-
Notifications
You must be signed in to change notification settings - Fork 590
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Containersource use OIDC identity of corresponding SinkBinding #7890
Containersource use OIDC identity of corresponding SinkBinding #7890
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7890 +/- ##
==========================================
- Coverage 69.22% 69.18% -0.04%
==========================================
Files 339 341 +2
Lines 19494 15816 -3678
==========================================
- Hits 13494 10943 -2551
+ Misses 5337 4200 -1137
- Partials 663 673 +10 ☔ View full report in Codecov by Sentry. |
Seems like an infra issue |
560ca00
to
37df46e
Compare
…vice account and expose in AuthStatus (knative#7461)" This reverts commit 116abe2.
37df46e
to
c154504
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: creydr, pierDipi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Currently the Containersource creates a dedicated OIDC identity, while its corresponding SinkBinding does as well. Later the SinkBindings identity is used to create the token secret, which gets mounted into the SinkBinding and thus the Containersources deployment. This leads to having a token for another identity mounted in the containersource, as announced in the containersources
.status.auth.serviceAccountName
.This PR addresses it and uses the SinkBindings
.status.auth
in the Containersources.status.auth
Hint for reviewers:
Release Note