Sequence Reconciler: Create EventPolicies for Sequence #7983
Labels
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
triage/accepted
Issues which should be fixed (post-triage)
The Sequence implementation uses Channels under the hood. This means that the Sequence
breaks down to something like
Therefor we need to make sure we have the correct EventPolicies in place to not block requests to the underlying channel. So the sequence reconciler should behave as described:
authentication-oidc
feature flag is set toenabled
:Channel2
:.spec.ref
: pointing toChannel2
.spec.from
: OIDC identity ofSubscription1
. This means.spec.from
is aref
toSubscription1
Channel3
:.spec.ref
: pointing toChannel3
.spec.from
: OIDC identity ofSubscription2
. This means.spec.from
is aref
toSubscription2
Channel1
:Channel1
represents the input channel of the Sequence and we would not be aware of the allowed subs. But as soon as an EventPolicy for the Sequence is in place, the Sequence reconciler would also create an EventPolicy for its input channel (Channel1
here) with the allowed subjects from the EventPolicy targeting the Sequence.authentication-oidc
feature flag is set todisabled
:authentication-oidc
wasenabled
(e.g. by filtering on EventPolicies which have an owner reference to a Sequence)Prerequisites:
EventPolicy
type #7971.status.policies
#7978Additional context:
Additional hints for new contributors before starting with this issue:
Draft
status, the issue is subject to change and thus should not be started to be worked on/assign
). Please be aware that we might unassign you, if we don't see any progress from your side to give other contributors also a chance to work on this issue.The text was updated successfully, but these errors were encountered: