From fdf889e0f13485d18bc7dec0fbaf3acc98062290 Mon Sep 17 00:00:00 2001 From: karkabbage Date: Sat, 24 Feb 2024 20:44:37 -0500 Subject: [PATCH 01/15] Changes in pkg/reconciler/trigger based on #7527 --- .../pkg/reconciler/trigger/controller.go | 14 +++++++++---- .../pkg/reconciler/trigger/controller_test.go | 20 ++++++++++++++++--- .../trigger/namespaced_controller.go | 13 ++++++++---- .../trigger/namespaced_controller_test.go | 6 +++++- 4 files changed, 41 insertions(+), 12 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller.go b/control-plane/pkg/reconciler/trigger/controller.go index b9b78f32c1..ff8147f95f 100644 --- a/control-plane/pkg/reconciler/trigger/controller.go +++ b/control-plane/pkg/reconciler/trigger/controller.go @@ -19,6 +19,8 @@ package trigger import ( "context" + "knative.dev/eventing/pkg/auth" + "github.com/IBM/sarama" "go.uber.org/zap" "k8s.io/apimachinery/pkg/labels" @@ -44,7 +46,8 @@ import ( triggerinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/trigger" triggerreconciler "knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1/trigger" eventinglisters "knative.dev/eventing/pkg/client/listers/eventing/v1" - serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" + // serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" + serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" "knative.dev/eventing-kafka-broker/control-plane/pkg/config" "knative.dev/eventing-kafka-broker/control-plane/pkg/kafka" @@ -65,7 +68,8 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf brokerInformer := brokerinformer.Get(ctx) triggerInformer := triggerinformer.Get(ctx) triggerLister := triggerInformer.Lister() - serviceaccountInformer := serviceaccountinformer.Get(ctx) + // serviceaccountInformer := serviceaccountinformer.Get(ctx) + oidcServiceaccountInformer := serviceaccountinformer.Get(ctx, auth.OIDCLabelSelector) reconciler := &Reconciler{ Reconciler: &base.Reconciler{ @@ -93,7 +97,8 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf NewKafkaClient: sarama.NewClient, NewKafkaClusterAdminClient: sarama.NewClusterAdmin, InitOffsetsFunc: offset.InitOffsets, - ServiceAccountLister: serviceaccountInformer.Lister(), + // ServiceAccountLister: serviceaccountInformer.Lister(), + serviceAccountLister: oidcServiceaccountInformer.Lister(), } impl := triggerreconciler.NewImpl(ctx, reconciler, func(impl *controller.Impl) controller.Options { @@ -143,7 +148,8 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf secretinformer.Get(ctx).Informer().AddEventHandler(controller.HandleAll(reconciler.Tracker.OnChanged)) // Reconciler Trigger when the OIDC service account changes - serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + // serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ FilterFunc: controller.FilterController(&eventing.Trigger{}), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) diff --git a/control-plane/pkg/reconciler/trigger/controller_test.go b/control-plane/pkg/reconciler/trigger/controller_test.go index 7fb6b03ad3..5e15cd7f43 100644 --- a/control-plane/pkg/reconciler/trigger/controller_test.go +++ b/control-plane/pkg/reconciler/trigger/controller_test.go @@ -17,8 +17,14 @@ package trigger import ( + "context" + "testing" + // unsure if below is necessary: + "knative.dev/eventing/pkg/auth" + filteredFactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -27,7 +33,8 @@ import ( _ "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap/fake" _ "knative.dev/pkg/client/injection/kube/informers/core/v1/pod/fake" _ "knative.dev/pkg/client/injection/kube/informers/core/v1/secret/fake" - _ "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/fake" + _ "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake" + _ "knative.dev/pkg/client/injection/kube/informers/factory/filtered/fake" "knative.dev/pkg/configmap" reconcilertesting "knative.dev/pkg/reconciler/testing" @@ -41,7 +48,8 @@ import ( ) func TestNewController(t *testing.T) { - ctx, _ := reconcilertesting.SetupFakeContext(t) + // ctx, _ := reconcilertesting.SetupFakeContext(t) + ctx, _ := SetupFakeContext(t, SetUpInformerSelector) controller := NewController(ctx, configmap.NewStaticWatcher(&corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -53,8 +61,14 @@ func TestNewController(t *testing.T) { } } +func SetUpInformerSelector(ctx context.Context) context.Context { + ctx = filteredFactory.WithSelectors(ctx, auth.OIDCLabelSelector) + return ctx +} + func TestFilterTriggers(t *testing.T) { - ctx, _ := reconcilertesting.SetupFakeContext(t) + // ctx, _ := reconcilertesting.SetupFakeContext(t) + ctx, _ := SetupFakeContext(t, SetUpInformerSelector) tt := []struct { name string diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index d6f4a1ab45..569678a5e0 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -27,7 +27,9 @@ import ( configmapinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap" podinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/pod" secretinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/secret" - serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" + // serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" + serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" + "knative.dev/pkg/configmap" "knative.dev/pkg/controller" "knative.dev/pkg/logging" @@ -59,7 +61,8 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con brokerInformer := brokerinformer.Get(ctx) triggerInformer := triggerinformer.Get(ctx) triggerLister := triggerInformer.Lister() - serviceaccountInformer := serviceaccountinformer.Get(ctx) + // serviceaccountInformer := serviceaccountinformer.Get(ctx) + oidcServiceaccountInformer := serviceaccountinformer.Get(ctx, auth.OIDCLabelSelector) reconciler := &NamespacedReconciler{ Reconciler: &base.Reconciler{ @@ -79,7 +82,8 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con }, BrokerLister: brokerInformer.Lister(), ConfigMapLister: configmapInformer.Lister(), - ServiceAccountLister: serviceaccountInformer.Lister(), + // ServiceAccountLister: serviceaccountInformer.Lister(), + ServiceAccountLister: oidcServiceaccountInformer.Lister(), EventingClient: eventingclient.Get(ctx), Env: configs, NewKafkaClient: sarama.NewClient, @@ -138,7 +142,8 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con secretinformer.Get(ctx).Informer().AddEventHandler(controller.HandleAll(reconciler.Tracker.OnChanged)) // Reconciler Trigger when the OIDC service account changes - serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + // serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ FilterFunc: controller.FilterController(&eventing.Trigger{}), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go index 0907bd11bf..b6862a55ae 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go @@ -29,6 +29,9 @@ import ( "knative.dev/pkg/configmap" reconcilertesting "knative.dev/pkg/reconciler/testing" + _ "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake" + _ "knative.dev/pkg/client/injection/kube/informers/factory/filtered/fake" + _ "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/broker/fake" _ "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/trigger/fake" @@ -36,7 +39,8 @@ import ( ) func TestNewNamespacedController(t *testing.T) { - ctx, _ := reconcilertesting.SetupFakeContext(t) + // ctx, _ := reconcilertesting.SetupFakeContext(t) + ctx, _ := SetupFakeContext(t, SetUpInformerSelector) controller := NewNamespacedController(ctx, configmap.NewStaticWatcher(&corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ From 1cbeac3122532a6df8d7b4be10c4bce5c1d10a80 Mon Sep 17 00:00:00 2001 From: karkabbage Date: Fri, 8 Mar 2024 11:10:36 -0500 Subject: [PATCH 02/15] codegen updated --- .../v1/serviceaccount/filtered/fake/fake.go | 52 +++++++++++++++ .../serviceaccount/filtered/serviceaccount.go | 65 +++++++++++++++++++ vendor/modules.txt | 2 + 3 files changed, 119 insertions(+) create mode 100644 vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake/fake.go create mode 100644 vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/serviceaccount.go diff --git a/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake/fake.go b/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake/fake.go new file mode 100644 index 0000000000..4a89f8b5d3 --- /dev/null +++ b/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake/fake.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package fake + +import ( + context "context" + + filtered "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" + factoryfiltered "knative.dev/pkg/client/injection/kube/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +var Get = filtered.Get + +func init() { + injection.Fake.RegisterFilteredInformers(withInformer) +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(factoryfiltered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := factoryfiltered.Get(ctx, selector) + inf := f.Core().V1().ServiceAccounts() + ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} diff --git a/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/serviceaccount.go b/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/serviceaccount.go new file mode 100644 index 0000000000..58cb4fc80b --- /dev/null +++ b/vendor/knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/serviceaccount.