upgrade to latest dependencies

bumping knative.dev/pkg 21d8c37...bc230ae: > bc230ae Update community files (# 2932) bumping knative.dev/eventing 429bbaa...bc89d28: > bc89d28 [main] Update community files (# 7568) > 50ee8a2 added instructions to use e2e-debug.sh in the doc (# 7554) > d9921e0 Reload trust-bundle on new connections (# 7567) > a7166fc Trust-manager integration (# 7532) bumping knative.dev/reconciler-test 3c6c7d6...f3503f8: > f3503f8 Update community files (# 651) bumping knative.dev/hack 3ea694d...e89096d: > e89096d Update community files (# 358) Signed-off-by: Knative Automation <[email protected]>
knative-extensions · Jan 11, 2024 · cdb13c9 · cdb13c9
1 parent 083129e
commit cdb13c9
Show file tree

Hide file tree

Showing 11 changed files with 470 additions and 105 deletions.
diff --git a/go.mod b/go.mod
@@ -25,10 +25,10 @@ require (
 	k8s.io/apimachinery v0.28.5
 	k8s.io/client-go v0.28.5
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
-	knative.dev/eventing v0.39.1-0.20240110084326-429bbaa8a182
-	knative.dev/hack v0.0.0-20240108153050-3ea694d6dad7
-	knative.dev/pkg v0.0.0-20240109155808-21d8c37af23f
-	knative.dev/reconciler-test v0.0.0-20240108142423-3c6c7d6ae81c
+	knative.dev/eventing v0.39.1-0.20240111013811-bc89d2851777
+	knative.dev/hack v0.0.0-20240111013919-e89096d74d85
+	knative.dev/pkg v0.0.0-20240111013350-bc230ae58d14
+	knative.dev/reconciler-test v0.0.0-20240111013856-f3503f895978
 	sigs.k8s.io/yaml v1.4.0
 )
 

diff --git a/go.sum b/go.sum
@@ -952,14 +952,14 @@ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5Ohx
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.39.1-0.20240110084326-429bbaa8a182 h1:jccNdyH18hqjgfyj/I9+W1DccTkZlfnDbkmdpfTiaRA=
-knative.dev/eventing v0.39.1-0.20240110084326-429bbaa8a182/go.mod h1:BGv4RmZ2Vj/QrEx1kLndXx1ism1tE8GiE67mgG9tt2g=
-knative.dev/hack v0.0.0-20240108153050-3ea694d6dad7 h1:mICurlRke2mlKP3LmyWYQYl6KZe80rYP5+ag9w2HQLA=
-knative.dev/hack v0.0.0-20240108153050-3ea694d6dad7/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/pkg v0.0.0-20240109155808-21d8c37af23f h1:F7zv+n+OY+FD8kX6/4CzAFbT+n4QKeJ025jHeOwFBvM=
-knative.dev/pkg v0.0.0-20240109155808-21d8c37af23f/go.mod h1:8/u65OwQ+l56FFE1j8BB/rMiy6B9dom4fTrvLFZ/Vqg=
-knative.dev/reconciler-test v0.0.0-20240108142423-3c6c7d6ae81c h1:QRYq1DALX+qpC6A9ZNfjdoLZrx5Uea931rq/2tySmZ8=
-knative.dev/reconciler-test v0.0.0-20240108142423-3c6c7d6ae81c/go.mod h1:XyEKX1l6HKLKgifABg1A+u/IZteyVivjfYM32ZtfxP0=
+knative.dev/eventing v0.39.1-0.20240111013811-bc89d2851777 h1:WpE/KiOhE/0HLWJlqM4PF1wkDC4QteVwBpYo1Ulp5Fw=
+knative.dev/eventing v0.39.1-0.20240111013811-bc89d2851777/go.mod h1:BGv4RmZ2Vj/QrEx1kLndXx1ism1tE8GiE67mgG9tt2g=
+knative.dev/hack v0.0.0-20240111013919-e89096d74d85 h1:ERgPObDcW9LfaEPAeFvbW3UJcF3C3ul6B2ErNMv13OE=
+knative.dev/hack v0.0.0-20240111013919-e89096d74d85/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
+knative.dev/pkg v0.0.0-20240111013350-bc230ae58d14 h1:F3+36IHb7qFLg0r43QBfF+PRcMXHnHOpS0gIERZGpXA=
+knative.dev/pkg v0.0.0-20240111013350-bc230ae58d14/go.mod h1:8/u65OwQ+l56FFE1j8BB/rMiy6B9dom4fTrvLFZ/Vqg=
+knative.dev/reconciler-test v0.0.0-20240111013856-f3503f895978 h1:/occth4F0B4fJkeVB0qpXMuodRS1IhTRa94XC8iMGsE=
+knative.dev/reconciler-test v0.0.0-20240111013856-f3503f895978/go.mod h1:XyEKX1l6HKLKgifABg1A+u/IZteyVivjfYM32ZtfxP0=
 pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
 pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

