upgrade to latest dependencies (#411)

bumping knative.dev/eventing-kafka-broker bd08c0c...150a9bd:
  > 150a9bd [# 3514] Add support for AWS MSK IAM authentication using SASL OAUTHBEARER (# 4516)

Signed-off-by: Knative Automation <[email protected]>

Author: knative-automation

go.mod

@@ -13,7 +13,7 @@ require (
 	k8s.io/apimachinery v0.33.5
 	k8s.io/client-go v0.33.5
 	knative.dev/client/pkg v0.0.0-20251007022612-79bd2e100065
-	knative.dev/eventing-kafka-broker v0.46.1-0.20251007150512-bd08c0cfffeb
+	knative.dev/eventing-kafka-broker v0.46.1-0.20251008072414-150a9bd7ba81
 	knative.dev/hack v0.0.0-20250902153942-1499de21e119
 	knative.dev/pkg v0.0.0-20251007184713-a624c759bede
 )

go.sum

@@ -751,8 +751,8 @@ knative.dev/client/pkg v0.0.0-20251007022612-79bd2e100065 h1:myUyFpRzAVaME1LKz47
 knative.dev/client/pkg v0.0.0-20251007022612-79bd2e100065/go.mod h1:U6Kx0zEHzOCfS/khJeP2H1MYUX/OWPKGVrOITGeeS/E=
 knative.dev/eventing v0.46.1-0.20251002211605-5828b491e837 h1:YPS9wXY/roM6DZBp75rLqKZ9hDcsgijlj/hjIESpQZw=
 knative.dev/eventing v0.46.1-0.20251002211605-5828b491e837/go.mod h1:HRusNPXiJsv2USQLE9i0gPm/cnUZo0jVTlkVdBTcfC8=
-knative.dev/eventing-kafka-broker v0.46.1-0.20251007150512-bd08c0cfffeb h1:WZsZXVHO3mKw5uAap1Ua7K4XTBfqwMtjK08p92qvM18=
-knative.dev/eventing-kafka-broker v0.46.1-0.20251007150512-bd08c0cfffeb/go.mod h1:B/JHSrzVgnZ2wAmY+YXJXepUXC7KwHL2wfS++GLrWbw=
+knative.dev/eventing-kafka-broker v0.46.1-0.20251008072414-150a9bd7ba81 h1:VbtuCiN4mrxSr7PwHleOUvmdRr04pqCnsA/iNwiul0g=
+knative.dev/eventing-kafka-broker v0.46.1-0.20251008072414-150a9bd7ba81/go.mod h1:xRMZKfycxPVjb4/hhq9DDHTXxcXlYJ+fL921nT1ijnY=
 knative.dev/hack v0.0.0-20250902153942-1499de21e119 h1:NbQvjnFK1tL489LN0qAybWy0E17Jpziwcv/XIHwfp6M=
 knative.dev/hack v0.0.0-20250902153942-1499de21e119/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY=
 knative.dev/networking v0.0.0-20250916015400-8cc248b445a0 h1:OG6rRbmXMDh369o/puixTc8dv9YihZr964S9rt6EURo=

vendor/knative.dev/eventing-kafka-broker/control-plane/pkg/apis/bindings/v1/kafka_lifecycle.go

