search

knative / docs

User documentation for Knative components.
https://knative.dev/docs/
Other
4.54k stars 1.23k forks source link

Add documentation for OIDC feature flag #5799

Closed creydr closed 9 months ago

creydr commented 10 months ago

What is changing?

Knative Eventing will support OIDC authentication between senders and receivers. When the authentication-oidc feature flag is set to true, the core resources addressabled (e.g. Broker, Channel, Sequence, Parallel) will announce their OIDC audience in their status (.status.address.audience). Senders (e.g. channel/broker dispatchers) will request an OIDC token for their targets audience and add it to their request (as a Bearer token in the Authorization header). The subject of the OIDC token, will be a dedicated service accounts identity from the sender (each sending resource from eventing-core, will create an additional OIDC service account only for this purpose).

How will this impact our users?

When the OIDC feature flag is enabled, eventing-core addressables will reject requests which do not contain a Bearer token in their Authorization header and if the audience of the token does not match the addressables audience.

In what release will this take happen (to the best of your knowledge)?

Ex. v1.13

Context

Project dashboard: https://github.com/orgs/knative/projects/66

Additional Information:

AryanParashar24 commented 10 months ago

hey @creydr can u assign it to me

kumarankit999 commented 10 months ago

Go ahead Aryan!

/assign @AryanParashar24

Leo6Leo commented 10 months ago

/triage accepted Thanks for picking up this issue! @AryanParashar24 Thanks for the help @kumarankit999 !

creydr commented 9 months ago

Hello @AryanParashar24, thanks for taking this. With the release coming up next week, do you already have a PR ready for review? Let us know, when/how we can support you on this.

Leo6Leo commented 9 months ago

Hey @AryanParashar24 ! I hope you're doing well! We've noticed that there hasn't been much activity on this issue recently and we've missed your input. We just wanted to check in and see if everything is okay!

I understand that life gets busy and priorities can shift. If you have already starting tackling this issue, that's great! Please let us know if you need any support. However, if you're tied up with other commitments, no worries at all - just give us a heads-up so we make the accommodation.

As release is coming up, this issue is treated as high priority. Please let me know by commenting here within next 24 hours, otherwise I will be releasing this issue! Thanks!

AryanParashar24 commented 9 months ago

I m really really really sorry for this due in the contribution, I was busy in exams and some other commits although I should have informed u in advance. I have been looking into the project and the oidc collaboration with the platform although it would be really helpful to get all the resources or requirements for the contribution to shorten up the time.

I would be working onto this from now actively, But if the release is scheduled to release vy soon within these 2-4 days then u might release it open to others, so again really really sorry for this due in time I will soon be working on it actively or u may open it to others if it's a scheduled to release within 2-4 day.

creydr commented 9 months ago

I m really really really sorry for this due in the contribution, I was busy in exams and some other commits although I should have informed u in advance. I have been looking into the project and the oidc collaboration with the platform although it would be really helpful to get all the resources or requirements for the contribution to shorten up the time.

I would be working onto this from now actively, But if the release is scheduled to release vy soon within these 2-4 days then u might release it open to others, so again really really sorry for this due in time I will soon be working on it actively or u may open it to others if it's a scheduled to release within 2-4 day.

Hello @AryanParashar24, thanks for your reply. As the release is this week and you're a bit short in time for this this week, we could do the following:

What do you think about this?

AryanParashar24 commented 9 months ago

I m really really really sorry for this due in the contribution, I was busy in exams and some other commits although I should have informed u in advance. I have been looking into the project and the oidc collaboration with the platform although it would be really helpful to get all the resources or requirements for the contribution to shorten up the time. I would be working onto this from now actively, But if the release is scheduled to release vy soon within these 2-4 days then u might release it open to others, so again really really sorry for this due in time I will soon be working on it actively or u may open it to others if it's a scheduled to release within 2-4 day.

Hello @AryanParashar24, thanks for your reply. As the release is this week and you're a bit short in time for this this week, we could do the following:

  • I add some basic docs about this feature so that the user knows at least what it is about and how to enable/disable it (as it is part of the new version).
  • You improve this documentation later with more information and we even could backport it.

What do you think about this?

Yeah that would be fine i can contribute later in the documentation for sure i m really excited about it.