upgrade to latest dependencies (#1882)

bumping knative.dev/eventing 4d14c21...360ec60:
  > 360ec60 [main] Upgrade to latest dependencies (# 7391)
  > b5fd264 Shell executor logs through testing.T in upgrade tests (# 7367)
  > 5848584 [main] Upgrade to latest dependencies (# 7388)
  > 16a3986 Don't override default values when applying partial features.yaml configmap  (# 7379)
bumping knative.dev/serving 425abcb...2659cc3:
  > 2659cc3 upgrade to latest dependencies (# 14555)
  > 2a46d0d upgrade to latest dependencies (# 14546)
  > 268701d Update net-kourier nightly (# 14549)
  > cfd806f Update net-certmanager nightly (# 14550)
  > 6b844de Update net-contour nightly (# 14545)
  > f69766c Bubble up KCertificate Status Message when its not ready (# 14496)
  > 2c0b8dc Rename auto-tls to external-domain-tls (# 14482)
bumping knative.dev/client-pkg 9cea6f6...a356cde:
  > a356cde Add plugin context sharing types (# 127)
bumping knative.dev/pkg d6ab729...29775d7:
  > 29775d7 [release-1.12] [CVE-2023-44487] Disable http2 for webhooks (# 2876)

Signed-off-by: Knative Automation <automation@knative.team>

go.mod

@@ -20,12 +20,12 @@ require (
 	k8s.io/cli-runtime v0.26.5
 	k8s.io/client-go v0.27.6
 	k8s.io/code-generator v0.27.6
-	knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce
-	knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20
+	knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739
+	knative.dev/eventing v0.38.1-0.20231024092702-360ec60b1bce
 	knative.dev/hack v0.0.0-20231016131700-2c938d4918da
 	knative.dev/networking v0.0.0-20231017124814-2a7676e912b7
-	knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5
-	knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a
+	knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c
+	knative.dev/serving v0.39.0
 	sigs.k8s.io/yaml v1.3.0
 )
 

go.sum

@@ -832,18 +832,18 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5F
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
 k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce h1:fz2hdUHqSbWpspy1amShnY+7/4ijHQ9crf8TgTwSmX0=
-knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce/go.mod h1:y7QlbxfJzCvepGOCrM4vGco9UP9DaWXqRviXxH3yltM=
-knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20 h1:j6jW2x0lWlEvQ84mal81dvA6skA085LSFTGfLEdo9U8=
-knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20/go.mod h1:swWS48qpCQbBkj+2iS0rVa7PbQBWLD9YAy3CSHfevaU=
+knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739 h1:Cxo+Us21Je3EIo6AzHOX4+4yivZ8OjbYanhphZKBA7E=
+knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739/go.mod h1:y7QlbxfJzCvepGOCrM4vGco9UP9DaWXqRviXxH3yltM=
+knative.dev/eventing v0.38.1-0.20231024092702-360ec60b1bce h1:TFFy7tq3OFsS94b9x6JD16jmswQ0XqmfWQkghEnMdFA=
+knative.dev/eventing v0.38.1-0.20231024092702-360ec60b1bce/go.mod h1:MlEiEcHALqZnu0OFMuWdJfjBzM7HlSJfk8pQbTcIy4o=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da h1:xy+fvuz2LDOMsZ5UwXRaMF70NYUs9fsG+EF5/ierYBg=
 knative.dev/hack v0.0.0-20231016131700-2c938d4918da/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20231017124814-2a7676e912b7 h1:6+1icZuxiZO1paFZ4d/ysKWVG2M4WB7OxNJNyLG0P/E=
 knative.dev/networking v0.0.0-20231017124814-2a7676e912b7/go.mod h1:1gcHoIVG47ekQWjkddqRq+/7tWRh+CB9W4k/NAcdRbk=
-knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5 h1:9AvFZdEtuwKWDcTV1VSwmrgrRR9f38wbIAm+sNwLivQ=
-knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
-knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a h1:4TQvxDYKxdYOXHCjqx4A8iL/Z+eBAXbGcfrh4ANdwQY=
-knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a/go.mod h1:cuia3pUQNF4sa3g3KsPFgqpLnF1pf9iquDLgk71iLfo=
+knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c h1:xyPoEToTWeBdn6tinhLxXfnhJhTNQt5WzHiTNiFphRw=
+knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
+knative.dev/serving v0.39.0 h1:NVt8WthHmFFMWZ3qpBblXt47del8qqrbCegqwGBVSwk=
+knative.dev/serving v0.39.0/go.mod h1:0QIp5mvgWa1oUC2MxMf+Q/JWgG8JhAsSdJKc6iTRlvE=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

vendor/knative.dev/eventing/pkg/apis/feature/features.go

@@ -51,11 +51,29 @@ const (
 // Missing entry in the map means feature is equal to feature not enabled.
 type Flags map[string]Flag
 
