Use kmeta.ChildName() to generate OIDC service account name (#7521)

Signed-off-by: pingjiang <xiangpingjiang1998@gmail.com>
knative · Dec 20, 2023 · df6a6f0 · df6a6f0
1 parent f9961d9
commit df6a6f0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/pkg/auth/serviceaccount.go b/pkg/auth/serviceaccount.go
@@ -23,6 +23,7 @@ import (
 
 	"knative.dev/eventing/pkg/apis/feature"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
+	"knative.dev/pkg/kmeta"
 	pkgreconciler "knative.dev/pkg/reconciler"
 
 	"go.uber.org/zap"
@@ -39,8 +40,9 @@ import (
 // GetOIDCServiceAccountNameForResource returns the service account name to use
 // for OIDC authentication for the given resource.
 func GetOIDCServiceAccountNameForResource(gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) string {
-	sa := fmt.Sprintf("oidc-%s-%s-%s", gvk.GroupKind().Group, gvk.GroupKind().Kind, objectMeta.GetName())
-
+	suffix := fmt.Sprintf("-oidc-%s-%s", gvk.Group, gvk.Kind)
+	parent := objectMeta.GetName()
+	sa := kmeta.ChildName(parent, suffix)
 	return strings.ToLower(sa)
 }
 

diff --git a/pkg/auth/serviceaccount_test.go b/pkg/auth/serviceaccount_test.go
@@ -53,7 +53,7 @@ func TestGetOIDCServiceAccountNameForResource(t *testing.T) {
 				Name:      "name",
 				Namespace: "namespace",
 			},
-			want: "oidc-group-kind-name",
+			want: "name-oidc-group-kind",
 		},
 		{
 			name: "should return SA name in lower case",
@@ -62,7 +62,16 @@ func TestGetOIDCServiceAccountNameForResource(t *testing.T) {
 				Name:      "my-Broker",
 				Namespace: "my-Namespace",
 			},
-			want: "oidc-eventing.knative.dev-broker-my-broker",
+			want: "my-broker-oidc-eventing.knative.dev-broker",
+		},
+		{
+			name: "long Broker name",
+			gvk:  eventingv1.SchemeGroupVersion.WithKind("Broker"),
+			objectMeta: metav1.ObjectMeta{
+				Name:      "my-loooooooooooooooooooooooooooooooooooooog-Broker",
+				Namespace: "my-Namespace",
+			},
+			want: "my-looooooooooooooooooooooooooo2dfc2a3825b8d82077b0f25518b36884",
 		},
 	}
 	for _, tt := range tests {