upgrade to latest dependencies (#1630)

bumping knative.dev/serving 7561386...7c33905:
  > 7c33905 Add consistent SECURITY.md (# 14639)
  > 7526e62 Update net-certmanager nightly (# 14626)
  > c14b9a3 Update net-kourier nightly (# 14628)
  > e3d9d07 Update net-contour nightly (# 14630)
  > 0e48835 Update net-istio nightly (# 14629)
  > 21dc191 Add parallel option (# 14636)
bumping knative.dev/eventing 2d1bfb5...67f382d:
  > 67f382d Provide volume with OIDC token in SinkBinding (# 7444)
  > 3ec99b4 Make SECURITY.md consistent (# 7460)
  > 140482e Upgrade tests account for last event being interrupted (# 7447)
  > d84daee Gather traces for TestChannelDeadLetterSinkExtensions (# 7441)
bumping knative.dev/caching e58c04f...ebc94e6:
  > ebc94e6 Add consistent SECURITY.md (# 809)
bumping knative.dev/pkg 97c7258...703c8b0:
  > 703c8b0 Add consistent SECURITY.md (# 2900)

Signed-off-by: Knative Automation <[email protected]>

go.mod

@@ -21,11 +21,11 @@ require (
 	k8s.io/client-go v0.27.6
 	k8s.io/code-generator v0.27.6
 	k8s.io/utils v0.0.0-20230209194617-a36077c30491
-	knative.dev/caching v0.0.0-20231115015816-e58c04ff4f9a
-	knative.dev/eventing v0.39.1-0.20231117142309-2d1bfb5d54a9
+	knative.dev/caching v0.0.0-20231120182559-ebc94e6a3cdf
+	knative.dev/eventing v0.39.1-0.20231120220132-67f382d60b43
 	knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7
-	knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98
-	knative.dev/serving v0.39.1-0.20231116002444-75613869a913
+	knative.dev/pkg v0.0.0-20231120182734-703c8b0d5c34
+	knative.dev/serving v0.39.1-0.20231120184713-7c33905ab3ed
 	sigs.k8s.io/yaml v1.4.0
 )
 

go.sum

@@ -1390,18 +1390,18 @@ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/caching v0.0.0-20231115015816-e58c04ff4f9a h1:7Gn7IImFTdTXW5DG/PYQVHZuWPltRz2kr381wtwuh2Q=
-knative.dev/caching v0.0.0-20231115015816-e58c04ff4f9a/go.mod h1:kOQlfb6k1kHQcl4yGD58h3soJXioXdRVbHjvXKmrFzU=
-knative.dev/eventing v0.39.1-0.20231117142309-2d1bfb5d54a9 h1:AQWw56LnYaOYvByE8pXTwpMpXk7MHQgd7+cGOhuz6Fo=
-knative.dev/eventing v0.39.1-0.20231117142309-2d1bfb5d54a9/go.mod h1:LGZfBR1ykKiLBF06aX+C7vqe4HogiNc9MmFpJz9lvtw=
+knative.dev/caching v0.0.0-20231120182559-ebc94e6a3cdf h1:Hk6pE28tWXHbW5p+4uoqMBpbk04Xhq2o5cHhv7pDi9I=
+knative.dev/caching v0.0.0-20231120182559-ebc94e6a3cdf/go.mod h1:kOQlfb6k1kHQcl4yGD58h3soJXioXdRVbHjvXKmrFzU=
+knative.dev/eventing v0.39.1-0.20231120220132-67f382d60b43 h1:5i2VuGz0/liRoMa48DjB4LMpyOsHtFi721uEGHc3dlU=
+knative.dev/eventing v0.39.1-0.20231120220132-67f382d60b43/go.mod h1:m+tzwZOSkMbZPRkSKOIY+nbMfPURejGKnhFYxytCyAs=
 knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7 h1:HXf7M7n9jwn+Hp904r0HXRSymf+DLXSciFpXVpCg+Bs=
 knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20231109233957-8f3c5211035b h1:xdj40UcZBX4QeZiOOuCZDDGLM7gB+Wg07AKT7KVFlD0=
 knative.dev/networking v0.0.0-20231109233957-8f3c5211035b/go.mod h1:h98yk6yX/fCKx0t1uDNsA0zD1QM2k97P59/XMwOe944=
-knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98 h1:uvOLwp5Ar7oJlaYEszh51CemuZc1sRRI14xzKhUEF3U=
-knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98/go.mod h1:56Qcm0ai7xPWqGxpOnjRi4sAX9fZM9UDTk7fKyjUqZM=
-knative.dev/serving v0.39.1-0.20231116002444-75613869a913 h1:/a9eRHAR+LVjIrh+YOv5XL2WQYCvte9kNRGK7YaTOQQ=
-knative.dev/serving v0.39.1-0.20231116002444-75613869a913/go.mod h1:d7Zt3bWVVsqA0zQsZfb5b9MVIY+rRYOYDH+jzPKOmS4=
+knative.dev/pkg v0.0.0-20231120182734-703c8b0d5c34 h1:bMt0eapwDBD4oBGbyXrGk00DRtFgAGjRHq2B29DwhSE=
+knative.dev/pkg v0.0.0-20231120182734-703c8b0d5c34/go.mod h1:56Qcm0ai7xPWqGxpOnjRi4sAX9fZM9UDTk7fKyjUqZM=
+knative.dev/serving v0.39.1-0.20231120184713-7c33905ab3ed h1:W/LKnWacH5JvBvhB+idJaPpJ0pLXalKVVP3EXe9riOw=
+knative.dev/serving v0.39.1-0.20231120184713-7c33905ab3ed/go.mod h1:d7Zt3bWVVsqA0zQsZfb5b9MVIY+rRYOYDH+jzPKOmS4=
 nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_lifecycle.go