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by injection-gen. DO NOT EDIT. + +package filtered + +import ( + context "context" + + v1 "k8s.io/client-go/informers/core/v1" + filtered "knative.dev/pkg/client/injection/kube/informers/factory/filtered" + controller "knative.dev/pkg/controller" + injection "knative.dev/pkg/injection" + logging "knative.dev/pkg/logging" +) + +func init() { + injection.Default.RegisterFilteredInformers(withInformer) +} + +// Key is used for associating the Informer inside the context.Context. +type Key struct { + Selector string +} + +func withInformer(ctx context.Context) (context.Context, []controller.Informer) { + untyped := ctx.Value(filtered.LabelKey{}) + if untyped == nil { + logging.FromContext(ctx).Panic( + "Unable to fetch labelkey from context.") + } + labelSelectors := untyped.([]string) + infs := []controller.Informer{} + for _, selector := range labelSelectors { + f := filtered.Get(ctx, selector) + inf := f.Core().V1().ServiceAccounts() + ctx = context.WithValue(ctx, Key{Selector: selector}, inf) + infs = append(infs, inf.Informer()) + } + return ctx, infs +} + +// Get extracts the typed informer from the context. +func Get(ctx context.Context, selector string) v1.ServiceAccountInformer { + untyped := ctx.Value(Key{Selector: selector}) + if untyped == nil { + logging.FromContext(ctx).Panicf( + "Unable to fetch k8s.io/client-go/informers/core/v1.ServiceAccountInformer with selector %s from context.", selector) + } + return untyped.(v1.ServiceAccountInformer) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 67a1e85aa0..9cf00c0acd 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1535,6 +1535,8 @@ knative.dev/pkg/client/injection/kube/informers/core/v1/service knative.dev/pkg/client/injection/kube/informers/core/v1/service/fake knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/fake +knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered +knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered/fake knative.dev/pkg/client/injection/kube/informers/factory knative.dev/pkg/client/injection/kube/informers/factory/fake knative.dev/pkg/client/injection/kube/informers/factory/filtered From a4f179787d44c473ba0d306dddc35d5b63d220b0 Mon Sep 17 00:00:00 2001 From: karkabbage Date: Fri, 8 Mar 2024 11:25:47 -0500 Subject: [PATCH 03/15] fixing imported auth path --- control-plane/pkg/reconciler/trigger/namespaced_controller.go | 1 + 1 file changed, 1 insertion(+) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index 346680d047..94e7689ace 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -22,6 +22,7 @@ import ( "knative.dev/eventing-kafka-broker/control-plane/pkg/kafka/clientpool" "knative.dev/eventing-kafka-broker/control-plane/pkg/kafka/offset" + "knative.dev/eventing/pkg/auth" "k8s.io/client-go/tools/cache" kubeclient "knative.dev/pkg/client/injection/kube/client" configmapinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap" From 04fa4cda77c0bb80a9a768d5cb5d39f1d44b774b Mon Sep 17 00:00:00 2001 From: karkabbage Date: Fri, 8 Mar 2024 11:38:42 -0500 Subject: [PATCH 04/15] made fixes --- control-plane/pkg/reconciler/trigger/controller.go | 5 +---- .../pkg/reconciler/trigger/namespaced_controller_test.go | 2 ++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller.go b/control-plane/pkg/reconciler/trigger/controller.go index d580fcaafe..a7fff84d7a 100644 --- a/control-plane/pkg/reconciler/trigger/controller.go +++ b/control-plane/pkg/reconciler/trigger/controller.go @@ -20,8 +20,6 @@ import ( "context" "knative.dev/eventing/pkg/auth" - - "github.com/IBM/sarama" "go.uber.org/zap" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" @@ -100,8 +98,7 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf GetKafkaClient: clientPool.GetClient, GetKafkaClusterAdmin: clientPool.GetClusterAdmin, InitOffsetsFunc: offset.InitOffsets, - // ServiceAccountLister: serviceaccountInformer.Lister(), - serviceAccountLister: oidcServiceaccountInformer.Lister(), + ServiceAccountLister: oidcServiceaccountInformer.Lister(), } impl := triggerreconciler.NewImpl(ctx, reconciler, func(impl *controller.Impl) controller.Options { diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go index 0524b3e03f..da77966b17 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go @@ -22,6 +22,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "knative.dev/eventing/pkg/auth" + _ "knative.dev/pkg/client/injection/ducks/duck/v1/addressable/fake" _ "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap/fake" _ "knative.dev/pkg/client/injection/kube/informers/core/v1/pod/fake" From bca29ca694214b92242874d63d4bf0ef60dd54ce Mon Sep 17 00:00:00 2001 From: karkabbage Date: Fri, 8 Mar 2024 11:45:51 -0500 Subject: [PATCH 05/15] bug fixes --- control-plane/pkg/reconciler/trigger/controller_test.go | 1 - .../pkg/reconciler/trigger/namespaced_controller_test.go | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller_test.go b/control-plane/pkg/reconciler/trigger/controller_test.go index 20e2513414..dcab8399a1 100644 --- a/control-plane/pkg/reconciler/trigger/controller_test.go +++ b/control-plane/pkg/reconciler/trigger/controller_test.go @@ -18,7 +18,6 @@ package trigger import ( "context" - "testing" // unsure if below is necessary: diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go index da77966b17..dfcbee0fc0 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go @@ -17,13 +17,12 @@ package trigger import ( + "context" "testing" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "knative.dev/eventing/pkg/auth" - _ "knative.dev/pkg/client/injection/ducks/duck/v1/addressable/fake" _ "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap/fake" _ "knative.dev/pkg/client/injection/kube/informers/core/v1/pod/fake" From 7eafae0c78a15078a06db18a454bc0b3cf032dd5 Mon Sep 17 00:00:00 2001 From: karkabbage Date: Fri, 29 Mar 2024 10:18:05 -0400 Subject: [PATCH 06/15] fixed setup fake context lines --- control-plane/pkg/reconciler/trigger/controller_test.go | 7 ++----- .../pkg/reconciler/trigger/namespaced_controller_test.go | 4 +--- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller_test.go b/control-plane/pkg/reconciler/trigger/controller_test.go index d66199c54f..78f936861d 100644 --- a/control-plane/pkg/reconciler/trigger/controller_test.go +++ b/control-plane/pkg/reconciler/trigger/controller_test.go @@ -20,7 +20,6 @@ import ( "context" "testing" - // unsure if below is necessary: "knative.dev/eventing/pkg/auth" filteredFactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered" @@ -49,8 +48,7 @@ import ( func TestNewController(t *testing.T) { // ctx, _ := reconcilertesting.SetupFakeContext(t) - ctx, _ := SetupFakeContext(t, SetUpInformerSelector) - + ctx, _ := reconcilertesting.SetupFakeContext(t, SetUpInformerSelector) ctx = clientpool.WithKafkaClientPool(ctx) controller := NewController(ctx, configmap.NewStaticWatcher(&corev1.ConfigMap{ @@ -73,8 +71,7 @@ func SetUpInformerSelector(ctx context.Context) context.Context { } func TestFilterTriggers(t *testing.T) { - // ctx, _ := reconcilertesting.SetupFakeContext(t) - ctx, _ := SetupFakeContext(t, SetUpInformerSelector) + ctx, _ := reconcilertesting.SetupFakeContext(t, SetUpInformerSelector) tt := []struct { name string diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go index 357752464c..97adbaacda 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller_test.go @@ -17,7 +17,6 @@ package trigger import ( - "context" "testing" corev1 "k8s.io/api/core/v1" @@ -41,8 +40,7 @@ import ( ) func TestNewNamespacedController(t *testing.T) { - // ctx, _ := reconcilertesting.SetupFakeContext(t) - ctx, _ := SetupFakeContext(t, SetUpInformerSelector) + ctx, _ := reconcilertesting.SetupFakeContext(t, SetUpInformerSelector) ctx = clientpool.WithKafkaClientPool(ctx) From d42ec725a3219bb0fefe3d3e9811bf7ae5d74e63 Mon Sep 17 00:00:00 2001 From: yijie-04 Date: Fri, 29 Mar 2024 10:53:11 -0400 Subject: [PATCH 07/15] added label selector --- control-plane/cmd/kafka-controller/main.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/control-plane/cmd/kafka-controller/main.go b/control-plane/cmd/kafka-controller/main.go index 1df7e207ed..4bfb67f309 100644 --- a/control-plane/cmd/kafka-controller/main.go +++ b/control-plane/cmd/kafka-controller/main.go @@ -27,6 +27,7 @@ import ( "knative.dev/pkg/injection/sharedmain" "knative.dev/pkg/signals" + "knative.dev/eventing/pkg/auth" "knative.dev/eventing/pkg/eventingtls" "knative.dev/eventing-kafka-broker/control-plane/pkg/config" @@ -64,6 +65,7 @@ func main() { ctx := signals.NewContext() ctx = filteredFactory.WithSelectors(ctx, eventingtls.TrustBundleLabelSelector, + auth.OIDCLabelSelector, ) ctx = clientpool.WithKafkaClientPool(ctx) From 4dd8713e4de1397d779c6b8b8efbe1f9f2138673 Mon Sep 17 00:00:00 2001 From: yijie-04 Date: Tue, 2 Apr 2024 12:50:09 -0400 Subject: [PATCH 08/15] linting --- control-plane/pkg/reconciler/trigger/controller.go | 4 ++-- .../pkg/reconciler/trigger/namespaced_controller.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller.go b/control-plane/pkg/reconciler/trigger/controller.go index d1fee6690c..d53a276c19 100644 --- a/control-plane/pkg/reconciler/trigger/controller.go +++ b/control-plane/pkg/reconciler/trigger/controller.go @@ -19,10 +19,10 @@ package trigger import ( "context" - "knative.dev/eventing/pkg/auth" "go.uber.org/zap" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" + "knative.dev/eventing/pkg/auth" v1 "knative.dev/eventing/pkg/client/informers/externalversions/eventing/v1" kubeclient "knative.dev/pkg/client/injection/kube/client" configmapinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap" @@ -157,7 +157,7 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf // Reconciler Trigger when the OIDC service account changes // serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ + oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ FilterFunc: controller.FilterController(&eventing.Trigger{}), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index 837487a994..3d9705bfa2 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -23,8 +23,8 @@ import ( "knative.dev/eventing-kafka-broker/control-plane/pkg/kafka/clientpool" "knative.dev/eventing-kafka-broker/control-plane/pkg/kafka/offset" - "knative.dev/eventing/pkg/auth" "k8s.io/client-go/tools/cache" + "knative.dev/eventing/pkg/auth" kubeclient "knative.dev/pkg/client/injection/kube/client" configmapinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap" podinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/pod" @@ -84,10 +84,10 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con FlagsHolder: &FlagsHolder{ Flags: feature.Flags{}, }, - BrokerLister: brokerInformer.Lister(), - ConfigMapLister: configmapInformer.Lister(), + BrokerLister: brokerInformer.Lister(), + ConfigMapLister: configmapInformer.Lister(), // ServiceAccountLister: serviceaccountInformer.Lister(), - ServiceAccountLister: oidcServiceaccountInformer.Lister(), + ServiceAccountLister: oidcServiceaccountInformer.Lister(), EventingClient: eventingclient.Get(ctx), Env: configs, GetKafkaClient: clientPool.GetClient, From 5b5b633e82a7628a6ee67bbf7ead3104755c4a0d Mon Sep 17 00:00:00 2001 From: karkabbage Date: Sat, 13 Apr 2024 10:20:41 -0400 Subject: [PATCH 09/15] comitting changes to pass tests in /trigger_finalizer_test.go --- test/e2e_new/trigger_finalizer_test.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/e2e_new/trigger_finalizer_test.go b/test/e2e_new/trigger_finalizer_test.go index 512ae79f41..bd5d5bf716 100644 --- a/test/e2e_new/trigger_finalizer_test.go +++ b/test/e2e_new/trigger_finalizer_test.go @@ -36,8 +36,6 @@ import ( "knative.dev/reconciler-test/pkg/k8s" "knative.dev/reconciler-test/pkg/knative" "knative.dev/reconciler-test/pkg/resources/service" - - triggerreconciler "knative.dev/eventing-kafka-broker/control-plane/pkg/reconciler/trigger" ) func TestTriggerNoFinalizer(t *testing.T) { @@ -101,7 +99,7 @@ func hasNoKafkaBrokerFinalizer() func(ctx context.Context, t feature.T) { time.Sleep(time.Second * 20) // "eventually" tr := triggerfeatures.GetTrigger(ctx, t) for _, f := range tr.Finalizers { - require.NotEqual(t, f, triggerreconciler.FinalizerName, "%+v", tr) + require.NotEqual(t, f, "kafka.triggers.eventing.knative.dev", "%+v", tr) } } } From 3e9129d0e60dd92de599837b8b80ee66bba772e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Thu, 2 May 2024 12:21:55 +0200 Subject: [PATCH 10/15] Reconcile trigger on OIDC service account changes only, if SA references a trigger for correct broker class --- .../pkg/reconciler/trigger/controller.go | 33 +++- .../pkg/reconciler/trigger/controller_test.go | 165 ++++++++++++++++++ .../pkg/reconciler/trigger/v2/controllerv2.go | 32 +++- 3 files changed, 227 insertions(+), 3 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller.go b/control-plane/pkg/reconciler/trigger/controller.go index d53a276c19..b84fe995cd 100644 --- a/control-plane/pkg/reconciler/trigger/controller.go +++ b/control-plane/pkg/reconciler/trigger/controller.go @@ -18,6 +18,8 @@ package trigger import ( "context" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "go.uber.org/zap" "k8s.io/apimachinery/pkg/labels" @@ -156,9 +158,8 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf secretinformer.Get(ctx).Informer().AddEventHandler(controller.HandleAll(reconciler.Tracker.OnChanged)) // Reconciler Trigger when the OIDC service account changes - // serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterController(&eventing.Trigger{}), + FilterFunc: filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister(), kafka.BrokerClass, FinalizerName), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) @@ -186,6 +187,34 @@ func filterTriggers(lister eventinglisters.BrokerLister, brokerClass string, fin } } +// filterOIDCServiceAccounts returns a function that returns true if the resource passed +// is a service account, which is owned by a trigger pointing to a the given broker class. +func filterOIDCServiceAccounts(triggerLister eventinglisters.TriggerLister, brokerLister eventinglisters.BrokerLister, brokerClass string, finalizer string) func(interface{}) bool { + return func(obj interface{}) bool { + controlledByTrigger := controller.FilterController(&eventing.Trigger{})(obj) + if !controlledByTrigger { + return false + } + + sa, ok := obj.