fix after rewiews

Signed-off-by: pingjiang <[email protected]>
knative · Nov 16, 2023 · 504bca7 · 504bca7
1 parent a7628df
commit 504bca7
Show file tree

Hide file tree

Showing 11 changed files with 31 additions and 34 deletions.
diff --git a/pkg/apis/eventing/v1/trigger_lifecycle.go b/pkg/apis/eventing/v1/trigger_lifecycle.go
@@ -226,7 +226,3 @@ func (ts *TriggerStatus) MarkOIDCIdentityCreatedNotSupported() {
 	// in case the OIDC feature is not supported, we mark the condition as true, to not mark the Trigger unready.
 	triggerCondSet.Manage(ts).MarkTrueWithReason(TriggerConditionOIDCIdentityCreated, fmt.Sprintf("%s feature not yet supported for this Broker class", feature.OIDCAuthentication), "")
 }
-
-func (ts *TriggerStatus) MarkStatus(authStatus *duckv1.AuthStatus) {
-	ts.Auth = authStatus
-}
diff --git a/pkg/apis/messaging/v1/subscription_lifecycle.go b/pkg/apis/messaging/v1/subscription_lifecycle.go
@@ -18,7 +18,6 @@ package v1
 
 import (
 	"knative.dev/pkg/apis"
-	duckv1 "knative.dev/pkg/apis/duck/v1"
 )
 
 // SubCondSet is a condition set with Ready as the happy condition and
@@ -132,7 +131,3 @@ func (ss *SubscriptionStatus) MarkOIDCIdentityCreatedFailed(reason, messageForma
 func (ss *SubscriptionStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
 	SubCondSet.Manage(ss).MarkUnknown(SubscriptionConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
 }
-
-func (ss *SubscriptionStatus) MarkStatus(authStatus *duckv1.AuthStatus) {
-	ss.Auth = authStatus
-}
diff --git a/pkg/apis/sources/v1/apiserver_lifecycle.go b/pkg/apis/sources/v1/apiserver_lifecycle.go
@@ -146,7 +146,3 @@ func (s *ApiServerSourceStatus) MarkOIDCIdentityCreatedFailed(reason, messageFor
 func (s *ApiServerSourceStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
 	apiserverCondSet.Manage(s).MarkUnknown(ApiServerConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
 }
-
-func (s *ApiServerSourceStatus) MarkStatus(authStatus *duckv1.AuthStatus) {
-	s.Auth = authStatus
-}
diff --git a/pkg/apis/sources/v1/ping_lifecycle.go b/pkg/apis/sources/v1/ping_lifecycle.go
@@ -142,7 +142,3 @@ func (s *PingSourceStatus) MarkOIDCIdentityCreatedFailed(reason, messageFormat s
 func (s *PingSourceStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
 	PingSourceCondSet.Manage(s).MarkUnknown(PingSourceConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
 }
-
-func (s *PingSourceStatus) MarkStatus(authStatus *duckv1.AuthStatus) {
-	s.Auth = authStatus
-}
diff --git a/pkg/apis/sources/v1/sinkbinding_lifecycle.go b/pkg/apis/sources/v1/sinkbinding_lifecycle.go
@@ -112,10 +112,6 @@ func (sbs *SinkBindingStatus) MarkOIDCIdentityCreatedUnknown(reason, messageForm
 	sbCondSet.Manage(sbs).MarkUnknown(SinkBindingConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
 }
 
-func (sbs *SinkBindingStatus) MarkStatus(authStatus *duckv1.AuthStatus) {
-	sbs.Auth = authStatus
-}
-
 // Do implements psbinding.Bindable
 func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 	// First undo so that we can just unconditionally append below.

diff --git a/pkg/auth/serviceaccount.go b/pkg/auth/serviceaccount.go
@@ -98,19 +98,16 @@ func EnsureOIDCServiceAccountExistsForResource(ctx context.Context, serviceAccou
 	return nil
 }
 