@@ -33,9 +33,14 @@ import (
 	"knative.dev/pkg/tracker"
 )
 
+const (
+	oidcTokenVolumeName = "oidc-token"
+)
+
 var sbCondSet = apis.NewLivingConditionSet(
 	SinkBindingConditionSinkProvided,
 	SinkBindingConditionOIDCIdentityCreated,
+	SinkBindingConditionOIDCTokenSecretCreated,
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -90,6 +95,7 @@ func (sbs *SinkBindingStatus) MarkSink(addr *duckv1.Addressable) {
 	if addr != nil {
 		sbs.SinkURI = addr.URL
 		sbs.SinkCACerts = addr.CACerts
+		sbs.SinkAudience = addr.Audience
 		sbCondSet.Manage(sbs).MarkTrue(SinkBindingConditionSinkProvided)
 	} else {
 		sbCondSet.Manage(sbs).MarkFalse(SinkBindingConditionSinkProvided, "SinkEmpty", "Sink has resolved to empty.%s", "")
@@ -112,6 +118,22 @@ func (sbs *SinkBindingStatus) MarkOIDCIdentityCreatedUnknown(reason, messageForm
 	sbCondSet.Manage(sbs).MarkUnknown(SinkBindingConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
 }
 
+func (sbs *SinkBindingStatus) MarkOIDCTokenSecretCreatedSuccceeded() {
+	sbCondSet.Manage(sbs).MarkTrue(SinkBindingConditionOIDCTokenSecretCreated)
+}
+
+func (sbs *SinkBindingStatus) MarkOIDCTokenSecretCreatedSuccceededWithReason(reason, messageFormat string, messageA ...interface{}) {
+	sbCondSet.Manage(sbs).MarkTrueWithReason(SinkBindingConditionOIDCTokenSecretCreated, reason, messageFormat, messageA...)
+}
+
+func (sbs *SinkBindingStatus) MarkOIDCTokenSecretCreatedFailed(reason, messageFormat string, messageA ...interface{}) {
+	sbCondSet.Manage(sbs).MarkFalse(SinkBindingConditionOIDCTokenSecretCreated, reason, messageFormat, messageA...)
+}
+
+func (sbs *SinkBindingStatus) MarkOIDCTokenSecretCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
+	sbCondSet.Manage(sbs).MarkUnknown(SinkBindingConditionOIDCTokenSecretCreated, reason, messageFormat, messageA...)
+}
+
 // Do implements psbinding.Bindable
 func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 	// First undo so that we can just unconditionally append below.
@@ -171,6 +193,38 @@ func (sb *SinkBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 			Value: ceOverrides,
 		})
 	}
+
+	if sb.Status.OIDCTokenSecretName != nil {
+		ps.Spec.Template.Spec.Volumes = append(ps.Spec.Template.Spec.Volumes, corev1.Volume{
+			Name: oidcTokenVolumeName,
+			VolumeSource: corev1.VolumeSource{
+				Projected: &corev1.ProjectedVolumeSource{
+					Sources: []corev1.VolumeProjection{
+						{
+							Secret: &corev1.SecretProjection{
+								LocalObjectReference: corev1.LocalObjectReference{
+									Name: *sb.Status.OIDCTokenSecretName,
+								},
+							},
+						},
+					},
+				},
+			},
+		})
+
+		for i := range spec.Containers {
+			spec.Containers[i].VolumeMounts = append(spec.Containers[i].VolumeMounts, corev1.VolumeMount{
+				Name:      oidcTokenVolumeName,
+				MountPath: "/oidc",
+			})
+		}
+		for i := range spec.InitContainers {
+			spec.InitContainers[i].VolumeMounts = append(spec.InitContainers[i].VolumeMounts, corev1.VolumeMount{
+				Name:      oidcTokenVolumeName,
+				MountPath: "/oidc",
+			})
+		}
+	}
 }
 
