OIDC - Support auto generation of PingSource identity service account and expose in AuthStatus

pkg/adapter/mtping/pingsource_test.go

@@ -89,6 +89,7 @@ func TestAllCases(t *testing.T) {
 					rtv1.WithPingSourceDeployed,
 					rtv1.WithPingSourceSink(sinkAddr),
 					rtv1.WithPingSourceCloudEventAttributes,
+					rtv1.WithPingSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled(),
 				),
 			},
 			WantErr: false,
@@ -112,6 +113,7 @@ func TestAllCases(t *testing.T) {
 					rtv1.WithPingSourceDeployed,
 					rtv1.WithPingSourceSink(sinkAddr),
 					rtv1.WithPingSourceCloudEventAttributes,
+					rtv1.WithPingSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled(),
 				),
 			},
 			WantErr: false,
@@ -137,6 +139,7 @@ func TestAllCases(t *testing.T) {
 					rtv1.WithPingSourceDeployed,
 					rtv1.WithPingSourceSink(sinkAddr),
 					rtv1.WithPingSourceCloudEventAttributes,
+					rtv1.WithPingSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled(),
 				),
 			},
 			WantErr: false,
@@ -162,6 +165,7 @@ func TestAllCases(t *testing.T) {
 					rtv1.WithPingSourceDeployed,
 					rtv1.WithPingSourceSink(sinkAddr),
 					rtv1.WithPingSourceCloudEventAttributes,
+					rtv1.WithPingSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled(),
 				),
 			},
 			WantErr: false,
@@ -188,6 +192,7 @@ func TestAllCases(t *testing.T) {
 					rtv1.WithPingSourceSink(sinkAddr),
 					rtv1.WithPingSourceCloudEventAttributes,
 					rtv1.WithPingSourceDeleted,
+					rtv1.WithPingSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled(),
 				),
 			},
 			WantErr: false,
@@ -210,6 +215,7 @@ func TestAllCases(t *testing.T) {
 					rtv1.WithPingSourceSink(sinkAddr),
 					rtv1.WithPingSourceCloudEventAttributes,
 					rtv1.WithPingSourceDeleted,
+					rtv1.WithPingSourceOIDCIdentityCreatedSucceededBecauseOIDCFeatureDisabled(),
 				),
 			},
 			WantErr: false,

pkg/apis/sources/v1/ping_lifecycle.go

@@ -35,11 +35,15 @@ const (
 
 	// PingSourceConditionDeployed has status True when the PingSource has had it's receive adapter deployment created.
 	PingSourceConditionDeployed apis.ConditionType = "Deployed"
+
+	// PingSourceConditionOIDCIdentityCreated has status True when the PingSource has had it's OIDC identity created.
+	PingSourceConditionOIDCIdentityCreated apis.ConditionType = "OIDCIdentityCreated"
 )
 
 var PingSourceCondSet = apis.NewLivingConditionSet(
 	PingSourceConditionSinkProvided,
-	PingSourceConditionDeployed)
+	PingSourceConditionDeployed,
+	PingSourceConditionOIDCIdentityCreated)
 
 const (
 	// PingSourceEventType is the default PingSource CloudEvent type.
@@ -122,3 +126,19 @@ func (s *PingSourceStatus) PropagateDeploymentAvailability(d *appsv1.Deployment)
 		PingSourceCondSet.Manage(s).MarkUnknown(PingSourceConditionDeployed, "DeploymentUnavailable", "The Deployment '%s' is unavailable.", d.Name)
 	}
 }
+
+func (s *PingSourceStatus) MarkOIDCIdentityCreatedSucceeded() {
+	PingSourceCondSet.Manage(s).MarkTrue(PingSourceConditionOIDCIdentityCreated)
+}
+
+func (s *PingSourceStatus) MarkOIDCIdentityCreatedSucceededWithReason(reason, messageFormat string, messageA ...interface{}) {
+	PingSourceCondSet.Manage(s).MarkTrueWithReason(PingSourceConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}
+
+func (s *PingSourceStatus) MarkOIDCIdentityCreatedFailed(reason, messageFormat string, messageA ...interface{}) {
+	PingSourceCondSet.Manage(s).MarkFalse(PingSourceConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}
+
+func (s *PingSourceStatus) MarkOIDCIdentityCreatedUnknown(reason, messageFormat string, messageA ...interface{}) {
+	PingSourceCondSet.Manage(s).MarkUnknown(PingSourceConditionOIDCIdentityCreated, reason, messageFormat, messageA...)
+}

