diff --git a/go.mod b/go.mod index 003701bf7..35d426a35 100644 --- a/go.mod +++ b/go.mod @@ -13,10 +13,10 @@ require ( k8s.io/api v0.26.5 k8s.io/apimachinery v0.26.5 k8s.io/client-go v0.26.5 - knative.dev/eventing v0.38.1-0.20230922165944-b704ab14b1a3 - knative.dev/hack v0.0.0-20230922134855-34850cddd60a - knative.dev/pkg v0.0.0-20230922135952-559de7ee8c67 - knative.dev/serving v0.38.1-0.20230922153311-60cb95fb4cbf + knative.dev/eventing v0.38.1-0.20230928090444-3dfc2ea9565e + knative.dev/hack v0.0.0-20230926181829-f2f9b6f91263 + knative.dev/pkg v0.0.0-20230927121431-6cf4b051de4f + knative.dev/serving v0.38.1-0.20230928195020-05e349fa979b ) require ( @@ -85,12 +85,12 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.13.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.141.0 // indirect + google.golang.org/api v0.143.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect - google.golang.org/grpc v1.58.1 // indirect + google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect + google.golang.org/grpc v1.58.2 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect @@ -101,7 +101,7 @@ require ( k8s.io/klog/v2 v2.80.2-0.20221028030830-9ae4992afb54 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect - knative.dev/networking v0.0.0-20230922121936-65a08ef1061d // indirect + knative.dev/networking v0.0.0-20230926123909-c382f81bd011 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/go.sum b/go.sum index 9812ce9cb..e361769e1 100644 --- a/go.sum +++ b/go.sum @@ -642,8 +642,8 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.141.0 h1:Df6vfMgDoIM6ss0m7H4MPwFwY87WNXHfBIda/Bmfl4E= -google.golang.org/api v0.141.0/go.mod h1:iZqLkdPlXKyG0b90eu6KxVSE4D/ccRF2e/doKD2CnQQ= +google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA= +google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -684,12 +684,12 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= -google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= -google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44= -google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 h1:o4LtQxebKIJ4vkzyhtD2rfUNZ20Zf0ik5YVP5E7G7VE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA= +google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI= +google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -707,8 +707,8 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58= -google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= +google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I= +google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -776,16 +776,16 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.38.1-0.20230922165944-b704ab14b1a3 h1:Qk8mZ0rAd+maJLfJaz3ZmqwobcAu8ozI2nhMhjnOIgU= -knative.dev/eventing v0.38.1-0.20230922165944-b704ab14b1a3/go.mod h1:QWSxmyJ8QdmhEyy8hzu0qgS69fcTTFlSPB9Ntmwvycw= -knative.dev/hack v0.0.0-20230922134855-34850cddd60a h1:49UQAWesCa31hlEr+hJV1olDlK+ZhyYwI+KEFTgC8K8= -knative.dev/hack v0.0.0-20230922134855-34850cddd60a/go.mod h1:WA6zi0u24QTDuFZUeqBwSerEh4Io8lxe6UmvolOzA24= -knative.dev/networking v0.0.0-20230922121936-65a08ef1061d h1:nt+V0z6SvwzCM5SOguA7iumZk2k7ZCmnn/wVlu8zNWk= -knative.dev/networking v0.0.0-20230922121936-65a08ef1061d/go.mod h1:UHJXYVVXazzsITAV5dW6tMFG/vaeM5MCXKFHYtuVX/8= -knative.dev/pkg v0.0.0-20230922135952-559de7ee8c67 h1:LHO+jjpemTbXV17poNbhpPTWi6vkBiZv0GtJw3Yj9FE= -knative.dev/pkg v0.0.0-20230922135952-559de7ee8c67/go.mod h1:HagK8mQdSVdmm2xSYMpl4iCLjhxPoPJdY1/NuuEvAVw= -knative.dev/serving v0.38.1-0.20230922153311-60cb95fb4cbf h1:SyoI5+ehqDbCLWN2GyBcmeVvQ/OmrwqTxgISYRI1fi4= -knative.dev/serving v0.38.1-0.20230922153311-60cb95fb4cbf/go.mod h1:zfxLvDBkj4mr6ipBJy5EIhDLfy2/UZ7v2GGOygEtpjw= +knative.dev/eventing v0.38.1-0.20230928090444-3dfc2ea9565e h1:IftRPY9Wmr2jpgaoQ/3w7/wqX27H8p77zX4A/vY2Rt4= +knative.dev/eventing v0.38.1-0.20230928090444-3dfc2ea9565e/go.mod