Make Service account also applied to RevisionSpec

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/ApplyServiceAccountToRevisionSpecDecorator.java

@@ -0,0 +1,41 @@
+
+package io.quarkus.kubernetes.deployment;
+
+import io.dekorate.kubernetes.decorator.Decorator;
+import io.dekorate.kubernetes.decorator.NamedResourceDecorator;
+import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
+import io.dekorate.utils.Strings;
+import io.fabric8.knative.serving.v1.RevisionSpecFluent;
+import io.fabric8.kubernetes.api.model.ObjectMeta;
+
+public class ApplyServiceAccountToRevisionSpecDecorator extends NamedResourceDecorator<RevisionSpecFluent<?>> {
+    private static final String NONE = null;
+    private final String serviceAccount;
+
+    public ApplyServiceAccountToRevisionSpecDecorator() {
+        this(ANY, NONE);
+    }
+
+    public ApplyServiceAccountToRevisionSpecDecorator(String serviceAccount) {
+        super(ANY);
+        this.serviceAccount = serviceAccount;
+    }
+
+    public ApplyServiceAccountToRevisionSpecDecorator(String resourceName, String serviceAccount) {
+        super(resourceName);
+        this.serviceAccount = serviceAccount;
+    }
+
+    public void andThenVisit(RevisionSpecFluent<?> spec, ObjectMeta resourceMeta) {
+        if (Strings.isNotNullOrEmpty(this.serviceAccount)) {
+            spec.withServiceAccount(this.serviceAccount);
+        } else {
+            spec.withServiceAccount(resourceMeta.getName());
+        }
+
+    }
+
+    public Class<? extends Decorator>[] after() {
+        return new Class[] { ResourceProvidingDecorator.class };
+    }
+}

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KnativeProcessor.java

@@ -230,6 +230,10 @@ public List<DecoratorBuildItem> createDecorators(ApplicationInfoBuildItem applic
             result.add(new DecoratorBuildItem(KNATIVE, new AddSidecarToRevisionDecorator(name, ContainerConverter.convert(e))));
         });
 
+        if (!roleBindings.isEmpty()) {
+            result.add(new DecoratorBuildItem(new ApplyServiceAccountToRevisionSpecDecorator()));
+        }
+
         return result;
     }
 

integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KnativeWithSecretConfigTest.java

@@ -0,0 +1,69 @@
+
+package io.quarkus.it.kubernetes;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.List;
+
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.fabric8.knative.serving.v1.Service;
+import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.quarkus.bootstrap.model.AppArtifact;
+import io.quarkus.builder.Version;
+import io.quarkus.test.ProdBuildResults;
+import io.quarkus.test.ProdModeTestResults;
+import io.quarkus.test.QuarkusProdModeTest;
+
+public class KnativeWithSecretConfigTest {
+
+    @RegisterExtension
+    static final QuarkusProdModeTest config = new QuarkusProdModeTest()
+            .setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class).addClasses(GreetingResource.class))
+            .setApplicationName("knative-with-secret-config")
+            .setApplicationVersion("0.1-SNAPSHOT")
+            .withConfigurationResource("knative-with-secret-config.properties")
+            .setLogFileName("k8s.log")
+            .setForcedDependencies(Arrays.asList(new AppArtifact("io.quarkus", "quarkus-kubernetes", Version.getVersion()),
+                    new AppArtifact("io.quarkus", "quarkus-kubernetes-config", Version.getVersion())));
+
+    @ProdBuildResults
+    private ProdModeTestResults prodModeTestResults;
+
+    @Test
+    public void assertGeneratedResources() throws IOException {
+        final Path kubernetesDir = prodModeTestResults.getBuildDir().resolve("kubernetes");
+        assertThat(kubernetesDir)
+                .isDirectoryContaining(p -> p.getFileName().endsWith("knative.json"))
+                .isDirectoryContaining(p -> p.getFileName().endsWith("knative.yml"));
+        List<HasMetadata> kubernetesList = DeserializationUtil
+                .deserializeAsList(kubernetesDir.resolve("knative.yml"));
+
+        assertThat(kubernetesList).filteredOn(h -> "RoleBinding".equals(h.getKind())).hasSize(2);
+        assertThat(kubernetesList).filteredOn(h -> "ServiceAccount".equals(h.getKind())).singleElement().satisfies(s -> {
+            assertThat(s.getMetadata()).satisfies(m -> {
+                assertThat(m.getName()).isEqualTo("knative-with-secret-config");
+            });
+        });
+
+        assertThat(kubernetesList).filteredOn(h -> "Service".equals(h.getKind())).singleElement().isInstanceOf(Service.class)
+                .satisfies(s -> {
+                    assertThat(s.getMetadata()).satisfies(m -> {
+                        assertThat(m.getName()).isEqualTo("knative-with-secret-config");
+                    });
+                    assertThat(((Service) s).getSpec()).satisfies(serviceSpec -> {
+                        assertThat(serviceSpec.getTemplate()).satisfies(revisionTemplateSpec -> {
+                            assertThat(revisionTemplateSpec.getSpec()).satisfies(revisionSpec -> {
+                                assertThat(revisionSpec.getServiceAccount()).isEqualTo("knative-with-secret-config");
+                            });
+                        });
+                    });
+                });
+    }
+}

integration-tests/kubernetes/quarkus-standard-way/src/test/resources/knative-with-secret-config.properties

@@ -0,0 +1,3 @@
+quarkus.kubernetes.deployment-target=knative
+quarkus.kubernetes-config.secrets=db-credentials
+quarkus.kubernetes-config.secrets.enabled=true