-type OIDCStatusMarker interface {
+type OIDCIdentityStatusMarker interface {
 	MarkOIDCIdentityCreatedSucceeded()
 	MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{})
 	MarkOIDCIdentityCreatedFailed(reason, messageFormat string, messageA ...interface{})
-	MarkStatus(authStatus *duckv1.AuthStatus)
 }
 
-func OIDCAuthStatusUtility(ctx context.Context, serviceAccountLister corev1listers.ServiceAccountLister, kubeclient kubernetes.Interface, gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta, marker OIDCStatusMarker) pkgreconciler.Event {
-	featureFlags := feature.FromContext(ctx)
-	if featureFlags.IsOIDCAuthentication() {
+func OIDCAuthStatusUtility(flags feature.Flags, ctx context.Context, serviceAccountLister corev1listers.ServiceAccountLister, kubeclient kubernetes.Interface, gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta, marker OIDCIdentityStatusMarker, setAuthStatus func(a *duckv1.AuthStatus)) pkgreconciler.Event {
+	if flags.IsOIDCAuthentication() {
 		saName := GetOIDCServiceAccountNameForResource(gvk, objectMeta)
-
-		marker.MarkStatus(&duckv1.AuthStatus{
+		setAuthStatus(&duckv1.AuthStatus{
 			ServiceAccountName: &saName,
 		})
 		if err := EnsureOIDCServiceAccountExistsForResource(ctx, serviceAccountLister, kubeclient, gvk, objectMeta); err != nil {
@@ -119,7 +116,9 @@ func OIDCAuthStatusUtility(ctx context.Context, serviceAccountLister corev1liste
 		}
 		marker.MarkOIDCIdentityCreatedSucceeded()
 	} else {
-		marker.MarkStatus(nil)
+		setAuthStatus(&duckv1.AuthStatus{
+			ServiceAccountName: nil,
+		})
 		marker.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "")
 	}
 	return nil

diff --git a/pkg/reconciler/apiserversource/apiserversource.go b/pkg/reconciler/apiserversource/apiserversource.go
@@ -40,6 +40,7 @@ import (
 	pkgreconciler "knative.dev/pkg/reconciler"
 	"knative.dev/pkg/resolver"
 
+	"knative.dev/eventing/pkg/apis/feature"
 	apisources "knative.dev/eventing/pkg/apis/sources"
 	v1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/eventing/pkg/auth"
@@ -98,7 +99,10 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, source *v1.ApiServerSour
 	}
 
 	// OIDC authentication
-	if err := auth.OIDCAuthStatusUtility(ctx, r.serviceAccountLister, r.kubeClientSet, v1.SchemeGroupVersion.WithKind("ApiServerSource"), source.ObjectMeta, &source.Status); err != nil {
+	featureFlags := feature.FromContext(ctx)
+	if err := auth.OIDCAuthStatusUtility(featureFlags, ctx, r.serviceAccountLister, r.kubeClientSet, v1.SchemeGroupVersion.WithKind("ApiServerSource"), source.ObjectMeta, &source.Status, func(as *duckv1.AuthStatus) {
+		source.Status.Auth = as
+	}); err != nil {
 		return err
 	}
 

diff --git a/pkg/reconciler/broker/trigger/trigger.go b/pkg/reconciler/broker/trigger/trigger.go
@@ -143,7 +143,10 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, t *eventingv1.Trigger) p
 		return err
 	}
 
-	if err = auth.OIDCAuthStatusUtility(ctx, r.serviceAccountLister, r.kubeclient, eventingv1.SchemeGroupVersion.WithKind("Trigger"), t.ObjectMeta, &t.Status); err != nil {
+	featureFlags := feature.FromContext(ctx)
+	if err = auth.OIDCAuthStatusUtility(featureFlags, ctx, r.serviceAccountLister, r.kubeclient, eventingv1.SchemeGroupVersion.WithKind("Trigger"), t.ObjectMeta, &t.Status, func(as *duckv1.AuthStatus) {
+		t.Status.Auth = as
+	}); err != nil {
 		return err
 	}
 

diff --git a/pkg/reconciler/pingsource/pingsource.go b/pkg/reconciler/pingsource/pingsource.go
@@ -43,6 +43,7 @@ import (
 