diff --git a/vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go b/vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go
@@ -20,12 +20,15 @@ import (
 	"context"
 	"errors"
 	"fmt"
-
+	"net"
 	nethttp "net/http"
 	"net/url"
 	"time"
 
 	"k8s.io/apimachinery/pkg/types"
+	corev1listers "k8s.io/client-go/listers/core/v1"
+	"knative.dev/pkg/network"
+
 	"knative.dev/eventing/pkg/auth"
 
 	cloudevents "github.com/cloudevents/sdk-go/v2"
@@ -115,6 +118,8 @@ type ClientConfig struct {
 	CrStatusEventClient *crstatusevent.CRStatusEventClient
 	Options             []http.Option
 	TokenProvider       *auth.OIDCTokenProvider
+
+	TrustBundleConfigMapLister corev1listers.ConfigMapNamespaceLister
 }
 
 type clientConfigKey struct{}
@@ -149,18 +154,19 @@ func NewClient(cfg ClientConfig) (Client, error) {
 		}
 
 		if eventingtls.IsHttpsSink(cfg.Env.GetSink()) {
-			var err error
-
 			clientConfig := eventingtls.NewDefaultClientConfig()
 			clientConfig.CACerts = cfg.Env.GetCACerts()
-
-			tlsConfig, err := eventingtls.GetTLSClientConfig(clientConfig)
-			if err != nil {
-				return nil, err
-			}
+			clientConfig.TrustBundleConfigMapLister = cfg.TrustBundleConfigMapLister
 
 			httpsTransport := transport.Base.(*nethttp.Transport).Clone()
-			httpsTransport.TLSClientConfig = tlsConfig
+
+			httpsTransport.DialTLSContext = func(ctx context.Context, net, addr string) (net.Conn, error) {
+				tlsConfig, err := eventingtls.GetTLSClientConfig(clientConfig)
+				if err != nil {
+					return nil, err
+				}
+				return network.DialTLSWithBackOff(ctx, net, addr, tlsConfig)
+			}
 
 			transport = &ochttp.Transport{
 				Base:        httpsTransport,

diff --git a/vendor/knative.dev/eventing/pkg/adapter/v2/main.go b/vendor/knative.dev/eventing/pkg/adapter/v2/main.go
@@ -26,13 +26,16 @@ import (
 	"sync"
 	"time"
 
-	"knative.dev/eventing/pkg/auth"
-
 	cloudevents "github.com/cloudevents/sdk-go/v2"
 	"github.com/kelseyhightower/envconfig"
 	"go.uber.org/zap"
+	"k8s.io/client-go/informers"
+	corev1listers "k8s.io/client-go/listers/core/v1"
 	"knative.dev/pkg/tracing"
 
+	"knative.dev/eventing/pkg/auth"
+	"knative.dev/eventing/pkg/eventingtls"
+
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -216,11 +219,43 @@ func MainWithInformers(ctx context.Context, component string, env EnvConfigAcces
 		logger.Errorw("Error building statsreporter", zap.Error(err))
 	}
 