h1:eNSh5XX8xmAce1hImlXWYuE1iYowNCYr557tH7fqZI8= +knative.dev/hack v0.0.0-20230926181829-f2f9b6f91263 h1:e6r9J1YopzSh6tDCpyKhVBfRUlZ2r0KRo9wupRjdRF4= +knative.dev/hack v0.0.0-20230926181829-f2f9b6f91263/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= +knative.dev/networking v0.0.0-20230926123909-c382f81bd011 h1:FUbAMo0hVK49wJcUTEJfyMQhPCOwoKBEpphCeHrpAiE= +knative.dev/networking v0.0.0-20230926123909-c382f81bd011/go.mod h1:q3caOSuP1eAzp6Aef8iPcbjnoufxxopv3yeOPOB1yrc= +knative.dev/pkg v0.0.0-20230927121431-6cf4b051de4f h1:+J5spRfGrMzQguNXkJlnyUK8yHoYtakUn6d1Z6Ulm/c= +knative.dev/pkg v0.0.0-20230927121431-6cf4b051de4f/go.mod h1:h2O9k9WkB10sVeYUHqywUJNN88y4jZMmu9nFwemwKAE= +knative.dev/serving v0.38.1-0.20230928195020-05e349fa979b h1:GUN7fAI3oJeu85m0jJ0kQ3wVFcxZTbZ7saDTdrZGMUM= +knative.dev/serving v0.38.1-0.20230928195020-05e349fa979b/go.mod h1:KuBjyMQnMkme0vAoQeDEfGwl69QulIdfY/f6ikxpmw4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 2a910c3ce..d3f5bcbfc 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.58.1" +const Version = "1.58.2" diff --git a/vendor/knative.dev/eventing/pkg/apis/duck/v1/subscribable_types.go b/vendor/knative.dev/eventing/pkg/apis/duck/v1/subscribable_types.go index 4d95248ff..cb5591135 100644 --- a/vendor/knative.dev/eventing/pkg/apis/duck/v1/subscribable_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/duck/v1/subscribable_types.go @@ -23,6 +23,8 @@ import ( "k8s.io/apimachinery/pkg/types" "knative.dev/pkg/apis" "knative.dev/pkg/apis/duck" + + duckv1 "knative.dev/pkg/apis/duck/v1" ) // +genduck @@ -47,6 +49,9 @@ type SubscriberSpec struct { // subscriberUri // +optional SubscriberCACerts *string `json:"subscriberCACerts,omitempty"` + // SubscriberAudience is the OIDC audience for the subscriberUri. + // +optional + SubscriberAudience *string `json:"subscriberAudience,omitempty"` // ReplyURI is the endpoint for the reply // +optional ReplyURI *apis.URL `json:"replyUri,omitempty"` @@ -55,6 +60,9 @@ type SubscriberSpec struct { // replyUri. // +optional ReplyCACerts *string `json:"replyCACerts,omitempty"` + // ReplyAudience is the OIDC audience for the replyUri. + // +optional + ReplyAudience *string `json:"replyAudience,omitempty"` // +optional // DeliverySpec contains options controlling the event delivery // +optional @@ -74,6 +82,9 @@ type SubscriberStatus struct { // A human readable message indicating details of Ready status. // +optional Message string `json:"message,omitempty"` + // Auth provides the relevant information for OIDC authentication. + // +optional + Auth *duckv1.AuthStatus `json:"auth,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/knative.dev/eventing/pkg/apis/duck/v1/zz_generated.deepcopy.go b/vendor/knative.dev/eventing/pkg/apis/duck/v1/zz_generated.deepcopy.go index 5dd4986c7..8898dedf2 100644 --- a/vendor/knative.dev/eventing/pkg/apis/duck/v1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/eventing/pkg/apis/duck/v1/zz_generated.deepcopy.go @@ -292,7 +292,9 @@ func (in *SubscribableStatus) DeepCopyInto(out *SubscribableStatus) { if in.Subscribers != nil { in, out := &in.Subscribers, &out.Subscribers *out = make([]SubscriberStatus, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } @@ -320,6 +322,11 @@ func (in *SubscriberSpec) DeepCopyInto(out *SubscriberSpec) { *out = new(string) **out = **in } + if in.SubscriberAudience != nil { + in, out := &in.SubscriberAudience, &out.SubscriberAudience + *out = new(string) + **out = **in + } if in.ReplyURI != nil { in, out := &in.ReplyURI, &out.ReplyURI *out = new(apis.URL) @@ -330,6 +337,11 @@ func (in *SubscriberSpec) DeepCopyInto(out *SubscriberSpec) { *out = new(string) **out = **in } + if in.ReplyAudience != nil { + in, out := &in.ReplyAudience, &out.ReplyAudience + *out = new(string) + **out = **in + } if in.Delivery != nil { in, out := &in.Delivery, &out.Delivery *out = new(DeliverySpec) @@ -351,6 +363,11 @@ func (in *SubscriberSpec) DeepCopy() *SubscriberSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SubscriberStatus) DeepCopyInto(out *SubscriberStatus) { *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(duckv1.AuthStatus) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_lifecycle.go index c2ebce95c..1029efbad 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_lifecycle.go @@ -23,7 +23,7 @@ import ( duckv1 "knative.dev/pkg/apis/duck/v1" ) -var triggerCondSet = apis.NewLivingConditionSet(TriggerConditionBroker, TriggerConditionSubscribed, TriggerConditionDependency, TriggerConditionSubscriberResolved, TriggerConditionDeadLetterSinkResolved) +var triggerCondSet = apis.NewLivingConditionSet(TriggerConditionBroker, TriggerConditionSubscribed, TriggerConditionDependency, TriggerConditionSubscriberResolved, TriggerConditionDeadLetterSinkResolved, TriggerConditionOIDCIdentityCreated) const ( // TriggerConditionReady has status True when all subconditions below have been set to True. @@ -39,6 +39,8 @@ const ( TriggerConditionDeadLetterSinkResolved apis.ConditionType = "DeadLetterSinkResolved" + TriggerConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated" + // TriggerAnyFilter Constant to represent that we should allow anything. TriggerAnyFilter = "" ) @@ -199,3 +201,19 @@ func (ts *TriggerStatus) PropagateDependencyStatus(ks *duckv1.Source) { ts.MarkDependencyUnknown("DependencyUnknown", "The status of Dependency is invalid: %v", kc.Status) } } + +func (ts *TriggerStatus) MarkOIDCIdentityCreatedSucceeded() { + triggerCondSet.Manage(ts).MarkTrue(TriggerConditionOIDCIdentityCreated) +} + +func (ts *TriggerStatus) MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{}) { + triggerCondSet.Manage(ts).MarkTrueWithReason(TriggerConditionOIDCIdentityCreated, reason, messageFormat, messageA...) +} + +func (ts *TriggerStatus) MarkOIDCIdentityCreatedFailed(reason, messageFormat string, messageA ...interface{}) { + triggerCondSet.Manage(ts).MarkFalse(TriggerConditionOIDCIdentityCreated, reason, messageFormat, messageA...) +} + +func (ts *TriggerStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) { + triggerCondSet.Manage(ts).MarkUnknown(TriggerConditionOIDCIdentityCreated, reason, messageFormat, messageA...) +} diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_types.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_types.go index 3b6637b58..d5b6d566d 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/trigger_types.go @@ -199,6 +199,10 @@ type TriggerStatus struct { // DeliveryStatus contains a resolved URL to the dead letter sink address, and any other // resolved delivery options. eventingduckv1.DeliveryStatus `json:",inline"` + + // Auth provides the relevant information for OIDC authentication. + // +optional + Auth *duckv1.AuthStatus `json:"auth,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/zz_generated.deepcopy.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/zz_generated.deepcopy.go index 5fba5c607..65dfc67c5 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/zz_generated.deepcopy.go @@ -345,6 +345,11 @@ func (in *TriggerStatus) DeepCopyInto(out *TriggerStatus) { **out = **in } in.DeliveryStatus.DeepCopyInto(&out.DeliveryStatus) + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(duckv1.AuthStatus) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/knative.dev/eventing/pkg/apis/flows/v1/parallel_types.go b/vendor/knative.dev/eventing/pkg/apis/flows/v1/parallel_types.go index 6485203d1..cf9d6d6ea 100644 --- a/vendor/knative.dev/eventing/pkg/apis/flows/v1/parallel_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/flows/v1/parallel_types.go @@ -119,6 +119,10 @@ type ParallelStatus struct { // will target the first subscriber. // It generally has the form {channel}.{namespace}.svc.