(*corev1.ServiceAccount) + if !ok { + return false + } + + owner := metav1.GetControllerOf(sa) + if owner == nil { + return false + } + + trigger, err := triggerLister.Triggers(sa.Namespace).Get(owner.Name) + if err != nil { + return false + } + + return filterTriggers(brokerLister, brokerClass, finalizer)(trigger) + } +} + func hasKafkaBrokerTriggerFinalizer(finalizers []string, finalizerName string) bool { for _, f := range finalizers { if f == finalizerName { diff --git a/control-plane/pkg/reconciler/trigger/controller_test.go b/control-plane/pkg/reconciler/trigger/controller_test.go index 78f936861d..647fa03b4b 100644 --- a/control-plane/pkg/reconciler/trigger/controller_test.go +++ b/control-plane/pkg/reconciler/trigger/controller_test.go @@ -18,6 +18,8 @@ package trigger import ( "context" + triggerinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/trigger" + "knative.dev/pkg/ptr" "testing" "knative.dev/eventing/pkg/auth" @@ -194,3 +196,166 @@ func TestFilterTriggers(t *testing.T) { }) } } + +func TestFilterOIDCServiceAccounts(t *testing.T) { + ctx, _ := reconcilertesting.SetupFakeContext(t, SetUpInformerSelector) + + tt := []struct { + name string + sa *corev1.ServiceAccount + trigger *eventing.Trigger + brokers []*eventing.Broker + pass bool + }{{ + name: "matching owner reference", + sa: &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "sa", + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: eventing.SchemeGroupVersion.String(), + Kind: "Trigger", + Name: "tr", + Controller: ptr.Bool(true), + }, + }, + }, + }, + trigger: &eventing.Trigger{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "tr", + Finalizers: []string{FinalizerName}, + }, + Spec: eventing.TriggerSpec{ + Broker: "br", + }, + }, + brokers: []*eventing.Broker{{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "br", + Annotations: map[string]string{ + eventing.BrokerClassAnnotationKey: kafka.BrokerClass, + }, + }, + }}, + pass: true, + }, { + name: "references trigger for wrong broker class", + sa: &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "sa", + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: eventing.SchemeGroupVersion.String(), + Kind: "Trigger", + Name: "tr", + Controller: ptr.Bool(true), + }, + }, + }, + }, + trigger: &eventing.Trigger{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "tr", + }, + Spec: eventing.TriggerSpec{ + Broker: "br", + }, + }, + brokers: []*eventing.Broker{{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "br", + Annotations: map[string]string{ + eventing.BrokerClassAnnotationKey: "another-broker-class", + }, + }, + }}, + pass: false, + }, { + name: "references trigger with correct finalizer", + sa: &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "sa", + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: eventing.SchemeGroupVersion.String(), + Kind: "Trigger", + Name: "tr", + Controller: ptr.Bool(true), + }, + }, + }, + }, + trigger: &eventing.Trigger{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "tr", + Finalizers: []string{FinalizerName}, + }, + Spec: eventing.TriggerSpec{ + Broker: "br", + }, + }, + brokers: []*eventing.Broker{{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "br", + }, + }}, + pass: true, + }, { + name: "no owner reference", + sa: &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "sa", + }, + }, + trigger: &eventing.Trigger{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "tr", + Finalizers: []string{FinalizerName}, + }, + Spec: eventing.TriggerSpec{ + Broker: "br", + }, + }, + brokers: []*eventing.Broker{{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "br", + Annotations: map[string]string{ + eventing.BrokerClassAnnotationKey: kafka.BrokerClass, + }, + }, + }}, + pass: false, + }} + + for _, tc := range tt { + tc := tc + t.Run(tc.name, func(t *testing.T) { + brokerInformer := brokerinformer.Get(ctx) + for _, obj := range tc.brokers { + err := brokerInformer.Informer().GetStore().Add(obj) + assert.NoError(t, err) + } + + triggerInformer := triggerinformer.Get(ctx) + err := triggerInformer.Informer().GetStore().Add(tc.trigger) + assert.NoError(t, err) + + filter := filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister(), kafka.BrokerClass, FinalizerName) + pass := filter(tc.sa) + assert.Equal(t, tc.pass, pass) + }) + } +} diff --git a/control-plane/pkg/reconciler/trigger/v2/controllerv2.go b/control-plane/pkg/reconciler/trigger/v2/controllerv2.go index f6d35de905..ef84a77c66 100644 --- a/control-plane/pkg/reconciler/trigger/v2/controllerv2.go +++ b/control-plane/pkg/reconciler/trigger/v2/controllerv2.go @@ -18,6 +18,8 @@ package v2 import ( "context" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "go.uber.org/zap" "k8s.io/apimachinery/pkg/labels" @@ -138,7 +140,7 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf // Reconciler Trigger when the OIDC service account changes oidcServiceAccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterController(&eventing.Trigger{}), + FilterFunc: filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister()), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) @@ -166,6 +168,34 @@ func filterTriggers(lister eventinglisters.BrokerLister) func(interface{}) bool } } +// filterOIDCServiceAccounts returns a function that returns true if the resource passed +// is a service account, which is owned by a trigger pointing to a the given broker class. +func filterOIDCServiceAccounts(triggerLister eventinglisters.TriggerLister, brokerLister eventinglisters.BrokerLister) func(interface{}) bool { + return func(obj interface{}) bool { + controlledByTrigger := controller.FilterController(&eventing.Trigger{})(obj) + if !controlledByTrigger { + return false + } + + sa, ok := obj.