Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticate Requests from ApiServerSources #7321

Closed
creydr opened this issue Sep 29, 2023 · 9 comments · Fixed by #7452
Closed

Authenticate Requests from ApiServerSources #7321

creydr opened this issue Sep 29, 2023 · 9 comments · Fixed by #7452
Assignees
@Leo6Leo
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.

Comments

@creydr
Copy link
Member

creydr commented Sep 29, 2023
edited
Loading

As the Eventing OIDC feature track describes, sources must authenticate their requests. Therefor the ApiServerSource must request a JWT and add it as a Bearer Token to its Authentication header.

When having #7175, we need to update the ApiServerSource to add the Authentication header with a JWT to all outgoing requests.

In particular this means for the ApiServerSource:

  • when the sink has no audience defined:
    • no change in behavior
  • when the the sink has an audience defined:
    • Request a JWT via Provide a library for OIDC token management #7175
    • Add it as an http header to the cloudeventsSDK client via something like 
      headers := http.HeaderFrom(ctx)
headers.Set("Authentication", fmt.Sprintf("Bearer %s", jwt))
ctx = http.WithCustomHeader(ctx, headers)

client.Send(ctx, event)

Additional Information:
@creydr creydr added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Sep 29, 2023
@creydr creydr changed the title Authenticate Requests from ApiServerSource Authenticate Requests from ApiServerSources Sep 29, 2023
@JRS296
Copy link

JRS296 commented Sep 30, 2023

Hello @creydr, I'd like to help if that's alright

@karthikmurali60
Copy link
Contributor

/assign

@karthikmurali60
Copy link
Contributor

@creydr I can pick up this issue, is it ready to be worked on or there is some other issue which is blocking this ?

@creydr
Copy link
Member Author

creydr commented Oct 8, 2023

Hello @karthikmurali60,
Thanks for offering your help 🎉
This issue is currently in the "Backlog" status, as it requires #7227 to be completed first. When all the referenced issues from the description are done, this issue should be ready to be worked on.

Anyhow, you should clarify with @JRS296 too, because according to #7321 (comment) he wanted to help too (but didn't assign the issue)

@creydr
Copy link
Member Author

creydr commented Oct 17, 2023

#7175 and #7226 are done, so this issue should be ready to be worked on

@creydr
Copy link
Member Author

creydr commented Nov 10, 2023

@JRS296, @karthikmurali60: anyone wants to provide a PR for this the next days? Otherwise I would unassign you, to give other contributors a chance to work on this.

@JRS296
Copy link

JRS296 commented Nov 10, 2023

Hello @creydr , I'm currently caught up with some work, please un-assign me at the earliest 👍

@karthikmurali60 karthikmurali60 removed their assignment Nov 13, 2023
@karthikmurali60
Copy link
Contributor

Hey @creydr sorry for the late reply, i am caught up with some other work. I have un-assigned myself

@Leo6Leo
Copy link
Member

Leo6Leo commented Nov 13, 2023

/assign

@Leo6Leo Leo6Leo mentioned this issue Nov 15, 2023
Merged
5 tasks
@mgencur mgencur mentioned this issue Dec 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Leo6Leo Leo6Leo

Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Projects
Eventing Sender Identity
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Authenticate Requests from ApiServerSources Leo6Leo/eventing
4 participants
@creydr @karthikmurali60 @Leo6Leo @JRS296