From 6ad3468159934bfcccdd0cadb964de70d401d35d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Mon, 29 Jan 2024 08:41:25 +0100 Subject: [PATCH] Provision contract with OIDC information --- control-plane/pkg/core/config/utils.go | 3 +++ control-plane/pkg/reconciler/broker/broker.go | 4 ++++ control-plane/pkg/reconciler/channel/channel.go | 13 +++++++++++++ .../pkg/reconciler/channel/v2/channelv2.go | 4 ++++ control-plane/pkg/reconciler/consumer/consumer.go | 6 ++++++ control-plane/pkg/reconciler/sink/kafka_sink.go | 5 +++++ control-plane/pkg/reconciler/trigger/trigger.go | 6 ++++++ 7 files changed, 41 insertions(+) diff --git a/control-plane/pkg/core/config/utils.go b/control-plane/pkg/core/config/utils.go index e7d8dff3cb..fa45f52966 100644 --- a/control-plane/pkg/core/config/utils.go +++ b/control-plane/pkg/core/config/utils.go @@ -77,6 +77,9 @@ func EgressConfigFromDelivery( if deadLetterSinkAddr.CACerts != nil { egressConfig.DeadLetterCACerts = *deadLetterSinkAddr.CACerts } + if deadLetterSinkAddr.Audience != nil { + egressConfig.DeadLetterAudience = *deadLetterSinkAddr.Audience + } } if delivery.Retry != nil { diff --git a/control-plane/pkg/reconciler/broker/broker.go b/control-plane/pkg/reconciler/broker/broker.go index c5538dd379..fd74b8f42d 100644 --- a/control-plane/pkg/reconciler/broker/broker.go +++ b/control-plane/pkg/reconciler/broker/broker.go @@ -641,6 +641,10 @@ func (r *Reconciler) reconcilerBrokerResource(ctx context.Context, topic string, } } + if broker.Status.Address != nil && broker.Status.Address.Audience != nil { + resource.Ingress.Audience = *broker.Status.Address.Audience + } + egressConfig, err := coreconfig.EgressConfigFromDelivery(ctx, r.Resolver, broker, broker.Spec.Delivery, r.DefaultBackoffDelayMs) if err != nil { return nil, err diff --git a/control-plane/pkg/reconciler/channel/channel.go b/control-plane/pkg/reconciler/channel/channel.go index 92030261c3..c8e2489f2d 100644 --- a/control-plane/pkg/reconciler/channel/channel.go +++ b/control-plane/pkg/reconciler/channel/channel.go @@ -606,6 +606,12 @@ func (r *Reconciler) getSubscriberConfig(ctx context.Context, channel *messaging if subscriber.SubscriberCACerts != nil && *subscriber.SubscriberCACerts != "" { egress.DestinationCACerts = *subscriber.SubscriberCACerts } + if subscriber.SubscriberAudience != nil && *subscriber.SubscriberAudience != "" { + egress.DestinationAudience = *subscriber.SubscriberAudience + } + if subscriber.Auth != nil && subscriber.Auth.ServiceAccountName != nil { + egress.OidcServiceAccountName = *subscriber.Auth.ServiceAccountName + } if subscriptionName != "" { egress.Reference = &contract.Reference{ @@ -622,6 +628,9 @@ func (r *Reconciler) getSubscriberConfig(ctx context.Context, channel *messaging if subscriber.ReplyCACerts != nil && *subscriber.ReplyCACerts != "" { egress.ReplyUrlCACerts = *subscriber.ReplyCACerts } + if subscriber.ReplyAudience != nil && *subscriber.ReplyAudience != "" { + egress.ReplyUrlAudience = *subscriber.ReplyAudience + } } subscriptionEgressConfig, err := coreconfig.EgressConfigFromDelivery(ctx, r.Resolver, channel, subscriber.Delivery, r.DefaultBackoffDelayMs) @@ -701,6 +710,10 @@ func (r *Reconciler) getChannelContractResource(ctx context.Context, topic strin } } + if channel.Status.Address != nil && channel.Status.Address.Audience != nil { + resource.Ingress.Audience = *channel.Status.Address.Audience + } + egressConfig, err := coreconfig.EgressConfigFromDelivery(ctx, r.Resolver, channel, channel.Spec.Delivery, r.DefaultBackoffDelayMs) if err != nil { return nil, err diff --git a/control-plane/pkg/reconciler/channel/v2/channelv2.go b/control-plane/pkg/reconciler/channel/v2/channelv2.go index 40c434f105..34a6429380 100644 --- a/control-plane/pkg/reconciler/channel/v2/channelv2.go +++ b/control-plane/pkg/reconciler/channel/v2/channelv2.go @@ -691,6 +691,10 @@ func (r *Reconciler) getChannelContractResource(ctx context.Context, topic strin } } + if channel.Status.Address != nil && channel.Status.Address.Audience != nil { + resource.Ingress.Audience = *channel.Status.Address.Audience + } + egressConfig, err := coreconfig.EgressConfigFromDelivery(ctx, r.Resolver, channel, channel.Spec.Delivery, r.DefaultBackoffDelayMs) if err != nil { return nil, err diff --git a/control-plane/pkg/reconciler/consumer/consumer.go b/control-plane/pkg/reconciler/consumer/consumer.go index bf0daf099f..9c02a9849b 100644 --- a/control-plane/pkg/reconciler/consumer/consumer.go +++ b/control-plane/pkg/reconciler/consumer/consumer.go @@ -180,6 +180,9 @@ func (r *Reconciler) reconcileContractEgress(ctx context.Context, c *kafkaintern if destinationAddr.CACerts != nil { egress.DestinationCACerts = *destinationAddr.CACerts } + if destinationAddr.Audience != nil { + egress.DestinationAudience = *destinationAddr.Audience + } if c.Spec.Configs.KeyType != nil { egress.KeyType = coreconfig.KeyTypeFromString(*c.Spec.Configs.KeyType) @@ -294,6 +297,9 @@ func (r *Reconciler) reconcileReplyStrategy(ctx context.Context, c *kafkainterna if destination.CACerts != nil { egress.ReplyUrlCACerts = *destination.CACerts } + if destination.Audience != nil { + egress.ReplyUrlAudience = *destination.Audience + } return nil } if c.Spec.Reply.TopicReply != nil && c.Spec.Reply.TopicReply.Enabled { diff --git a/control-plane/pkg/reconciler/sink/kafka_sink.go b/control-plane/pkg/reconciler/sink/kafka_sink.go index 91ce8242cd..1fe6314d57 100644 --- a/control-plane/pkg/reconciler/sink/kafka_sink.go +++ b/control-plane/pkg/reconciler/sink/kafka_sink.go @@ -211,6 +211,11 @@ func (r *Reconciler) reconcileKind(ctx context.Context, ks *eventing.KafkaSink) }, } } + + if ks.Status.Address != nil && ks.Status.Address.Audience != nil { + sinkConfig.Ingress.Audience = *ks.Status.Address.Audience + } + statusConditionManager.ConfigResolved() sinkIndex := coreconfig.FindResource(ct, ks.UID) diff --git a/control-plane/pkg/reconciler/trigger/trigger.go b/control-plane/pkg/reconciler/trigger/trigger.go index a2393ad65d..fd6f4f29ec 100644 --- a/control-plane/pkg/reconciler/trigger/trigger.go +++ b/control-plane/pkg/reconciler/trigger/trigger.go @@ -331,6 +331,12 @@ func (r *Reconciler) reconcileTriggerEgress(ctx context.Context, broker *eventin if destination.CACerts != nil { egress.DestinationCACerts = *destination.CACerts } + if destination.Audience != nil { + egress.DestinationAudience = *destination.Audience + } + if trigger.Status.Auth != nil && trigger.Status.Auth.ServiceAccountName != nil { + egress.OidcServiceAccountName = *trigger.Status.Auth.ServiceAccountName + } newFiltersEnabled := func() bool { r.FlagsLock.RLock()