Remove OIDC service account, when OIDC feature is disabled again

[creydr]

Currently the OIDC service accounts are not removed, when the authentication-oidc feature is disabled again. This should be changed, so that the OIDC related service accounts do only exist, when the feature is enabled.

The following resources are affected:

• Triggers via Support auto generation of Triggers identity service account and expose in AuthStatus #7222
• Subscription via Support auto generation of Subscriptions identity service account and expose in AuthStatus #7223
• Sequence via Support auto generation of Sequence identity service account and expose in AuthStatus #7224
• Parallel via Support auto generation of Parallel identity service account and expose in AuthStatus #7225
• ApiServerSource via Support auto generation of ApiServerSource identity service account and expose in AuthStatus #7226
• PingSource via Support auto generation of PingSource identity service account and expose in AuthStatus #7227
• ContainerSource via Support auto generation of ContainerSource identity service account and expose in AuthStatus #7228
• SinkBinding via Support auto generation of SinkBindings identity service account and expose in AuthStatus #7324

[xiangpingjiang]

/assign

[Leo6Leo]

@xiangpingjiang Happy new year pingjiang! Do you need any help on this issue?

[pawarpranav83]

Hey! Can I work on this issue? @Leo6Leo

Approach - we create a function that checks whether the service account exists or not, if it does, we call the kubeclient.CoreV1().ServiceAccounts(...).Delete(...). And this function is then called in the else block of - SetupOIDCServiceAccount() in which we already check for the flag and is used by the above components.
And add a test for this situation.

eventing/pkg/auth/serviceaccount.go

Lines 121 to 124 in 36b3115

	} else {
	setAuthStatus(nil)
	marker.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "")
	}

[Leo6Leo]

Hi @xiangpingjiang

I hope you're doing well! We've noticed that there hasn't been much activity on this issue recently and we've missed your input. We just wanted to check in and see if everything is okay!

I understand that life gets busy and priorities can shift. If you have already starting tackling this issue, that's great! Please let us know if you need any support. However, if you're tied up with other commitments, no worries at all - just give us a heads-up so we can reassign the issue to another volunteer @pawarpranav83 who's eager to contribute!

Please let me know by commenting here within next 24 hours, otherwise I will be assigning this issue to @pawarpranav83 !

[Leo6Leo]

Hey @xiangpingjiang ! As I didn't hear back from you in the past 24 hour, I will un-assign this issue from you for now to leave the opportunity open for other contributors! There are other issues still available in the repo, feel free to take a look at here for more information!

Hey @pawarpranav83 , thanks for offering help on this issue! I will assign this issue to you, and feel free to let us know if have any questions, we are here to help :))
/assign @pawarpranav83