From 23d62c79212c5d5716c30ba9693eceba2280926a Mon Sep 17 00:00:00 2001 From: Matthias Wessendorf Date: Wed, 11 Dec 2024 16:46:04 +0100 Subject: [PATCH] Going OIDC for Integration Source: - Generating OIDC specific evn_vars for Knative client of camel - Adding rekt-test for OIDC feature of the source Signed-off-by: Matthias Wessendorf --- .../integration/source/integrationsource.go | 7 ++++++- .../source/resources/containersource.go | 19 ++++++++++++++++--- .../source/resources/containersource_test.go | 2 +- test/rekt/integrationsource_test.go | 15 +++++++++++++++ 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/pkg/reconciler/integration/source/integrationsource.go b/pkg/reconciler/integration/source/integrationsource.go index ef94fd2fc89..9913bdfbc53 100644 --- a/pkg/reconciler/integration/source/integrationsource.go +++ b/pkg/reconciler/integration/source/integrationsource.go @@ -20,6 +20,8 @@ import ( "context" "fmt" + "knative.dev/eventing/pkg/apis/feature" + "knative.dev/eventing/pkg/reconciler/integration/source/resources" "go.uber.org/zap" @@ -76,7 +78,10 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, source *v1alpha1.Integra } func (r *Reconciler) reconcileContainerSource(ctx context.Context, source *v1alpha1.IntegrationSource) (*v1.ContainerSource, error) { - expected := resources.NewContainerSource(source) + + feature.FromContext(ctx).IsOIDCAuthentication() + + expected := resources.NewContainerSource(source, feature.FromContext(ctx).IsOIDCAuthentication()) cs, err := r.containerSourceLister.ContainerSources(source.Namespace).Get(expected.Name) if apierrors.IsNotFound(err) { diff --git a/pkg/reconciler/integration/source/resources/containersource.go b/pkg/reconciler/integration/source/resources/containersource.go index bc83ad3efb2..530318287bc 100644 --- a/pkg/reconciler/integration/source/resources/containersource.go +++ b/pkg/reconciler/integration/source/resources/containersource.go @@ -34,7 +34,7 @@ var sourceImageMap = map[string]string{ "aws-ddb-streams": "gcr.io/knative-nightly/aws-ddb-streams-source:latest", } -func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.ContainerSource { +func NewContainerSource(source *v1alpha1.IntegrationSource, oidc bool) *sourcesv1.ContainerSource { return &sourcesv1.ContainerSource{ ObjectMeta: metav1.ObjectMeta{ OwnerReferences: []metav1.OwnerReference{ @@ -55,7 +55,7 @@ func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.Container Name: "source", Image: selectImage(source), ImagePullPolicy: corev1.PullIfNotPresent, - Env: makeEnv(source), + Env: makeEnv(source, oidc), }, }, }, @@ -66,9 +66,22 @@ func NewContainerSource(source *v1alpha1.IntegrationSource) *sourcesv1.Container } // Function to create environment variables for Timer or AWS configurations dynamically -func makeEnv(source *v1alpha1.IntegrationSource) []corev1.EnvVar { +func makeEnv(source *v1alpha1.IntegrationSource, oidc bool) []corev1.EnvVar { var envVars = integration.MakeSSLEnvVar() + if oidc { + envVars = append(envVars, []corev1.EnvVar{ + { + Name: "CAMEL_KNATIVE_CLIENT_OIDC_ENABLED", + Value: "true", + }, + { + Name: "CAMEL_KNATIVE_CLIENT_OIDC_TOKEN_PATH", + Value: "file:///oidc/token", + }, + }...) + } + // Timer environment variables if source.Spec.Timer != nil { envVars = append(envVars, integration.GenerateEnvVarsFromStruct("CAMEL_KAMELET_TIMER_SOURCE", *source.Spec.Timer)...) diff --git a/pkg/reconciler/integration/source/resources/containersource_test.go b/pkg/reconciler/integration/source/resources/containersource_test.go index b735a2c0fb8..ecdafe788c5 100644 --- a/pkg/reconciler/integration/source/resources/containersource_test.go +++ b/pkg/reconciler/integration/source/resources/containersource_test.go @@ -102,7 +102,7 @@ func TestNewContainerSource(t *testing.T) { }, } - got := NewContainerSource(source) + got := NewContainerSource(source, false) if diff := cmp.Diff(want, got); diff != "" { t.Errorf("NewContainerSource() mismatch (-want +got):\n%s", diff) } diff --git a/test/rekt/integrationsource_test.go b/test/rekt/integrationsource_test.go index c33a89d8b04..16542e8b7eb 100644 --- a/test/rekt/integrationsource_test.go +++ b/test/rekt/integrationsource_test.go @@ -61,3 +61,18 @@ func TestIntegrationSourceWithTLS(t *testing.T) { env.ParallelTest(ctx, t, integrationsource.SendEventsWithTLSRecieverAsSink()) env.ParallelTest(ctx, t, integrationsource.SendEventsWithTLSRecieverAsSinkTrustBundle()) } + +func TestIntegrationSourceSendsEventsWithOIDC(t *testing.T) { + t.Parallel() + + ctx, env := global.Environment( + knative.WithKnativeNamespace(system.Namespace()), + knative.WithLoggingConfig, + knative.WithTracingConfig, + k8s.WithEventListener, + environment.Managed(t), + eventshub.WithTLS(t), + ) + + env.Test(ctx, t, integrationsource.SendsEventsWithSinkRefOIDC()) +}