 func (sb *SinkBinding) Undo(ctx context.Context, ps *duckv1.WithPod) {
@@ -189,6 +243,17 @@ func (sb *SinkBinding) Undo(ctx context.Context, ps *duckv1.WithPod) {
 			}
 		}
 		spec.InitContainers[i].Env = env
+
+		if len(spec.InitContainers[i].VolumeMounts) > 0 {
+			volumeMounts := make([]corev1.VolumeMount, 0, len(spec.InitContainers[i].VolumeMounts))
+			for j, vol := range c.VolumeMounts {
+				if vol.Name == oidcTokenVolumeName {
+					continue
+				}
+				volumeMounts = append(volumeMounts, spec.InitContainers[i].VolumeMounts[j])
+			}
+			spec.InitContainers[i].VolumeMounts = volumeMounts
+		}
 	}
 	for i, c := range spec.Containers {
 		if len(c.Env) == 0 {
@@ -204,5 +269,27 @@ func (sb *SinkBinding) Undo(ctx context.Context, ps *duckv1.WithPod) {
 			}
 		}
 		spec.Containers[i].Env = env
+
+		if len(spec.Containers[i].VolumeMounts) > 0 {
+			volumeMounts := make([]corev1.VolumeMount, 0, len(spec.Containers[i].VolumeMounts))
+			for j, vol := range c.VolumeMounts {
+				if vol.Name == oidcTokenVolumeName {
+					continue
+				}
+				volumeMounts = append(volumeMounts, spec.Containers[i].VolumeMounts[j])
+			}
+			spec.Containers[i].VolumeMounts = volumeMounts
+		}
+	}
+
+	if len(spec.Volumes) > 0 {
+		volumes := make([]corev1.Volume, 0, len(spec.Volumes))
+		for i, vol := range spec.Volumes {
+			if vol.Name == oidcTokenVolumeName {
+				continue
+			}
+			volumes = append(volumes, spec.Volumes[i])
+		}
+		ps.Spec.Template.Spec.Volumes = volumes
 	}
 }

vendor/knative.dev/eventing/pkg/apis/sources/v1/sinkbinding_types.go

@@ -81,6 +81,10 @@ const (
 	// SinkBindingConditionOIDCIdentityCreated is configured to indicate whether
 	// the OIDC identity has been created for the sink.
 	SinkBindingConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated"
+
+	// SinkBindingConditionOIDCTokenSecretCreated is configured to indicate whether
+	// the secret containing the OIDC token has been created for the sink.
+	SinkBindingConditionOIDCTokenSecretCreated apis.ConditionType = "OIDCTokenSecretCreated"
 )
 
