From 4f4337923b9c1d5b127a4a3e151e1b4870445dfd Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Tue, 18 Jun 2024 01:47:33 +0000 Subject: [PATCH] upgrade to latest dependencies bumping knative.dev/eventing ea8f0fd...e298f32: > e298f32 Add authz library (# 8002) > 1a21fee Add all JobSink symlinks in config/ (# 8007) > 2157639 Add validation for EventPolicy sub suffix matching (# 8008) > 0eee301 Propagate read error correctly in event-dispatcher (# 8005) > 43cf75a [main] Upgrade to latest dependencies (# 8004) bumping knative.dev/pkg 15e6cdf...339c22b: > 339c22b Add AuthenticatableType duck type (# 3056) bumping knative.dev/networking 85e269d...3b8764c: > 3b8764c upgrade to latest dependencies (# 989) bumping knative.dev/serving 1f7cc48...f464e2d: > f464e2d upgrade to latest dependencies (# 15329) > 0b61640 Update net-kourier nightly (# 15314) > 8d768f5 Cert rotation test does not use specific ingress namespace (# 15331) Signed-off-by: Knative Automation --- go.mod | 8 +- go.sum | 16 +- .../v1alpha1/eventpolicy_validation.go | 16 ++ .../eventing/pkg/auth/event_policy.go | 147 ++++++++++++++++++ .../listers/eventing/v1alpha1/eventpolicy.go | 99 ++++++++++++ .../eventing/v1alpha1/expansion_generated.go | 27 ++++ .../pkg/apis/duck/v1/auth_types.go | 93 +++++++++++ .../pkg/apis/duck/v1/zz_generated.deepcopy.go | 81 ++++++++++ .../ducks/duck/v1/authstatus/authstatus.go | 60 +++++++ .../pkg/resolver/authenticatable_resolver.go | 117 ++++++++++++++ vendor/modules.txt | 10 +- 11 files changed, 658 insertions(+), 16 deletions(-) create mode 100644 vendor/knative.dev/eventing/pkg/auth/event_policy.go create mode 100644 vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/eventpolicy.go create mode 100644 vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/expansion_generated.go create mode 100644 vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go create mode 100644 vendor/knative.dev/pkg/resolver/authenticatable_resolver.go diff --git a/go.mod b/go.mod index e7dea29cb..ab0e9cede 100644 --- a/go.mod +++ b/go.mod @@ -14,10 +14,10 @@ require ( k8s.io/api v0.29.2 k8s.io/apimachinery v0.29.2 k8s.io/client-go v0.29.2 - knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06 + knative.dev/eventing v0.41.1-0.20240617131715-e298f32440e4 knative.dev/hack v0.0.0-20240607132042-09143140a254 - knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386 - knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07 + knative.dev/pkg v0.0.0-20240614135239-339c22b8218c + knative.dev/serving v0.41.1-0.20240617141500-f464e2df80bb ) require ( @@ -103,7 +103,7 @@ require ( k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect - knative.dev/networking v0.0.0-20240607132834-85e269dff522 // indirect + knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index 777c97541..b014248be 100644 --- a/go.sum +++ b/go.sum @@ -723,16 +723,16 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06 h1:GYVCeO9+udWWzNfyWlBrclwB07kxzIElbhCCtFrsIRo= -knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06/go.mod h1:PQpuuOYjAl6rW74U+1CgcKP9IyKhk7XhS8aAu9zWQG0= +knative.dev/eventing v0.41.1-0.20240617131715-e298f32440e4 h1:YJfAOdkD0ENKcOCNLqDMR9sqsp7FzvGy81mJvDC7RI4= +knative.dev/eventing v0.41.1-0.20240617131715-e298f32440e4/go.mod h1:Ja5ThoaajtwMAb7pHhG3t0WRul5oSZPalfP5R/0YP80= knative.dev/hack v0.0.0-20240607132042-09143140a254 h1:1YFnu3U6dWZg0oxm6GU8kEdA9A+BvSWKJO7sg3N0kq8= knative.dev/hack v0.0.0-20240607132042-09143140a254/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= -knative.dev/networking v0.0.0-20240607132834-85e269dff522 h1:zDtZStHJI3La7jSHUAjN4Jgv0/Yynl51kuchlVLHqzA= -knative.dev/networking v0.0.0-20240607132834-85e269dff522/go.mod h1:WS5A291Vy2unZ1L54ZSKBkz/gVzVmIy15cCcdA6PRN4= -knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386 h1:nxFTT6DrXr70Zi2BK8nc57ts0/smyavd/uBRBbtqg94= -knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386/go.mod h1:l7R8/SteYph0mZDsVgq3fVs4mWp1DaYx9BJJX68U6ik= -knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07 h1:Qcf6ytf+Ug1Xu7NBn/kFH+qtzXQ8ASoGiEmtNx53UpU= -knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07/go.mod h1:Z58WxiVmEynF1kX8cK4fYmNprj8IkPLl2mEHdvuP6nc= +knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c h1:Q+DdJYzvhwAVWMQtP6mbEr5dNxpr+K9HAF9RqJmZefY= +knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c/go.mod h1:WhZLv94eOMDGHbdZiMrw6cnRfN3WEcFgpjUcV0A48pI= +knative.dev/pkg v0.0.0-20240614135239-339c22b8218c h1:OaKrY7L6rzWTvs51JlieJajL40F6CpBbvO1aZspg2EA= +knative.dev/pkg v0.0.0-20240614135239-339c22b8218c/go.mod h1:l7R8/SteYph0mZDsVgq3fVs4mWp1DaYx9BJJX68U6ik= +knative.dev/serving v0.41.1-0.20240617141500-f464e2df80bb h1:UcrtFuB3wFqVTxSJoGn/iXyc11n13bJi6XMYP9f7y8k= +knative.dev/serving v0.41.1-0.20240617141500-f464e2df80bb/go.mod h1:zvjO9iWedTW7/heF8A6rouZP47g4ZvmtDjUW2f88KQo= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventpolicy_validation.