+func newDefaults() Flags {
+	return map[string]Flag{
+		KReferenceGroup:     Disabled,
+		DeliveryRetryAfter:  Disabled,
+		DeliveryTimeout:     Enabled,
+		KReferenceMapping:   Disabled,
+		NewTriggerFilters:   Enabled,
+		TransportEncryption: Disabled,
+		OIDCAuthentication:  Disabled,
+		EvenTypeAutoCreate:  Disabled,
+	}
+}
+
 // IsEnabled returns true if the feature is enabled
 func (e Flags) IsEnabled(featureName string) bool {
 	return e != nil && e[featureName] == Enabled
 }
 
+// IsDisabled returns true if the feature is disabled
+func (e Flags) IsDisabled(featureName string) bool {
+	return e != nil && e[featureName] == Disabled
+}
+
 // IsAllowed returns true if the feature is enabled or allowed
 func (e Flags) IsAllowed(featureName string) bool {
 	return e.IsEnabled(featureName) || (e != nil && e[featureName] == Allowed)
@@ -86,7 +104,7 @@ func (e Flags) String() string {
 
 // NewFlagsConfigFromMap creates a Flags from the supplied Map
 func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
-	flags := Flags{}
+	flags := newDefaults()
 
 	for k, v := range data {
 		if strings.HasPrefix(k, "_") {
@@ -100,12 +118,12 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
 			flags[sanitizedKey] = Disabled
 		} else if strings.EqualFold(v, string(Enabled)) {
 			flags[sanitizedKey] = Enabled
-		} else if strings.EqualFold(v, string(Permissive)) {
+		} else if k == TransportEncryption && strings.EqualFold(v, string(Permissive)) {
 			flags[sanitizedKey] = Permissive
-		} else if strings.EqualFold(v, string(Strict)) {
+		} else if k == TransportEncryption && strings.EqualFold(v, string(Strict)) {
 			flags[sanitizedKey] = Strict
 		} else {
-			return Flags{}, fmt.Errorf("cannot parse the boolean flag '%s' = '%s'. Allowed values: [true, false]", k, v)
+			return flags, fmt.Errorf("cannot parse the feature flag '%s' = '%s'", k, v)
 		}
 	}
 

vendor/knative.dev/serving/pkg/apis/serving/v1/route_lifecycle.go

@@ -174,10 +174,11 @@ func (rs *RouteStatus) MarkCertificateReady(name string) {
 
 // MarkCertificateNotReady marks the RouteConditionCertificateProvisioned
 // condition to indicate that the Certificate is not ready.
-func (rs *RouteStatus) MarkCertificateNotReady(name string) {
+func (rs *RouteStatus) MarkCertificateNotReady(c *v1alpha1.Certificate) {
+	certificateCondition := c.Status.GetCondition("Ready")
 	routeCondSet.Manage(rs).MarkUnknown(RouteConditionCertificateProvisioned,
 		"CertificateNotReady",
-		"Certificate %s is not ready.", name)
+		"Certificate %s is not ready: %s", c.Name, certificateCondition.GetReason())
 }
 
 // MarkCertificateNotOwned changes the RouteConditionCertificateProvisioned
@@ -190,10 +191,10 @@ func (rs *RouteStatus) MarkCertificateNotOwned(name string) {
 }
 
 const (
-	// AutoTLSNotEnabledMessage is the message which is set on the
+	// ExternalDomainTLSNotEnabledMessage is the message which is set on the
 	// RouteConditionCertificateProvisioned condition when it is set to True
-	// because AutoTLS was not enabled.
-	AutoTLSNotEnabledMessage = "auto-tls is not enabled"
+	// because external-domain-tls was not enabled.
+	ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
 
 	// TLSNotEnabledForClusterLocalMessage is the message which is set on the
 	// RouteConditionCertificateProvisioned condition when it is set to True
@@ -202,7 +203,7 @@ const (
 )
 