 // SinkBindingStatus communicates the observed state of the SinkBinding (from the controller).
@@ -93,6 +97,10 @@ type SinkBindingStatus struct {
 	// * SinkURI - the current active sink URI that has been configured for the
 	//   Source.
 	duckv1.SourceStatus `json:",inline"`
+
+	// OIDCTokenSecretName is the name of the secret containing the token for
+	// this SinkBindings OIDC authentication
+	OIDCTokenSecretName *string `json:"oidcTokenSecretName,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

vendor/knative.dev/eventing/test/upgrade/prober/wathola/event/services.go

@@ -108,7 +108,11 @@ func (f *finishedStore) RegisterFinished(finished *Finished) {
 	log.Infof("waiting additional %v to be sure all events came", d)
 	time.Sleep(d)
 	receivedEvents := f.steps.Count()
-	if receivedEvents != finished.EventsSent {
+
+	if receivedEvents != finished.EventsSent &&
+		// If sending was interrupted, tolerate one more received
+		// event as there's no way to check if the last event is delivered or not.
+		!(finished.SendingInterrupted && receivedEvents == finished.EventsSent+1) {
 		f.errors.throwUnexpected("expecting to have %v unique events received, "+
 			"but received %v unique events", finished.EventsSent, receivedEvents)
 		f.reportViolations(finished)

vendor/knative.dev/eventing/test/upgrade/prober/wathola/event/types.go

@@ -46,6 +46,7 @@ type Finished struct {
 	EventsSent         int
 	TotalRequests      int
 	UnavailablePeriods []UnavailablePeriod
+	SendingInterrupted bool
 }
 
 // Type returns a type of a event

vendor/knative.dev/eventing/test/upgrade/prober/wathola/sender/services.go

@@ -58,6 +58,8 @@ type sender struct {
 	totalRequests int
 	// unavailablePeriods is an array for non-zero retries for each event
 	unavailablePeriods []event.UnavailablePeriod
+	// sendingInterrupted indicates whether sending last event was interrupted by shutdown
+	sendingInterrupted bool
 }
 
 func (s *sender) SendContinually() {
@@ -90,6 +92,7 @@ func (s *sender) SendContinually() {
 					Period:  time.Since(start),
 					LastErr: err.Error(),
 				})
+				s.sendingInterrupted = true
 			}
 			return
 		default:
@@ -100,7 +103,7 @@ func (s *sender) SendContinually() {
 				start = time.Now()
 			}
 			log.Warnf("Could not send step event %v, retrying (%d): %v",
-				s.eventsSent, retry, err)
+				currentStep.Number, retry, err)
 			retry++
 			lastErr = err
 		} else {
@@ -219,7 +222,12 @@ func (s *sender) sendFinished() {
 	if s.eventsSent == 0 {
 		return
 	}
-	finished := event.Finished{EventsSent: s.eventsSent, TotalRequests: s.totalRequests, UnavailablePeriods: s.unavailablePeriods}
+	finished := event.Finished{
+		EventsSent:         s.eventsSent,
+		TotalRequests:      s.totalRequests,
+		UnavailablePeriods: s.unavailablePeriods,
+		SendingInterrupted: s.sendingInterrupted,
+	}
 	endpoint := senderConfig.Address
 	ce := NewCloudEvent(finished, event.FinishedType)
 	ctx, span := PopulateSpanWithEvent(context.Background(), ce, Name)

vendor/modules.txt

@@ -1269,11 +1269,11 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/caching v0.0.0-20231115015816-e58c04ff4f9a
+# knative.dev/caching v0.0.0-20231120182559-ebc94e6a3cdf
 ## explicit; go 1.18
 knative.dev/caching/pkg/apis/caching
 knative.dev/caching/pkg/apis/caching/v1alpha1
-# knative.dev/eventing v0.39.1-0.20231117142309-2d1bfb5d54a9
+# knative.dev/eventing v0.39.1-0.20231120220132-67f382d60b43
 ## explicit; go 1.19
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
@@ -1381,7 +1381,7 @@ knative.dev/networking/pkg/http/probe
 knative.dev/networking/pkg/http/proxy
 knative.dev/networking/pkg/http/stats
 knative.dev/networking/pkg/k8s
-# knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98
+# knative.dev/pkg v0.0.0-20231120182734-703c8b0d5c34
 ## explicit; go 1.18
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate
@@ -1461,7 +1461,7 @@ knative.dev/pkg/webhook
 knative.dev/pkg/webhook/certificates
 knative.dev/pkg/webhook/certificates/resources
 knative.dev/pkg/webhook/resourcesemantics/conversion
-# knative.dev/serving v0.39.1-0.20231116002444-75613869a913
+# knative.dev/serving v0.39.1-0.20231120184713-7c33905ab3ed
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1