OIDC - Support auto generation of PingSource identity service account and expose in AuthStatus

[Leo6Leo]

Fixes #7227

Proposed Changes

• Expose the name of the OIDC service account in the PingSource .status.auth.serviceAccountName
• Create the OIDC service account of the PingSource

Pre-review Checklist

• At least 80% unit test coverage
• E2E tests for any new behavior
• Docs PR for any user-facing impact
• Spec PR for any new API feature
• Conformance test for any change to the spec

Steps to test

1. Create a sink and an PingSource

A hacky and easy way to do so is run a rekt test that will create both PingSource and Sink for you.

You run it and terminate it when you see both components has been created.

 SYSTEM_NAMESPACE=knative-eventing go test -v -tags=e2e -count=1 -run TestPingSourceWithSinkURI   -parallel=12 -timeout=30m ./test/rekt;

2. Find the created test namespace, sink name, and ping source name

kubectl get all --all-namespaces

NAMESPACE       NAME                                                 SINK                                                   SCHEDULE    AGE     READY   REASON
test-zgtoukpu   pingsource.sources.knative.dev/pingsource-pkirstiv   http://sink-yhlodhtl.test-zgtoukpu.svc.cluster.local   * * * * *   2m26s   True    

3. Describe the PingSource

kubectl describe pingsource.sources.knative.dev/pingsource-pkirstiv -n=test-zgtoukpu

And we can see that Auth: nil when authentication.oidc is disabled.

4. Enable the authentication.oidc

 kubectl -n=knative-eventing edit cm config-features;

Modify the value of authentication.oidc to enabled

5. Describe the PingSource

kubectl describe pingsource.sources.knative.dev/pingsource-pkirstiv -n=test-zgtoukpu

You will see that

Auth: &v1.AuthStatus{
 			ServiceAccountName: &"oidc-sources.knative.dev-pingsource-pingsource-pkirstiv",
 		},

6. View the eventing-controller log

You can also view the eventing-controller log to see the reconciliation when the config map is changed.

Release Note

Expose the PingSource OIDC service account name in the PingSource .status.auth.serviceAccountName

Docs

[knative-prow]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[Leo6Leo]

/retest

[Leo6Leo]

/retest-required

[codecov]

Codecov Report

Attention: 10 lines in your changes are missing coverage. Please review.

Comparison is base (f9314d8) 76.87% compared to head (e9447dd) 76.84%.
Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7344      +/-   ##
==========================================
- Coverage   76.87%   76.84%   -0.03%     
==========================================
  Files         252      252              
  Lines       13822    13861      +39     
==========================================
+ Hits        10625    10651      +26     
- Misses       2667     2677      +10     
- Partials      530      533       +3     

Files	Coverage Δ
pkg/reconciler/pingsource/pingsource.go	82.92% <100.00%> (+2.55%)	⬆️
pkg/apis/sources/v1/ping_lifecycle.go	61.22% <50.00%> (-2.20%)	⬇️
pkg/reconciler/pingsource/controller.go	81.53% <68.42%> (-6.47%)	⬇️

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Leo6Leo]

/retest-required

[creydr]

Thanks @Leo6Leo

/lgtm

/hold
could you add release note in the description? Feel free to unhold afterwards

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: creydr, Leo6Leo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [creydr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Leo6Leo]

/unhold
The release note has been added. @creydr

[Leo6Leo]

/retest-required