From 33a01ed00c9b5a52152edbd6a6ed6949dfc98eb4 Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Tue, 23 Jan 2024 10:56:05 -0500 Subject: [PATCH] upgrade to latest dependencies (#1336) bumping knative.dev/eventing 01d8ace...fd95228: > fd95228 Enable storage of EventType v1b2 (# 7594) > 6962251 Add a Prerequisite helper to check if the OIDC authentication feature flag is enabled (# 7609) > 341a8df [main] Update community files (# 7611) > bb5313d Remove OIDC service account, when OIDC feature is disabled again (# 7570) > 44ff98b Eventing TLS: Add scheme label to metrics (# 7581) > 8d6c6e4 Bump Go to v1.21 (# 7602) > 7cba45b Add TLS test for sequence (# 7600) Signed-off-by: Knative Automation --- go.mod | 2 +- go.sum | 4 ++-- .../eventing/pkg/adapter/v2/cloudevents.go | 22 +++++++++++++----- .../eventing/pkg/auth/serviceaccount.go | 23 +++++++++++++++++++ .../eventing/pkg/metrics/metrics.go | 3 +++ .../pkg/metrics/source/stats_reporter.go | 7 +++++- .../features/featureflags/featureflags.go | 14 +++++++++++ vendor/modules.txt | 4 ++-- 8 files changed, 67 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 545c038311..547d48621f 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( k8s.io/client-go v0.28.5 k8s.io/code-generator v0.28.5 k8s.io/kube-openapi v0.0.0-20230928205116-a78145627833 - knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891 + knative.dev/eventing v0.40.0 knative.dev/hack v0.0.0-20240111013919-e89096d74d85 knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 knative.dev/reconciler-test v0.0.0-20240116084801-50276dfba7b3 diff --git a/go.sum b/go.sum index 933cd5ae89..2bc98a882f 100644 --- a/go.sum +++ b/go.sum @@ -842,8 +842,8 @@ k8s.io/kube-openapi v0.0.0-20230928205116-a78145627833 h1:iFFEmmB7szQhJP42AvRD2+ k8s.io/kube-openapi v0.0.0-20230928205116-a78145627833/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891 h1:jVbxj/8FFdC0SbRLbznJjTFVtKt+DJjBSR3kgoYH4eE= -knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891/go.mod h1:sdLjctz8g4pQJwyliGRv+7NrBDPV4O7cm4QyHVOLsUA= +knative.dev/eventing v0.40.0 h1:zvMeKGBdQ5Us94Hdy7jmxpzyc1fdFnO4SS21+6nDSiU= +knative.dev/eventing v0.40.0/go.mod h1:+yUUIyvX9fn9bCSH3012kc8rG7YBbjvvxwy1Kr53dRc= knative.dev/hack v0.0.0-20240111013919-e89096d74d85 h1:ERgPObDcW9LfaEPAeFvbW3UJcF3C3ul6B2ErNMv13OE= knative.dev/hack v0.0.0-20240111013919-e89096d74d85/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 h1:H6+JJN23fhwYWCHY1339sY6uhIyoUwDy1a8dN233fdk= diff --git a/vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go b/vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go index 316f47b9e8..0a17fa55f7 100644 --- a/vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go +++ b/vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go @@ -210,11 +210,19 @@ func NewClient(cfg ClientConfig) (Client, error) { reporter: cfg.Reporter, crStatusEventClient: cfg.CrStatusEventClient, oidcTokenProvider: cfg.TokenProvider, + scheme: "http", } if cfg.Env != nil { client.audience = cfg.Env.GetAudience() client.oidcServiceAccountName = cfg.Env.GetOIDCServiceAccountName() + sinkURI := cfg.Env.GetSink() + if sinkURI != "" { + parsedUrl, err := url.Parse(sinkURI) + if err == nil { + client.scheme = parsedUrl.Scheme + } + } } return client, nil @@ -234,12 +242,12 @@ func setTimeOut(duration time.Duration) http.Option { } type client struct { - ceClient cloudevents.Client - ceOverrides *duckv1.CloudEventOverrides - reporter source.StatsReporter - crStatusEventClient *crstatusevent.CRStatusEventClient - closeIdler closeIdler - + ceClient cloudevents.Client + ceOverrides *duckv1.CloudEventOverrides + reporter source.StatsReporter + crStatusEventClient *crstatusevent.CRStatusEventClient + closeIdler closeIdler + scheme string oidcTokenProvider *auth.OIDCTokenProvider audience *string oidcServiceAccountName *types.NamespacedName @@ -302,6 +310,7 @@ func (c *client) reportMetrics(ctx context.Context, event cloudevents.Event, res if c.reporter == nil { return } + tags := MetricTagFromContext(ctx) reportArgs := &source.ReportArgs{ Namespace: tags.Namespace, @@ -309,6 +318,7 @@ func (c *client) reportMetrics(ctx context.Context, event cloudevents.Event, res EventType: event.Type(), Name: tags.Name, ResourceGroup: tags.ResourceGroup, + EventScheme: c.scheme, } var rres *http.RetriesResult diff --git a/vendor/knative.dev/eventing/pkg/auth/serviceaccount.go b/vendor/knative.dev/eventing/pkg/auth/serviceaccount.go index 3f80bb41cd..2e70c82418 100644 --- a/vendor/knative.dev/eventing/pkg/auth/serviceaccount.go +++ b/vendor/knative.dev/eventing/pkg/auth/serviceaccount.go @@ -101,6 +101,26 @@ func EnsureOIDCServiceAccountExistsForResource(ctx context.Context, serviceAccou return nil } +// DeleteOIDCServiceAccountIfExists makes sure the given resource does not have an OIDC service account. +// If it does that service account is deleted. +func DeleteOIDCServiceAccountIfExists(ctx context.Context, serviceAccountLister corev1listers.ServiceAccountLister, kubeclient