upgrade to latest dependencies (#1336)

bumping knative.dev/eventing 01d8ace...fd95228:
  > fd95228 Enable storage of EventType v1b2 (# 7594)
  > 6962251 Add a Prerequisite helper to check if the OIDC authentication feature flag is enabled (# 7609)
  > 341a8df [main] Update community files (# 7611)
  > bb5313d Remove OIDC service account, when OIDC feature is disabled again (# 7570)
  > 44ff98b Eventing TLS: Add scheme label to metrics (# 7581)
  > 8d6c6e4 Bump Go to v1.21 (# 7602)
  > 7cba45b Add TLS test for sequence (# 7600)

Signed-off-by: Knative Automation <automation@knative.team>

Author: knative-automation

go.mod

@@ -21,7 +21,7 @@ require (
 	k8s.io/client-go v0.28.5
 	k8s.io/code-generator v0.28.5
 	k8s.io/kube-openapi v0.0.0-20230928205116-a78145627833
-	knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891
+	knative.dev/eventing v0.40.0
 	knative.dev/hack v0.0.0-20240111013919-e89096d74d85
 	knative.dev/pkg v0.0.0-20240116073220-b488e7be5902
 	knative.dev/reconciler-test v0.0.0-20240116084801-50276dfba7b3

go.sum

@@ -842,8 +842,8 @@ k8s.io/kube-openapi v0.0.0-20230928205116-a78145627833 h1:iFFEmmB7szQhJP42AvRD2+
 k8s.io/kube-openapi v0.0.0-20230928205116-a78145627833/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891 h1:jVbxj/8FFdC0SbRLbznJjTFVtKt+DJjBSR3kgoYH4eE=
-knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891/go.mod h1:sdLjctz8g4pQJwyliGRv+7NrBDPV4O7cm4QyHVOLsUA=
+knative.dev/eventing v0.40.0 h1:zvMeKGBdQ5Us94Hdy7jmxpzyc1fdFnO4SS21+6nDSiU=
+knative.dev/eventing v0.40.0/go.mod h1:+yUUIyvX9fn9bCSH3012kc8rG7YBbjvvxwy1Kr53dRc=
 knative.dev/hack v0.0.0-20240111013919-e89096d74d85 h1:ERgPObDcW9LfaEPAeFvbW3UJcF3C3ul6B2ErNMv13OE=
 knative.dev/hack v0.0.0-20240111013919-e89096d74d85/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 h1:H6+JJN23fhwYWCHY1339sY6uhIyoUwDy1a8dN233fdk=

vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go

@@ -210,11 +210,19 @@ func NewClient(cfg ClientConfig) (Client, error) {
 		reporter:            cfg.Reporter,
 		crStatusEventClient: cfg.CrStatusEventClient,
 		oidcTokenProvider:   cfg.TokenProvider,
+		scheme:              "http",
 	}
 
 	if cfg.Env != nil {
 		client.audience = cfg.Env.GetAudience()
 		client.oidcServiceAccountName = cfg.Env.GetOIDCServiceAccountName()
+		sinkURI := cfg.Env.GetSink()
+		if sinkURI != "" {
+			parsedUrl, err := url.Parse(sinkURI)
+			if err == nil {
+				client.scheme = parsedUrl.Scheme
+			}
+		}
 	}
 
 	return client, nil
@@ -234,12 +242,12 @@ func setTimeOut(duration time.Duration) http.Option {
 }
 
 type client struct {
-	ceClient            cloudevents.Client
-	ceOverrides         *duckv1.CloudEventOverrides
-	reporter            source.StatsReporter
-	crStatusEventClient *crstatusevent.CRStatusEventClient
-	closeIdler          closeIdler
-
+	ceClient               cloudevents.Client
+	ceOverrides            *duckv1.CloudEventOverrides
+	reporter               source.StatsReporter
+	crStatusEventClient    *crstatusevent.CRStatusEventClient
+	closeIdler             closeIdler
+	scheme                 string
 	oidcTokenProvider      *auth.OIDCTokenProvider
 	audience               *string
 	oidcServiceAccountName *types.NamespacedName
@@ -302,13 +310,15 @@ func (c *client) reportMetrics(ctx context.Context, event cloudevents.Event, res
 	if c.reporter == nil {
 		return
 	}
+
 	tags := MetricTagFromContext(ctx)
 	reportArgs := &source.ReportArgs{
 		Namespace:     tags.Namespace,
 		EventSource:   event.Source(),
 		EventType:     event.Type(),
 		Name:          tags.Name,
 		ResourceGroup: tags.ResourceGroup,
+		EventScheme:   c.scheme,
 	}
 
 	var rres *http.RetriesResult

vendor/knative.dev/eventing/pkg/auth/serviceaccount.go

@@ -101,6 +101,26 @@ func EnsureOIDCServiceAccountExistsForResource(ctx context.Context, serviceAccou
 	return nil
 }
 