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventpolicy_validation.go index 6c4eafb5c..0c267b319 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventpolicy_validation.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventpolicy_validation.go @@ -18,6 +18,7 @@ package v1alpha1 import ( "context" + "strings" "knative.dev/pkg/apis" ) @@ -36,6 +37,7 @@ func (ets *EventPolicySpec) Validate(ctx context.Context) *apis.FieldError { err = err.Also(apis.ErrMultipleOneOf("ref", "sub").ViaFieldIndex("from", i)) } err = err.Also(f.Ref.Validate().ViaField("ref").ViaFieldIndex("from", i)) + err = err.Also(validateSub(f.Sub).ViaField("sub").ViaFieldIndex("from", i)) } for i, t := range ets.To { @@ -53,6 +55,20 @@ func (ets *EventPolicySpec) Validate(ctx context.Context) *apis.FieldError { return err } +func validateSub(sub *string) *apis.FieldError { + if sub == nil || len(*sub) <= 1 { + return nil + } + + lastInvalidIdx := len(*sub) - 2 + firstInvalidIdx := 0 + if idx := strings.IndexRune(*sub, '*'); idx >= firstInvalidIdx && idx <= lastInvalidIdx { + return apis.ErrInvalidValue(*sub, "", "'*' is only allowed as suffix") + } + + return nil +} + func (r *EventPolicyFromReference) Validate() *apis.FieldError { if r == nil { return nil diff --git a/vendor/knative.dev/eventing/pkg/auth/event_policy.go b/vendor/knative.dev/eventing/pkg/auth/event_policy.go new file mode 100644 index 000000000..26efd1634 --- /dev/null +++ b/vendor/knative.dev/eventing/pkg/auth/event_policy.go @@ -0,0 +1,147 @@ +/* +Copyright 2024 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package auth + +import ( + "fmt" + "strings" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime/schema" + "knative.dev/eventing/pkg/apis/eventing/v1alpha1" + listerseventingv1alpha1 "knative.dev/eventing/pkg/client/listers/eventing/v1alpha1" + "knative.dev/pkg/resolver" +) + +// GetEventPoliciesForResource returns the applying EventPolicies for a given resource +func GetEventPoliciesForResource(lister listerseventingv1alpha1.EventPolicyLister, resourceGVK schema.GroupVersionKind, resourceObjectMeta metav1.ObjectMeta) ([]*v1alpha1.EventPolicy, error) { + policies, err := lister.EventPolicies(resourceObjectMeta.GetNamespace()).List(labels.Everything()) + if err != nil { + return nil, fmt.Errorf("failed to list eventpolicies: %w", err) + } + + relevantPolicies := []*v1alpha1.EventPolicy{} + + for _, policy := range policies { + if len(policy.Spec.To) == 0 { + // policy applies to all resources in namespace + relevantPolicies = append(relevantPolicies, policy) + } + + for _, to := range policy.Spec.To { + if to.Ref != nil { + refGV, err := schema.ParseGroupVersion(to.Ref.APIVersion) + if err != nil { + return nil, fmt.Errorf("cannot split apiVersion into group and version: %s", to.Ref.APIVersion) + } + + if strings.EqualFold(to.Ref.Name, resourceObjectMeta.GetName()) && + strings.EqualFold(refGV.Group, resourceGVK.Group) && + strings.EqualFold(to.Ref.Kind, resourceGVK.Kind) { + + relevantPolicies = append(relevantPolicies, policy) + break // no need to check the other .spec.to's from this policy + } + } + + if to.Selector != nil { + selectorGV, err := schema.ParseGroupVersion(to.Selector.APIVersion) + if err != nil { + return nil, fmt.Errorf("cannot split apiVersion into group and version: %s", to.Selector.APIVersion) + } + + if strings.EqualFold(selectorGV.Group, resourceGVK.Group) && + strings.EqualFold(to.Selector.Kind, resourceGVK.Kind) { + + selector, err := metav1.LabelSelectorAsSelector(to.Selector.LabelSelector) + if err != nil { + return nil, fmt.Errorf("failed to parse selector: %w", err) + } + + if selector.Matches(labels.Set(resourceObjectMeta.Labels)) { + relevantPolicies = append(relevantPolicies, policy) + break // no need to check the other .spec.to's from this policy + } + } + } + } + } + + return relevantPolicies, nil +} + +// ResolveSubjects returns the OIDC service accounts names for the objects referenced in the EventPolicySpecFrom. +func ResolveSubjects(resolver *resolver.AuthenticatableResolver, eventPolicy *v1alpha1.EventPolicy) ([]string, error) { + allSAs := []string{} + for _, from := range eventPolicy.Spec.From { + if from.Ref != nil { + sas, err := resolveSubjectsFromReference(resolver, *from.Ref, eventPolicy) + if err != nil { + return nil, fmt.Errorf("could not resolve subjects from reference: %w", err) + } + allSAs = append(allSAs, sas...) + } else if from.Sub != nil { + allSAs = append(allSAs, *from.Sub) + } + } + + return allSAs, nil +} + +func resolveSubjectsFromReference(resolver *resolver.AuthenticatableResolver, reference v1alpha1.EventPolicyFromReference, trackingEventPolicy *v1alpha1.EventPolicy) ([]string, error) { + authStatus, err := resolver.AuthStatusFromObjectReference(&corev1.ObjectReference{ + APIVersion: reference.APIVersion, + Kind: reference.Kind, + Namespace: reference.Namespace, + Name: reference.Name, + }, trackingEventPolicy) + + if err != nil { + return nil, fmt.Errorf("could not resolve auth status: %w", err) + } + + objSAs := authStatus.ServiceAccountNames + if authStatus.ServiceAccountName != nil { + objSAs = append(objSAs, *authStatus.ServiceAccountName) + } + + objFullSANames := make([]string, 0, len(objSAs)) + for _, sa := range objSAs { + objFullSANames = append(objFullSANames, fmt.Sprintf("system:serviceaccount:%s:%s", reference.Namespace, sa)) + } + + return objFullSANames, nil +} + +// SubjectContained checks if the given sub is contained in the list of allowedSubs +// or if it matches a prefix pattern in subs (e.g. system:serviceaccounts:my-ns:*) +func SubjectContained(sub string, allowedSubs []string) bool { + for _, s := range allowedSubs { + if strings.EqualFold(s, sub) { + return true + } + + if strings.HasSuffix(s, "*") && + strings.HasPrefix(sub, strings.TrimSuffix(s, "*")) { + return true + } + } + + return false +} diff --git a/vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/eventpolicy.go b/vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/eventpolicy.go new file mode 100644 index 000000000..4601f8069 --- /dev/null +++ b/vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/eventpolicy.go @@ -0,0 +1,99 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" + v1alpha1 "knative.dev/eventing/pkg/apis/eventing/v1alpha1" +) + +// EventPolicyLister helps list EventPolicies. +// All objects returned here must be treated as read-only. +type EventPolicyLister interface { + // List lists all EventPolicies in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.EventPolicy, err error) + // EventPolicies returns an object that can list and get EventPolicies. + EventPolicies(namespace string) EventPolicyNamespaceLister + EventPolicyListerExpansion +} + +// eventPolicyLister implements the EventPolicyLister interface. +type eventPolicyLister struct { + indexer cache.Indexer +} + +// NewEventPolicyLister returns a new EventPolicyLister. +func NewEventPolicyLister(indexer cache.Indexer) EventPolicyLister { + return &eventPolicyLister{indexer: indexer} +} + +// List lists all EventPolicies in the indexer. +func (s *eventPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.EventPolicy, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.EventPolicy)) + }) + return ret, err +} + +// EventPolicies returns an object that can list and get EventPolicies. +func (s *eventPolicyLister) EventPolicies(namespace string) EventPolicyNamespaceLister { + return eventPolicyNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// EventPolicyNamespaceLister helps list and get EventPolicies. +// All objects returned here must be treated as read-only. +type EventPolicyNamespaceLister interface { + // List lists all EventPolicies in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.EventPolicy, err error) + // Get retrieves the EventPolicy from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.EventPolicy, error) + EventPolicyNamespaceListerExpansion +} + +// eventPolicyNamespaceLister implements the EventPolicyNamespaceLister +// interface. +type eventPolicyNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all EventPolicies in the indexer for a given namespace. +func (s eventPolicyNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.EventPolicy, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.EventPolicy)) + }) + return ret, err +} + +// Get retrieves the EventPolicy from the indexer for a given namespace and name. +func (s eventPolicyNamespaceLister) Get(name string) (*v1alpha1.EventPolicy, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("eventpolicy"), name) + } + return obj.