+	var trustBundleConfigMapLister corev1listers.ConfigMapNamespaceLister
+	if IsConfigWatcherEnabled(ctx) {
+
+		logger.Info("ConfigMap watcher is enabled")
+
+		// Manually create a ConfigMap informer for the env.GetNamespace() namespace to have it
+		// optionally created when needed.
+		infFactory := informers.NewSharedInformerFactoryWithOptions(
+			kubeclient.Get(ctx),
+			controller.GetResyncPeriod(ctx),
+			informers.WithNamespace(env.GetNamespace()),
+			informers.WithTweakListOptions(func(options *metav1.ListOptions) {
+				options.LabelSelector = eventingtls.TrustBundleLabelSelector
+			}),
+		)
+
+		go func() {
+			<-ctx.Done()
+			infFactory.Shutdown()
+		}()
+
+		inf := infFactory.Core().V1().ConfigMaps()
+
+		_ = inf.Informer() // Actually create informer
+
+		trustBundleConfigMapLister = inf.Lister().ConfigMaps(env.GetNamespace())
+
+		infFactory.Start(ctx.Done())
+		_ = infFactory.WaitForCacheSync(ctx.Done())
+	}
+
 	clientConfig := ClientConfig{
-		Env:                 env,
-		Reporter:            reporter,
-		CrStatusEventClient: crStatusEventClient,
-		TokenProvider:       auth.NewOIDCTokenProvider(ctx),
+		Env:                        env,
+		Reporter:                   reporter,
+		CrStatusEventClient:        crStatusEventClient,
+		TokenProvider:              auth.NewOIDCTokenProvider(ctx),
+		TrustBundleConfigMapLister: trustBundleConfigMapLister,
 	}
 	ctx = withClientConfig(ctx, clientConfig)
 

diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go
@@ -20,8 +20,10 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"go.uber.org/zap"
+	corev1listers "k8s.io/client-go/listers/core/v1"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -31,6 +33,8 @@ import (
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 	"knative.dev/pkg/logging"
 	"knative.dev/pkg/tracker"
+
+	"knative.dev/eventing/pkg/eventingtls"
 )
 
 const (
@@ -160,40 +164,46 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 		}
 	}
 
-	spec := ps.Spec.Template.Spec
-	for i := range spec.InitContainers {
-		spec.InitContainers[i].Env = append(spec.InitContainers[i].Env, corev1.EnvVar{
+	for i := range ps.Spec.Template.Spec.InitContainers {
+		ps.Spec.Template.Spec.InitContainers[i].Env = append(ps.Spec.Template.Spec.InitContainers[i].Env, corev1.EnvVar{
 			Name:  "K_SINK",
 			Value: addr.URL.String(),
 		})
 		if addr.CACerts != nil {
-			spec.InitContainers[i].Env = append(spec.InitContainers[i].Env, corev1.EnvVar{
+			ps.Spec.Template.Spec.InitContainers[i].Env = append(ps.Spec.Template.Spec.InitContainers[i].Env, corev1.EnvVar{
 				Name:  "K_CA_CERTS",
 				Value: *addr.CACerts,
 			})
 		}
-		spec.InitContainers[i].Env = append(spec.InitContainers[i].Env, corev1.EnvVar{
+		ps.Spec.Template.Spec.InitContainers[i].Env = append(ps.Spec.Template.Spec.InitContainers[i].Env, corev1.EnvVar{
 			Name:  "K_CE_OVERRIDES",
 			Value: ceOverrides,
 		})
 	}
-	for i := range spec.Containers {
-		spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+	for i := range ps.Spec.Template.Spec.Containers {
+		ps.Spec.Template.Spec.Containers[i].Env = append(ps.Spec.Template.Spec.Containers[i].Env, corev1.EnvVar{
 			Name:  "K_SINK",
 			Value: addr.URL.String(),
 		})
 		if addr.CACerts != nil {
-			spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+			ps.Spec.Template.Spec.Containers[i].Env = append(ps.Spec.Template.Spec.Containers[i].Env, corev1.EnvVar{
 				Name:  "K_CA_CERTS",
 				Value: *addr.CACerts,
 			})
 		}
-		spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+		ps.Spec.Template.Spec.Containers[i].Env = append(ps.Spec.Template.Spec.Containers[i].Env, corev1.EnvVar{
 			Name:  "K_CE_OVERRIDES",
 			Value: ceOverrides,
 		})
 	}
 
