Removing unused pubsubSecret from sources.spec

config/300-cloudauditlogssource.yaml

@@ -56,10 +56,7 @@ spec:
           properties:
             secret:
               type: object
-              description: "Credential used to pull Stackdriver audit log pubsub messages. Must be a service account key in JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). If omitted, defaults to 'google-cloud-key'"
-            pubSubSecret:
-              type: object
-              description: "Optional credential to use for creating a Topic and subscribing to the Topic. If omitted, uses secret. Must be a service account key in JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys)."
+              description: "Credential used to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
             serviceAccountName:
               type: string
               description: "Service Account to run Receive Adapter as. If omitted, uses 'default'."

config/300-cloudpubsubsource.yaml

@@ -59,7 +59,7 @@ spec:
           properties:
             secret:
               type: object
-              description: "Credential to use to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
+              description: "Credential used to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
             project:
               type: string
               description: "ID of the Google Cloud Project that the Pub/Sub Topic exists in. E.g. 'my-project-1234' rather than its display name, 'My Project' or its number '1234567890'. If omitted uses the Project ID from the GKE cluster metadata service."

config/300-cloudschedulersource.yaml

@@ -56,10 +56,7 @@ spec:
           properties:
             secret:
               type: object
-              description: "Credential to use for managing Scheduler Jobs. Must be a service account key in JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). If omitted, defaults to 'google-cloud-key'."
-            pubSubSecret:
-              type: object
-              description: "Optional credential to use for creating a Topic and subscribing to the Topic. If omitted, uses secret. Must be a service account key in JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys)."
+              description: "Credential used to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
             project:
               type: string
               description: "Google Cloud Project ID of the project into which the Scheduler job should be created. If omitted uses the Project ID from the GKE cluster metadata service."

config/300-cloudstoragesource.yaml

@@ -59,10 +59,7 @@ spec:
           properties:
             secret:
               type: object
-              description: "Credential to use for managing GCS notifications. Must be a service account key in JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). If omitted, defaults to 'google-cloud-key'."
-            pubSubSecret:
-              type: object
-              description: "Optional credential to use for creating a Topic and subscribing to the Topic. If omitted, uses secret. Must be a service account key in JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys)."
+              description: "Credential used to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
             serviceAccountName:
               type: string
               description: "Service Account to run Receive Adapter as. If omitted, uses 'default'."

config/300-pullsubscription.yaml

@@ -53,7 +53,7 @@ spec:
           properties:
             secret:
               type: object
-              description: "Credential to use to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
+              description: "Credential used to poll the Cloud Pub/Sub Subscription. It is not used to create or delete the Subscription, only to poll it. The value of the secret entry must be a service account key in the JSON format (see https://cloud.google.com/iam/docs/creating-managing-service-account-keys). Defaults to secret.name of 'google-cloud-key' and secret.key of 'key.json'."
             project:
               type: string
               description: "ID of the Google Cloud Project that the Pub/Sub Topic exists in. E.g. 'my-project-1234' rather than its display name, 'My Project' or its number '1234567890'. If omitted uses the Project ID from the GKE cluster metadata service."

pkg/apis/duck/v1alpha1/pubsub_types.go

@@ -50,17 +50,13 @@ type PubSubSpec struct {
 	// This brings in CloudEventOverrides and Sink.
 	duckv1.SourceSpec `json:",inline"`
 
-	// Secret is the credential to use to create the "entity" in GCP.
+	// Secret is the credential to use to poll from a Cloud Pub/Sub subscription.
 	// If not specified, defaults to:
 	// Name: google-cloud-key
 	// Key: key.json
 	// +optional
 	Secret *corev1.SecretKeySelector `json:"secret,omitempty"`
 
