Skip to content
This repository has been archived by the owner on Jun 19, 2022. It is now read-only.

Use K_GCP_AUTH_TYPE to differentiate authentication mode #1947

Merged
merged 11 commits into from
Dec 2, 2020
Merged

Use K_GCP_AUTH_TYPE to differentiate authentication mode #1947

merged 11 commits into from
Dec 2, 2020

Conversation

grac3gao-zz
Copy link
Contributor

@grac3gao-zz grac3gao-zz commented Nov 24, 2020
edited
Loading

Fixes #

Proposed Changes

  • First of the three steps to add the authentication check
  1. Environment variable to differentiate authentication mode (<-this one)
  2. Authentication check running inside the Pod
  3. Additional k8s Event check for Secret absence
  • Functionality includes:
  1. Differentiate auth mode and pass K_GCP_AUTH_TYPE into underlying pods
  2. Error out auth issue if required secret/k8s service account doesn't exist
  3. Customized Event handler added for pullsubscription/topic/brokercell, so that once missing secret/k8s service account are added back, resources can immediately reconcile.

Release Note

- 🎁  Use K_GCP_AUTH_TYPE to differentiate authentication mode (first step for adding authentication check for source and broker)

Docs

@knative-prow-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grac3gao

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-cla google-cla bot added the cla: yes (override cla status due to multiple authors bug) label Nov 24, 2020
@grac3gao-zz grac3gao-zz removed the request for review from zhongduo November 24, 2020 20:07
Harwayne
Harwayne reviewed Nov 28, 2020
View reviewed changes
pkg/apis/intevents/v1alpha1/brokercell_lifecycle_test.go Outdated Show resolved Hide resolved
pkg/reconciler/brokercell/controller.go Outdated Show resolved Hide resolved
pkg/reconciler/brokercell/controller.go Outdated Show resolved Hide resolved
pkg/reconciler/intevents/pullsubscription/resources/receive_adapter.go Outdated Show resolved Hide resolved
pkg/reconciler/intevents/pullsubscription/reconciler.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/authtype.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/authtype.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/authtype.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/enqueue.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/enqueue.go Outdated Show resolved Hide resolved
@grac3gao-zz
Copy link
Contributor Author

Ready to review. Addressed comments and added more UT for event handler

AlexandraRoatis
AlexandraRoatis reviewed Nov 30, 2020
View reviewed changes
pkg/apis/intevents/v1alpha1/brokercell_lifecycle.go Show resolved Hide resolved
pkg/apis/intevents/v1alpha1/brokercell_lifecycle_test.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/authtype.go Outdated Show resolved Hide resolved
pkg/reconciler/brokercell/controller.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/authtype.go Outdated Show resolved Hide resolved
pkg/reconciler/intevents/pullsubscription/keda/pullsubscription_test.go Outdated Show resolved Hide resolved
pkg/reconciler/utils/authtype/authtype.go Outdated Show resolved Hide resolved
@grac3gao-zz
Copy link
Contributor Author

/test pull-google-knative-gcp-wi-tests

@grac3gao-zz grac3gao-zz mentioned this pull request Dec 1, 2020
Closed
Harwayne
Harwayne reviewed Dec 2, 2020
View reviewed changes
pkg/apis/intevents/v1alpha1/brokercell_lifecycle_test.go Outdated
@@ -336,7 +337,7 @@ func TestMarkBrokerCellStatus(t *testing.T) {
wantType apis.ConditionType
wantCondition corev1.ConditionStatus
}{{
name: "mark ingressReady unknown",
name: fmt.Sprintf("mark %s unknown", string(BrokerCellConditionIngress)),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @AlexandraRoatis that we should use the same keyword as the rest of the code, but my personal preference is to do it as a string literal. My reasoning is that if a test fails, it makes it very easy to grep/ctrl-F to find the test case.

Not needed for this PR, but I just don't want this to become the new style :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense, I agree that having a string to search when test fail is helpful for the debugging purpose (which I was not aware of before), and I guess this might be one of the reasons why we have names for each sub-UT. I'll change it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. I see the value in having the searchable string. I have no objection to reverting the changes.

pkg/utils/authcheck/authtype.go Outdated Show resolved Hide resolved
pkg/utils/authcheck/authtype.go Outdated Show resolved Hide resolved
pkg/utils/authcheck/authtype.go Outdated Show resolved Hide resolved
pkg/utils/authcheck/authtype.go Outdated Show resolved Hide resolved
pkg/utils/authcheck/authtype.go Show resolved Hide resolved
@knative-metrics-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-google-knative-gcp-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/intevents/v1alpha1/brokercell_lifecycle.go 79.5% 92.5% 13.0
pkg/reconciler/brokercell/brokercell.go 94.7% 95.0% 0.4
pkg/reconciler/brokercell/controller.go 56.8% 57.8% 1.0
pkg/reconciler/events/build/controller.go 81.8% 83.3% 1.5
pkg/reconciler/intevents/pullsubscription/keda/controller.go 88.5% 88.9% 0.4
pkg/reconciler/intevents/pullsubscription/static/controller.go 88.0% 88.5% 0.5
pkg/reconciler/intevents/topic/controller.go 84.2% 85.0% 0.8
pkg/reconciler/intevents/topic/topic.go 72.0% 70.7% -1.3
pkg/utils/authcheck/authtype.go Do not exist 85.7%
pkg/utils/authcheck/enqueue.go Do not exist 79.3%

Harwayne
Harwayne reviewed Dec 2, 2020
View reviewed changes
Copy link
Contributor

@Harwayne Harwayne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/hold

Holding in case @AlexandraRoatis has any more comments.

@AlexandraRoatis
Copy link
Contributor

/lgtm

@knative-prow-robot knative-prow-robot merged commit ec5f0c8 into google:master Dec 2, 2020
@Harwayne Harwayne mentioned this pull request Dec 2, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Harwayne Harwayne Harwayne left review comments

@AlexandraRoatis AlexandraRoatis AlexandraRoatis left review comments

@grantr grantr Awaiting requested review from grantr

@liu-cong liu-cong Awaiting requested review from liu-cong

@yolocs yolocs Awaiting requested review from yolocs

Assignees

@Harwayne Harwayne

@AlexandraRoatis AlexandraRoatis

Labels
approved cla: yes (override cla status due to multiple authors bug) lgtm size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@grac3gao-zz @knative-prow-robot @knative-metrics-robot @AlexandraRoatis @Harwayne @grac3gao