kubernetes.Interface, gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) error { + saName := GetOIDCServiceAccountNameForResource(gvk, objectMeta) + sa, err := serviceAccountLister.ServiceAccounts(objectMeta.Namespace).Get(saName) + + if err == nil && metav1.IsControlledBy(&sa.ObjectMeta, &objectMeta) { + logging.FromContext(ctx).Debugf("OIDC Service account exists and has correct owner (%s/%s). Deleting OIDC service account", objectMeta.Name, objectMeta.Namespace) + + err = kubeclient.CoreV1().ServiceAccounts(objectMeta.Namespace).Delete(ctx, sa.Name, metav1.DeleteOptions{}) + if err != nil { + return fmt.Errorf("could not delete OIDC service account %s/%s for %s: %w", objectMeta.Name, objectMeta.Namespace, gvk.Kind, err) + } + } else if apierrs.IsNotFound(err) { + return nil + } + + return err +} + type OIDCIdentityStatusMarker interface { MarkOIDCIdentityCreatedSucceeded() MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{}) @@ -119,6 +139,9 @@ func SetupOIDCServiceAccount(ctx context.Context, flags feature.Flags, serviceAc } marker.MarkOIDCIdentityCreatedSucceeded() } else { + if err := DeleteOIDCServiceAccountIfExists(ctx, serviceAccountLister, kubeclient, gvk, objectMeta); err != nil { + return err + } setAuthStatus(nil) marker.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "") } diff --git a/vendor/knative.dev/eventing/pkg/metrics/metrics.go b/vendor/knative.dev/eventing/pkg/metrics/metrics.go index 2372388316..363673b101 100644 --- a/vendor/knative.dev/eventing/pkg/metrics/metrics.go +++ b/vendor/knative.dev/eventing/pkg/metrics/metrics.go @@ -45,6 +45,9 @@ const ( // LabelEventType is the label for the name of the event type. LabelEventType = "event_type" + // LabelEventType is the label for the name of the event type. + LabelEventScheme = "event_scheme" + // LabelEventSource is the label for the name of the event source. LabelEventSource = "event_source" diff --git a/vendor/knative.dev/eventing/pkg/metrics/source/stats_reporter.go b/vendor/knative.dev/eventing/pkg/metrics/source/stats_reporter.go index 9fcce5ca33..3c39c58236 100644 --- a/vendor/knative.dev/eventing/pkg/metrics/source/stats_reporter.go +++ b/vendor/knative.dev/eventing/pkg/metrics/source/stats_reporter.go @@ -50,6 +50,7 @@ var ( namespaceKey = tag.MustNewKey(eventingmetrics.LabelNamespaceName) eventSourceKey = tag.MustNewKey(eventingmetrics.LabelEventSource) eventTypeKey = tag.MustNewKey(eventingmetrics.LabelEventType) + eventScheme = tag.MustNewKey(eventingmetrics.LabelEventScheme) sourceNameKey = tag.MustNewKey(eventingmetrics.LabelName) sourceResourceGroupKey = tag.MustNewKey(eventingmetrics.LabelResourceGroup) responseCodeKey = tag.MustNewKey(eventingmetrics.LabelResponseCode) @@ -62,6 +63,7 @@ var ( type ReportArgs struct { Namespace string EventType string + EventScheme string EventSource string Name string ResourceGroup string @@ -122,6 +124,7 @@ func (r *reporter) generateTag(args *ReportArgs, responseCode int) (context.Cont tag.Insert(namespaceKey, args.Namespace), tag.Insert(eventSourceKey, args.EventSource), tag.Insert(eventTypeKey, args.EventType), + tag.Insert(eventScheme, args.EventScheme), tag.Insert(sourceNameKey, args.Name), tag.Insert(sourceResourceGroupKey, args.ResourceGroup), metrics.MaybeInsertIntTag(responseCodeKey, responseCode, responseCode > 0), @@ -135,12 +138,14 @@ func register() { namespaceKey, eventSourceKey, eventTypeKey, + eventScheme, sourceNameKey, sourceResourceGroupKey, responseCodeKey, responseCodeClassKey, responseError, - responseTimeout} + responseTimeout, + } // Create view to see our measurements. if err := view.Register( diff --git a/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go b/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go index 8d007d96fe..8c1a6c5b6b 100644 --- a/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go +++ b/vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go @@ -60,6 +60,20 @@ func TransportEncryptionStrict() feature.ShouldRun { } } +func AuthenticationOIDCEnabled() feature.ShouldRun { + return func(ctx context.Context, t feature.T) (feature.PrerequisiteResult, error) { + flags, err := getFeatureFlags(ctx, "config-features") + if err != nil { + return feature.PrerequisiteResult{}, err + } + + return feature.PrerequisiteResult{ + ShouldRun: flags.IsOIDCAuthentication(), + Reason: flags.String(), + }, nil + } +} + func IstioDisabled() feature.ShouldRun { return func(ctx context.Context, t feature.T) (feature.PrerequisiteResult, error) { flags, err := getFeatureFlags(ctx, "config-features") diff --git a/vendor/modules.txt b/vendor/modules.txt index 237b3d6480..59e8ff21fa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1084,8 +1084,8 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891 -## explicit; go 1.19 +# knative.dev/eventing v0.40.0 +## explicit; go 1.21 knative.dev/eventing/cmd/heartbeats knative.dev/eventing/pkg/adapter/v2 knative.dev/eventing/pkg/adapter/v2/util/crstatusevent