(*corev1.ServiceAccount) + if !ok { + return false + } + + owner := metav1.GetControllerOf(sa) + if owner == nil { + return false + } + + trigger, err := triggerLister.Triggers(sa.Namespace).Get(owner.Name) + if err != nil { + return false + } + + return filterTriggers(brokerLister)(trigger) + } +} + func hasKafkaBrokerTriggerFinalizer(finalizers []string, finalizerName string) bool { for _, f := range finalizers { if f == finalizerName { From 10470ec7f375169e1a2f0a673ce7d7413b13241f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Thu, 2 May 2024 12:22:51 +0200 Subject: [PATCH 11/15] Run goimport and gofmt --- control-plane/pkg/reconciler/trigger/controller.go | 2 ++ control-plane/pkg/reconciler/trigger/controller_test.go | 3 ++- control-plane/pkg/reconciler/trigger/namespaced_controller.go | 1 + control-plane/pkg/reconciler/trigger/v2/controllerv2.go | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/control-plane/pkg/reconciler/trigger/controller.go b/control-plane/pkg/reconciler/trigger/controller.go index b84fe995cd..16d0298adc 100644 --- a/control-plane/pkg/reconciler/trigger/controller.go +++ b/control-plane/pkg/reconciler/trigger/controller.go @@ -18,6 +18,7 @@ package trigger import ( "context" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -47,6 +48,7 @@ import ( triggerinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/trigger" triggerreconciler "knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1/trigger" eventinglisters "knative.dev/eventing/pkg/client/listers/eventing/v1" + // serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" diff --git a/control-plane/pkg/reconciler/trigger/controller_test.go b/control-plane/pkg/reconciler/trigger/controller_test.go index 647fa03b4b..031afd3e9a 100644 --- a/control-plane/pkg/reconciler/trigger/controller_test.go +++ b/control-plane/pkg/reconciler/trigger/controller_test.go @@ -18,9 +18,10 @@ package trigger import ( "context" + "testing" + triggerinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/trigger" "knative.dev/pkg/ptr" - "testing" "knative.dev/eventing/pkg/auth" filteredFactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered" diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index 7f8f9aa0a8..bd72b51cda 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -29,6 +29,7 @@ import ( configmapinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/configmap" podinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/pod" secretinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/secret" + // serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" diff --git a/control-plane/pkg/reconciler/trigger/v2/controllerv2.go b/control-plane/pkg/reconciler/trigger/v2/controllerv2.go index ef84a77c66..6374ecc6f9 100644 --- a/control-plane/pkg/reconciler/trigger/v2/controllerv2.go +++ b/control-plane/pkg/reconciler/trigger/v2/controllerv2.go @@ -18,6 +18,7 @@ package v2 import ( "context" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" From 971f43b8052a2aca24ab2b74fe15f4d166582143 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Thu, 2 May 2024 17:52:42 +0200 Subject: [PATCH 12/15] Namespaced broker: Reconcile trigger on OIDC service account changes only, if SA references a trigger for correct broker class --- control-plane/pkg/reconciler/trigger/namespaced_controller.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index bd72b51cda..6afbc15c73 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -38,7 +38,6 @@ import ( "knative.dev/pkg/logging" "knative.dev/pkg/resolver" - eventing "knative.dev/eventing/pkg/apis/eventing/v1" "knative.dev/eventing/pkg/apis/feature" eventingclient "knative.dev/eventing/pkg/client/injection/client" brokerinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1/broker" @@ -158,7 +157,7 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con // Reconciler Trigger when the OIDC service account changes // serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterController(&eventing.Trigger{}), + FilterFunc: filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister(), kafka.BrokerClass, FinalizerName), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) From 9c4f232671c5553316030ec25ca9610ba81ead0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Thu, 2 May 2024 17:55:59 +0200 Subject: [PATCH 13/15] Remove unneeded comments --- control-plane/pkg/reconciler/trigger/controller.go | 2 -- control-plane/pkg/reconciler/trigger/controller_test.go | 1 - .../pkg/reconciler/trigger/namespaced_controller.go | 7 ++----- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/control-plane/pkg/reconciler/trigger/controller.go b/control-plane/pkg/reconciler/trigger/controller.go index 16d0298adc..41138ca061 100644 --- a/control-plane/pkg/reconciler/trigger/controller.go +++ b/control-plane/pkg/reconciler/trigger/controller.go @@ -49,7 +49,6 @@ import ( triggerreconciler "knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1/trigger" eventinglisters "knative.dev/eventing/pkg/client/listers/eventing/v1" - // serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" "knative.dev/eventing-kafka-broker/control-plane/pkg/config" @@ -71,7 +70,6 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf brokerInformer := brokerinformer.Get(ctx) triggerInformer := triggerinformer.Get(ctx) triggerLister := triggerInformer.Lister() - // serviceaccountInformer := serviceaccountinformer.Get(ctx) oidcServiceaccountInformer := serviceaccountinformer.Get(ctx, auth.OIDCLabelSelector) clientPool := clientpool.Get(ctx) diff --git a/control-plane/pkg/reconciler/trigger/controller_test.go b/control-plane/pkg/reconciler/trigger/controller_test.go index 031afd3e9a..80ed0165ff 100644 --- a/control-plane/pkg/reconciler/trigger/controller_test.go +++ b/control-plane/pkg/reconciler/trigger/controller_test.go @@ -50,7 +50,6 @@ import ( ) func TestNewController(t *testing.T) { - // ctx, _ := reconcilertesting.SetupFakeContext(t) ctx, _ := reconcilertesting.SetupFakeContext(t, SetUpInformerSelector) ctx = clientpool.WithKafkaClientPool(ctx) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index 6afbc15c73..75d0eba629 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -63,7 +63,6 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con brokerInformer := brokerinformer.Get(ctx) triggerInformer := triggerinformer.Get(ctx) triggerLister := triggerInformer.Lister() - // serviceaccountInformer := serviceaccountinformer.Get(ctx) oidcServiceaccountInformer := serviceaccountinformer.Get(ctx, auth.OIDCLabelSelector) clientPool := clientpool.Get(ctx) @@ -84,9 +83,8 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con FlagsHolder: &FlagsHolder{ Flags: feature.Flags{}, }, - BrokerLister: brokerInformer.Lister(), - ConfigMapLister: configmapInformer.Lister(), - // ServiceAccountLister: serviceaccountInformer.Lister(), + BrokerLister: brokerInformer.Lister(), + ConfigMapLister: configmapInformer.Lister(), ServiceAccountLister: oidcServiceaccountInformer.Lister(), EventingClient: eventingclient.Get(ctx), Env: configs, @@ -155,7 +153,6 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con secretinformer.Get(ctx).Informer().AddEventHandler(controller.HandleAll(reconciler.Tracker.OnChanged)) // Reconciler Trigger when the OIDC service account changes - // serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ FilterFunc: filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister(), kafka.BrokerClass, FinalizerName), Handler: controller.HandleAll(impl.EnqueueControllerOf), From d56d0e5e5f1fb8a2af6b595951ee1e1aac7edaad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Thu, 2 May 2024 17:58:18 +0200 Subject: [PATCH 14/15] Remove one more of unneeded comments --- control-plane/pkg/reconciler/trigger/namespaced_controller.go | 1 - 1 file changed, 1 deletion(-) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index 75d0eba629..464cbb24d1 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -30,7 +30,6 @@ import ( podinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/pod" secretinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/secret" - // serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount" serviceaccountinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/serviceaccount/filtered" "knative.dev/pkg/configmap" From 73f4b8671e2f6415bfd68ad1b436811dd6a6f65a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20St=C3=A4bler?= Date: Fri, 3 May 2024 07:39:24 +0200 Subject: [PATCH 15/15] Use correct BrokerClass for NamespacedBroker SA filter Co-authored-by: Calum Murray --- control-plane/pkg/reconciler/trigger/namespaced_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control-plane/pkg/reconciler/trigger/namespaced_controller.go b/control-plane/pkg/reconciler/trigger/namespaced_controller.go index 464cbb24d1..e021784959 100644 --- a/control-plane/pkg/reconciler/trigger/namespaced_controller.go +++ b/control-plane/pkg/reconciler/trigger/namespaced_controller.go @@ -153,7 +153,7 @@ func NewNamespacedController(ctx context.Context, watcher configmap.Watcher, con // Reconciler Trigger when the OIDC service account changes oidcServiceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister(), kafka.BrokerClass, FinalizerName), + FilterFunc: filterOIDCServiceAccounts(triggerInformer.Lister(), brokerInformer.Lister(), kafka.NamespacedBrokerClass, FinalizerName), Handler: controller.HandleAll(impl.EnqueueControllerOf), })