From 46dbf661179dcfbcebcf2ccd7c4c3f5549ad68db Mon Sep 17 00:00:00 2001
From: knative-automation <automation@knative.team>
Date: Wed, 26 Apr 2023 03:22:44 -0400
Subject: [PATCH] upgrade to latest dependencies (#1809)

bumping knative.dev/eventing 4c2a3aa...034bec9:%0A  > 034bec9 [main] Upgrade to latest dependencies (# 6888)%0Abumping knative.dev/serving b2a416f...2c1bb07:%0A  > 2c1bb07 Update net-kourier nightly (# 13919)%0A  > 0637cdf Update net-contour nightly (# 13918)%0A  > 08bedbe Update net-gateway-api nightly (# 13917)%0A  > e39c429 Update net-istio nightly (# 13916)%0A  > 10ed0f8 Update net-certmanager nightly (# 13915)%0A  > 84fa64c Update data-plane Secrets  (# 13859)%0A  > 22783d6 Deployment probe fixes (# 13885)%0A  > 113616b add support for downwardAPI in projected volumes (# 13896)%0A  > 55f8dd7 upgrade to latest dependencies (# 13912)

Signed-off-by: Knative Automation <automation@knative.team>
---
 go.mod                                        |  4 +-
 go.sum                                        |  8 ++--
 .../serving/pkg/apis/serving/fieldmask.go     | 39 +++++++++++++++++--
 .../pkg/apis/serving/k8s_validation.go        | 28 ++++++++++++-
 .../serving/pkg/networking/constants.go       |  4 +-
 vendor/modules.txt                            |  4 +-
 6 files changed, 73 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 28e872bf14..45737e8591 100644
--- a/go.mod
+++ b/go.mod
@@ -20,11 +20,11 @@ require (
 	k8s.io/cli-runtime v0.25.2
 	k8s.io/client-go v0.25.4
 	k8s.io/code-generator v0.25.4
-	knative.dev/eventing v0.36.1-0.20230424050342-4c2a3aafe573
+	knative.dev/eventing v0.37.0
 	knative.dev/hack v0.0.0-20230417170854-f591fea109b3
 	knative.dev/networking v0.0.0-20230419144338-e5d04e805e50
 	knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0
-	knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d
+	knative.dev/serving v0.37.0
 	sigs.k8s.io/yaml v1.3.0
 )
 
diff --git a/go.sum b/go.sum
index b636361df7..3933a17961 100644
--- a/go.sum
+++ b/go.sum
@@ -1087,16 +1087,16 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.36.1-0.20230424050342-4c2a3aafe573 h1:4sxtK8hSD3RozKKRhblJGLlo7a1+w+Q8Dr2TlwSeGaE=
-knative.dev/eventing v0.36.1-0.20230424050342-4c2a3aafe573/go.mod h1:v5MzGGi/TfApMkYaRssEo2b5AOPlyzQV6a+H8169408=
+knative.dev/eventing v0.37.0 h1:OtX8B9nvUSTNcbbpoNFDyeGaGU/5+aetj94i6oATpQU=
+knative.dev/eventing v0.37.0/go.mod h1:62baPXiw5GPpPyV3f0GF64X7tOjc5x9cg64RAh1gjs4=
 knative.dev/hack v0.0.0-20230417170854-f591fea109b3 h1:+W4WBOq83tfGXKhtv8OB/uJeYqze3zh69GKiz1ucuqk=
 knative.dev/hack v0.0.0-20230417170854-f591fea109b3/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 h1:X9rPBYr7Vrm075q0iXTr7/0oklkYoyqvlnrUwNzcUhI=
 knative.dev/networking v0.0.0-20230419144338-e5d04e805e50/go.mod h1:o2MyGpGfU5DoSAWCE2f/jnSC9GjGOplCslbA99yDkGo=
 knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0 h1:EFQcoUo8I4bc+U3y6tR1B3ONYZSHWUdAfI7Vh7dae8g=
 knative.dev/pkg v0.0.0-20230418073056-dfad48eaa5d0/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE=
-knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d h1:6J7Ss5Of8oPTVbj3Wa8VQrvbEycfqpWZBzCIdKcAcX8=
-knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d/go.mod h1:JxH2HRtA7aApDHBGUGE0kG6l7ZkvVbJFgE+0V6djB3k=
+knative.dev/serving v0.37.0 h1:hp/HconGRzv0kh2az9I/af1K1DY3NG3zcyiVc2rHyOk=
+knative.dev/serving v0.37.0/go.mod h1:v0Xbfp7olb0Gljm5l4qNuLsIf8/2p1rIt/mphxvx1z0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
index cc59b95f38..1d4dd77ebf 100644
--- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
@@ -86,9 +86,8 @@ func VolumeProjectionMask(in *corev1.VolumeProjection) *corev1.VolumeProjection
 	out.ConfigMap = in.ConfigMap
 	out.ServiceAccountToken = in.ServiceAccountToken
 
-	// Disallowed fields
-	// This list is unnecessary, but added here for clarity
-	out.DownwardAPI = nil
+	// TODO(KauzClay): Should this be behind a feature flag like EmptyDir?
+	out.DownwardAPI = in.DownwardAPI
 
 	return out
 }
@@ -147,6 +146,40 @@ func ServiceAccountTokenProjectionMask(in *corev1.ServiceAccountTokenProjection)
 	return out
 }
 