 // MarkTLSNotEnabled sets RouteConditionCertificateProvisioned to true when
-// certificate config such as auto-tls is not enabled or private cluster-local service.
+// certificate config such as external-domain-tls is not enabled or private cluster-local service.
 func (rs *RouteStatus) MarkTLSNotEnabled(msg string) {
 	routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned,
 		"TLSNotEnabled", msg)

vendor/knative.dev/serving/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go

@@ -59,10 +59,10 @@ func (dms *DomainMappingStatus) InitializeConditions() {
 }
 
 const (
-	// AutoTLSNotEnabledMessage is the message which is set on the
+	// ExternalDomainTLSNotEnabledMessage is the message which is set on the
 	// DomainMappingConditionCertificateProvisioned condition when it is set to True
-	// because AutoTLS was not enabled.
-	AutoTLSNotEnabledMessage = "auto-tls is not enabled"
+	// because external-domain-tls was not enabled.
+	ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
 	// TLSCertificateProvidedExternally indicates that a TLS secret won't be created or managed
 	// instead a reference to an existing TLS secret should have been provided in the DomainMapping spec
 	TLSCertificateProvidedExternally = "TLS certificate was provided externally"

vendor/knative.dev/serving/pkg/testing/v1/route.go

@@ -173,11 +173,11 @@ func WithInitRouteConditions(rt *v1.Route) {
 	rt.Status.InitializeConditions()
 }
 
-// WithRouteConditionsAutoTLSDisabled calls MarkTLSNotEnabled with AutoTLSNotEnabledMessage
+// WithRouteConditionsExternalDomainTLSDisabled calls MarkTLSNotEnabled with ExternalDomainTLSNotEnabledMessage
 // after initialized the Service's conditions.
-func WithRouteConditionsAutoTLSDisabled(rt *v1.Route) {
+func WithRouteConditionsExternalDomainTLSDisabled(rt *v1.Route) {
 	rt.Status.InitializeConditions()
-	rt.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage)
+	rt.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage)
 }
 
 // WithRouteConditionsTLSNotEnabledForClusterLocalMessage calls
@@ -208,7 +208,7 @@ func MarkUnknownTrafficError(msg string) RouteOption {
 
 // MarkCertificateNotReady calls the method of the same name on .Status
 func MarkCertificateNotReady(r *v1.Route) {
-	r.Status.MarkCertificateNotReady(routenames.Certificate(r))
+	r.Status.MarkCertificateNotReady(&netv1alpha1.Certificate{})
 }
 
 // MarkCertificateNotOwned calls the method of the same name on .Status

vendor/knative.dev/serving/test/e2e-common.sh

@@ -30,7 +30,7 @@ export CERTIFICATE_CLASS=${CERTIFICATE_CLASS:-""}
 # Only build linux/amd64 bit images
 export KO_FLAGS="${KO_FLAGS:---platform=linux/amd64}"
 
-export RUN_HTTP01_AUTO_TLS_TESTS=${RUN_HTTP01_AUTO_TLS_TESTS:-0}
+export RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS=${RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS:-0}
 export HTTPS=${HTTPS:-0}
 export SHORT=${SHORT:-0}
 export ENABLE_HA=${ENABLE_HA:-0}
@@ -118,8 +118,14 @@ function parse_flags() {
       readonly CERTIFICATE_CLASS="cert-manager.certificate.networking.knative.dev"
       return 2
       ;;
+# BEGIN: reverse compatibility - drop this after updating knative/infra
     --run-http01-auto-tls-tests)
-      readonly RUN_HTTP01_AUTO_TLS_TESTS=1
+      readonly RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS=1
+      return 1
+      ;;
+# END
+    --run-http01-external-domain-tls-tests)
+      readonly RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS=1
       return 1
       ;;
     --mesh)

vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh

@@ -16,17 +16,17 @@
 
 source $(dirname "$0")/e2e-common.sh
 
-function setup_auto_tls_env_variables() {
+function setup_external_domain_tls_env_variables() {
   # DNS zone for the testing domain.
-  export AUTO_TLS_TEST_DNS_ZONE="knative-e2e"
+  export EXTERNAL_DOMAIN_TLS_TEST_DNS_ZONE="knative-e2e"
   # Google Cloud project that hosts the DNS server for the testing domain `kn-e2e.dev`
-  export AUTO_TLS_TEST_CLOUD_DNS_PROJECT="knative-e2e-dns"
+  export EXTERNAL_DOMAIN_TLS_TEST_CLOUD_DNS_PROJECT="knative-e2e-dns"
   # The service account credential file used to access the DNS server.
-  export AUTO_TLS_TEST_CLOUD_DNS_SERVICE_ACCOUNT_KEY_FILE="${GOOGLE_APPLICATION_CREDENTIALS}"
+  export EXTERNAL_DOMAIN_TLS_TEST_CLOUD_DNS_SERVICE_ACCOUNT_KEY_FILE="${GOOGLE_APPLICATION_CREDENTIALS}"
 
