-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: make oidc discovery url configurable #8145
feat: make oidc discovery url configurable #8145
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #8145 +/- ##
==========================================
- Coverage 67.47% 66.47% -1.01%
==========================================
Files 371 371
Lines 18036 18318 +282
==========================================
+ Hits 12169 12176 +7
- Misses 5088 5351 +263
- Partials 779 791 +12 ☔ View full report in Codecov by Sentry. |
pkg/auth/token_verifier.go
Outdated
@@ -57,14 +53,14 @@ type IDToken struct { | |||
AccessTokenHash string | |||
} | |||
|
|||
func NewOIDCTokenVerifier(ctx context.Context) *OIDCTokenVerifier { | |||
func NewOIDCTokenVerifier(ctx context.Context, features feature.Flags) *OIDCTokenVerifier { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason, for not getting the feature store from the given context?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This made it easier to re-create the verifier in the callback functions when the config-features cm changes
/cc @creydr |
/assign @creydr Can you take a look? |
@creydr can you take a look? |
/cc |
6ff7de7
to
3f2dfa6
Compare
Rebased after #8195 |
Signed-off-by: Calum Murray <[email protected]>
3f2dfa6
to
837d926
Compare
@Cali0707, on testing with
This was because the used HTTP client of the TokenVerifier (now only Verifier) only took the CA certs from the API server. I addressed this in eee1320 (which should support Trustbundles too). |
I can also check on #8145 (comment) and get the features from the ctx in |
Would this work if the features were updated to have a new url? |
When we make sure we pass a context, which has the features (e.g. featureStore.ToContext(ctx)), I'd guess so Anyhow not totally sure about it, as having it as a parameter shows directly, that this is required for the function call 🤔 |
@pierDipi As I also committed to this PR, could you give it a quick review from your side too? |
… of feature flags Signed-off-by: Cali0707 <[email protected]>
Signed-off-by: Cali0707 <[email protected]>
/cc @creydr |
JobSink does not come up
I guess this is because https://github.com/knative/eventing/pull/8145/files#diff-09c972dc18a7eba8ddf0c27c3a5629ea43289af799f5af6aaf67b5a6848665c7R58 does not need to be a pointer / is unitialized Edit: addressed in e5b9e23 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Cali0707, pierDipi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test unit-tests |
/retest |
Fixes #8121
Proposed Changes
Release Note