Skip to content

Commit

Permalink
Add audience field for Subscriber and Reply to SubscriberSpec and `…
Browse files Browse the repository at this point in the history 
…SubscriptionStatusPhysicalSubscription` (#7296)

* Add field for subscribers & replies Audience to SubscriberSpec and SubscriptionStatusPhysicalSubscription

* Add test

* Update CRDs
  • Loading branch information
@creydr
creydr authored Sep 26, 2023
1 parent f191461 commit b898cf4
Show file tree
Hide file tree
Showing 11 changed files with 250 additions and 15 deletions.
6 changes: 6 additions & 0 deletions config/channels/in-memory-channel/resources/in-memory-channel.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,12 +142,18 @@ spec:
replyCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
replyAudience:
description: ReplyAudience is the OIDC audience for the replyUri.
type: string
subscriberUri:
description: SubscriberURI is the endpoint for the subscriber
type: string
subscriberCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
subscriberAudience:
description: SubscriberAudience is the OIDC audience for the subscriberUri.
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
Expand Down
6 changes: 6 additions & 0 deletions config/core/resources/channel.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,12 +164,18 @@ spec:
replyCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
replyAudience:
description: ReplyAudience is the OIDC audience for the replyUri.
type: string
subscriberUri:
description: SubscriberURI is the endpoint for the subscriber
type: string
subscriberCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
subscriberAudience:
description: SubscriberAudience is the OIDC audience for the subscriberUri.
type: string
uid:
description: UID is used to understand the origin of the subscriber.
type: string
Expand Down
6 changes: 6 additions & 0 deletions config/core/resources/subscription.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,12 +197,18 @@ spec:
replyCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
replyAudience:
description: ReplyAudience is the OIDC audience for the replyUri.
type: string
subscriberUri:
description: SubscriberURI is the fully resolved URI for spec.subscriber.
type: string
subscriberCACerts:
description: Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
subscriberAudience:
description: SubscriberAudience is the OIDC audience for the subscriberUri.
type: string
additionalPrinterColumns:
- name: Age
type: date
Expand Down
50 changes: 50 additions & 0 deletions docs/eventing-api.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -664,6 +664,18 @@ subscriberUri</p>
</tr>
<tr>
<td>
<code>subscriberAudience</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>SubscriberAudience is the OIDC audience for the subscriberUri.</p>
</td>
</tr>
<tr>
<td>
<code>replyUri</code><br/>
<em>
<a href="https://pkg.go.dev/knative.dev/pkg/apis#URL">
Expand Down Expand Up @@ -692,6 +704,18 @@ replyUri.</p>
</tr>
<tr>
<td>
<code>replyAudience</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>ReplyAudience is the OIDC audience for the replyUri.</p>
</td>
</tr>
<tr>
<td>
<code>delivery</code><br/>
<em>
<a href="#duck.knative.dev/v1.DeliverySpec">
Expand Down Expand Up @@ -4639,6 +4663,19 @@ resolved URI for spec.subscriber.</p>
</tr>
<tr>
<td>
<code>subscriberAudience</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>SubscriberAudience is the OIDC audience for the the resolved URI for
spec.subscriber.</p>
</td>
</tr>
<tr>
<td>
<code>replyUri</code><br/>
<em>
<a href="https://pkg.go.dev/knative.dev/pkg/apis#URL">
Expand Down Expand Up @@ -4667,6 +4704,19 @@ resolved URI for the spec.reply.</p>
</tr>
<tr>
<td>
<code>replyAudience</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>ReplyAudience is the OIDC audience for the the resolved URI for
spec.reply.</p>
</td>
</tr>
<tr>
<td>
<code>DeliveryStatus</code><br/>
<em>
<a href="#duck.knative.dev/v1.DeliveryStatus">
Expand Down
6 changes: 6 additions & 0 deletions pkg/apis/duck/v1/subscribable_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ type SubscriberSpec struct {
// subscriberUri
// +optional
SubscriberCACerts *string `json:"subscriberCACerts,omitempty"`
// SubscriberAudience is the OIDC audience for the subscriberUri.
// +optional
SubscriberAudience *string `json:"subscriberAudience,omitempty"`
// ReplyURI is the endpoint for the reply
// +optional
ReplyURI *apis.URL `json:"replyUri,omitempty"`
Expand All @@ -55,6 +58,9 @@ type SubscriberSpec struct {
// replyUri.
// +optional
ReplyCACerts *string `json:"replyCACerts,omitempty"`
// ReplyAudience is the OIDC audience for the replyUri.
// +optional
ReplyAudience *string `json:"replyAudience,omitempty"`
// +optional
// DeliverySpec contains options controlling the event delivery
// +optional
Expand Down
10 changes: 10 additions & 0 deletions pkg/apis/duck/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions pkg/apis/messaging/v1/subscription_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,11 @@ type SubscriptionStatusPhysicalSubscription struct {
// +optional
SubscriberCACerts *string `json:"subscriberCACerts,omitempty"`

