upgrade to latest dependencies

bumping knative.dev/eventing f9314d8...16d75a9: > 16d75a9 mt-broker-ingress check audience of received token (# 7336) > 3ef831c Increase expiration buffer time of OIDCTokenProviders cache to 5 minutes (# 7355) > 5168dc3 Update dependencies (# 7378) Signed-off-by: Knative Automation <[email protected]>
knative-extensions · Oct 19, 2023 · c861140 · c861140
1 parent 992d623
commit c861140
Show file tree

Hide file tree

Showing 8 changed files with 68 additions and 31 deletions.
diff --git a/go.mod b/go.mod
@@ -35,7 +35,7 @@ require (
 	k8s.io/apiserver v0.27.6
 	k8s.io/client-go v0.27.6
 	k8s.io/utils v0.0.0-20230209194617-a36077c30491
-	knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0
+	knative.dev/eventing v0.38.1-0.20231019094926-16d75a980703
 	knative.dev/hack v0.0.0-20231016131700-2c938d4918da
 	knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5
 	knative.dev/reconciler-test v0.0.0-20231017131250-999d077826b7

diff --git a/go.sum b/go.sum
@@ -1251,8 +1251,8 @@ k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0 h1:CKeg+12rcm3FhN/MYcbe/EDVScgXjhWObnGxrjeOOVw=
-knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0/go.mod h1:Ug/SwaXMZVkP17peh2SvKA6I3FSjd8RrXdJuJNyBS2Y=
+knative.dev/eventing v0.38.1-0.20231019094926-16d75a980703 h1:JvAE5DCPfOD8Wa8IhrNNOQ0eaSWfQb5Rv+UZ6G8+MLg=
+knative.dev/eventing v0.38.1-0.20231019094926-16d75a980703/go.mod h1:swWS48qpCQbBkj+2iS0rVa7PbQBWLD9YAy3CSHfevaU=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da h1:xy+fvuz2LDOMsZ5UwXRaMF70NYUs9fsG+EF5/ierYBg=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5 h1:9AvFZdEtuwKWDcTV1VSwmrgrRR9f38wbIAm+sNwLivQ=

diff --git a/vendor/knative.dev/eventing/pkg/auth/token_provider.go b/vendor/knative.dev/eventing/pkg/auth/token_provider.go
@@ -32,7 +32,7 @@ import (
 )
 
 const (
-	expirationBufferTime = time.Second * 30
+	expirationBufferTime = 5 * time.Minute
 )
 
 type OIDCTokenProvider struct {
@@ -73,7 +73,7 @@ func (c *OIDCTokenProvider) GetJWT(serviceAccount types.NamespacedName, audience
 		return "", fmt.Errorf("could not request a token for %s: %w", serviceAccount, err)
 	}
 
-	// we need a duration until this token expires, use the expiry time - (now + 30s)
+	// we need a duration until this token expires, use the expiry time - (now + 5min)
 	// this gives us a buffer so that it doesn't expire between when we retrieve it and when we use it
 	expiryTtl := tokenRequestResponse.Status.ExpirationTimestamp.Time.Sub(time.Now().Add(expirationBufferTime))
 

diff --git a/vendor/knative.dev/eventing/pkg/auth/utils.go b/vendor/knative.dev/eventing/pkg/auth/utils.go
@@ -0,0 +1,42 @@
+/*
+Copyright 2023 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package auth
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+const (
+	AuthHeaderKey = "Authorization"
+)
+
+// GetJWTFromHeader Returns the JWT from the Authorization header
+func GetJWTFromHeader(header http.Header) string {
+	authHeader := header.Get(AuthHeaderKey)
+	if authHeader == "" {
+		return ""
+	}
+
+	return strings.TrimPrefix(authHeader, "Bearer ")
+}
+
+// SetAuthHeader sets Authorization header with the given JWT
+func SetAuthHeader(jwt string, header http.Header) {
+	header.Set(AuthHeaderKey, fmt.Sprintf("Bearer %s", jwt))
+}
diff --git a/vendor/knative.dev/eventing/test/rekt/resources/addressable/addressable.go b/vendor/knative.dev/eventing/test/rekt/resources/addressable/addressable.go
@@ -25,10 +25,11 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/wait"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
+	"knative.dev/reconciler-test/pkg/feature"
 	"knative.dev/reconciler-test/pkg/k8s"
 )
 
