Fix the failed unit test

Signed-off-by: Leo Li <[email protected]>
knative · Dec 5, 2023 · d125209 · d125209
1 parent 8bfb205
commit d125209
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 24 deletions.
diff --git a/pkg/adapter/v2/cloudevents.go b/pkg/adapter/v2/cloudevents.go
@@ -197,16 +197,21 @@ func NewClient(cfg ClientConfig) (Client, error) {
 		return nil, err
 	}
 
-	return &client{
+	client := &client{
 		ceClient:            ceClient,
 		closeIdler:          transport.Base.(*nethttp.Transport),
 		ceOverrides:         ceOverrides,
 		reporter:            cfg.Reporter,
 		crStatusEventClient: cfg.CrStatusEventClient,
-		audience:            cfg.Env.GetAudience(),
-		serviceAccountName:  cfg.Env.GetServiceAccountName(),
-		oidcTokenProvider:   cfg.TokenProvider,
-	}, nil
+	}
+
+	if cfg.Env != nil {
+		client.audience = cfg.Env.GetAudience()
+		client.serviceAccountName = cfg.Env.GetServiceAccountName()
+		client.oidcTokenProvider = cfg.TokenProvider
+	}
+
+	return client, nil
 }
 
 func setTimeOut(duration time.Duration) http.Option {
@@ -230,7 +235,7 @@ type client struct {
 	closeIdler          closeIdler
 
 	oidcTokenProvider  *auth.OIDCTokenProvider
-	audience           string
+	audience           *string
 	serviceAccountName *types.NamespacedName
 }
 
@@ -245,9 +250,9 @@ func (c *client) Send(ctx context.Context, out event.Event) protocol.Result {
 	c.applyOverrides(&out)
 
 	// If the sink has audience and the OIDC service account, then we need to request the JWT token
-	if c.audience != "" && c.serviceAccountName != nil {
+	if c.audience != nil && c.serviceAccountName != nil {
 		// Request the JWT token for the given service account
-		jwt, err := c.oidcTokenProvider.GetJWT(*c.serviceAccountName, c.audience)
+		jwt, err := c.oidcTokenProvider.GetJWT(*c.serviceAccountName, *c.audience)
 		if err != nil {
 			return protocol.NewResult("%w", err)
 		}
@@ -268,9 +273,9 @@ func (c *client) Request(ctx context.Context, out event.Event) (*event.Event, pr
 	c.applyOverrides(&out)
 
 	// If the sink has audience and the OIDC service account, then we need to request the JWT token
-	if c.audience != "" && c.serviceAccountName != nil {
+	if c.audience != nil && c.serviceAccountName != nil {
 		// Request the JWT token for the given service account
-		jwt, err := c.oidcTokenProvider.GetJWT(*c.serviceAccountName, c.audience)
+		jwt, err := c.oidcTokenProvider.GetJWT(*c.serviceAccountName, *c.audience)
 		if err != nil {
 			return nil, protocol.NewResult("%w", err)
 		}

diff --git a/pkg/adapter/v2/config.go b/pkg/adapter/v2/config.go
@@ -70,7 +70,7 @@ type EnvConfig struct {
 	Sink string `envconfig:"K_SINK"`
 
 	// Audience is the audience of the target sink.
-	Audience string `envconfig:"K_AUDIENCE"`
+	Audience *string `envconfig:"K_AUDIENCE"`
 
 	// Service Account Name is the name of the service account to use for the adapter.
 	ServiceAccountName *string `envconfig:"K_OIDC_SERVICE_ACCOUNT"`
@@ -123,7 +123,7 @@ type EnvConfigAccessor interface {
 	GetCACerts() *string
 
 	// Get the audience of the target sink.
-	GetAudience() string
+	GetAudience() *string
 
 	GetServiceAccountName() *types.NamespacedName
 
@@ -202,7 +202,7 @@ func (e *EnvConfig) GetCACerts() *string {
 	return e.CACerts
 }
 