+// DownwardAPIProjectionMask performs a _shallow_ copy of the Kubernetes DownwardAPIProjection
+// object to a new Kubernetes DownwardAPIProjection object bringing over only the fields allowed
+// in the Knative API. This does not validate the contents or the bounds of the provided fields.
+func DownwardAPIProjectionMask(in *corev1.DownwardAPIProjection) *corev1.DownwardAPIProjection {
+	if in == nil {
+		return nil
+	}
+
+	out := new(corev1.DownwardAPIProjection)
+
+	out.Items = append(out.Items, in.Items...)
+
+	return out
+}
+
+// DownwardAPIVolumeFileMask performs a _shallow_ copy of the Kubernetes DownwardAPIVolumeFileMask
+// object to a new Kubernetes DownwardAPIVolumeFileMask object bringing over only the fields allowed
+// in the Knative API. This does not validate the contents or the bounds of the provided fields.
+func DownwardAPIVolumeFileMask(in *corev1.DownwardAPIVolumeFile) *corev1.DownwardAPIVolumeFile {
+	if in == nil {
+		return nil
+	}
+
+	out := new(corev1.DownwardAPIVolumeFile)
+
+	// Allowed fields
+	out.FieldRef = in.FieldRef
+	out.ResourceFieldRef = in.ResourceFieldRef
+	out.Path = in.Path
+	out.Mode = in.Mode
+
+	return out
+}
+
 // KeyToPathMask performs a _shallow_ copy of the Kubernetes KeyToPath
 // object to a new Kubernetes KeyToPath object bringing over only the fields allowed
 // in the Knative API. This does not validate the contents or the bounds of the provided fields.
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
index 55ae1173f9..efa65a05e9 100644
--- a/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go
@@ -196,8 +196,12 @@ func validateProjectedVolumeSource(vp corev1.VolumeProjection) *apis.FieldError
 		specified = append(specified, "serviceAccountToken")
 		errs = errs.Also(validateServiceAccountTokenProjection(vp.ServiceAccountToken).ViaField("serviceAccountToken"))
 	}
+	if vp.DownwardAPI != nil {
+		specified = append(specified, "downwardAPI")
+		errs = errs.Also(validateDownwardAPIProjection(vp.DownwardAPI).ViaField("downwardAPI"))
+	}
 	if len(specified) == 0 {
-		errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken"))
+		errs = errs.Also(apis.ErrMissingOneOf("secret", "configMap", "serviceAccountToken", "downwardAPI"))
 	} else if len(specified) > 1 {
 		errs = errs.Also(apis.ErrMultipleOneOf(specified...))
 	}
@@ -239,6 +243,28 @@ func validateServiceAccountTokenProjection(sp *corev1.ServiceAccountTokenProject
 	return errs
 }
 
+func validateDownwardAPIProjection(dapi *corev1.DownwardAPIProjection) *apis.FieldError {
+	errs := apis.CheckDisallowedFields(*dapi, *DownwardAPIProjectionMask(dapi))
+	for i := range dapi.Items {
+		errs = errs.Also(validateDownwardAPIVolumeFile(&dapi.Items[i]).ViaFieldIndex("items", i))
+	}
+	return errs
+}
+
+func validateDownwardAPIVolumeFile(vf *corev1.DownwardAPIVolumeFile) *apis.FieldError {
+	errs := apis.CheckDisallowedFields(*vf, *DownwardAPIVolumeFileMask(vf))
+	if vf.FieldRef == nil && vf.ResourceFieldRef == nil {
+		errs = errs.Also(apis.ErrMissingOneOf("fieldRef", "resourceFieldRef"))
+	}
+	if vf.FieldRef != nil && vf.ResourceFieldRef != nil {
+		errs = errs.Also(apis.ErrGeneric("Within a single item, cannot set both", "resourceFieldRef", "fieldRef"))
+	}
+	if vf.Path == "" {
+		errs = errs.Also(apis.ErrMissingField("path"))
+	}
+	return errs
+}
+
 func validateKeyToPath(k2p corev1.KeyToPath) *apis.FieldError {
 	errs := apis.CheckDisallowedFields(k2p, *KeyToPathMask(&k2p))
 	if k2p.Key == "" {
diff --git a/vendor/knative.dev/serving/pkg/networking/constants.go b/vendor/knative.dev/serving/pkg/networking/constants.go
index a832d46540..642f59c0e0 100644
--- a/vendor/knative.dev/serving/pkg/networking/constants.go
+++ b/vendor/knative.dev/serving/pkg/networking/constants.go
@@ -52,8 +52,8 @@ const (
 	// e.g. Public, Private.
 	ServiceTypeKey = networking.GroupName + "/serviceType"
 
-	// ServingCertName is used by the secret name for internal TLS as "namespace-${ServingCertName}".
-	// Also the secret name has the label with "${ServingCertName}: data-plane"
+	// ServingCertName is the secret name for internal TLS.
+	// Also the secret name has the label with "${ServingCertName}: data-plane-user"
 	ServingCertName = "serving-certs"
 )
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 1f378ecf65..2c10c0a65e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -968,7 +968,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.36.1-0.20230424050342-4c2a3aafe573
+# knative.dev/eventing v0.37.0
 ## explicit; go 1.19
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
@@ -1064,7 +1064,7 @@ knative.dev/pkg/tracing/config
 knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
-# knative.dev/serving v0.36.1-0.20230420202939-b2a416f3bc0d
+# knative.dev/serving v0.37.0
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1