upgrade to latest dependencies

bumping knative.dev/eventing 0b45ad8...c38f800: > c38f800 Refactor the code that rejects for wrong audience (# 7492) > c24dab5 Eventing TLS: Add E2E TLS test for Parallel (# 7395) > 1f38c2e Move containersource OIDC feature to test/auth (# 7506) Signed-off-by: Knative Automation <[email protected]>
knative-extensions · Dec 14, 2023 · 3b46f04 · 3b46f04
1 parent 91b331c
commit 3b46f04
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -25,7 +25,7 @@ require (
 	k8s.io/apimachinery v0.27.6
 	k8s.io/client-go v0.27.6
 	k8s.io/utils v0.0.0-20230209194617-a36077c30491
-	knative.dev/eventing v0.39.1-0.20231212143445-0b45ad82cfd5
+	knative.dev/eventing v0.39.1-0.20231214122719-c38f800db203
 	knative.dev/hack v0.0.0-20231201014241-7030d5bf584d
 	knative.dev/pkg v0.0.0-20231211072236-4914c472e81a
 	knative.dev/reconciler-test v0.0.0-20231205070418-c92305962aa8

diff --git a/go.sum b/go.sum
@@ -935,8 +935,8 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5F
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.39.1-0.20231212143445-0b45ad82cfd5 h1:gsbWF0/itl6yfamq6NYCy6hXLdDrP3UlSL0w1lSHRuk=
-knative.dev/eventing v0.39.1-0.20231212143445-0b45ad82cfd5/go.mod h1:1KXqyrFfvj1ZTStoDOzIl7mnag+hMY/NxWnl0IJ5adU=
+knative.dev/eventing v0.39.1-0.20231214122719-c38f800db203 h1:gY+CIATxCZhkqPN1OGBn7QAmu0jOYM3eHwEHuntKu2E=
+knative.dev/eventing v0.39.1-0.20231214122719-c38f800db203/go.mod h1:1KXqyrFfvj1ZTStoDOzIl7mnag+hMY/NxWnl0IJ5adU=
 knative.dev/hack v0.0.0-20231201014241-7030d5bf584d h1:IqXY770znXS9tLJDEh+OUcLMgtIFslSxqao3uplpUlY=
 knative.dev/hack v0.0.0-20231201014241-7030d5bf584d/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/pkg v0.0.0-20231211072236-4914c472e81a h1:rvQ83jR984Ow/O6Kjo2svp1G09bSfjn+fCvo/rKiEp4=

diff --git a/vendor/knative.dev/eventing/pkg/auth/token_verifier.go b/vendor/knative.dev/eventing/pkg/auth/token_verifier.go
@@ -151,6 +151,27 @@ func (c *OIDCTokenVerifier) getKubernetesOIDCDiscovery() (*openIDMetadata, error
 	return openIdConfig, nil
 }
 
+// VerifyJWTFromRequest will verify the incoming request contains the correct JWT token
+func (tokenVerifier *OIDCTokenVerifier) VerifyJWTFromRequest(ctx context.Context, r *http.Request, audience *string, response http.ResponseWriter) error {
+	token := GetJWTFromHeader(r.Header)
+	if token == "" {
+		response.WriteHeader(http.StatusUnauthorized)
+		return fmt.Errorf("no JWT token found in request")
+	}
+
+	if audience == nil {
+		response.WriteHeader(http.StatusInternalServerError)
+		return fmt.Errorf("no audience is provided")
+	}
+
+	if _, err := tokenVerifier.VerifyJWT(ctx, token, *audience); err != nil {
+		response.WriteHeader(http.StatusUnauthorized)
+		return fmt.Errorf("failed to verify JWT: %w", err)
+	}
+
+	return nil
+}
+
 type openIDMetadata struct {
 	Issuer        string   `json:"issuer"`
 	JWKSURI       string   `json:"jwks_uri"`

diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1283,7 +1283,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.39.1-0.20231212143445-0b45ad82cfd5
+# knative.dev/eventing v0.39.1-0.20231214122719-c38f800db203
 ## explicit; go 1.19
 knative.dev/eventing/cmd/heartbeats
 knative.dev/eventing/pkg/adapter/v2