Skip to content

Commit

Permalink
Going OIDC for Integration Source:
Browse files Browse the repository at this point in the history
- Generating OIDC specific evn_vars for Knative client of camel
- Adding rekt-test for OIDC feature of the source

Signed-off-by: Matthias Wessendorf <[email protected]>
  • Loading branch information
matzew committed Dec 13, 2024
1 parent f82811b commit cbf331a
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 5 deletions.
4 changes: 3 additions & 1 deletion pkg/reconciler/integration/source/integrationsource.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import (
"context"
"fmt"

"knative.dev/eventing/pkg/apis/feature"

"knative.dev/eventing/pkg/reconciler/integration/source/resources"

"go.uber.org/zap"
Expand Down Expand Up @@ -76,7 +78,7 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, source *v1alpha1.Integra
}

func (r *Reconciler) reconcileContainerSource(ctx context.Context, source *v1alpha1.IntegrationSource) (*v1.ContainerSource, error) {
expected := resources.NewContainerSource(source)
expected := resources.NewContainerSource(source, feature.FromContext(ctx).IsOIDCAuthentication())

cs, err := r.containerSourceLister.ContainerSources(source.Namespace).Get(expected.Name)
if apierrors.IsNotFound(err) {
Expand Down
19 changes: 16 additions & 3 deletions pkg/reconciler/integration/source/resources/containersource.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ var sourceImageMap = map[string]string{
"aws-ddb-streams": "gcr.io/knative-nightly/aws-ddb-streams-source:latest",
}

func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.ContainerSource {
func NewContainerSource(source *v1alpha1.IntegrationSource, oidc bool) *sourcesv1.ContainerSource {
return &sourcesv1.ContainerSource{
ObjectMeta: metav1.ObjectMeta{
OwnerReferences: []metav1.OwnerReference{
Expand All @@ -55,7 +55,7 @@ func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.Container
Name: "source",
Image: selectImage(source),
ImagePullPolicy: corev1.PullIfNotPresent,
Env: makeEnv(source),
Env: makeEnv(source, oidc),
},
},
},
Expand All @@ -66,9 +66,22 @@ func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.Container
}

// Function to create environment variables for Timer or AWS configurations dynamically
func makeEnv(source *v1alpha1.IntegrationSource) []corev1.EnvVar {
func makeEnv(source *v1alpha1.IntegrationSource, oidc bool) []corev1.EnvVar {
var envVars = integration.MakeSSLEnvVar()

if oidc {
envVars = append(envVars, []corev1.EnvVar{
{
Name: "CAMEL_KNATIVE_CLIENT_OIDC_ENABLED",
Value: "true",
},
{
Name: "CAMEL_KNATIVE_CLIENT_OIDC_TOKEN_PATH",
Value: "file:///oidc/token",
},
}...)
}

// Timer environment variables
if source.Spec.Timer != nil {
envVars = append(envVars, integration.GenerateEnvVarsFromStruct("CAMEL_KAMELET_TIMER_SOURCE", *source.Spec.Timer)...)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ func TestNewContainerSource(t *testing.T) {
},
}

got := NewContainerSource(source)
got := NewContainerSource(source, false)
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("NewContainerSource() mismatch (-want +got):\n%s", diff)
}
Expand Down
15 changes: 15 additions & 0 deletions test/rekt/integrationsource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,3 +61,18 @@ func TestIntegrationSourceWithTLS(t *testing.T) {
env.ParallelTest(ctx, t, integrationsource.SendEventsWithTLSRecieverAsSink())
env.ParallelTest(ctx, t, integrationsource.SendEventsWithTLSRecieverAsSinkTrustBundle())
}

func TestIntegrationSourceSendsEventsWithOIDC(t *testing.T) {
t.Parallel()

ctx, env := global.Environment(
knative.WithKnativeNamespace(system.Namespace()),
knative.WithLoggingConfig,
knative.WithTracingConfig,
k8s.WithEventListener,
environment.Managed(t),
eventshub.WithTLS(t),
)

env.Test(ctx, t, integrationsource.SendsEventsWithSinkRefOIDC())
}

0 comments on commit cbf331a

Please sign in to comment.