Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support authorization in Channel ingress #8162

Merged
merged 2 commits into from
Aug 16, 2024
Merged

Support authorization in Channel ingress #8162

merged 2 commits into from
Aug 16, 2024

Conversation

creydr
Copy link
Member

@creydr creydr commented Aug 16, 2024
edited
Loading

Fixes #7981

Follow up on #8123

Proposed Changes

  • 🎁 Verify authorization in Channel ingress
  • 🎁 Add support for authorization in InMemoryChannel

Release Note

InMemoryChannel ingress: Reject unauthorized requests

@creydr creydr requested a review from Cali0707 August 16, 2024 14:43
@knative-prow knative-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Aug 16, 2024
@knative-prow knative-prow bot requested review from aslom and mgencur August 16, 2024 14:44
@knative-prow knative-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. area/test-and-release Test infrastructure, tests or release labels Aug 16, 2024
@creydr creydr mentioned this pull request Aug 16, 2024
Merged
@codecov Codecov
Copy link

codecov bot commented Aug 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 12.50000% with 21 lines in your changes missing coverage. Please review.

Project coverage is 67.47%. Comparing base (b57ac3a) to head (7ce99b0).
Report is 1 commits behind head on main.

Files Patch % Lines
pkg/channel/event_receiver.go 0.00% 16 Missing ⚠️
...iler/inmemorychannel/dispatcher/inmemorychannel.go 28.57% 5 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8162      +/-   ##
==========================================
- Coverage   67.52%   67.47%   -0.06%     
==========================================
  Files         371      371              
  Lines       17980    18001      +21     
==========================================
+ Hits        12141    12146       +5     
- Misses       5067     5084      +17     
+ Partials      772      771       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@creydr
Copy link
Member Author

creydr commented Aug 16, 2024

@creydr: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
reconciler-tests_eventing_main a35530a link true /test reconciler-tests
Your PR dashboard.

Failing, because it's missing #8163

@creydr creydr force-pushed the support-authz-in-channel-ingress branch from a35530a to 7ce99b0 Compare August 16, 2024 15:47
@creydr
Copy link
Member Author

creydr commented Aug 16, 2024
edited
Loading

Rebased as #8163 merged

@creydr creydr changed the title [WIP] Support authorization in Channel ingress Support authorization in Channel ingress Aug 16, 2024
@knative-prow knative-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 16, 2024
@Cali0707
Copy link
Member

@creydr should we add a unit test to the event_receiver_test.go to see if the auth is being handled properly?

@creydr
Copy link
Member Author

creydr commented Aug 16, 2024

@creydr should we add a unit test to the event_receiver_test.go to see if the auth is being handled properly?

This can be hard, as the token verifier needs to run in the cluster and we don't have a mock for it :/
But I added the e2e tests "instead"

Cali0707
Cali0707 approved these changes Aug 16, 2024
View reviewed changes
Copy link
Member

@Cali0707 Cali0707 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Aug 16, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Aug 16, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707, creydr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot merged commit bf945f9 into knative:main Aug 16, 2024
34 of 36 checks passed
This was referenced Aug 16, 2024
Closed
Closed
@creydr creydr deleted the support-authz-in-channel-ingress branch August 17, 2024 12:54
@creydr creydr linked an issue Sep 2, 2024 that may be closed by this pull request
Add e2e test for InMemoryChannel authorization #8142
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Cali0707 Cali0707 Cali0707 approved these changes

@aslom aslom Awaiting requested review from aslom

@mgencur mgencur Awaiting requested review from mgencur

Assignees

@Cali0707 Cali0707

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test-and-release Test infrastructure, tests or release lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add e2e test for InMemoryChannel authorization InMemoryChannel ingress: Reject unauthorized requests
2 participants
@creydr @Cali0707