-func (e *EnvConfig) GetAudience() string {
+func (e *EnvConfig) GetAudience() *string {
 	return e.Audience
 }
 

diff --git a/pkg/auth/token_provider.go b/pkg/auth/token_provider.go
@@ -79,8 +79,6 @@ func (c *OIDCTokenProvider) GetNewJWT(serviceAccount types.NamespacedName, audie
 		CreateToken(context.TODO(), serviceAccount.Name, &tokenRequest, metav1.CreateOptions{})
 
 	if err != nil {
-		fmt.Sprintf("could not request a token for %s: %w", serviceAccount, err)
-
 		return "", fmt.Errorf("could not request a token for %s: %w", serviceAccount, err)
 	}
 

diff --git a/pkg/reconciler/apiserversource/apiserversource.go b/pkg/reconciler/apiserversource/apiserversource.go
@@ -372,7 +372,7 @@ func createOIDCRole(ctx context.Context, kubeclient kubernetes.Interface, gvk sc
 	_, err := kubeclient.RbacV1().Roles(objectMeta.Namespace).Get(ctx, roleName, metav1.GetOptions{})
 
 	if apierrs.IsNotFound(err) {
-		role, err := resources.MakeOIDCRole(ctx, gvk, objectMeta)
+		role, err := resources.MakeOIDCRole(gvk, objectMeta)
 		// If the role does not exist, we will call kubeclient to create it
 		_, err = kubeclient.RbacV1().Roles(objectMeta.Namespace).Create(ctx, role, metav1.CreateOptions{})
 		if err != nil {
@@ -394,7 +394,7 @@ func createOIDCRoleBinding(ctx context.Context, kubeclient kubernetes.Interface,
 	_, err := kubeclient.RbacV1().RoleBindings(objectMeta.Namespace).Get(ctx, roleBindingName, metav1.GetOptions{})
 
 	if apierrs.IsNotFound(err) {
-		roleBinding, err := resources.MakeOIDCRoleBinding(ctx, gvk, objectMeta, saName)
+		roleBinding, err := resources.MakeOIDCRoleBinding(gvk, objectMeta, saName)
 		// If the role does not exist, we will call kubeclient to create it
 		_, err = kubeclient.RbacV1().RoleBindings(objectMeta.Namespace).Create(ctx, roleBinding, metav1.CreateOptions{})
 		if err != nil {

diff --git a/pkg/reconciler/apiserversource/resources/receive_adapter.go b/pkg/reconciler/apiserversource/resources/receive_adapter.go
@@ -17,7 +17,6 @@ limitations under the License.
 package resources
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 
@@ -54,8 +53,8 @@ type ReceiveAdapterArgs struct {
 }
 
 // MakeOIDCRole will return the role object config for generating the JWT token
-func MakeOIDCRole(ctx context.Context, gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) (*rbacv1.Role, error) {
-	roleName := fmt.Sprintf("create-oidc-token")
+func MakeOIDCRole(gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) (*rbacv1.Role, error) {
+	roleName := "create-oidc-token"
 
 	return &rbacv1.Role{
 		ObjectMeta: metav1.ObjectMeta{
@@ -80,9 +79,9 @@ func MakeOIDCRole(ctx context.Context, gvk schema.GroupVersionKind, objectMeta m
 // MakeOIDCRoleBinding will return the rolebinding object for generating the JWT token
 // So that ApiServerSource's service account have access to create the JWT token for it's OIDC service account and the target audience
 // Note:  it is in the source.Spec, NOT in source.Auth
-func MakeOIDCRoleBinding(ctx context.Context, gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta, saName string) (*rbacv1.RoleBinding, error) {
-	roleName := fmt.Sprintf("create-oidc-token")
-	roleBindingName := fmt.Sprintf("create-oidc-token")
+func MakeOIDCRoleBinding(gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta, saName string) (*rbacv1.RoleBinding, error) {
+	roleName := "create-oidc-token"
+	roleBindingName := "create-oidc-token"
 
 	return &rbacv1.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
@@ -95,7 +94,7 @@ func MakeOIDCRoleBinding(ctx context.Context, gvk schema.GroupVersionKind, objec
 		RoleRef: rbacv1.RoleRef{
 			APIGroup: "rbac.authorization.k8s.io",
 			Kind:     "Role",
-			Name:     fmt.Sprintf(roleName),
+			Name:     roleName,
 		},
 		Subjects: []rbacv1.Subject{
 			{