upgrade to latest dependencies

bumping knative.dev/serving 227975c...1f7cc48: > 1f7cc48 Log errors in cert rotation test when deleting secret (# 15325) > 2e5d17e Update net-gateway-api nightly (# 15324) bumping knative.dev/eventing c60bcd0...ea8f0fd: > ea8f0fd Add `AppliedEventPoliciesStatus` type (# 7999) > 8da4543 Add `default-authorization-mode` feature flag (# 7996) > 7f37d64 Add EventPolicy types (# 7995) > 6259113 Fix possible nil pointer dereference in event-dispatcher (# 7994) > 67ceb9e Move job sink certificate out of config core (# 7993) > b18b1b1 JobSink: add webhook validation for spec.job (# 7962) > 0bce743 Support arbitrary data for rekt configmap package (# 7991) > 834d833 Add JobSink data plane symlink in config/ (# 7990) Signed-off-by: Knative Automation <[email protected]>
knative-extensions · Jun 14, 2024 · 5ca9ff5 · 5ca9ff5
1 parent 42709a9
commit 5ca9ff5
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 19 deletions.
diff --git a/go.mod b/go.mod
@@ -15,10 +15,10 @@ require (
 	k8s.io/api v0.29.2
 	k8s.io/apimachinery v0.29.2
 	k8s.io/client-go v0.29.2
-	knative.dev/eventing v0.41.1-0.20240611091249-c60bcd048fd3
+	knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06
 	knative.dev/hack v0.0.0-20240607132042-09143140a254
 	knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386
-	knative.dev/serving v0.41.1-0.20240611132024-227975c8e431
+	knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -703,6 +703,8 @@ k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2I
 k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8=
 k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8=
 k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
+k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ=
+k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ=
 k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg=
 k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA=
 k8s.io/code-generator v0.29.2 h1:c9/iw2KnNpw2IRV+wwuG/Wns2TjPSgjWzbbjTevyiHI=
@@ -716,16 +718,16 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.41.1-0.20240611091249-c60bcd048fd3 h1:7bEWWwqii6HSTL+mQllc3b+6clIsh84cF/ufCVxVszU=
-knative.dev/eventing v0.41.1-0.20240611091249-c60bcd048fd3/go.mod h1:PQpuuOYjAl6rW74U+1CgcKP9IyKhk7XhS8aAu9zWQG0=
+knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06 h1:GYVCeO9+udWWzNfyWlBrclwB07kxzIElbhCCtFrsIRo=
+knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06/go.mod h1:PQpuuOYjAl6rW74U+1CgcKP9IyKhk7XhS8aAu9zWQG0=
 knative.dev/hack v0.0.0-20240607132042-09143140a254 h1:1YFnu3U6dWZg0oxm6GU8kEdA9A+BvSWKJO7sg3N0kq8=
 knative.dev/hack v0.0.0-20240607132042-09143140a254/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20240607132834-85e269dff522 h1:zDtZStHJI3La7jSHUAjN4Jgv0/Yynl51kuchlVLHqzA=
 knative.dev/networking v0.0.0-20240607132834-85e269dff522/go.mod h1:WS5A291Vy2unZ1L54ZSKBkz/gVzVmIy15cCcdA6PRN4=
 knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386 h1:nxFTT6DrXr70Zi2BK8nc57ts0/smyavd/uBRBbtqg94=
 knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386/go.mod h1:l7R8/SteYph0mZDsVgq3fVs4mWp1DaYx9BJJX68U6ik=
-knative.dev/serving v0.41.1-0.20240611132024-227975c8e431 h1:WpRFAI/iIxIP60FFXCL0tKoIDgUacM2sYA9kLyPIk3c=
-knative.dev/serving v0.41.1-0.20240611132024-227975c8e431/go.mod h1:Z58WxiVmEynF1kX8cK4fYmNprj8IkPLl2mEHdvuP6nc=
+knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07 h1:Qcf6ytf+Ug1Xu7NBn/kFH+qtzXQ8ASoGiEmtNx53UpU=
+knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07/go.mod h1:Z58WxiVmEynF1kX8cK4fYmNprj8IkPLl2mEHdvuP6nc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

diff --git a/vendor/knative.dev/eventing/pkg/apis/feature/features.go b/vendor/knative.dev/eventing/pkg/apis/feature/features.go
@@ -45,6 +45,24 @@ const (
 	// - Addressables should advertise both HTTP and HTTPS endpoints
 	// - Producers should prefer to send events to HTTPS endpoints, if available
 	Permissive Flag = "Permissive"
+
+	// AuthorizationAllowAll is a value for AuthorizationDefaultMode that indicates to allow all
+	// OIDC subjects by default.
+	// This configuration is applied when there is no EventPolicy with a "to" referencing a given
+	// resource.
+	AuthorizationAllowAll Flag = "Allow-All"
+
+	// AuthorizationDenyAll is a value for AuthorizationDefaultMode that indicates to deny all
+	// OIDC subjects by default.
+	// This configuration is applied when there is no EventPolicy with a "to" referencing a given
+	// resource.
+	AuthorizationDenyAll Flag = "Deny-All"
+
+	// AuthorizationAllowSameNamespace is a value for AuthorizationDefaultMode that indicates to allow
+	// OIDC subjects with the same namespace as a given resource.
+	// This configuration is applied when there is no EventPolicy with a "to" referencing a given
+	// resource.
+	AuthorizationAllowSameNamespace Flag = "Allow-Same-Namespace"
 )
 