// SubscriberAudience is the OIDC audience for the the resolved URI for
// spec.subscriber.
// +optional
SubscriberAudience *string `json:"subscriberAudience,omitempty"`

// ReplyURI is the fully resolved URI for the spec.reply.
// +optional
ReplyURI *apis.URL `json:"replyUri,omitempty"`
Expand All @@ -139,6 +144,11 @@ type SubscriptionStatusPhysicalSubscription struct {
// +optional
ReplyCACerts *string `json:"replyCACerts,omitempty"`

// ReplyAudience is the OIDC audience for the the resolved URI for
// spec.reply.
// +optional
ReplyAudience *string `json:"replyAudience,omitempty"`

// DeliveryStatus contains a resolved URL to the dead letter sink address, and any other
// resolved delivery options.
eventingduckv1.DeliveryStatus `json:",inline"`
Expand Down
10 changes: 10 additions & 0 deletions pkg/apis/messaging/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 15 additions & 7 deletions pkg/reconciler/subscription/subscription.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,9 +230,11 @@ func (r *Reconciler) resolveSubscriber(ctx context.Context, subscription *v1.Sub
logging.FromContext(ctx).Debugw("Resolved Subscriber", zap.Any("subscriber", subscriberAddr))
subscription.Status.PhysicalSubscription.SubscriberURI = subscriberAddr.URL
subscription.Status.PhysicalSubscription.SubscriberCACerts = subscriberAddr.CACerts
subscription.Status.PhysicalSubscription.SubscriberAudience = subscriberAddr.Audience
} else {
subscription.Status.PhysicalSubscription.SubscriberURI = nil
subscription.Status.PhysicalSubscription.SubscriberCACerts = nil
subscription.Status.PhysicalSubscription.SubscriberAudience = nil
}
return nil
}
Expand All @@ -259,9 +261,11 @@ func (r *Reconciler) resolveReply(ctx context.Context, subscription *v1.Subscrip
logging.FromContext(ctx).Debugw("Resolved reply", zap.Any("reply", replyAddr))
subscription.Status.PhysicalSubscription.ReplyURI = replyAddr.URL
subscription.Status.PhysicalSubscription.ReplyCACerts = replyAddr.CACerts
subscription.Status.PhysicalSubscription.ReplyAudience = replyAddr.Audience
} else {
subscription.Status.PhysicalSubscription.ReplyURI = nil
subscription.Status.PhysicalSubscription.ReplyCACerts = nil
subscription.Status.PhysicalSubscription.ReplyAudience = nil
}
return nil
}
Expand Down Expand Up @@ -492,21 +496,25 @@ func (r *Reconciler) updateChannelAddSubscription(channel *eventingduckv1.Channe
channel.Spec.Subscribers[i].Generation = sub.Generation
channel.Spec.Subscribers[i].SubscriberURI = sub.Status.PhysicalSubscription.SubscriberURI
channel.Spec.Subscribers[i].SubscriberCACerts = sub.Status.PhysicalSubscription.SubscriberCACerts
channel.Spec.Subscribers[i].SubscriberAudience = sub.Status.PhysicalSubscription.SubscriberAudience
channel.Spec.Subscribers[i].ReplyURI = sub.Status.PhysicalSubscription.ReplyURI
channel.Spec.Subscribers[i].ReplyCACerts = sub.Status.PhysicalSubscription.ReplyCACerts
channel.Spec.Subscribers[i].ReplyAudience = sub.Status.PhysicalSubscription.ReplyAudience
channel.Spec.Subscribers[i].Delivery = deliverySpec(sub, channel)
return
}
}

toAdd := eventingduckv1.SubscriberSpec{
UID: sub.UID,
Generation: sub.Generation,
SubscriberURI: sub.Status.PhysicalSubscription.SubscriberURI,
SubscriberCACerts: sub.Status.PhysicalSubscription.SubscriberCACerts,
ReplyURI: sub.Status.PhysicalSubscription.ReplyURI,
ReplyCACerts: sub.Status.PhysicalSubscription.ReplyCACerts,
Delivery: deliverySpec(sub, channel),
UID: sub.UID,
Generation: sub.Generation,
SubscriberURI: sub.Status.PhysicalSubscription.SubscriberURI,
SubscriberCACerts: sub.Status.PhysicalSubscription.SubscriberCACerts,
SubscriberAudience: sub.Status.PhysicalSubscription.SubscriberAudience,
ReplyURI: sub.Status.PhysicalSubscription.ReplyURI,
ReplyCACerts: sub.Status.PhysicalSubscription.ReplyCACerts,
ReplyAudience: sub.Status.PhysicalSubscription.ReplyAudience,
Delivery: deliverySpec(sub, channel),
}

// Must not have been found. Add it.
Expand Down
Loading

0 comments on commit b898cf4

Please sign in to comment.