-  export AUTO_TLS_TEST_DOMAIN_NAME="kn-e2e.dev"
+  export EXTERNAL_DOMAIN_TLS_TEST_DOMAIN_NAME="kn-e2e.dev"
 
-  export CUSTOM_DOMAIN_SUFFIX="$(($RANDOM % 10000)).${E2E_PROJECT_ID}.${AUTO_TLS_TEST_DOMAIN_NAME}"
+  export CUSTOM_DOMAIN_SUFFIX="$(($RANDOM % 10000)).${E2E_PROJECT_ID}.${EXTERNAL_DOMAIN_TLS_TEST_DOMAIN_NAME}"
 
   export TLS_TEST_NAMESPACE="tls"
 
@@ -39,11 +39,11 @@ function setup_auto_tls_env_variables() {
     INGRESS_SERVICE="istio-ingressgateway"
   fi
   local IP=$(kubectl get svc -n ${INGRESS_NAMESPACE} ${INGRESS_SERVICE} -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
-  export AUTO_TLS_TEST_INGRESS_IP=${IP}
+  export EXTERNAL_DOMAIN_TLS_TEST_INGRESS_IP=${IP}
 }
 
 function setup_custom_domain() {
-  echo ">> Configuring custom domain for Auto TLS tests: ${CUSTOM_DOMAIN_SUFFIX}"
+  echo ">> Configuring custom domain for External Domain TLS tests: ${CUSTOM_DOMAIN_SUFFIX}"
   cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: ConfigMap
@@ -62,59 +62,59 @@ function cleanup_custom_domain() {
   kubectl delete ConfigMap config-domain -n ${SYSTEM_NAMESPACE}
 }
 
-function setup_auto_tls_common() {
-  setup_auto_tls_env_variables
+function setup_external_domain_tls_common() {
+  setup_external_domain_tls_env_variables
 
   setup_custom_domain
 
-  toggle_feature auto-tls Enabled config-network
+  toggle_feature external-domain-tls Enabled config-network
   toggle_feature autocreate-cluster-domain-claims true config-network
 }
 
-function cleanup_auto_tls_common() {
+function cleanup_external_domain_tls_common() {
   cleanup_custom_domain
 
-  toggle_feature auto-tls Disabled config-network
+  toggle_feature external-domain-tls Disabled config-network
   toggle_feature autocreate-cluster-domain-claims false config-network
   toggle_feature namespace-wildcard-cert-selector "" config-network
   kubectl delete kcert --all -n "${TLS_TEST_NAMESPACE}"
 }
 
-function setup_http01_auto_tls() {
+function setup_http01_external_domain_tls() {
     # The name of the test, lowercase to avoid hyphenation of the test name.
-  export AUTO_TLS_TEST_NAME="http01"
+  export EXTERNAL_DOMAIN_TLS_TEST_NAME="http01"
   # Rely on the built-in naming (for logstream)
   unset TLS_SERVICE_NAME
   # The full host name of the Knative Service. This is used to configure the DNS record.
-  export AUTO_TLS_TEST_FULL_HOST_NAME="*.${CUSTOM_DOMAIN_SUFFIX}"
+  export EXTERNAL_DOMAIN_TLS_TEST_FULL_HOST_NAME="*.${CUSTOM_DOMAIN_SUFFIX}"
 
   kubectl delete kcert --all -n "${TLS_TEST_NAMESPACE}"
 
   if [[ -z "${MESH}" ]]; then
     echo "Install cert-manager no-mesh ClusterIssuer"
-    kubectl apply -f "${E2E_YAML_DIR}"/test/config/autotls/certmanager/http01/issuer.yaml
+    kubectl apply -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/http01/issuer.yaml
   else
     echo "Install cert-manager mesh ClusterIssuer"
-    kubectl apply -f "${E2E_YAML_DIR}"/test/config/autotls/certmanager/http01/mesh-issuer.yaml
+    kubectl apply -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/http01/mesh-issuer.yaml
   fi
-  kubectl apply -f "${E2E_YAML_DIR}"/test/config/autotls/certmanager/http01/config-certmanager.yaml
+  kubectl apply -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml
   setup_dns_record
 }
 