@@ -92,22 +92,41 @@ func (kfb *KafkaBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 			spec.InitContainers[i].Env = append(spec.InitContainers[i].Env, corev1.EnvVar{
 				Name:  "KAFKA_NET_SASL_ENABLE",
 				Value: "true",
-			}, corev1.EnvVar{
-				Name: "KAFKA_NET_SASL_USER",
-				ValueFrom: &corev1.EnvVarSource{
-					SecretKeyRef: kfb.Spec.Net.SASL.User.SecretKeyRef,
-				},
-			}, corev1.EnvVar{
-				Name: "KAFKA_NET_SASL_PASSWORD",
-				ValueFrom: &corev1.EnvVarSource{
-					SecretKeyRef: kfb.Spec.Net.SASL.Password.SecretKeyRef,
-				},
 			}, corev1.EnvVar{
 				Name: "KAFKA_NET_SASL_TYPE",
 				ValueFrom: &corev1.EnvVarSource{
 					SecretKeyRef: kfb.Spec.Net.SASL.Type.SecretKeyRef,
 				},
 			})
+			if kfb.Spec.Net.SASL.User.SecretKeyRef != nil {
+				spec.InitContainers[i].Env = append(spec.InitContainers[i].Env, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_USER",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.User.SecretKeyRef,
+					},
+				}, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_PASSWORD",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.Password.SecretKeyRef,
+					},
+				})
+			}
+			if kfb.Spec.Net.SASL.TokenProvider.SecretKeyRef != nil {
+				spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_TOKEN_PROVIDER",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.TokenProvider.SecretKeyRef,
+					},
+				})
+			}
+			if kfb.Spec.Net.SASL.RoleARN.SecretKeyRef != nil {
+				spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_ROLE_ARN",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.RoleARN.SecretKeyRef,
+					},
+				})
+			}
 		}
 		if kfb.Spec.Net.TLS.Enable {
 			spec.InitContainers[i].Env = append(spec.InitContainers[i].Env, corev1.EnvVar{
@@ -142,22 +161,41 @@ func (kfb *KafkaBinding) Do(ctx context.Context, ps *duckv1.WithPod) {
 			spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
 				Name:  "KAFKA_NET_SASL_ENABLE",
 				Value: "true",
-			}, corev1.EnvVar{
-				Name: "KAFKA_NET_SASL_USER",
-				ValueFrom: &corev1.EnvVarSource{
-					SecretKeyRef: kfb.Spec.Net.SASL.User.SecretKeyRef,
-				},
-			}, corev1.EnvVar{
-				Name: "KAFKA_NET_SASL_PASSWORD",
-				ValueFrom: &corev1.EnvVarSource{
-					SecretKeyRef: kfb.Spec.Net.SASL.Password.SecretKeyRef,
-				},
 			}, corev1.EnvVar{
 				Name: "KAFKA_NET_SASL_TYPE",
 				ValueFrom: &corev1.EnvVarSource{
 					SecretKeyRef: kfb.Spec.Net.SASL.Type.SecretKeyRef,
 				},
 			})
+			if kfb.Spec.Net.SASL.User.SecretKeyRef != nil {
+				spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_USER",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.User.SecretKeyRef,
+					},
+				}, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_PASSWORD",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.Password.SecretKeyRef,
+					},
+				})
+			}
+			if kfb.Spec.Net.SASL.TokenProvider.SecretKeyRef != nil {
+				spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_TOKEN_PROVIDER",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.TokenProvider.SecretKeyRef,
+					},
+				})
+			}
+			if kfb.Spec.Net.SASL.RoleARN.SecretKeyRef != nil {
+				spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{
+					Name: "KAFKA_NET_SASL_ROLE_ARN",
+					ValueFrom: &corev1.EnvVarSource{
+						SecretKeyRef: kfb.Spec.Net.SASL.RoleARN.SecretKeyRef,
+					},
+				})
+			}
 		}
 		if kfb.Spec.Net.TLS.Enable {
 			spec.Containers[i].Env = append(spec.Containers[i].Env, corev1.EnvVar{

vendor/knative.dev/eventing-kafka-broker/control-plane/pkg/apis/bindings/v1/kafka_types.go

@@ -57,7 +57,17 @@ type KafkaSASLSpec struct {
 	// +optional
 	Password SecretValueFromSource `json:"password,omitempty"`
 
-	// Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256)
+	// RoleARN is the Kubernetes secret containing the ARN of the IAM role to assume.
+	// Only used if saslType is OAUTHBEARER and tokenProvider is MSKRoleAccessTokenProvider.
+	// +optional
+	RoleARN SecretValueFromSource `json:"roleARN,omitempty"`
+
+	// Token Provider is the Kubernetes secret containing the OAUTHBEARER
+	// token provider function. Only used if saslType is OAUTHBEARER.
+	// +optional
+	TokenProvider SecretValueFromSource `json:"tokenProvider,omitempty"`
+
+	// Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256 or OAUTHBEARER).
 	// +optional
 	Type SecretValueFromSource `json:"type,omitempty"`
 }

vendor/knative.dev/eventing-kafka-broker/control-plane/pkg/apis/bindings/v1/zz_generated.deepcopy.go

@@ -916,7 +916,7 @@ knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1
 knative.dev/eventing/pkg/client/clientset/versioned/typed/sources/v1/fake
 knative.dev/eventing/pkg/crossnamespace
 knative.dev/eventing/pkg/eventingtls
-# knative.dev/eventing-kafka-broker v0.46.1-0.20251007150512-bd08c0cfffeb
+# knative.dev/eventing-kafka-broker v0.46.1-0.20251008072414-150a9bd7ba81
 ## explicit; go 1.24.0
 knative.dev/eventing-kafka-broker/control-plane/pkg/apis/bindings
 knative.dev/eventing-kafka-broker/control-plane/pkg/apis/bindings/v1