{cluster domain name} duckv1.AddressStatus `json:",inline"` + + // Auth provides the relevant information for OIDC authentication. + // +optional + Auth *duckv1.AuthStatus `json:"auth,omitempty"` } // ParallelBranchStatus represents the current state of a Parallel branch diff --git a/vendor/knative.dev/eventing/pkg/apis/flows/v1/sequence_types.go b/vendor/knative.dev/eventing/pkg/apis/flows/v1/sequence_types.go index 909c2651b..e02af40b7 100644 --- a/vendor/knative.dev/eventing/pkg/apis/flows/v1/sequence_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/flows/v1/sequence_types.go @@ -131,6 +131,10 @@ type SequenceStatus struct { // It generally has the form {channel}.{namespace}.svc.{cluster domain name} // +optional Address duckv1.Addressable `json:"address,omitempty"` + + // Auth provides the relevant information for OIDC authentication. + // +optional + Auth *duckv1.AuthStatus `json:"auth,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/knative.dev/eventing/pkg/apis/flows/v1/zz_generated.deepcopy.go b/vendor/knative.dev/eventing/pkg/apis/flows/v1/zz_generated.deepcopy.go index 912097674..64a747411 100644 --- a/vendor/knative.dev/eventing/pkg/apis/flows/v1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/eventing/pkg/apis/flows/v1/zz_generated.deepcopy.go @@ -204,6 +204,11 @@ func (in *ParallelStatus) DeepCopyInto(out *ParallelStatus) { } } in.AddressStatus.DeepCopyInto(&out.AddressStatus) + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(duckv1.AuthStatus) + (*in).DeepCopyInto(*out) + } return } @@ -366,6 +371,11 @@ func (in *SequenceStatus) DeepCopyInto(out *SequenceStatus) { } } in.Address.DeepCopyInto(&out.Address) + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(duckv1.AuthStatus) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/subscription_types.go b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/subscription_types.go index 8f1c8e108..fe8ba6f86 100644 --- a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/subscription_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/subscription_types.go @@ -114,6 +114,10 @@ type SubscriptionStatus struct { // PhysicalSubscription is the fully resolved values that this Subscription represents. PhysicalSubscription SubscriptionStatusPhysicalSubscription `json:"physicalSubscription,omitempty"` + + // Auth provides the relevant information for OIDC authentication. + // +optional + Auth *duckv1.AuthStatus `json:"auth,omitempty"` } // SubscriptionStatusPhysicalSubscription represents the fully resolved values for this @@ -129,6 +133,11 @@ type SubscriptionStatusPhysicalSubscription struct { // +optional SubscriberCACerts *string `json:"subscriberCACerts,omitempty"` + // SubscriberAudience is the OIDC audience for the the resolved URI for + // spec.subscriber. + // +optional + SubscriberAudience *string `json:"subscriberAudience,omitempty"` + // ReplyURI is the fully resolved URI for the spec.reply. // +optional ReplyURI *apis.URL `json:"replyUri,omitempty"` @@ -139,6 +148,11 @@ type SubscriptionStatusPhysicalSubscription struct { // +optional ReplyCACerts *string `json:"replyCACerts,omitempty"` + // ReplyAudience is the OIDC audience for the the resolved URI for + // spec.reply. + // +optional + ReplyAudience *string `json:"replyAudience,omitempty"` + // DeliveryStatus contains a resolved URL to the dead letter sink address, and any other // resolved delivery options. eventingduckv1.DeliveryStatus `json:",inline"` diff --git a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/zz_generated.deepcopy.go b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/zz_generated.deepcopy.go index a400fd2e3..fff2d237b 100644 --- a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/zz_generated.deepcopy.go @@ -356,6 +356,11 @@ func (in *SubscriptionStatus) DeepCopyInto(out *SubscriptionStatus) { *out = *in