From 9431ce929a4f368959eb94a62d50de3b7d08b6cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20St=C3=A4bler?= <cstabler@redhat.com>
Date: Fri, 10 Nov 2023 15:34:15 +0100
Subject: [PATCH] Add e2e test if channel implementation exposes OIDC audience
 (#7381)

* Make some oidc addressable conformance tests private

* Add OIDC audience population test for Channel implementation
---
 .../oidc/addressable_oidc_conformance.go      | 16 +++++++--------
 test/auth/oidc_test.go                        | 20 +++++++++++++++++++
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/test/auth/features/oidc/addressable_oidc_conformance.go b/test/auth/features/oidc/addressable_oidc_conformance.go
index f9e6923b7a1..a5e7378b6c8 100644
--- a/test/auth/features/oidc/addressable_oidc_conformance.go
+++ b/test/auth/features/oidc/addressable_oidc_conformance.go
@@ -47,10 +47,10 @@ func AddressableOIDCTokenConformance(gvr schema.GroupVersionResource, kind, name
 	fs := feature.FeatureSet{
 		Name: fmt.Sprintf("%s handles requests with OIDC tokens correctly", kind),
 		Features: []*feature.Feature{
-			AddressableRejectInvalidAudience(gvr, kind, name),
-			AddressableRejectCorruptedSignature(gvr, kind, name),
-			AddressableRejectExpiredToken(gvr, kind, name),
-			AddressableAllowsValidRequest(gvr, kind, name),
+			addressableRejectInvalidAudience(gvr, kind, name),
+			addressableRejectCorruptedSignature(gvr, kind, name),
+			addressableRejectExpiredToken(gvr, kind, name),
+			addressableAllowsValidRequest(gvr, kind, name),
 		},
 	}
 
@@ -73,7 +73,7 @@ func AddressableHasAudiencePopulated(gvr schema.GroupVersionResource, kind, name
 	return f
 }
 
-func AddressableRejectInvalidAudience(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
+func addressableRejectInvalidAudience(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
 	f := feature.NewFeatureNamed(fmt.Sprintf("%s reject event for wrong OIDC audience", kind))
 
 	source := feature.MakeRandomK8sName("source")
@@ -97,7 +97,7 @@ func AddressableRejectInvalidAudience(gvr schema.GroupVersionResource, kind, nam
 	return f
 }
 
-func AddressableRejectExpiredToken(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
+func addressableRejectExpiredToken(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
 	f := feature.NewFeatureNamed(fmt.Sprintf("%s reject event with expired OIDC token", kind))
 
 	source := feature.MakeRandomK8sName("source")
@@ -121,7 +121,7 @@ func AddressableRejectExpiredToken(gvr schema.GroupVersionResource, kind, name s
 	return f
 }
 
-func AddressableRejectCorruptedSignature(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
+func addressableRejectCorruptedSignature(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
 	f := feature.NewFeatureNamed(fmt.Sprintf("%s reject event with corrupted OIDC token signature", kind))
 
 	source := feature.MakeRandomK8sName("source")
@@ -145,7 +145,7 @@ func AddressableRejectCorruptedSignature(gvr schema.GroupVersionResource, kind,
 	return f
 }
 
-func AddressableAllowsValidRequest(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
+func addressableAllowsValidRequest(gvr schema.GroupVersionResource, kind, name string) *feature.Feature {
 	f := feature.NewFeatureNamed(fmt.Sprintf("%s handles event with valid OIDC token", kind))
 
 	source := feature.MakeRandomK8sName("source")
diff --git a/test/auth/oidc_test.go b/test/auth/oidc_test.go
index 5adbe8ebbac..4dd3f015495 100644
--- a/test/auth/oidc_test.go
+++ b/test/auth/oidc_test.go
@@ -31,7 +31,9 @@ import (
 
 	"knative.dev/eventing/test/auth/features/oidc"
 	brokerfeatures "knative.dev/eventing/test/rekt/features/broker"
+	"knative.dev/eventing/test/rekt/features/channel"
 	"knative.dev/eventing/test/rekt/resources/broker"
+	"knative.dev/eventing/test/rekt/resources/channel_impl"
 )
 
 func TestBrokerSupportsOIDC(t *testing.T) {
@@ -52,3 +54,21 @@ func TestBrokerSupportsOIDC(t *testing.T) {
 	env.TestSet(ctx, t, oidc.AddressableOIDCConformance(broker.GVR(), "Broker", name, env.Namespace()))
 	env.Test(ctx, t, oidc.BrokerSendEventWithOIDCToken())
 }
+
+func TestChannelImplSupportsOIDC(t *testing.T) {
+	t.Parallel()
+
+	ctx, env := global.Environment(
+		knative.WithKnativeNamespace(system.Namespace()),
+		knative.WithLoggingConfig,
+		knative.WithTracingConfig,
+		k8s.WithEventListener,
+		environment.Managed(t),
+		environment.WithPollTimings(4*time.Second, 12*time.Minute),
+	)
+
+	name := feature.MakeRandomK8sName("channelimpl")
+	env.Prerequisite(ctx, t, channel.ImplGoesReady(name))
+
+	env.Test(ctx, t, oidc.AddressableHasAudiencePopulated(channel_impl.GVR(), channel_impl.GVK().Kind, name, env.Namespace()))
+}