(*v1alpha1.EventPolicy), nil +} diff --git a/vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/expansion_generated.go b/vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/expansion_generated.go new file mode 100644 index 000000000..e3f601930 --- /dev/null +++ b/vendor/knative.dev/eventing/pkg/client/listers/eventing/v1alpha1/expansion_generated.go @@ -0,0 +1,27 @@ +/* +Copyright 2021 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// EventPolicyListerExpansion allows custom methods to be added to +// EventPolicyLister. +type EventPolicyListerExpansion interface{} + +// EventPolicyNamespaceListerExpansion allows custom methods to be added to +// EventPolicyNamespaceLister. +type EventPolicyNamespaceListerExpansion interface{} diff --git a/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go b/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go index 5d76a7b42..dfb81cbe6 100644 --- a/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go +++ b/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go @@ -16,6 +16,21 @@ limitations under the License. package v1 +import ( + "context" + "fmt" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "knative.dev/pkg/apis" + "knative.dev/pkg/apis/duck/ducktypes" + "knative.dev/pkg/kmeta" + "knative.dev/pkg/ptr" +) + +// +genduck + // AuthStatus is meant to provide the generated service account name // in the resource status. type AuthStatus struct { @@ -28,3 +43,81 @@ type AuthStatus struct { // when the component uses multiple identities (e.g. in case of a Parallel). ServiceAccountNames []string `json:"serviceAccountNames,omitempty"` } + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// AuthenticatableType is a skeleton type wrapping AuthStatus in the manner we expect +// resource writers defining compatible resources to embed it. We will +// typically use this type to deserialize AuthenticatableType ObjectReferences and +// access the AuthenticatableType data. This is not a real resource. +type AuthenticatableType struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Status AuthenticatableStatus `json:"status"` +} + +type AuthenticatableStatus struct { + // Auth contains the service account name for the subscription + // +optional + Auth *AuthStatus `json:"auth,omitempty"` +} + +var ( + // AuthStatus is a Convertible type. + _ apis.Convertible = (*AuthStatus)(nil) + + // Verify AuthenticatableType resources meet duck contracts. + _ apis.Listable = (*AuthenticatableType)(nil) + _ ducktypes.Populatable = (*AuthenticatableType)(nil) + _ kmeta.OwnerRefable = (*AuthenticatableType)(nil) +) + +// GetFullType implements duck.Implementable +func (*AuthStatus) GetFullType() ducktypes.Populatable { + return &AuthenticatableType{} +} + +// ConvertTo implements apis.Convertible +func (a *AuthStatus) ConvertTo(_ context.Context, to apis.Convertible) error { + return fmt.Errorf("v1 is the highest known version, got: %T", to) +} + +// ConvertFrom implements apis.Convertible +func (a *AuthStatus) ConvertFrom(_ context.Context, from apis.Convertible) error { + return fmt.Errorf("v1 is the highest known version, got: %T", from) +} + +// Populate implements duck.Populatable +func (t *AuthenticatableType) Populate() { + t.Status = AuthenticatableStatus{ + Auth: &AuthStatus{ + // Populate ALL fields + ServiceAccountName: ptr.String("foo"), + ServiceAccountNames: []string{ + "bar", + "baz", + }, + }, + } +} + +// GetGroupVersionKind implements kmeta.OwnerRefable +func (t *AuthenticatableType) GetGroupVersionKind() schema.GroupVersionKind { + return t.GroupVersionKind() +} + +// GetListType implements apis.Listable +func (*AuthenticatableType) GetListType() runtime.Object { + return &AuthenticatableTypeList{} +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// AuthenticatableTypeList is a list of AuthenticatableType resources +type AuthenticatableTypeList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []AuthenticatableType `json:"items"` +} diff --git a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go index 9dab1a912..bc263edfd 100644 --- a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go @@ -176,6 +176,87 @@ func (in *AuthStatus) DeepCopy() *AuthStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticatableStatus) DeepCopyInto(out *AuthenticatableStatus) { + *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(AuthStatus) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatableStatus. +func (in *AuthenticatableStatus) DeepCopy() *AuthenticatableStatus { + if in == nil { + return nil + } + out := new(AuthenticatableStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticatableType) DeepCopyInto(out *AuthenticatableType) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatableType. +func (in *AuthenticatableType) DeepCopy() *AuthenticatableType { + if in == nil { + return nil + } + out := new(AuthenticatableType) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AuthenticatableType) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticatableTypeList) DeepCopyInto(out *AuthenticatableTypeList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AuthenticatableType, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatableTypeList. +func (in *AuthenticatableTypeList) DeepCopy() *AuthenticatableTypeList { + if in == nil { + return nil + } + out := new(AuthenticatableTypeList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AuthenticatableTypeList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Binding) DeepCopyInto(out *Binding) { *out = *in diff --git a/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go b/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go new file mode 100644 index 000000000..8f2a26501 --- /dev/null +++ b/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go @@ -0,0 +1,60 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package authstatus + +import ( + context "context" + + duck "knative.dev/pkg/apis/duck" + v1 "knative.dev/pkg/apis/duck/v1" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + dynamicclient "knative.dev/pkg/injection/clients/dynamicclient" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterDuck(WithDuck) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct{} + +func WithDuck(ctx context.Context) context.Context { + dc := dynamicclient.Get(ctx) + dif := &duck.CachedInformerFactory{ + Delegate: &duck.TypedInformerFactory{ + Client: dc, + Type: (&v1.AuthStatus{}).GetFullType(), + ResyncPeriod: controller.GetResyncPeriod(ctx), + StopChannel: ctx.Done(), + }, + } + return context.WithValue(ctx, Key{}, dif) +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context) duck.InformerFactory { + untyped := ctx.Value(Key{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch knative.dev/pkg/apis/duck.InformerFactory from context.") + } + return untyped.(duck.InformerFactory) +} diff --git a/vendor/knative.dev/pkg/resolver/authenticatable_resolver.go b/vendor/knative.dev/pkg/resolver/authenticatable_resolver.go new file mode 100644 index 000000000..78dd69bdd --- /dev/null +++ b/vendor/knative.dev/pkg/resolver/authenticatable_resolver.go @@ -0,0 +1,117 @@ +/* +Copyright 2024 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package resolver + +import ( + "context" + "fmt" + + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/tools/cache" + + corev1 "k8s.io/api/core/v1" + apierrs "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/api/meta" + "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus" + "knative.dev/pkg/controller" + + pkgapisduck "knative.dev/pkg/apis/duck" + duckv1 "knative.dev/pkg/apis/duck/v1" + "knative.dev/pkg/tracker" +) + +// AuthenticatableResolver resolves ObjectReferences into a AuthenticatableType. +type AuthenticatableResolver struct { + tracker tracker.Interface + listerFactory func(schema.GroupVersionResource) (cache.GenericLister, error) +} + +// NewAuthenticatableResolverFromTracker constructs a new AuthenticatableResolver with context and a tracker. +func NewAuthenticatableResolverFromTracker(ctx context.Context, t tracker.Interface) *AuthenticatableResolver { + ret := &AuthenticatableResolver{ + tracker: t, + } + + informerFactory := &pkgapisduck.CachedInformerFactory{ + Delegate: &pkgapisduck.EnqueueInformerFactory{ + Delegate: authstatus.Get(ctx), + EventHandler: controller.HandleAll(ret.tracker.OnChanged), + }, + } + + ret.listerFactory = func(gvr schema.GroupVersionResource) (cache.GenericLister, error) { + _, l, err := informerFactory.Get(ctx, gvr) + return l, err + } + + return ret +} + +// AuthStatusFromObjectReference returns the AuthStatus from an object +func (r *AuthenticatableResolver) AuthStatusFromObjectReference(ref *corev1.ObjectReference, parent interface{}) (*duckv1.AuthStatus, error) { + if ref == nil { + return nil, apierrs.NewBadRequest("ref is nil") + } + + authenticatable, err := r.authenticatableFromObjectReference(ref, parent) + if err != nil { + return nil, fmt.Errorf("failed to get authenticatable %s/%s: %w", ref.Namespace, ref.Name, err) + } + + if authenticatable.Status.Auth == nil { + return nil, fmt.Errorf(".status.auth is missing in object %s/%s", ref.Namespace, ref.Name) + } + + return authenticatable.Status.Auth, nil +} + +// authenticatableFromObjectReference resolves an object reference into an AuthenticatableType +func (r *AuthenticatableResolver) authenticatableFromObjectReference(ref *corev1.ObjectReference, parent interface{}) (*duckv1.AuthenticatableType, error) { + if ref == nil { + return nil, apierrs.NewBadRequest("ref is nil") + } + + gvr, _ := meta.UnsafeGuessKindToResource(ref.GroupVersionKind()) + if err := r.tracker.TrackReference(tracker.Reference{ + APIVersion: ref.APIVersion, + Kind: ref.Kind, + Namespace: ref.Namespace, + Name: ref.Name, + }, parent); err != nil { + return nil, fmt.Errorf("failed to track reference %s %s/%s: %w", gvr.String(), ref.Namespace, ref.Name, err) + } + + lister, err := r.listerFactory(gvr) + if err != nil { + return nil, fmt.Errorf("failed to get lister for %s: %w", gvr.String(), err) + } + + obj, err := lister.ByNamespace(ref.Namespace).Get(ref.Name) + if err != nil { + return nil, fmt.Errorf("failed to get object %s/%s: %w", ref.Namespace, ref.Name, err) + } + + authenticatable, ok := obj.(*duckv1.AuthenticatableType) + if !ok { + return nil, apierrs.NewBadRequest(fmt.Sprintf("%s(%T) is not an AuthenticatableType", ref, ref)) + } + + // Do not modify informer copy. + authenticatable = authenticatable.DeepCopy() + + return authenticatable, nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e70fec08e..8cecfbe4e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -970,7 +970,7 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06 +# knative.dev/eventing v0.41.1-0.20240617131715-e298f32440e4 ## explicit; go 1.21 knative.dev/eventing/pkg/adapter/v2 knative.dev/eventing/pkg/adapter/v2/test @@ -1023,6 +1023,7 @@ knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1beta2 knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1beta2/fake knative.dev/eventing/pkg/client/injection/client knative.dev/eventing/pkg/client/injection/client/fake +knative.dev/eventing/pkg/client/listers/eventing/v1alpha1 knative.dev/eventing/pkg/crossnamespace knative.dev/eventing/pkg/eventingtls knative.dev/eventing/pkg/metrics @@ -1032,12 +1033,12 @@ knative.dev/eventing/pkg/observability/client # knative.dev/hack v0.0.0-20240607132042-09143140a254 ## explicit; go 1.18 knative.dev/hack -# knative.dev/networking v0.0.0-20240607132834-85e269dff522 +# knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c ## explicit; go 1.21 knative.dev/networking/pkg/apis/networking knative.dev/networking/pkg/apis/networking/v1alpha1 knative.dev/networking/pkg/config -# knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386 +# knative.dev/pkg v0.0.0-20240614135239-339c22b8218c ## explicit; go 1.21 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -1047,6 +1048,7 @@ knative.dev/pkg/apis/duck/v1alpha1 knative.dev/pkg/apis/duck/v1beta1 knative.dev/pkg/changeset knative.dev/pkg/client/injection/ducks/duck/v1/addressable +knative.dev/pkg/client/injection/ducks/duck/v1/authstatus knative.dev/pkg/client/injection/ducks/duck/v1/podspecable knative.dev/pkg/client/injection/kube/client knative.dev/pkg/client/injection/kube/client/fake @@ -1101,7 +1103,7 @@ knative.dev/pkg/webhook/psbinding knative.dev/pkg/webhook/resourcesemantics knative.dev/pkg/webhook/resourcesemantics/defaulting knative.dev/pkg/webhook/resourcesemantics/validation -# knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07 +# knative.dev/serving v0.41.1-0.20240617141500-f464e2df80bb ## explicit; go 1.21 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1