-type ValidateAddress func(addressable *duckv1.Addressable) error
+type ValidateAddressFn func(addressable *duckv1.Addressable) error
 
 // Address returns a broker's address.
 func Address(ctx context.Context, gvr schema.GroupVersionResource, name string, timings ...time.Duration) (*duckv1.Addressable, error) {
@@ -55,6 +56,20 @@ func Address(ctx context.Context, gvr schema.GroupVersionResource, name string,
 	return addr, err
 }
 
+func ValidateAddress(gvr schema.GroupVersionResource, name string, validate ValidateAddressFn, timings ...time.Duration) feature.StepFn {
+	return func(ctx context.Context, t feature.T) {
+		addr, err := Address(ctx, gvr, name, timings...)
+		if err != nil {
+			t.Error(err)
+			return
+		}
+		if err := validate(addr); err != nil {
+			t.Error(err)
+			return
+		}
+	}
+}
+
 func AssertHTTPSAddress(addr *duckv1.Addressable) error {
 	if addr.URL.Scheme != "https" {
 		return fmt.Errorf("address is not HTTPS: %#v", addr)

diff --git a/vendor/knative.dev/eventing/test/rekt/resources/broker/broker.go b/vendor/knative.dev/eventing/test/rekt/resources/broker/broker.go
@@ -160,18 +160,8 @@ func IsAddressable(name string, timings ...time.Duration) feature.StepFn {
 }
 
 // ValidateAddress validates the address retured by Address
-func ValidateAddress(name string, validate addressable.ValidateAddress, timings ...time.Duration) feature.StepFn {
-	return func(ctx context.Context, t feature.T) {
-		addr, err := Address(ctx, name, timings...)
-		if err != nil {
-			t.Error(err)
-			return
-		}
-		if err := validate(addr); err != nil {
-			t.Error(err)
-			return
-		}
-	}
+func ValidateAddress(name string, validate addressable.ValidateAddressFn, timings ...time.Duration) feature.StepFn {
+	return addressable.ValidateAddress(GVR(), name, validate, timings...)
 }
 
 // Address returns a broker's address.

diff --git a/vendor/knative.dev/eventing/test/rekt/resources/channel_impl/channel_impl.go b/vendor/knative.dev/eventing/test/rekt/resources/channel_impl/channel_impl.go
@@ -174,16 +174,6 @@ func AsDestinationRef(name string) *duckv1.Destination {
 var WithDeadLetterSink = delivery.WithDeadLetterSink
 
 // ValidateAddress validates the address retured by Address
-func ValidateAddress(name string, validate addressable.ValidateAddress, timings ...time.Duration) feature.StepFn {
-	return func(ctx context.Context, t feature.T) {
-		addr, err := Address(ctx, name, timings...)
-		if err != nil {
-			t.Error(err)
-			return
-		}
-		if err := validate(addr); err != nil {
-			t.Error(err)
-			return
-		}
-	}
+func ValidateAddress(name string, validate addressable.ValidateAddressFn, timings ...time.Duration) feature.StepFn {
+	return addressable.ValidateAddress(GVR(), name, validate, timings...)
 }
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1302,7 +1302,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.38.1-0.20231017050713-f9314d883fc0
+# knative.dev/eventing v0.38.1-0.20231019094926-16d75a980703
 ## explicit; go 1.19
 knative.dev/eventing/cmd/event_display
 knative.dev/eventing/cmd/heartbeats