From df6a6f071603520d3ace1ba723ca55857222becc Mon Sep 17 00:00:00 2001
From: cola <45722758+xiangpingjiang@users.noreply.github.com>
Date: Wed, 20 Dec 2023 15:50:19 +0800
Subject: [PATCH] Use kmeta.ChildName() to generate OIDC service account name
 (#7521)

Signed-off-by: pingjiang <xiangpingjiang1998@gmail.com>
---
 pkg/auth/serviceaccount.go      |  6 ++++--
 pkg/auth/serviceaccount_test.go | 13 +++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/pkg/auth/serviceaccount.go b/pkg/auth/serviceaccount.go
index fe308d64247..3f80bb41cd9 100644
--- a/pkg/auth/serviceaccount.go
+++ b/pkg/auth/serviceaccount.go
@@ -23,6 +23,7 @@ import (
 
 	"knative.dev/eventing/pkg/apis/feature"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
+	"knative.dev/pkg/kmeta"
 	pkgreconciler "knative.dev/pkg/reconciler"
 
 	"go.uber.org/zap"
@@ -39,8 +40,9 @@ import (
 // GetOIDCServiceAccountNameForResource returns the service account name to use
 // for OIDC authentication for the given resource.
 func GetOIDCServiceAccountNameForResource(gvk schema.GroupVersionKind, objectMeta metav1.ObjectMeta) string {
-	sa := fmt.Sprintf("oidc-%s-%s-%s", gvk.GroupKind().Group, gvk.GroupKind().Kind, objectMeta.GetName())
-
+	suffix := fmt.Sprintf("-oidc-%s-%s", gvk.Group, gvk.Kind)
+	parent := objectMeta.GetName()
+	sa := kmeta.ChildName(parent, suffix)
 	return strings.ToLower(sa)
 }
 
diff --git a/pkg/auth/serviceaccount_test.go b/pkg/auth/serviceaccount_test.go
index 551733e0d2b..39146f9af37 100644
--- a/pkg/auth/serviceaccount_test.go
+++ b/pkg/auth/serviceaccount_test.go
@@ -53,7 +53,7 @@ func TestGetOIDCServiceAccountNameForResource(t *testing.T) {
 				Name:      "name",
 				Namespace: "namespace",
 			},
-			want: "oidc-group-kind-name",
+			want: "name-oidc-group-kind",
 		},
 		{
 			name: "should return SA name in lower case",
@@ -62,7 +62,16 @@ func TestGetOIDCServiceAccountNameForResource(t *testing.T) {
 				Name:      "my-Broker",
 				Namespace: "my-Namespace",
 			},
-			want: "oidc-eventing.knative.dev-broker-my-broker",
+			want: "my-broker-oidc-eventing.knative.dev-broker",
+		},
+		{
+			name: "long Broker name",
+			gvk:  eventingv1.SchemeGroupVersion.WithKind("Broker"),
+			objectMeta: metav1.ObjectMeta{
+				Name:      "my-loooooooooooooooooooooooooooooooooooooog-Broker",
+				Namespace: "my-Namespace",
+			},
+			want: "my-looooooooooooooooooooooooooo2dfc2a3825b8d82077b0f25518b36884",
 		},
 	}
 	for _, tt := range tests {