Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Going OIDC for Integration Source #8383

Merged
merged 1 commit into from
Dec 16, 2024
Merged

Going OIDC for Integration Source #8383

merged 1 commit into from
Dec 16, 2024

Conversation

matzew
Copy link
Member

@matzew matzew commented Dec 12, 2024

Fixes #

Proposed Changes

  • Generating OIDC specific evn_vars for Knative client of camel
  • Adding rekt-test for OIDC feature of the source

Pre-review Checklist

  • At least 80% unit test coverage
  • E2E tests for any new behavior
  • Docs PR for any user-facing impact
  • Spec PR for any new API feature
  • Conformance test for any change to the spec

Release Note

Docs

@knative-prow knative-prow bot added area/test-and-release Test infrastructure, tests or release size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 12, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Dec 12, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 12, 2024
@matzew
Copy link
Member Author

matzew commented Dec 12, 2024

I think this requires the rebuild of integrations images

@matzew matzew force-pushed the integrationsource_oidc_enablement branch from 1d1f7de to fca5f08 Compare December 12, 2024 15:29
@matzew
Copy link
Member Author

matzew commented Dec 13, 2024

/retest

@matzew matzew force-pushed the integrationsource_oidc_enablement branch from fca5f08 to 23d62c7 Compare December 13, 2024 06:18
@codecov Codecov
Copy link

codecov bot commented Dec 13, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 25.00000% with 12 lines in your changes missing coverage. Please review.

Project coverage is 64.22%. Comparing base (f82811b) to head (cbf331a).
Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
...er/integration/source/resources/containersource.go 20.00% 11 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8383      +/-   ##
==========================================
- Coverage   64.25%   64.22%   -0.04%     
==========================================
  Files         388      388              
  Lines       23313    23324      +11     
==========================================
- Hits        14980    14979       -1     
- Misses       7539     7550      +11     
- Partials      794      795       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@matzew
Copy link
Member Author

matzew commented Dec 13, 2024
edited
Loading

This currently fails, since the eventing-integration images are likely not yet updated

/cc @dsimansk

Doing a local build for the timer-source, the OIDC test passes just fine (based on latest main of integrations)

@knative-prow knative-prow bot requested a review from dsimansk December 13, 2024 07:29
@matzew
Copy link
Member Author

matzew commented Dec 13, 2024

/test reconciler-tests

@matzew
Copy link
Member Author

matzew commented Dec 13, 2024

/hold

will update some tests

@knative-prow knative-prow bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 13, 2024
@matzew
Copy link
Member Author

matzew commented Dec 13, 2024

@creydr do I need to enable the new OIDC test differently ?

locally it works. I run the /hack/run.sh install and than I apply the test/config-transport-encryption/features.yaml

running:

SYSTEM_NAMESPACE=knative-eventing go test -count=1 -v -tags=e2e -run TestIntegrationSinkSuccessTLS ./test/rekt

creydr
creydr reviewed Dec 13, 2024
View reviewed changes
pkg/reconciler/integration/source/integrationsource.go Outdated
@@ -76,7 +78,10 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, source *v1alpha1.Integra
}

func (r *Reconciler) reconcileContainerSource(ctx context.Context, source *v1alpha1.IntegrationSource) (*v1.ContainerSource, error) {
expected := resources.NewContainerSource(source)

feature.FromContext(ctx).IsOIDCAuthentication()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably a left over

@matzew
Going OIDC for Integration Source:
cbf331a 
- Generating OIDC specific evn_vars for Knative client of camel
- Adding rekt-test for OIDC feature of the source

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
@matzew matzew force-pushed the integrationsource_oidc_enablement branch from 23d62c7 to cbf331a Compare December 13, 2024 13:04
@creydr
Copy link
Member

creydr commented Dec 13, 2024
edited
Loading

@creydr do I need to enable the new OIDC test differently ?

locally it works. I run the /hack/run.sh install and than I apply the test/config-transport-encryption/features.yaml

running:

SYSTEM_NAMESPACE=knative-eventing go test -count=1 -v -tags=e2e -run TestIntegrationSinkSuccessTLS ./test/rekt

test/config-transport-encryption/features.yaml only enables TLS. test/config-authentication-oidc/features.yaml enables TLS and OIDC.

You need OIDC for the test being enabled:

eventing/test/rekt/features/integrationsource/oidc_feature.go

Line 38 in f82811b

f.Prerequisite("OIDC authentication is enabled", featureflags.AuthenticationOIDCEnabled())

@matzew
Copy link
Member Author

matzew commented Dec 13, 2024

yeah I used that oidc file (was a typo the tls file)

But I do NOT need to register the OIDC test somewhere. based on the test, it will enable OIDC, as you see in the code - right?

@matzew
Copy link
Member Author

matzew commented Dec 13, 2024

/unhold

@knative-prow knative-prow bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 13, 2024
creydr
creydr reviewed Dec 16, 2024
View reviewed changes
Copy link
Member

@creydr creydr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice 💪

PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Prerequisite/transport_encryption_is_strict (0.04s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Prerequisite/should_not_run_when_Istio_is_enabled (0.04s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Prerequisite/OIDC_authentication_is_enabled (0.04s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Prerequisite (0.00s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Setup/install_sink (55.42s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Setup (0.00s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Requirement/install_integrationsource (0.15s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Requirement/integrationsource_goes_ready (3.08s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Requirement (0.00s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Assert/integrationsource_as_event_source_Set_sinkURI_to_HTTPS_endpoint (0.07s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Assert/integrationsource_as_event_source_Set_sinkCACerts_to_non_empty_CA_certs (0.09s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Assert/integrationsource_as_event_source_uses_integrationsources_identity_for_OIDC (3.04s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Assert/integrationsource_as_event_source_delivers_events (3.00s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Assert (0.00s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC/Teardown (0.00s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC/SendsEventsWithSinkRefOIDC (71.72s)
PASS test/rekt.TestIntegrationSourceSendsEventsWithOIDC (129.26s)

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Dec 16, 2024
@matzew
Copy link
Member Author

matzew commented Dec 16, 2024

base work OIDC support on data-plane was done in here:
knative-extensions/eventing-integrations#50

@knative-prow knative-prow bot merged commit 4087c3a into knative:main Dec 16, 2024
34 of 36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@creydr creydr creydr left review comments

@evankanderson evankanderson Awaiting requested review from evankanderson

@Leo6Leo Leo6Leo Awaiting requested review from Leo6Leo

@dsimansk dsimansk Awaiting requested review from dsimansk

Assignees

@creydr creydr

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test-and-release Test infrastructure, tests or release lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matzew @creydr