fix: do not build OIDC config unless enabled

[Cali0707]

Temporary fix for #3901 (this does not fix the underlying problem as far as I can tell, but will enable anyone not interested in OIDC to use 1.14+)

Proposed Changes

• Do not load the OIDC config unless it is enabled
• Refactor the receiver Main class to allow for redeploying the receiver verticles when the OIDC config changes
• Set an annotation on the receiver pods to force k8s to update the files mounted from the config-features configmap, so that the receiver quickly picks up on changes to feature flags.

Release Note

The receiver components now successfully start on EKS. Special shoutout to @treyhyde for help debugging this.

[Cali0707]

/cc @pierDipi

[Cali0707]

/cherry-pick release-1.15

[knative-prow-robot]

@Cali0707: once the present PR merges, I will cherry-pick it on top of release-1.15 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Cali0707]

/cherry-pick release-1.14

[knative-prow-robot]

@Cali0707: once the present PR merges, I will cherry-pick it on top of release-1.14 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov]

Codecov Report

Attention: Patch coverage is 31.42857% with 24 lines in your changes missing coverage. Please review.

Project coverage is 48.39%. Comparing base (135c294) to head (c002762).
Report is 5 commits behind head on main.

Files	Patch %	Lines
control-plane/pkg/reconciler/base/reconciler.go	46.66%	7 Missing and 1 partial ⚠️
control-plane/pkg/reconciler/broker/broker.go	0.00%	0 Missing and 4 partials ⚠️
control-plane/pkg/reconciler/broker/controller.go	33.33%	1 Missing and 1 partial ⚠️
control-plane/pkg/reconciler/channel/channel.go	0.00%	0 Missing and 2 partials ⚠️
control-plane/pkg/reconciler/channel/controller.go	33.33%	1 Missing and 1 partial ⚠️
control-plane/pkg/reconciler/sink/controller.go	33.33%	1 Missing and 1 partial ⚠️
control-plane/pkg/reconciler/sink/kafka_sink.go	0.00%	0 Missing and 2 partials ⚠️
control-plane/pkg/reconciler/trigger/trigger.go	0.00%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4021      +/-   ##
==========================================
- Coverage   48.48%   48.39%   -0.10%     
==========================================
  Files         244      244              
  Lines       14469    14511      +42     
==========================================
+ Hits         7016     7022       +6     
- Misses       6746     6778      +32     
- Partials      707      711       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Cali0707]

/retest-required

[Cali0707]

TODO (as a follow up): refactor the FileWatcher class to be able to either watch a single file or a directory. Because of how configmaps are mounted as files into pods this PR just watches the specific file associated with the OIDC feature flag. But, going forwards we will probably end up wanting to support more feature flags, so we should make the FileWatcher class more generic there

[Cali0707]

/retest-required

[Cali0707]

/cc @pierDipi

This should be good to go now, I updated it to not redeploy the verticles (like we had discussed offline).

Now, we are using a listener + callback pattern for the OIDC Discovery stuff

[Cali0707]

/retest-required

[Cali0707]

/retest-required

[Cali0707]

/hold

Looks like the tests are failing for some reason...

[creydr]

/home/prow/go/src/knative.dev/eventing-kafka-broker is out of date. Please run hack/update-codegen.sh

@Cali0707 can you run it?

[creydr]

IIUC you are using this return value as some "id", which you later pass to "deregisterCallback()". This uses .set(id, null) to remove it.
So you do the following on an initial empty arraylist

1. add a callback
2. return as "callbackId" 1
3. later want to deregister the callbackId 1, but actually you would need to call deregisterCallback(0)

sry, but I didn't find a way to explain it more complicated 🤦

tl;dr; is, that IIUC, you should return here this.callbacks.size() - 1, if you want to use this as the "callbackId"

[creydr]

Thanks for working on this 💪 . Did a first round. But I probably need to run it locally too :D

[creydr]

Maybe we can add a quick note somewhere, that the FileWatcher runs the callbacks, when it gets started (in it's .run() ), that way we can be "sure", that this.authenticationHandler is not null (which is used in line 243)

[Cali0707]

/cc @creydr

Thanks for taking a first look!

[Cali0707]

/test integration-tests

[Cali0707]

/unhold

Seems like things are passing now, thanks for finding that off by one error @creydr !!

[creydr]

Thanks a lot for fixing this @Cali0707
/lgtm

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707, creydr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Cali0707,creydr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Cali0707]

/test upgrade-tests

[Cali0707]

/test upgrade-tests

Last failure looks like a flake, cert-manager failed to come ready

[knative-prow-robot]

@Cali0707: #4021 failed to apply on top of branch "release-1.15":

Applying: fix: do not build OIDC config unless enabled
Using index info to reconstruct a base tree...
M	data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
Falling back to patching base and 3-way merge...
Auto-merging data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
Applying: feat: receiver redeploys verticles when oidc feature changes
Using index info to reconstruct a base tree...
M	data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
Falling back to patching base and 3-way merge...
Auto-merging data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
CONFLICT (content): Merge conflict in data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 feat: receiver redeploys verticles when oidc feature changes
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-1.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[knative-prow-robot]

@Cali0707: #4021 failed to apply on top of branch "release-1.14":

Applying: fix: do not build OIDC config unless enabled
Using index info to reconstruct a base tree...
M	data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
Falling back to patching base and 3-way merge...
Auto-merging data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
Applying: feat: receiver redeploys verticles when oidc feature changes
Using index info to reconstruct a base tree...
M	data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
Falling back to patching base and 3-way merge...
Auto-merging data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
CONFLICT (content): Merge conflict in data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/Main.java
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 feat: receiver redeploys verticles when oidc feature changes
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-1.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[knative-prow]

@Cali0707: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
unit-tests_eventing-kafka-broker_main	c002762	link	unknown	/test unit-tests
upgrade-tests_eventing-kafka-broker_main	c002762	link	unknown	/test upgrade-tests
reconciler-tests-namespaced-broker_eventing-kafka-broker_main	c002762	link	unknown	/test reconciler-tests-namespaced-broker
channel-reconciler-tests-sasl-plain_eventing-kafka-broker_main	c002762	link	unknown	/test channel-reconciler-tests-sasl-plain

Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.