+	pss, err := eventingtls.AddTrustBundleVolumes(GetTrustBundleConfigMapLister(ctx), sb, &ps.Spec.Template.Spec)
+	if err != nil {
+		logging.FromContext(ctx).Errorw("Failed to add trust bundle volumes %s/%s: %+v", zap.Error(err))
+		return
+	}
+	ps.Spec.Template.Spec = *pss
+
 	if sb.Status.OIDCTokenSecretName != nil {
 		ps.Spec.Template.Spec.Volumes = append(ps.Spec.Template.Spec.Volumes, corev1.Volume{
 			Name: oidcTokenVolumeName,
@@ -212,14 +222,14 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 			},
 		})
 
-		for i := range spec.Containers {
-			spec.Containers[i].VolumeMounts = append(spec.Containers[i].VolumeMounts, corev1.VolumeMount{
+		for i := range ps.Spec.Template.Spec.Containers {
+			ps.Spec.Template.Spec.Containers[i].VolumeMounts = append(ps.Spec.Template.Spec.Containers[i].VolumeMounts, corev1.VolumeMount{
 				Name:      oidcTokenVolumeName,
 				MountPath: "/oidc",
 			})
 		}
-		for i := range spec.InitContainers {
-			spec.InitContainers[i].VolumeMounts = append(spec.InitContainers[i].VolumeMounts, corev1.VolumeMount{
+		for i := range ps.Spec.Template.Spec.InitContainers {
+			ps.Spec.Template.Spec.InitContainers[i].VolumeMounts = append(ps.Spec.Template.Spec.InitContainers[i].VolumeMounts, corev1.VolumeMount{
 				Name:      oidcTokenVolumeName,
 				MountPath: "/oidc",
 			})
@@ -228,68 +238,88 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 }
 
 func (sb *SinkBinding) Undo(ctx context.Context, ps *duckv1.WithPod) {
-	spec := ps.Spec.Template.Spec
-	for i, c := range spec.InitContainers {
-		if len(c.Env) == 0 {
-			continue
-		}
-		env := make([]corev1.EnvVar, 0, len(spec.InitContainers[i].Env))
-		for j, ev := range c.Env {
-			switch ev.Name {
-			case "K_SINK", "K_CE_OVERRIDES", "K_CA_CERTS":
-				continue
-			default:
-				env = append(env, spec.InitContainers[i].Env[j])
+	for i, c := range ps.Spec.Template.Spec.InitContainers {
+		if len(c.Env) > 0 {
+			env := make([]corev1.EnvVar, 0, len(ps.Spec.Template.Spec.InitContainers[i].Env))
+			for j, ev := range c.Env {
+				switch ev.Name {
+				case "K_SINK", "K_CE_OVERRIDES", "K_CA_CERTS":
+					continue
+				default:
+					env = append(env, ps.Spec.Template.Spec.InitContainers[i].Env[j])
+				}
 			}
+			ps.Spec.Template.Spec.InitContainers[i].Env = env
 		}
-		spec.InitContainers[i].Env = env
 