in.Status.DeepCopyInto(&out.Status) in.PhysicalSubscription.DeepCopyInto(&out.PhysicalSubscription) + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(duckv1.AuthStatus) + (*in).DeepCopyInto(*out) + } return } @@ -382,6 +387,11 @@ func (in *SubscriptionStatusPhysicalSubscription) DeepCopyInto(out *Subscription *out = new(string) **out = **in } + if in.SubscriberAudience != nil { + in, out := &in.SubscriberAudience, &out.SubscriberAudience + *out = new(string) + **out = **in + } if in.ReplyURI != nil { in, out := &in.ReplyURI, &out.ReplyURI *out = new(apis.URL) @@ -392,6 +402,11 @@ func (in *SubscriptionStatusPhysicalSubscription) DeepCopyInto(out *Subscription *out = new(string) **out = **in } + if in.ReplyAudience != nil { + in, out := &in.ReplyAudience, &out.ReplyAudience + *out = new(string) + **out = **in + } in.DeliveryStatus.DeepCopyInto(&out.DeliveryStatus) return } diff --git a/vendor/knative.dev/hack/README.md b/vendor/knative.dev/hack/README.md index 5dc34c8ed..8799e0b59 100644 --- a/vendor/knative.dev/hack/README.md +++ b/vendor/knative.dev/hack/README.md @@ -7,13 +7,16 @@ entrypoint functionality. This is a helper script to run the presubmit tests. To use it: -1. Source this script. +1. Source this script: + ```bash + source "$(go run knative.dev/hack/cmd/script presubmit-tests.sh)" + ``` 1. [optional] Define the function `build_tests()`. If you don't define this function, the default action for running the build tests is to: - run `go build` on the entire repo - - run `/hack/verify-codegen.sh` (if it exists) + - run `hack/verify-codegen.sh` (if it exists) - check licenses in all go packages 1. [optional] Customize the default build test runner, if you're using it. Set @@ -70,7 +73,7 @@ skipped. ### Sample presubmit test script ```bash -source vendor/knative.dev/hack/presubmit-tests.sh +source "$(go run knative.dev/hack/cmd/script presubmit-tests.sh)" function post_build_tests() { echo "Cleaning up after build tests" @@ -99,7 +102,10 @@ This is a helper script for Knative E2E test scripts. To use it: [here](https://github.com/knative/toolbox/blob/main/kntest/pkg/kubetest2/gke/README.md) to the `initialize` function call if the default values don't fit your needs. -1. Source the script. +1. Source the script: + ```bash + source "$(go run knative.dev/hack/cmd/script e2e-tests.sh)" + ``` 1. [optional] Write the `knative_setup()` function, which will set up your system under test (e.g., Knative Serving). @@ -166,8 +172,7 @@ for Knative Serving to be up before running the tests. It also requires that the test cluster is created in a specific region, `us-west2`. ```bash - -source vendor/knative.dev/hack/e2e-tests.sh +source "$(go run knative.dev/hack/cmd/script e2e-tests.sh)" function knative_setup() { start_latest_knative_serving @@ -201,7 +206,10 @@ This is a helper script for Knative performance test scripts. In combination with specific Prow jobs, it can automatically manage the environment for running benchmarking jobs for each repo. To use it: -1. Source the script. +1. Source the script: + ```bash + source "$(go run knative.dev/hack/cmd/script performance-tests.sh)" + ``` 1. [optional] Customize GCP project settings for the benchmarks. Set the following environment variables if the default value doesn't fit your needs: @@ -238,7 +246,7 @@ benchmarking jobs for each repo. To use it: This script will update `Knative serving` and the given benchmark. ```bash -source vendor/knative.dev/hack/performance-tests.sh +source "$(go run knative.dev/hack/cmd/script performance-tests.sh)" function update_knative() { echo ">> Updating serving" @@ -257,7 +265,10 @@ main $@ This is a helper script for Knative release scripts. To use it: -1. Source the script. +1. Source the script: + ```bash + source "$(go run knative.dev/hack/cmd/script release.sh)" + ``` 1. [optional] By default, the release script will run `./test/presubmit-tests.sh` as