pkg/apis/sources/v1/ping_lifecycle_test.go

@@ -59,23 +59,26 @@ func TestPingSourceStatusIsReady(t *testing.T) {
 	}
 
 	tests := []struct {
-		name                string
-		s                   *PingSourceStatus
-		wantConditionStatus corev1.ConditionStatus
-		want                bool
+		name                     string
+		s                        *PingSourceStatus
+		wantConditionStatus      corev1.ConditionStatus
+		want                     bool
+		oidcServiceAccountStatus bool
 	}{{
-		name: "uninitialized",
-		s:    &PingSourceStatus{},
-		want: false,
+		name:                     "uninitialized",
+		s:                        &PingSourceStatus{},
+		want:                     false,
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "initialized",
 		s: func() *PingSourceStatus {
 			s := &PingSourceStatus{}
 			s.InitializeConditions()
 			return s
 		}(),
-		wantConditionStatus: corev1.ConditionUnknown,
-		want:                false,
+		wantConditionStatus:      corev1.ConditionUnknown,
+		want:                     false,
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark deployed",
 		s: func() *PingSourceStatus {
@@ -84,8 +87,9 @@ func TestPingSourceStatusIsReady(t *testing.T) {
 			s.PropagateDeploymentAvailability(availableDeployment)
 			return s
 		}(),
-		wantConditionStatus: corev1.ConditionUnknown,
-		want:                false,
+		wantConditionStatus:      corev1.ConditionUnknown,
+		want:                     false,
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark sink",
 		s: func() *PingSourceStatus {
@@ -95,8 +99,9 @@ func TestPingSourceStatusIsReady(t *testing.T) {
 			s.MarkSink(exampleAddr)
 			return s
 		}(),
-		wantConditionStatus: corev1.ConditionUnknown,
-		want:                false,
+		wantConditionStatus:      corev1.ConditionUnknown,
+		want:                     false,
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark sink and deployed",
 		s: func() *PingSourceStatus {
@@ -106,12 +111,33 @@ func TestPingSourceStatusIsReady(t *testing.T) {
 			s.PropagateDeploymentAvailability(availableDeployment)
 			return s
 		}(),
-		wantConditionStatus: corev1.ConditionTrue,
-		want:                true,
-	}}
+		wantConditionStatus:      corev1.ConditionTrue,
+		want:                     true,
+		oidcServiceAccountStatus: true,
+	},
+		{
+			name: "oidc status false",
+			s: func() *PingSourceStatus {
+				s := &PingSourceStatus{}
+				s.InitializeConditions()
+				s.MarkSink(exampleAddr)
+				s.PropagateDeploymentAvailability(availableDeployment)
+				return s
+			}(),
+			wantConditionStatus:      corev1.ConditionFalse,
+			want:                     false,
+			oidcServiceAccountStatus: false,
+		},
+	}
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
+			if test.oidcServiceAccountStatus {
+				test.s.MarkOIDCIdentityCreatedSucceeded()
+			} else {
+				test.s.MarkOIDCIdentityCreatedFailed("Unable to ...", "")
+			}
+
 			if test.wantConditionStatus != "" {
 				gotConditionStatus := test.s.GetTopLevelCondition().Status
 				if gotConditionStatus != test.wantConditionStatus {
@@ -122,6 +148,7 @@ func TestPingSourceStatusIsReady(t *testing.T) {
 			if got != test.want {
 				t.Errorf("unexpected readiness: want %v, got %v", test.want, got)
 			}
+
 		})
 	}
 }
@@ -133,13 +160,18 @@ func TestPingSourceStatusGetTopLevelCondition(t *testing.T) {
 	}
 