-function setup_selfsigned_per_ksvc_auto_tls() {
+function setup_selfsigned_per_ksvc_external_domain_tls() {
   # The name of the test.
-  export AUTO_TLS_TEST_NAME="SelfSignedPerKsvc"
-  # The name of the Knative Service deployed in Auto TLS E2E test.
+  export EXTERNAL_DOMAIN_TLS_TEST_NAME="SelfSignedPerKsvc"
+  # The name of the Knative Service deployed in External Domain TLS E2E test.
   export TLS_SERVICE_NAME="self-per-ksvc"
 
   kubectl delete kcert --all -n "${TLS_TEST_NAMESPACE}"
-  kubectl apply -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/selfsigned/
+  kubectl apply -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/selfsigned/
 }
 
-function setup_selfsigned_per_namespace_auto_tls() {
+function setup_selfsigned_per_namespace_external_domain_tls() {
   # The name of the test.
-  export AUTO_TLS_TEST_NAME="SelfSignedPerNamespace"
-  # The name of the Knative Service deployed in Auto TLS E2E test.
+  export EXTERNAL_DOMAIN_TLS_TEST_NAME="SelfSignedPerNamespace"
+  # The name of the Knative Service deployed in External Domain TLS E2E test.
   export TLS_SERVICE_NAME="self-per-namespace"
 
   kubectl delete kcert --all -n "${TLS_TEST_NAMESPACE}"
@@ -127,19 +127,19 @@ function setup_selfsigned_per_namespace_auto_tls() {
   "
   toggle_feature namespace-wildcard-cert-selector "$selector" config-network
 
-  kubectl apply -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/selfsigned/
+  kubectl apply -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/selfsigned/
 
 }
 
-function cleanup_per_selfsigned_namespace_auto_tls() {
+function cleanup_per_selfsigned_namespace_external_domain_tls() {
   # Disable namespace cert for all namespaces
   toggle_feature namespace-wildcard-cert-selector "" config-network
 
-  kubectl delete -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/selfsigned/ --ignore-not-found=true
+  kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/selfsigned/ --ignore-not-found=true
 }
 
 function setup_dns_record() {
-  go run ./test/e2e/autotls/config/dnssetup/
+  go run ./test/e2e/externaldomaintls/config/dnssetup/
   if [ $? -eq 0 ]; then
     echo "Successfully set up DNS record"
   else
@@ -149,7 +149,7 @@ function setup_dns_record() {
 }
 
 function delete_dns_record() {
-  go run ./test/e2e/autotls/config/dnscleanup/
+  go run ./test/e2e/externaldomaintls/config/dnscleanup/
   if [ $? -eq 0 ]; then
     echo "Successfully tore down DNS record"
   else
@@ -175,38 +175,38 @@ if [[ -z "${INGRESS_CLASS}" \
   alpha="--enable-alpha"
 fi
 
-AUTO_TLS_TEST_OPTIONS="${AUTO_TLS_TEST_OPTIONS:-${alpha} --enable-beta}"
+EXTERNAL_DOMAIN_TLS_TEST_OPTIONS="${EXTERNAL_DOMAIN_TLS_TEST_OPTIONS:-${alpha} --enable-beta}"
 
-# Auto TLS E2E tests mutate the cluster and must be ran separately
-# because they need auto-tls and cert-manager specific configurations
-subheader "Setup auto tls"
-setup_auto_tls_common
-add_trap "cleanup_auto_tls_common" EXIT SIGKILL SIGTERM SIGQUIT
+# External Domain TLS E2E tests mutate the cluster and must be ran separately
+# because they need external-domain-tls and cert-manager specific configurations
+subheader "Setup external-domain tls"
+setup_external_domain_tls_common
+add_trap "cleanup_external_domain_tls_common" EXIT SIGKILL SIGTERM SIGQUIT
 
-subheader "Auto TLS test for per-ksvc certificate provision using self-signed CA"
-setup_selfsigned_per_ksvc_auto_tls
-go_test_e2e -timeout=10m ./test/e2e/autotls/ ${AUTO_TLS_TEST_OPTIONS} || failed=1
-kubectl delete -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/selfsigned/
+subheader "External Domain TLS test for per-ksvc certificate provision using self-signed CA"
+setup_selfsigned_per_ksvc_external_domain_tls
+go_test_e2e -timeout=10m ./test/e2e/externaldomaintls/ ${EXTERNAL_DOMAIN_TLS_TEST_OPTIONS} || failed=1
+kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/selfsigned/
 
-subheader "Auto TLS test for per-namespace certificate provision using self-signed CA"
-setup_selfsigned_per_namespace_auto_tls
-add_trap "cleanup_per_selfsigned_namespace_auto_tls" SIGKILL SIGTERM SIGQUIT
-go_test_e2e -timeout=10m ./test/e2e/autotls/ ${AUTO_TLS_TEST_OPTIONS} || failed=1
-cleanup_per_selfsigned_namespace_auto_tls
+subheader "External Domain TLS test for per-namespace certificate provision using self-signed CA"
+setup_selfsigned_per_namespace_external_domain_tls
+add_trap "cleanup_per_selfsigned_namespace_external_domain_tls" SIGKILL SIGTERM SIGQUIT
+go_test_e2e -timeout=10m ./test/e2e/externaldomaintls/ ${EXTERNAL_DOMAIN_TLS_TEST_OPTIONS} || failed=1
+cleanup_per_selfsigned_namespace_external_domain_tls
 
-if [[ ${RUN_HTTP01_AUTO_TLS_TESTS} -eq 1 ]]; then
-  subheader "Auto TLS test for per-ksvc certificate provision using HTTP01 challenge"
-  setup_http01_auto_tls
+if [[ ${RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS} -eq 1 ]]; then
+  subheader "External Domain TLS test for per-ksvc certificate provision using HTTP01 challenge"
+  setup_http01_external_domain_tls
   add_trap "delete_dns_record" SIGKILL SIGTERM SIGQUIT
-  go_test_e2e -timeout=10m ./test/e2e/autotls/ ${AUTO_TLS_TEST_OPTIONS} || failed=1
-  kubectl delete -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/http01/
+  go_test_e2e -timeout=10m ./test/e2e/externaldomaintls/ ${EXTERNAL_DOMAIN_TLS_TEST_OPTIONS} || failed=1
+  kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/http01/
   delete_dns_record
 fi
 
 (( failed )) && fail_test
 
-subheader "Cleanup auto tls"
-cleanup_auto_tls_common
+subheader "Cleanup external domain tls"
+cleanup_external_domain_tls_common
 
 # Remove the kail log file if the test flow passes.
 # This is for preventing too many large log files to be uploaded to GCS in CI.

vendor/knative.dev/serving/test/e2e-tests.sh

@@ -50,9 +50,9 @@ fi
 
 if (( HTTPS )); then
   E2E_TEST_FLAGS+=" -https"
-  toggle_feature auto-tls Enabled config-network
-  kubectl apply -f "${E2E_YAML_DIR}"/test/config/autotls/certmanager/caissuer/
-  add_trap "kubectl delete -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/caissuer/ --ignore-not-found" SIGKILL SIGTERM SIGQUIT
+  toggle_feature external-domain-tls Enabled config-network
+  kubectl apply -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/caissuer/
+  add_trap "kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/caissuer/ --ignore-not-found" SIGKILL SIGTERM SIGQUIT
 fi
 
 if (( MESH )); then
@@ -138,8 +138,8 @@ go_test_e2e -timeout=25m -failfast -parallel=1 ./test/ha \
   -spoofinterval="10ms" || failed=1
 
 if (( HTTPS )); then
-  kubectl delete -f ${E2E_YAML_DIR}/test/config/autotls/certmanager/caissuer/ --ignore-not-found
-  toggle_feature auto-tls Disabled config-network
+  kubectl delete -f ${E2E_YAML_DIR}/test/config/externaldomaintls/certmanager/caissuer/ --ignore-not-found
+  toggle_feature external-domain-tls Disabled config-network
 fi
 
 (( failed )) && fail_test

vendor/modules.txt

@@ -949,10 +949,10 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce
+# knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739
 ## explicit; go 1.18
 knative.dev/client-pkg/pkg/kn/plugin
-# knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20
+# knative.dev/eventing v0.38.1-0.20231024092702-360ec60b1bce
 ## explicit; go 1.19
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
@@ -999,7 +999,7 @@ knative.dev/networking/pkg/http/probe
 knative.dev/networking/pkg/http/proxy
 knative.dev/networking/pkg/http/stats
 knative.dev/networking/pkg/k8s
-# knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5
+# knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c
 ## explicit; go 1.18
 knative.dev/pkg/apis
 knative.dev/pkg/apis/duck
@@ -1049,7 +1049,7 @@ knative.dev/pkg/tracing/config
 knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
-# knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a
+# knative.dev/serving v0.39.0
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1