the release validation tests. If you need to @@ -313,7 +324,7 @@ This is a helper script for Knative release scripts. To use it: ### Sample release script ```bash -source vendor/knative.dev/hack/release.sh +source "$(go run knative.dev/hack/cmd/script release.sh)" function build_release() { # config/ contains the manifests diff --git a/vendor/knative.dev/hack/embed.go b/vendor/knative.dev/hack/embed.go index 4e39c21a3..62f856ec6 100644 --- a/vendor/knative.dev/hack/embed.go +++ b/vendor/knative.dev/hack/embed.go @@ -16,7 +16,9 @@ limitations under the License. package hack -import "embed" +import ( + "embed" +) //go:embed *.sh var Scripts embed.FS diff --git a/vendor/knative.dev/pkg/resolver/addressable_resolver.go b/vendor/knative.dev/pkg/resolver/addressable_resolver.go index c53a13d39..bbbcb78b6 100644 --- a/vendor/knative.dev/pkg/resolver/addressable_resolver.go +++ b/vendor/knative.dev/pkg/resolver/addressable_resolver.go @@ -163,8 +163,9 @@ func (r *URIResolver) AddressableFromDestinationV1(ctx context.Context, dest duc return nil, fmt.Errorf("URI is not absolute (both scheme and host should be non-empty): %q", dest.URI.String()) } return &duckv1.Addressable{ - URL: dest.URI, - CACerts: dest.CACerts, + URL: dest.URI, + CACerts: dest.CACerts, + Audience: dest.Audience, }, nil } @@ -188,9 +189,10 @@ func (r *URIResolver) addressableFromDestinationRef(ctx context.Context, dest du handled, url, err := resolver(ctx, or) if handled { return &duckv1.Addressable{ - Name: dest.Ref.Address, - URL: url, - CACerts: dest.CACerts, + Name: dest.Ref.Address, + URL: url, + CACerts: dest.CACerts, + Audience: dest.Audience, }, err } @@ -229,9 +231,10 @@ func (r *URIResolver) addressableFromDestinationRef(ctx context.Context, dest du url.Scheme = "https" } return &duckv1.Addressable{ - Name: dest.Ref.Address, - URL: url, - CACerts: dest.CACerts, + Name: dest.Ref.Address, + URL: url, + CACerts: dest.CACerts, + Audience: dest.Audience, }, nil } @@ -258,6 +261,11 @@ func (r *URIResolver) addressableFromDestinationRef(ctx context.Context, dest du addr.CACerts = dest.CACerts } + if dest.Audience != nil && *dest.Audience != "" { + // destinations audience takes preference + addr.Audience = dest.Audience + } + return addr, nil } diff --git a/vendor/knative.dev/serving/pkg/apis/config/features.go b/vendor/knative.dev/serving/pkg/apis/config/features.go index 32b7345a8..4e9d0aefd 100644 --- a/vendor/knative.dev/serving/pkg/apis/config/features.go +++ b/vendor/knative.dev/serving/pkg/apis/config/features.go @@ -59,6 +59,7 @@ func defaultFeaturesConfig() *Features { PodSpecNodeSelector: Disabled, PodSpecRuntimeClassName: Disabled, PodSpecSecurityContext: Disabled, + PodSpecShareProcessNamespace: Disabled, PodSpecPriorityClassName: Disabled, PodSpecSchedulerName: Disabled, ContainerSpecAddCapabilities: Disabled, @@ -91,6 +92,7 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) { asFlag("kubernetes.podspec-nodeselector", &nc.PodSpecNodeSelector), asFlag("kubernetes.podspec-runtimeclassname", &nc.PodSpecRuntimeClassName), asFlag("kubernetes.podspec-securitycontext", &nc.PodSpecSecurityContext), + asFlag("kubernetes.podspec-shareprocessnamespace", &nc.PodSpecShareProcessNamespace), asFlag("kubernetes.podspec-priorityclassname", &nc.PodSpecPriorityClassName), asFlag("kubernetes.podspec-schedulername", &nc.PodSpecSchedulerName), asFlag("kubernetes.containerspec-addcapabilities", &nc.ContainerSpecAddCapabilities), @@ -127,6 +129,7 @@ type Features struct { PodSpecNodeSelector Flag PodSpecRuntimeClassName Flag PodSpecSecurityContext Flag + PodSpecShareProcessNamespace Flag PodSpecPriorityClassName Flag PodSpecSchedulerName Flag ContainerSpecAddCapabilities Flag diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go index 7c02f174d..769370d76 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go @@ -245,6 +245,9 @@ func PodSpecMask(ctx context.Context, in *corev1.PodSpec) *corev1.PodSpec { // This is further validated in ValidatePodSecurityContext. out.SecurityContext = in.SecurityContext } + if cfg.Features.PodSpecShareProcessNamespace != config.Disabled { + out.ShareProcessNamespace = in.ShareProcessNamespace + } if cfg.Features.PodSpecPriorityClassName != config.Disabled { out.PriorityClassName = in.PriorityClassName } @@ -270,7 +273,6 @@ func PodSpecMask(ctx context.Context, in *corev1.PodSpec) *corev1.PodSpec { out.HostNetwork = false out.HostPID = false out.HostIPC = false - out.ShareProcessNamespace = nil out.Hostname = "" out.Subdomain = "" out.Priority = nil @@ -725,8 +727,14 @@ func CapabilitiesMask(ctx context.Context, in *corev1.Capabilities) *corev1.Capa // Allowed fields out.Drop = in.Drop - if config.FromContextOrDefaults(ctx).Features.ContainerSpecAddCapabilities != config.Disabled { + if config.FromContextOrDefaults(ctx).Features.ContainerSpecAddCapabilities == config.Enabled { out.Add = in.Add + } else if config.FromContextOrDefaults(ctx).Features.SecurePodDefaults == config.Enabled { + if len(in.Add) == 1 && in.Add[0] == "NET_BIND_SERVICE" { + out.Add = in.Add + } else { + out.Add = nil + } } return out diff --git a/vendor/modules.txt b/vendor/modules.txt index c2fe0d153..b9ca319a8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -344,7 +344,7 @@ golang.org/x/tools/internal/typeparams # gomodules.xyz/jsonpatch/v2 v2.4.0 ## explicit; go 1.20 gomodules.xyz/jsonpatch/v2 -# google.golang.org/api v0.141.0 +# google.golang.org/api v0.143.0 ## explicit; go 1.19 google.golang.org/api/support/bundler # google.golang.org/appengine v1.6.7 @@ -356,16 +356,16 @@ google.golang.org/appengine/internal/log google.golang.org/appengine/internal/remote_api google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch -# google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 +# google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb ## explicit; go 1.19 google.golang.org/genproto/protobuf/field_mask -# google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 +# google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb ## explicit; go 1.19 google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 ## explicit; go 1.19 google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.58.1 +# google.golang.org/grpc v1.58.2 ## explicit; go 1.19 google.golang.org/grpc google.golang.org/grpc/attributes @@ -953,7 +953,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.38.1-0.20230922165944-b704ab14b1a3 +# knative.dev/eventing v0.38.1-0.20230928090444-3dfc2ea9565e ## explicit; go 1.19 knative.dev/eventing/pkg/adapter/v2 knative.dev/eventing/pkg/adapter/v2/util/crstatusevent @@ -999,15 +999,15 @@ knative.dev/eventing/pkg/observability knative.dev/eventing/pkg/observability/client knative.dev/eventing/pkg/reconciler/resources knative.dev/eventing/pkg/reconciler/source -# knative.dev/hack v0.0.0-20230922134855-34850cddd60a +# knative.dev/hack v0.0.0-20230926181829-f2f9b6f91263 ## explicit; go 1.18 knative.dev/hack -# knative.dev/networking v0.0.0-20230922121936-65a08ef1061d +# knative.dev/networking v0.0.0-20230926123909-c382f81bd011 ## explicit; go 1.18 knative.dev/networking/pkg/apis/networking knative.dev/networking/pkg/apis/networking/v1alpha1 knative.dev/networking/pkg/config -# knative.dev/pkg v0.0.0-20230922135952-559de7ee8c67 +# knative.dev/pkg v0.0.0-20230927121431-6cf4b051de4f ## explicit; go 1.18 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -1060,7 +1060,7 @@ knative.dev/pkg/tracker knative.dev/pkg/version knative.dev/pkg/webhook knative.dev/pkg/webhook/certificates/resources -# knative.dev/serving v0.38.1-0.20230922153311-60cb95fb4cbf +# knative.dev/serving v0.38.1-0.20230928195020-05e349fa979b ## explicit; go 1.18 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1