+// DeleteOIDCServiceAccountIfExists makes sure the given resource does not have an OIDC service account.
+// If it does that service account is deleted.
+func DeleteOIDCServiceAccountIfExists(ctx context.Context, serviceAccountLister corev1listers.ServiceAccountLister, kubeclient kubernetes.Interface, gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) error {
+	saName := GetOIDCServiceAccountNameForResource(gvk, objectMeta)
+	sa, err := serviceAccountLister.ServiceAccounts(objectMeta.Namespace).Get(saName)
+
+	if err == nil && metav1.IsControlledBy(&sa.ObjectMeta, &objectMeta) {
+		logging.FromContext(ctx).Debugf("OIDC Service account exists and has correct owner (%s/%s). Deleting OIDC service account", objectMeta.Name, objectMeta.Namespace)
+
+		err = kubeclient.CoreV1().ServiceAccounts(objectMeta.Namespace).Delete(ctx, sa.Name, metav1.DeleteOptions{})
+		if err != nil {
+			return fmt.Errorf("could not delete OIDC service account %s/%s for %s: %w", objectMeta.Name, objectMeta.Namespace, gvk.Kind, err)
+		}
+	} else if apierrs.IsNotFound(err) {
+		return nil
+	}
+
+	return err
+}
+
 type OIDCIdentityStatusMarker interface {
 	MarkOIDCIdentityCreatedSucceeded()
 	MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{})
@@ -119,6 +139,9 @@ func SetupOIDCServiceAccount(ctx context.Context, flags feature.Flags, serviceAc
 		}
 		marker.MarkOIDCIdentityCreatedSucceeded()
 	} else {
+		if err := DeleteOIDCServiceAccountIfExists(ctx, serviceAccountLister, kubeclient, gvk, objectMeta); err != nil {
+			return err
+		}
 		setAuthStatus(nil)
 		marker.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "")
 	}

vendor/knative.dev/eventing/pkg/metrics/metrics.go

@@ -45,6 +45,9 @@ const (
 	// LabelEventType is the label for the name of the event type.
 	LabelEventType = "event_type"
 
+	// LabelEventType is the label for the name of the event type.
+	LabelEventScheme = "event_scheme"
+
 	// LabelEventSource is the label for the name of the event source.
 	LabelEventSource = "event_source"
 

vendor/knative.dev/eventing/pkg/metrics/source/stats_reporter.go

@@ -50,6 +50,7 @@ var (
 	namespaceKey           = tag.MustNewKey(eventingmetrics.LabelNamespaceName)
 	eventSourceKey         = tag.MustNewKey(eventingmetrics.LabelEventSource)
 	eventTypeKey           = tag.MustNewKey(eventingmetrics.LabelEventType)
+	eventScheme            = tag.MustNewKey(eventingmetrics.LabelEventScheme)
 	sourceNameKey          = tag.MustNewKey(eventingmetrics.LabelName)
 	sourceResourceGroupKey = tag.MustNewKey(eventingmetrics.LabelResourceGroup)
 	responseCodeKey        = tag.MustNewKey(eventingmetrics.LabelResponseCode)
@@ -62,6 +63,7 @@ var (
 type ReportArgs struct {
 	Namespace     string
 	EventType     string
+	EventScheme   string
 	EventSource   string
 	Name          string
 	ResourceGroup string
@@ -122,6 +124,7 @@ func (r *reporter) generateTag(args *ReportArgs, responseCode int) (context.Cont
 		tag.Insert(namespaceKey, args.Namespace),
 		tag.Insert(eventSourceKey, args.EventSource),
 		tag.Insert(eventTypeKey, args.EventType),
+		tag.Insert(eventScheme, args.EventScheme),
 		tag.Insert(sourceNameKey, args.Name),
 		tag.Insert(sourceResourceGroupKey, args.ResourceGroup),
 		metrics.MaybeInsertIntTag(responseCodeKey, responseCode, responseCode > 0),
@@ -135,12 +138,14 @@ func register() {
 		namespaceKey,
 		eventSourceKey,
 		eventTypeKey,
+		eventScheme,
 		sourceNameKey,
 		sourceResourceGroupKey,
 		responseCodeKey,
 		responseCodeClassKey,
 		responseError,
-		responseTimeout}
+		responseTimeout,
+	}
 
 	// Create view to see our measurements.
 	if err := view.Register(

vendor/knative.dev/eventing/test/rekt/features/featureflags/featureflags.go

@@ -60,6 +60,20 @@ func TransportEncryptionStrict() feature.ShouldRun {
 	}
 }
 
+func AuthenticationOIDCEnabled() feature.ShouldRun {
+	return func(ctx context.Context, t feature.T) (feature.PrerequisiteResult, error) {
+		flags, err := getFeatureFlags(ctx, "config-features")
+		if err != nil {
+			return feature.PrerequisiteResult{}, err
+		}
+
+		return feature.PrerequisiteResult{
+			ShouldRun: flags.IsOIDCAuthentication(),
+			Reason:    flags.String(),
+		}, nil
+	}
+}
+
 func IstioDisabled() feature.ShouldRun {
 	return func(ctx context.Context, t feature.T) (feature.PrerequisiteResult, error) {
 		flags, err := getFeatureFlags(ctx, "config-features")

vendor/modules.txt

@@ -1084,8 +1084,8 @@ k8s.io/utils/pointer
 k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.39.1-0.20240119013412-01d8acead891
-## explicit; go 1.19
+# knative.dev/eventing v0.40.0
+## explicit; go 1.21
 knative.dev/eventing/cmd/heartbeats
 knative.dev/eventing/pkg/adapter/v2
 knative.dev/eventing/pkg/adapter/v2/util/crstatusevent