Skip to content

EventTransform: Support OIDC and authz #8538

New issue
New issue
Open
Open
EventTransform: Support OIDC and authz#8538
Labels
area/eventtransformkind/feature-requesttriage/acceptedIssues which should be fixed (post-triage)
@pierDipi

Description

@pierDipi
pierDipi
opened on Mar 20, 2025

Problem

JSONata EventTransform doesn't yet support OIDC and EventPolicy, we should add support for it

The transform-jsonata data plane is in this repo: https://github.com/knative-extensions/eventing-integrations/tree/main/transform-jsonata, there we need to:

  • verify JWT tokens given the audience in an environment variable and the key set in a mounted configmap
  • verify authorized subjects passed in a mounted configmap

Once the data plane part is complete, we would need to configure it in the EventTransform reconciler and when we create resources

Exit Criteria

  • JSONata EventTransform sets the audience in the addressable status (Verified with end to end test)
  • JSONata EventTransform verifies JWT tokens (Verified with end to end test)
  • JSONata EventTransform prevents unauthorized access as configured with EventPolicies (Verified with end to end test)

Time Estimate (optional):
How many developer-days do you think this may take to resolve?

10-30

Additional context (optional)

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/eventtransformkind/feature-requesttriage/acceptedIssues which should be fixed (post-triage)

    Type

    No type

    Projects

    Eventing WG Roadmap

    Status

    Ready To Work
    Eventing Sender Identity

    Status

    🔖 Ready
    Knative Eventing

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions