Authenticate Requests from PingSources

[creydr]

As the Eventing OIDC feature track describes, sources must authenticate their requests. Therefor the PingSource must request a JWT and add it as a Bearer Token to its Authentication header.

When having #7175, we need to update the PingSource to add the Authentication header with a JWT to all outgoing requests.

In particular this means for the PingSource adapter:

• when the sink has no audience defined:
  • no change in behavior
• when the the sink has an audience defined:
  • Request a JWT via Provide a library for OIDC token management #7175
  • Add it as an http header to the cloudeventsSDK client via something like

    headers := http.HeaderFrom(ctx)
    headers.Set("Authentication", fmt.Sprintf("Bearer %s", jwt))
    ctx = http.WithCustomHeader(ctx, headers)
    
    client.Send(ctx, event)
    

Additional Information:

• Requires Provide a library for OIDC token management #7175
• Requires Support auto generation of PingSource identity service account and expose in AuthStatus #7227
• This also requires an update on the PingSource controller, to expose the sinks audience in .status.SinkAudience (required Add SinkAudience to SourceStatus pkg#2844).

[rahulii]

/assign

[creydr]

As the required issues are done, this is ready to be worked on

[Cali0707]

Hey @rahulii are you still planning on working on this?

[creydr]

@rahulii As we didn't hear anything on this since some time, I would unassign you from this to give other contributors a chance to work on this.
Feel free to assign it to you again, when you're ready to work on it.

[Zazzscoot]

/assign

[skyenam]

/assign