diff --git a/pkg/auth/serviceaccount.go b/pkg/auth/serviceaccount.go index ec593ef9bf4..4e30b3480ef 100644 --- a/pkg/auth/serviceaccount.go +++ b/pkg/auth/serviceaccount.go @@ -26,7 +26,7 @@ import ( "knative.dev/pkg/kmeta" pkgreconciler "knative.dev/pkg/reconciler" - "knative.dev/eventing/pkg/apis/sources" + "knative.dev/eventing/pkg/auth" "go.uber.org/zap" v1 "k8s.io/api/core/v1" @@ -39,6 +39,14 @@ import ( "knative.dev/pkg/ptr" ) +const ( + //OIDCLabelKey is used to filter out all the informers that related to OIDC work + OIDCLabelKey = "oidc" + + // OIDCTokenRoleLabelSelector is the label selector for the OIDC token creator role and rolebinding informers + OIDCLabelSelector = OIDCLabelKey +) + // GetOIDCServiceAccountNameForResource returns the service account name to use // for OIDC authentication for the given resource. func GetOIDCServiceAccountNameForResource(gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) string { @@ -69,7 +77,7 @@ func GetOIDCServiceAccountForResource(gvk schema.GroupVersionKind, objectMeta me "description": fmt.Sprintf("Service Account for OIDC Authentication for %s %q", gvk.GroupKind().Kind, objectMeta.Name), }, Labels: map[string]string{ - sources.OIDCLabelKey: "enabled", + auth.OIDCLabelKey: "enabled", }, }, } diff --git a/pkg/auth/serviceaccount_test.go b/pkg/auth/serviceaccount_test.go index 3d64ea0c9f4..600ec770513 100644 --- a/pkg/auth/serviceaccount_test.go +++ b/pkg/auth/serviceaccount_test.go @@ -23,7 +23,7 @@ import ( duckv1 "knative.dev/pkg/apis/duck/v1" kubeclient "knative.dev/pkg/client/injection/kube/client/fake" - "knative.dev/eventing/pkg/apis/sources" + "knative.dev/eventing/pkg/auth" "github.com/google/go-cmp/cmp" v1 "k8s.io/api/core/v1" @@ -111,7 +111,7 @@ func TestGetOIDCServiceAccountForResource(t *testing.T) { "description": "Service Account for OIDC Authentication for Broker \"my-broker\"", }, Labels: map[string]string{ - sources.OIDCLabelKey: "enabled", + auth.OIDCLabelKey: "enabled", }, }, } diff --git a/pkg/reconciler/apiserversource/apiserversource_test.go b/pkg/reconciler/apiserversource/apiserversource_test.go index d53dd96ea1e..aeec9356f1f 100644 --- a/pkg/reconciler/apiserversource/apiserversource_test.go +++ b/pkg/reconciler/apiserversource/apiserversource_test.go @@ -21,8 +21,6 @@ import ( "fmt" "testing" - "knative.dev/eventing/pkg/apis/sources" - "knative.dev/pkg/kmeta" rbacv1 "k8s.io/api/rbac/v1" @@ -1425,7 +1423,7 @@ func makeOIDCRole() *rbacv1.Role { "description": fmt.Sprintf("Role for OIDC Authentication for ApiServerSource %q", sourceName), }, Labels: map[string]string{ - sources.OIDCLabelKey: "", + auth.OIDCLabelKey: "", }, OwnerReferences: []metav1.OwnerReference{ *kmeta.NewControllerRef(src), @@ -1455,7 +1453,7 @@ func makeOIDCRoleBinding() *rbacv1.RoleBinding { "description": fmt.Sprintf("Role Binding for OIDC Authentication for ApiServerSource %q", sourceName), }, Labels: map[string]string{ - sources.OIDCLabelKey: "", + auth.OIDCLabelKey: "", }, OwnerReferences: []metav1.OwnerReference{ *kmeta.NewControllerRef(src), diff --git a/pkg/reconciler/apiserversource/resources/oidc_rolebinding.go b/pkg/reconciler/apiserversource/resources/oidc_rolebinding.go index 0b486cb1526..ac9a8d13fd1 100644 --- a/pkg/reconciler/apiserversource/resources/oidc_rolebinding.go +++ b/pkg/reconciler/apiserversource/resources/oidc_rolebinding.go @@ -19,7 +19,7 @@ package resources import ( "fmt" - "knative.dev/eventing/pkg/apis/sources" + "knative.dev/eventing/pkg/auth" "knative.dev/pkg/kmeta" @@ -54,7 +54,7 @@ func MakeOIDCRole(source *v1.ApiServerSource) (*rbacv1.Role, error) { "description": fmt.Sprintf("Role for OIDC Authentication for ApiServerSource %q", source.GetName()), }, Labels: map[string]string{ - sources.OIDCLabelKey: "", + auth.OIDCLabelKey: "", }, OwnerReferences: []metav1.OwnerReference{ *kmeta.NewControllerRef(source), @@ -92,7 +92,7 @@ func MakeOIDCRoleBinding(source *v1.ApiServerSource) (*rbacv1.RoleBinding, error "description": fmt.Sprintf("Role Binding for OIDC Authentication for ApiServerSource %q", source.GetName()), }, Labels: map[string]string{ - sources.OIDCLabelKey: "", + auth.OIDCLabelKey: "", }, OwnerReferences: []metav1.OwnerReference{ *kmeta.NewControllerRef(source),