 // Flags is a map containing all the enabled/disabled flags for the experimental features.
@@ -53,15 +71,16 @@ type Flags map[string]Flag
 
 func newDefaults() Flags {
 	return map[string]Flag{
-		KReferenceGroup:     Disabled,
-		DeliveryRetryAfter:  Disabled,
-		DeliveryTimeout:     Enabled,
-		KReferenceMapping:   Disabled,
-		NewTriggerFilters:   Enabled,
-		TransportEncryption: Disabled,
-		OIDCAuthentication:  Disabled,
-		EvenTypeAutoCreate:  Disabled,
-		NewAPIServerFilters: Disabled,
+		KReferenceGroup:          Disabled,
+		DeliveryRetryAfter:       Disabled,
+		DeliveryTimeout:          Enabled,
+		KReferenceMapping:        Disabled,
+		NewTriggerFilters:        Enabled,
+		TransportEncryption:      Disabled,
+		OIDCAuthentication:       Disabled,
+		EvenTypeAutoCreate:       Disabled,
+		NewAPIServerFilters:      Disabled,
+		AuthorizationDefaultMode: AuthorizationAllowSameNamespace,
 	}
 }
 
@@ -103,6 +122,18 @@ func (e Flags) IsCrossNamespaceEventLinks() bool {
 	return e != nil && e[CrossNamespaceEventLinks] == Enabled
 }
 
+func (e Flags) IsAuthorizationDefaultModeAllowAll() bool {
+	return e != nil && e[AuthorizationDefaultMode] == AuthorizationAllowAll
+}
+
+func (e Flags) IsAuthorizationDefaultModeDenyAll() bool {
+	return e != nil && e[AuthorizationDefaultMode] == AuthorizationDenyAll
+}
+
+func (e Flags) IsAuthorizationDefaultModeSameNamespace() bool {
+	return e != nil && e[AuthorizationDefaultMode] == AuthorizationAllowSameNamespace
+}
+
 func (e Flags) String() string {
 	return fmt.Sprintf("%+v", map[string]Flag(e))
 }
@@ -142,10 +173,16 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
 			flags[sanitizedKey] = Disabled
 		} else if strings.EqualFold(v, string(Enabled)) {
 			flags[sanitizedKey] = Enabled
-		} else if k == TransportEncryption && strings.EqualFold(v, string(Permissive)) {
+		} else if sanitizedKey == TransportEncryption && strings.EqualFold(v, string(Permissive)) {
 			flags[sanitizedKey] = Permissive
-		} else if k == TransportEncryption && strings.EqualFold(v, string(Strict)) {
+		} else if sanitizedKey == TransportEncryption && strings.EqualFold(v, string(Strict)) {
 			flags[sanitizedKey] = Strict
+		} else if sanitizedKey == AuthorizationDefaultMode && strings.EqualFold(v, string(AuthorizationAllowAll)) {
+			flags[sanitizedKey] = AuthorizationAllowAll
+		} else if sanitizedKey == AuthorizationDefaultMode && strings.EqualFold(v, string(AuthorizationDenyAll)) {
+			flags[sanitizedKey] = AuthorizationDenyAll
+		} else if sanitizedKey == AuthorizationDefaultMode && strings.EqualFold(v, string(AuthorizationAllowSameNamespace)) {
+			flags[sanitizedKey] = AuthorizationAllowSameNamespace
 		} else if strings.Contains(k, NodeSelectorLabel) {
 			flags[sanitizedKey] = Flag(v)
 		} else {

diff --git a/vendor/knative.dev/eventing/pkg/apis/feature/flag_names.go b/vendor/knative.dev/eventing/pkg/apis/feature/flag_names.go
@@ -28,4 +28,5 @@ const (
 	NodeSelectorLabel        = "apiserversources-nodeselector-"
 	CrossNamespaceEventLinks = "cross-namespace-event-links"
 	NewAPIServerFilters      = "new-apiserversource-filters"
+	AuthorizationDefaultMode = "default-authorization-mode"
 )
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -945,7 +945,7 @@ k8s.io/utils/pointer
 k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.41.1-0.20240611091249-c60bcd048fd3
+# knative.dev/eventing v0.41.1-0.20240613093107-ea8f0fda4c06
 ## explicit; go 1.21
 knative.dev/eventing/pkg/adapter/v2
 knative.dev/eventing/pkg/adapter/v2/test
@@ -1030,7 +1030,7 @@ knative.dev/pkg/webhook/psbinding
 knative.dev/pkg/webhook/resourcesemantics
 knative.dev/pkg/webhook/resourcesemantics/defaulting
 knative.dev/pkg/webhook/resourcesemantics/validation
-# knative.dev/serving v0.41.1-0.20240611132024-227975c8e431
+# knative.dev/serving v0.41.1-0.20240614080555-1f7cc4852a07
 ## explicit; go 1.21
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1