsConf
 	return transport
 }
 
@@ -148,11 +149,11 @@ func NewProberTransport() http.RoundTripper {
 		NewH2CTransport())
 }
 
-// NewProxyAutoTLSTransport is same with NewProxyAutoTransport but it has tls.Config to create HTTPS request.
-func NewProxyAutoTLSTransport(maxIdle, maxIdlePerHost int, tlsConf *tls.Config) http.RoundTripper {
+// NewProxyAutoTLSTransport is same with NewProxyAutoTransport but it has DialTLSContextFunc to create HTTPS request.
+func NewProxyAutoTLSTransport(maxIdle, maxIdlePerHost int, tlsContext DialTLSContextFunc) http.RoundTripper {
 	return newAutoTransport(
-		newHTTPSTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost, tlsConf),
-		newH2Transport(true /*disable auto-compression*/, tlsConf))
+		newHTTPSTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost, tlsContext),
+		newH2Transport(true /*disable auto-compression*/, tlsContext))
 }
 
 // NewAutoTransport creates a RoundTripper that can use appropriate transport

vendor/modules.txt

@@ -1302,7 +1302,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.38.1-0.20231016131100-cf6b140be688
+# knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0
 ## explicit; go 1.19
 knative.dev/eventing/cmd/event_display
 knative.dev/eventing/cmd/heartbeats
@@ -1467,7 +1467,7 @@ knative.dev/eventing/test/upgrade/prober/wathola/sender
 ## explicit; go 1.18
 knative.dev/hack
 knative.dev/hack/shell
-# knative.dev/pkg v0.0.0-20231016131056-058f699b3d10
+# knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5
 ## explicit; go 1.18
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate
@@ -1581,7 +1581,7 @@ knative.dev/pkg/webhook/json
 knative.dev/pkg/webhook/resourcesemantics
 knative.dev/pkg/webhook/resourcesemantics/defaulting
 knative.dev/pkg/webhook/resourcesemantics/validation
-# knative.dev/reconciler-test v0.0.0-20231016131647-65a4c59d859a
+# knative.dev/reconciler-test v0.0.0-20231017131250-999d077826b7
 ## explicit; go 1.20
 knative.dev/reconciler-test/cmd/eventshub
 knative.dev/reconciler-test/pkg/environment