-	// PubSubSecret is the credential to use to create
-	// Topic / PullSubscription resources. If omitted, uses Secret
-	PubSubSecret *corev1.SecretKeySelector `json:"pubsubSecret,omitempty"`
-
 	// Project is the ID of the Google Cloud Project that the PubSub Topic exists in.
 	// If omitted, defaults to same as the cluster.
 	// +optional
@@ -134,10 +130,6 @@ func (s *PubSub) Populate() {
 		LocalObjectReference: corev1.LocalObjectReference{Name: "secret"},
 		Key:                  "secretkey",
 	}
-	s.Spec.PubSubSecret = &corev1.SecretKeySelector{
-		LocalObjectReference: corev1.LocalObjectReference{Name: "pubsubsecret"},
-		Key:                  "pubsubkey",
-	}
 	s.Status.ObservedGeneration = 42
 	s.Status.Conditions = duckv1.Conditions{{
 		// Populate ALL fields

pkg/apis/events/v1alpha1/cloudauditlogssource_validation.go

@@ -18,9 +18,13 @@ package v1alpha1
 
 import (
 	"context"
+
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/equality"
 	"knative.dev/pkg/apis"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
 )
 
 func (current *CloudAuditLogsSource) Validate(ctx context.Context) *apis.FieldError {
@@ -29,6 +33,14 @@ func (current *CloudAuditLogsSource) Validate(ctx context.Context) *apis.FieldEr
 
 func (current *CloudAuditLogsSourceSpec) Validate(ctx context.Context) *apis.FieldError {
 	var errs *apis.FieldError
+
+	// Sink [required]
+	if equality.Semantic.DeepEqual(current.Sink, duckv1.Destination{}) {
+		errs = errs.Also(apis.ErrMissingField("sink"))
+	} else if err := current.Sink.Validate(ctx); err != nil {
+		errs = errs.Also(err.ViaField("sink"))
+	}
+
 	// ServiceName [required]
 	if current.ServiceName == "" {
 		errs = errs.Also(apis.ErrMissingField("serviceName"))
@@ -38,6 +50,15 @@ func (current *CloudAuditLogsSourceSpec) Validate(ctx context.Context) *apis.Fie
 		errs = errs.Also(apis.ErrMissingField("methodName"))
 	}
 
+	if current.Secret != nil {
+		if !equality.Semantic.DeepEqual(current.Secret, &corev1.SecretKeySelector{}) {
+			err := validateSecret(current.Secret)
+			if err != nil {
+				errs = errs.Also(err.ViaField("secret"))
+			}
+		}
+	}
+
 	return errs
 }
 

pkg/apis/events/v1alpha1/cloudauditlogssource_validation_test.go

@@ -77,6 +77,16 @@ func TestCloudAuditLogsSourceValidationFields(t *testing.T) {
 			}(),
 			error: true,
 		},
+		"invalid scheduler secret, missing key": {
+			spec: func() CloudAuditLogsSourceSpec {
+				obj := auditLogsSourceSpec.DeepCopy()
+				obj.Secret = &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{Name: "test-secret"},
+				}
+				return *obj
+			}(),
+			error: true,
+		},
 	}
 	for n, tc := range testCases {
 		t.Run(n, func(t *testing.T) {

pkg/apis/events/v1alpha1/cloudpubsubsource_validation.go

@@ -21,6 +21,7 @@ import (
 	"time"
 
 	duckv1alpha1 "github.com/google/knative-gcp/pkg/apis/duck/v1alpha1"
+	corev1 "k8s.io/api/core/v1"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 
 	"github.com/google/go-cmp/cmp/cmpopts"
@@ -76,6 +77,15 @@ func (current *CloudPubSubSourceSpec) Validate(ctx context.Context) *apis.FieldE
 		}
 	}
 
+	if current.Secret != nil {
+		if !equality.Semantic.DeepEqual(current.Secret, &corev1.SecretKeySelector{}) {
+			err := validateSecret(current.Secret)
+			if err != nil {
+				errs = errs.Also(err.ViaField("secret"))
+			}
+		}
+	}
+
 	return errs
 }