-
Notifications
You must be signed in to change notification settings - Fork 588
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AuthStatus
and add to OIDC identity providing resources
#7173
Comments
@creydr: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
AuthStatus
and add to sending resourcesAuthStatus
and add to OIDC identity providing resources
AuthStatus
and add to OIDC identity providing resourcesAuthStatus
and add to OIDC identity providing resources
/assign |
Hello @karthikmurali60, |
Hi @creydr |
Hey @karthikmurali60, |
Thanks for the update, will make the changes accordingly |
@creydr I need some help. I have added Also, I am a bit confused regarding what needs to be done in the 2nd part. I am not able to figure out where the |
I think we should be fine without any helper/wrapper for now.
Hello @karthikmurali60, type TriggerStatus struct {
...
// Auth provides the relevant information for OIDC authentication.
// +optional
Auth *eventingduckv1.AuthStatus `json:"auth,omitempty"` Afterwards you need to run the Unfortunately we then have to add this information in the CRD manually too. In the case of the Trigger this would be in the config/core/resources/trigger.yaml, by adding something like the following to its status section: (under ...status.properties:)
...
auth:
description: Auth provides the relevant information for OIDC authentication.
type: object
properties:
serviceAccountName:
description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication.
type: string This then needs to be added to the Subscriptions (type and CRD), Sequences (type and CRD) and Parallels (type and CRD) too. For the sources of eventing core, you could reference the For channels, we also need to add it to the Does this help you to get started? @pierDipi do you have anything to add? Or did I miss something in your opinion? |
That seems accurate @creydr. @karthikmurali60 the pkg changes you've done need to be pushed/merged first before moving forward with the 2nd part, so first I'd open the PR in knative/pkg with:
After the PR is merged with the above changes we can continue with the second part which will cover the remaining resources in Hope that helps |
Reopening this, as knative/pkg#2829 was only a part of this |
@creydr for sources of eventing core, I have gotten the latest changes of pkg into eventing repo using the update-deps script. Which are the CRDs of sources that i need to update? (is it pingsource.yaml ?) |
Seems the changes from knative/pkg#2829 are on their way into the eventing main branch 😃 #7284 |
ApiServerSource, PingSource, ContainerSource and SinkBinding (you can find the CRDs in |
Problem
As the Eventing OIDC feature track describes, the
AuthStatus
is meant to provide the generated service account name in the resource status.We should:
AuthStatus
struct which will look the following:AuthStatus
API in resources, which need to provide their OIDC identity (and update their CRDs):Time Estimate (optional)
1
Additional context (optional)
/good-first-issue
The text was updated successfully, but these errors were encountered: