Adding things for OIDC test

matzew · matzew · commit 3d508cf4c0e8 · 2025-03-12T15:37:56.000+01:00
Signed-off-by: Matthias Wessendorf &lt;mwessend@redhat.com&gt;
diff --git a/test/rekt/features/integrationsink/features.go b/test/rekt/features/integrationsink/features.go
@@ -17,8 +17,13 @@ limitations under the License.
 package integrationsink
 
 import (
+	"context"
 	"time"
 
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"knative.dev/eventing/pkg/auth"
+	"knative.dev/reconciler-test/pkg/environment"
+
 	cetest "github.com/cloudevents/sdk-go/v2/test"
 	"github.com/google/uuid"
 	"knative.dev/eventing/test/rekt/features/featureflags"
@@ -95,3 +100,71 @@ func SuccessTLS() *feature.Feature {
 
 	return f
 }
+
+func OIDC() *feature.Feature {
+	f := feature.NewFeature()
+
+	integrationSink := feature.MakeRandomK8sName("integrationsink")
+	source := feature.MakeRandomK8sName("source")
+	sourceNoAudience := feature.MakeRandomK8sName("source-no-audience")
+
+	//sinkURL := &apis.URL{Scheme: "http", Host: sink}
+
+	event := cetest.FullEvent()
+	event.SetID(uuid.NewString())
+
+	eventNoAudience := cetest.FullEvent()
+	eventNoAudience.SetID(uuid.NewString())
+
+	f.Prerequisite("OIDC authentication is enabled", featureflags.AuthenticationOIDCEnabled())
+	f.Prerequisite("transport encryption is strict", featureflags.TransportEncryptionStrict())
+	f.Prerequisite("should not run when Istio is enabled", featureflags.IstioDisabled())
+
+	f.Setup("install integration sink", integrationsink.Install(integrationSink))
+
+	f.Setup("integrationsink is addressable", integrationsink.IsAddressable(integrationSink))
+	f.Setup("integrationsink is ready", integrationsink.IsReady(integrationSink))
+
+	f.Requirement("install source for ksink", eventshub.Install(source,
+		eventshub.StartSenderToResource(integrationsink.GVR(), integrationSink),
+		eventshub.InputEvent(event),
+		eventshub.AddSequence,
+		eventshub.SendMultipleEvents(2, time.Millisecond)))
+
+	f.Requirement("install source for ksink without audience", func(ctx context.Context, t feature.T) {
+		addr, err := integrationsink.Address(ctx, sourceNoAudience)
+		if err != nil {
+			t.Error(err)
+			return
+		}
+
+		eventshub.Install(sourceNoAudience,
+			eventshub.StartSenderURLTLS(addr.URL.String(), addr.CACerts),
+			eventshub.InputEvent(eventNoAudience))(ctx, t)
+	})
+
+	f.Assert("IntegrationSink has audience in address", func(ctx context.Context, t feature.T) {
+		gvk := schema.GroupVersionKind{
+			Group:   integrationsink.GVR().Group,
+			Version: integrationsink.GVR().Version,
+			Kind:    "IntegrationSink",
+		}
+		addressable.ValidateAddress(integrationsink.GVR(), integrationSink, addressable.AssertAddressWithAudience(
+			auth.GetAudienceDirect(gvk, environment.FromContext(ctx).Namespace(), integrationSink)),
+		)(ctx, t)
+	})
+
+	f.Assert("Source sent the event", assert.OnStore(source).
+		Match(assert.MatchKind(eventshub.EventResponse)).
+		Match(assert.MatchStatusCode(204)).
+		AtLeast(1),
+	)
+
+	f.Assert("Source sent the event", assert.OnStore(sourceNoAudience).
+		Match(assert.MatchKind(eventshub.EventResponse)).
+		Match(assert.MatchStatusCode(404)).
+		AtLeast(1),
+	)
+
+	return f
+}
diff --git a/test/rekt/integration_sink_test.go b/test/rekt/integration_sink_test.go
@@ -58,3 +58,18 @@ func TestIntegrationSinkSuccessTLS(t *testing.T) {
 
 	env.Test(ctx, t, integrationsink.SuccessTLS())
 }
+
+func TestIntegrationSinkOIDC(t *testing.T) {
+	t.Parallel()
+
+	ctx, env := global.Environment(
+		knative.WithKnativeNamespace(system.Namespace()),
+		knative.WithLoggingConfig,
+		knative.WithTracingConfig,
+		k8s.WithEventListener,
+		eventshub.WithTLS(t),
+		environment.Managed(t),
+	)
+
+	env.Test(ctx, t, integrationsink.OIDC())
+}
diff --git a/test/rekt/resources/integrationsink/integrationsink.go b/test/rekt/resources/integrationsink/integrationsink.go
@@ -5,6 +5,9 @@ import (
 	"embed"
 	"time"
 
+	"knative.dev/eventing/test/rekt/resources/addressable"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"knative.dev/reconciler-test/pkg/environment"
 	"knative.dev/reconciler-test/pkg/eventshub"
@@ -66,3 +69,8 @@ func IsNotReady(name string, timing ...time.Duration) feature.StepFn {
 func IsAddressable(name string, timings ...time.Duration) feature.StepFn {
 	return k8s.IsAddressable(GVR(), name, timings...)
 }
+
+// Address returns a IntegrationSink's address.
+func Address(ctx context.Context, name string, timings ...time.Duration) (*duckv1.Addressable, error) {
+	return addressable.Address(ctx, GVR(), name, timings...)
+}
