[main] Upgrade to latest dependencies

go.mod

@@ -22,7 +22,7 @@ require (
 	k8s.io/apimachinery v0.30.3
 	k8s.io/client-go v0.30.3
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	knative.dev/eventing v0.42.1-0.20240816055941-2b922992c8f4
+	knative.dev/eventing v0.42.1-0.20240816185524-bf945f909e68
 	knative.dev/hack v0.0.0-20240814130635-06f7aff93954
 	knative.dev/hack/schema v0.0.0-20240814130635-06f7aff93954
 	knative.dev/pkg v0.0.0-20240815051656-89743d9bbf7c

go.sum

@@ -868,8 +868,8 @@ k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf
 k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.42.1-0.20240816055941-2b922992c8f4 h1:phPrPjJo+shjObPBF0Qzxd9kfghUA00UFQp/72ONvBE=
-knative.dev/eventing v0.42.1-0.20240816055941-2b922992c8f4/go.mod h1:eTJLSCpHchscm2VV/e10w3HcGIB7dOYdGAzeBIRmJ08=
+knative.dev/eventing v0.42.1-0.20240816185524-bf945f909e68 h1:auwsBqDedYnCPovW5jzZXiXwlI3aBMZyfHhmRj/aq8I=
+knative.dev/eventing v0.42.1-0.20240816185524-bf945f909e68/go.mod h1:eTJLSCpHchscm2VV/e10w3HcGIB7dOYdGAzeBIRmJ08=
 knative.dev/hack v0.0.0-20240814130635-06f7aff93954 h1:dGMK5VoL75szvrYQTL9NqhPYHu1f5dGaXx1hJI8fAFM=
 knative.dev/hack v0.0.0-20240814130635-06f7aff93954/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY=
 knative.dev/hack/schema v0.0.0-20240814130635-06f7aff93954 h1:0yjDplGHUnZ8NpcfgmH0thXSzG28VSM16hb3Vz171l8=

vendor/knative.dev/eventing/pkg/channel/event_receiver.go

@@ -23,6 +23,8 @@ import (
 	nethttp "net/http"
 	"time"
 
+	duckv1 "knative.dev/eventing/pkg/apis/duck/v1"
+
 	"knative.dev/eventing/pkg/apis/feature"
 
 	"knative.dev/eventing/pkg/auth"
@@ -71,6 +73,7 @@ type EventReceiver struct {
 	reporter             StatsReporter
 	tokenVerifier        *auth.OIDCTokenVerifier
 	audience             string
+	getPoliciesForFunc   GetPoliciesForFunc
 	withContext          func(context.Context) context.Context
 }
 
@@ -107,6 +110,16 @@ func ResolveChannelFromPath(PathToChannelFunc ResolveChannelFromPathFunc) EventR
 	}
 }
 
+// GetPoliciesForFunc function enables the EventReceiver to get the Channels AppliedEventPoliciesStatus
+type GetPoliciesForFunc func(channel ChannelReference) ([]duckv1.AppliedEventPolicyRef, error)
+
+func ReceiverWithGetPoliciesForFunc(fn GetPoliciesForFunc) EventReceiverOptions {
+	return func(r *EventReceiver) error {
+		r.getPoliciesForFunc = fn
+		return nil
+	}
+}
+
 func OIDCTokenVerification(tokenVerifier *auth.OIDCTokenVerifier, audience string) EventReceiverOptions {
 	return func(r *EventReceiver) error {
 		r.tokenVerifier = tokenVerifier
@@ -256,12 +269,26 @@ func (r *EventReceiver) ServeHTTP(response nethttp.ResponseWriter, request *neth
 	features := feature.FromContext(ctx)
 	if features.IsOIDCAuthentication() {
 		r.logger.Debug("OIDC authentication is enabled")
-		err = r.tokenVerifier.VerifyJWTFromRequest(ctx, request, &r.audience, response)
+
+		if r.getPoliciesForFunc == nil {
+			r.logger.Error("getPoliciesForFunc() callback not set. Can't get applying event policies of channel")
+			response.WriteHeader(nethttp.StatusInternalServerError)
+			return
+		}
+
+		applyingEventPolicies, err := r.getPoliciesForFunc(channel)
+		if err != nil {
+			r.logger.Error("could not get applying event policies of channel", zap.Error(err), zap.String("channel", channel.String()))
+			response.WriteHeader(nethttp.StatusInternalServerError)
+			return
+		}
+
+		err = r.tokenVerifier.VerifyRequest(ctx, features, &r.audience, channel.Namespace, applyingEventPolicies, request, response)
 		if err != nil {
-			r.logger.Warn("Error when validating the JWT token in the request", zap.Error(err))
+			r.logger.Warn("could not verify authn and authz of request", zap.Error(err))
 			return
 		}
-		r.logger.Debug("Request contained a valid JWT. Continuing...")
+		r.logger.Debug("Request contained a valid and authorized JWT. Continuing...")
 	}
 
 	err = r.receiverFunc(request.Context(), channel, *event, utils.PassThroughHeaders(request.Header))

vendor/modules.txt

@@ -1060,7 +1060,7 @@ k8s.io/utils/pointer
 k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.42.1-0.20240816055941-2b922992c8f4
+# knative.dev/eventing v0.42.1-0.20240816185524-bf945f909e68
 ## explicit; go 1.22.0
 knative.dev/eventing/pkg/apis
 knative.dev/eventing/pkg/apis/config