 	tests := []struct {
-		name string
-		s    *PingSourceStatus
-		want *apis.Condition
+		name                     string
+		s                        *PingSourceStatus
+		want                     *apis.Condition
+		oidcServiceAccountStatus bool
 	}{{
 		name: "uninitialized",
 		s:    &PingSourceStatus{},
-		want: nil,
+		want: &apis.Condition{
+			Type:   PingSourceConditionReady,
+			Status: corev1.ConditionUnknown,
+		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "initialized",
 		s: func() *PingSourceStatus {
@@ -151,6 +183,7 @@ func TestPingSourceStatusGetTopLevelCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionUnknown,
 		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark deployed",
 		s: func() *PingSourceStatus {
@@ -163,6 +196,7 @@ func TestPingSourceStatusGetTopLevelCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionUnknown,
 		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark sink",
 		s: func() *PingSourceStatus {
@@ -175,6 +209,7 @@ func TestPingSourceStatusGetTopLevelCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionUnknown,
 		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark sink and deployed",
 		s: func() *PingSourceStatus {
@@ -188,10 +223,34 @@ func TestPingSourceStatusGetTopLevelCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionTrue,
 		},
-	}}
+		oidcServiceAccountStatus: true,
+	},
+		{
+			name: "oidc fail",
+			s: func() *PingSourceStatus {
+				s := &PingSourceStatus{}
+				s.InitializeConditions()
+				s.MarkSink(exampleAddr)
+				s.PropagateDeploymentAvailability(availableDeployment)
+				return s
+			}(),
+			want: &apis.Condition{
+				Type:   PingSourceConditionReady,
+				Status: corev1.ConditionFalse,
+				Reason: "Unable to ...",
+			},
+			oidcServiceAccountStatus: false,
+		},
+	}
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
+			if test.oidcServiceAccountStatus {
+				test.s.MarkOIDCIdentityCreatedSucceeded()
+			} else {
+				test.s.MarkOIDCIdentityCreatedFailed("Unable to ...", "")
+			}
+
 			got := test.s.GetTopLevelCondition()
 			ignoreTime := cmpopts.IgnoreFields(apis.Condition{},
 				"LastTransitionTime", "Severity")
@@ -209,15 +268,20 @@ func TestPingSourceStatusGetCondition(t *testing.T) {
 	}
 
 	tests := []struct {
-		name      string
-		s         *PingSourceStatus
-		condQuery apis.ConditionType
-		want      *apis.Condition
+		name                     string
+		s                        *PingSourceStatus
+		condQuery                apis.ConditionType
+		want                     *apis.Condition
+		oidcServiceAccountStatus bool
 	}{{
 		name:      "uninitialized",
 		s:         &PingSourceStatus{},
 		condQuery: PingSourceConditionReady,
-		want:      nil,
+		want: &apis.Condition{
+			Type:   PingSourceConditionReady,
+			Status: corev1.ConditionUnknown,
+		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "initialized",
 		s: func() *PingSourceStatus {
@@ -230,6 +294,7 @@ func TestPingSourceStatusGetCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionUnknown,
 		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark deployed",
 		s: func() *PingSourceStatus {
@@ -243,6 +308,7 @@ func TestPingSourceStatusGetCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionUnknown,
 		},
+		oidcServiceAccountStatus: true,
 	}, {
 		name: "mark sink",
 		s: func() *PingSourceStatus {
@@ -256,10 +322,31 @@ func TestPingSourceStatusGetCondition(t *testing.T) {
 			Type:   PingSourceConditionReady,
 			Status: corev1.ConditionUnknown,
 		},
+		oidcServiceAccountStatus: true,
+	}, {
+		name: "oidc failed",
+		s: func() *PingSourceStatus {
+			s := &PingSourceStatus{}
+			s.InitializeConditions()
+			s.MarkSink(exampleAddr)
+			return s
+		}(),
+		condQuery: PingSourceConditionReady,
+		want: &apis.Condition{
+			Type:   PingSourceConditionReady,
+			Status: corev1.ConditionFalse,
+			Reason: "Unable to ...",
+		},
+		oidcServiceAccountStatus: false,
 	}}
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
+			if test.oidcServiceAccountStatus {
+				test.s.MarkOIDCIdentityCreatedSucceeded()
+			} else {
+				test.s.MarkOIDCIdentityCreatedFailed("Unable to ...", "")
+			}
 			got := test.s.GetCondition(test.condQuery)
 			ignoreTime := cmpopts.IgnoreFields(apis.Condition{},
 				"LastTransitionTime", "Severity")