-		if len(spec.InitContainers[i].VolumeMounts) > 0 {
-			volumeMounts := make([]corev1.VolumeMount, 0, len(spec.InitContainers[i].VolumeMounts))
+		if len(ps.Spec.Template.Spec.InitContainers[i].VolumeMounts) > 0 {
+			volumeMounts := make([]corev1.VolumeMount, 0, len(ps.Spec.Template.Spec.InitContainers[i].VolumeMounts))
 			for j, vol := range c.VolumeMounts {
 				if vol.Name == oidcTokenVolumeName {
 					continue
 				}
-				volumeMounts = append(volumeMounts, spec.InitContainers[i].VolumeMounts[j])
+				if strings.HasPrefix(vol.Name, eventingtls.TrustBundleVolumeNamePrefix) {
+					continue
+				}
+				volumeMounts = append(volumeMounts, ps.Spec.Template.Spec.InitContainers[i].VolumeMounts[j])
 			}
-			spec.InitContainers[i].VolumeMounts = volumeMounts
+			ps.Spec.Template.Spec.InitContainers[i].VolumeMounts = volumeMounts
 		}
 	}
-	for i, c := range spec.Containers {
-		if len(c.Env) == 0 {
-			continue
-		}
-		env := make([]corev1.EnvVar, 0, len(spec.Containers[i].Env))
-		for j, ev := range c.Env {
-			switch ev.Name {
-			case "K_SINK", "K_CE_OVERRIDES", "K_CA_CERTS":
-				continue
-			default:
-				env = append(env, spec.Containers[i].Env[j])
+	for i, c := range ps.Spec.Template.Spec.Containers {
+		if len(c.Env) > 0 {
+			env := make([]corev1.EnvVar, 0, len(ps.Spec.Template.Spec.Containers[i].Env))
+			for j, ev := range c.Env {
+				switch ev.Name {
+				case "K_SINK", "K_CE_OVERRIDES", "K_CA_CERTS":
+					continue
+				default:
+					env = append(env, ps.Spec.Template.Spec.Containers[i].Env[j])
+				}
 			}
+			ps.Spec.Template.Spec.Containers[i].Env = env
 		}
-		spec.Containers[i].Env = env
 
-		if len(spec.Containers[i].VolumeMounts) > 0 {
-			volumeMounts := make([]corev1.VolumeMount, 0, len(spec.Containers[i].VolumeMounts))
+		if len(ps.Spec.Template.Spec.Containers[i].VolumeMounts) > 0 {
+			volumeMounts := make([]corev1.VolumeMount, 0, len(ps.Spec.Template.Spec.Containers[i].VolumeMounts))
 			for j, vol := range c.VolumeMounts {
 				if vol.Name == oidcTokenVolumeName {
 					continue
 				}
-				volumeMounts = append(volumeMounts, spec.Containers[i].VolumeMounts[j])
+				if strings.HasPrefix(vol.Name, eventingtls.TrustBundleVolumeNamePrefix) {
+					continue
+				}
+				volumeMounts = append(volumeMounts, ps.Spec.Template.Spec.Containers[i].VolumeMounts[j])
 			}
-			spec.Containers[i].VolumeMounts = volumeMounts
+			ps.Spec.Template.Spec.Containers[i].VolumeMounts = volumeMounts
 		}
 	}
 
-	if len(spec.Volumes) > 0 {
-		volumes := make([]corev1.Volume, 0, len(spec.Volumes))
-		for i, vol := range spec.Volumes {
+	if len(ps.Spec.Template.Spec.Volumes) > 0 {
+		volumes := make([]corev1.Volume, 0, len(ps.Spec.Template.Spec.Volumes))
+		for i, vol := range ps.Spec.Template.Spec.Volumes {
 			if vol.Name == oidcTokenVolumeName {
 				continue
 			}
-			volumes = append(volumes, spec.Volumes[i])
+			if strings.HasPrefix(vol.Name, eventingtls.TrustBundleVolumeNamePrefix) {
+				continue
+			}
+			volumes = append(volumes, ps.Spec.Template.Spec.Volumes[i])
 		}
 		ps.Spec.Template.Spec.Volumes = volumes
 	}
 }
+
+type configMapListerKey struct{}
+
+func WithTrustBundleConfigMapLister(ctx context.Context, lister corev1listers.ConfigMapLister) context.Context {
+	return context.WithValue(ctx, configMapListerKey{}, lister)
+}
+
+func GetTrustBundleConfigMapLister(ctx context.Context) corev1listers.ConfigMapLister {
+	value := ctx.Value(configMapListerKey{})
+	if value == nil {
+		panic("No ConfigMapLister found in context.")
+	}
+	return value.(corev1listers.ConfigMapLister)
+}