 	"knative.dev/eventing/pkg/adapter/mtping"
 	"knative.dev/eventing/pkg/adapter/v2"
+	"knative.dev/eventing/pkg/apis/feature"
 	sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/eventing/pkg/auth"
 	pingsourcereconciler "knative.dev/eventing/pkg/client/injection/reconciler/sources/v1/pingsource"
@@ -105,7 +106,10 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, source *sourcesv1.PingSo
 	}
 
 	// OIDC authentication
-	if err := auth.OIDCAuthStatusUtility(ctx, r.serviceAccountLister, r.kubeClientSet, sourcesv1.SchemeGroupVersion.WithKind("PingSource"), source.ObjectMeta, &source.Status); err != nil {
+	featureFlags := feature.FromContext(ctx)
+	if err := auth.OIDCAuthStatusUtility(featureFlags, ctx, r.serviceAccountLister, r.kubeClientSet, sourcesv1.SchemeGroupVersion.WithKind("PingSource"), source.ObjectMeta, &source.Status, func(as *duckv1.AuthStatus) {
+		source.Status.Auth = as
+	}); err != nil {
 		return err
 	}
 

diff --git a/pkg/reconciler/sinkbinding/controller.go b/pkg/reconciler/sinkbinding/controller.go
@@ -40,6 +40,7 @@ import (
 	"knative.dev/eventing/pkg/apis/feature"
 	v1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/pkg/apis/duck"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
 	kubeclient "knative.dev/pkg/client/injection/kube/client"
 	serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount"
 	"knative.dev/pkg/configmap"
@@ -186,7 +187,11 @@ func (s *SinkBindingSubResourcesReconciler) Reconcile(ctx context.Context, b psb
 			Name:       sb.Spec.Sink.Ref.Name,
 		}, b)
 	}
-	if err := auth.OIDCAuthStatusUtility(ctx, s.serviceAccountLister, s.kubeclient, v1.SchemeGroupVersion.WithKind("SinkBinding"), sb.ObjectMeta, &sb.Status); err != nil {
+
+	featureFlags := s.featureStore.Load()
+	if err := auth.OIDCAuthStatusUtility(featureFlags, ctx, s.serviceAccountLister, s.kubeclient, v1.SchemeGroupVersion.WithKind("SinkBinding"), sb.ObjectMeta, &sb.Status, func(as *duckv1.AuthStatus) {
+		sb.Status.Auth = as
+	}); err != nil {
 		return err
 	}
 

diff --git a/pkg/reconciler/subscription/subscription.go b/pkg/reconciler/subscription/subscription.go
@@ -92,7 +92,10 @@ var _ subscriptionreconciler.Finalizer = (*Reconciler)(nil)
 // ReconcileKind implements Interface.ReconcileKind.
 func (r *Reconciler) ReconcileKind(ctx context.Context, subscription *v1.Subscription) pkgreconciler.Event {
 	// OIDC authentication
-	if err := auth.OIDCAuthStatusUtility(ctx, r.serviceAccountLister, r.kubeclient, v1.SchemeGroupVersion.WithKind("Subscription"), subscription.ObjectMeta, &subscription.Status); err != nil {
+	featureFlags := feature.FromContext(ctx)
+	if err := auth.OIDCAuthStatusUtility(featureFlags, ctx, r.serviceAccountLister, r.kubeclient, v1.SchemeGroupVersion.WithKind("Subscription"), subscription.ObjectMeta, &subscription.Status, func(as *duckv1.AuthStatus) {
+		subscription.Status.Auth = as
+	}); err != nil {
 		return err
 	}