From 1d1f7de49f67f9ab3fe773668b0172f0e3c19546 Mon Sep 17 00:00:00 2001 From: Matthias Wessendorf Date: Wed, 11 Dec 2024 16:46:04 +0100 Subject: [PATCH] Going OIDC for Integration Source: - Generating OIDC specific evn_vars for Knative client of camel - Adding rekt-test for OIDC feature of the source Signed-off-by: Matthias Wessendorf --- .../integration/source/integrationsource.go | 6 +++++- .../source/resources/containersource.go | 19 ++++++++++++++++--- test/rekt/integrationsource_test.go | 15 +++++++++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/pkg/reconciler/integration/source/integrationsource.go b/pkg/reconciler/integration/source/integrationsource.go index ef94fd2fc89..69bb6aecb3c 100644 --- a/pkg/reconciler/integration/source/integrationsource.go +++ b/pkg/reconciler/integration/source/integrationsource.go @@ -19,6 +19,7 @@ package source import ( "context" "fmt" + "knative.dev/eventing/pkg/apis/feature" "knative.dev/eventing/pkg/reconciler/integration/source/resources" @@ -76,7 +77,10 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, source *v1alpha1.Integra } func (r *Reconciler) reconcileContainerSource(ctx context.Context, source *v1alpha1.IntegrationSource) (*v1.ContainerSource, error) { - expected := resources.NewContainerSource(source) + + feature.FromContext(ctx).IsOIDCAuthentication() + + expected := resources.NewContainerSource(source, feature.FromContext(ctx).IsOIDCAuthentication()) cs, err := r.containerSourceLister.ContainerSources(source.Namespace).Get(expected.Name) if apierrors.IsNotFound(err) { diff --git a/pkg/reconciler/integration/source/resources/containersource.go b/pkg/reconciler/integration/source/resources/containersource.go index bc83ad3efb2..530318287bc 100644 --- a/pkg/reconciler/integration/source/resources/containersource.go +++ b/pkg/reconciler/integration/source/resources/containersource.go @@ -34,7 +34,7 @@ var sourceImageMap = map[string]string{ "aws-ddb-streams": "gcr.io/knative-nightly/aws-ddb-streams-source:latest", } -func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.ContainerSource { +func NewContainerSource(source *v1alpha1.IntegrationSource, oidc bool) *sourcesv1.ContainerSource { return &sourcesv1.ContainerSource{ ObjectMeta: metav1.ObjectMeta{ OwnerReferences: []metav1.OwnerReference{ @@ -55,7 +55,7 @@ func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.Container Name: "source", Image: selectImage(source), ImagePullPolicy: corev1.PullIfNotPresent, - Env: makeEnv(source), + Env: makeEnv(source, oidc), }, }, }, @@ -66,9 +66,22 @@ func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.Container } // Function to create environment variables for Timer or AWS configurations dynamically -func makeEnv(source *v1alpha1.IntegrationSource) []corev1.EnvVar { +func makeEnv(source *v1alpha1.IntegrationSource, oidc bool) []corev1.EnvVar { var envVars = integration.MakeSSLEnvVar() + if oidc { + envVars = append(envVars, []corev1.EnvVar{ + { + Name: "CAMEL_KNATIVE_CLIENT_OIDC_ENABLED", + Value: "true", + }, + { + Name: "CAMEL_KNATIVE_CLIENT_OIDC_TOKEN_PATH", + Value: "file:///oidc/token", + }, + }...) + } + // Timer environment variables if source.Spec.Timer != nil { envVars = append(envVars, integration.GenerateEnvVarsFromStruct("CAMEL_KAMELET_TIMER_SOURCE", *source.Spec.Timer)...) diff --git a/test/rekt/integrationsource_test.go b/test/rekt/integrationsource_test.go index c33a89d8b04..16542e8b7eb 100644 --- a/test/rekt/integrationsource_test.go +++ b/test/rekt/integrationsource_test.go @@ -61,3 +61,18 @@ func TestIntegrationSourceWithTLS(t *testing.T) { env.ParallelTest(ctx, t, integrationsource.SendEventsWithTLSRecieverAsSink()) env.ParallelTest(ctx, t, integrationsource.SendEventsWithTLSRecieverAsSinkTrustBundle()) } + +func TestIntegrationSourceSendsEventsWithOIDC(t *testing.T) { + t.Parallel() + + ctx, env := global.Environment( + knative.WithKnativeNamespace(system.Namespace()), + knative.WithLoggingConfig, + knative.WithTracingConfig, + k8s.WithEventListener, + environment.Managed(t), + eventshub.WithTLS(t), + ) + + env.Test(ctx, t, integrationsource.SendsEventsWithSinkRefOIDC()) +}