Add service account resource #588
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: creydr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow
bot
added
the
approved
|
/assign @pierDipi |
knative-prow
bot
added
the
size/L
| // WaitForBeingAvailable waits until the given service account was created by | ||
| // some 3rd party | ||
| func WaitForBeingAvailable(name string, timing ...time.Duration) feature.StepFn { |
There was a problem hiding this comment.
This is to very that a given resource like "trigger" has created a service account?
There was a problem hiding this comment.
Ideally, we don't enter in such implementation details in E2E tests, the contract and therefore the E2E behavior we need to verify is that "the subscriber will receive a JWT token emitted by the k8s configured issuer", the SA is the means we use for that but I think we should verify that the subscriber is receiving such tokens not that a SA is created (that's an implementation detail)
There was a problem hiding this comment.
This is to very that a given resource like "trigger" has created a service account?
Yes.
Ideally, we don't enter in such implementation details in E2E tests
hmmm. I see your point, but how would you check then, that e.g. the trigger reconciler really creates the OIDC SA?
There was a problem hiding this comment.
I would verify that the token you receive in the eventshub subscriber is what you expect (you need to do that anyway since that actually tests everything E2E, data plane included)
There was a problem hiding this comment.
basically, we don't check "The SA is created" but "the token with the SA identity is received" and that's transitively testing that the SA exists
|
As discussed, we will close this for now until we are clearer how to proceed for the eventhub |
Changes
/kind enhancement