upgrade to latest dependencies

bumping knative.dev/eventing a6ac811...332d974:
  > 332d974 Update TokenVerifier to verify AuthZ too (# 8063)
  > 3264b21 List applying EventPolicies in Brokers status (# 8060)
  > 657c3cd List applying policies in job sink (# 8064)
  > 98ed09c [main] Update community files (# 8069)
  > e2d782f # 7879: Changes to add filters field (# 7930)
  > d18595f 🐛 Codecov reject any coverage drop (# 8065)
  > 399bb86 Reconcile EventPolicies when features configmap changes (# 8059)
  > 4f2b53f Set APIVersion and Kind of EventPolicy manually in OwnerReference of backing channels policy (# 8031)
  > 96c30bd List applying EventPolicies in Sequence status (# 8012)
  > 3b1bfb4 feat(test): create knsubscribe rolebinding to current user in e2e test setup (# 8055)
  > beb71be Add EventPolicy Reconciler (# 8024)
  > 6992e6f Avoid fatal errors for unknown features flags that can be added in a future release (# 8051)
bumping knative.dev/hack 0914314...b979959:
  > b979959 Update community files (# 387)
bumping knative.dev/pkg 3f6a546...7ecd548:
  > 7ecd548 Update community files (# 3071)
bumping knative.dev/serving a043ddf...208138f:
  > 208138f Update net-gateway-api nightly (# 15372)
  > 4bbb7cf Fix external domain tls test setup (# 15366)
  > 05b60b5 Update community files (# 15369)
  > 75f7393 Update net-gateway-api nightly (# 15355)
  > af2c899 Adjust Workload HA test iterations to fit within test timeout (# 15362)
  > 89fdbe1 Update net-kourier nightly (# 15357)
  > 9873264 Update net-contour nightly (# 15363)
  > 6d257d8 Update net-istio nightly (# 15365)

Signed-off-by: Knative Automation <automation@knative.team>

go.mod

@@ -14,10 +14,10 @@ require (
 	k8s.io/api v0.29.2
 	k8s.io/apimachinery v0.29.2
 	k8s.io/client-go v0.29.2
-	knative.dev/eventing v0.41.1-0.20240627060150-a6ac8111e82f
-	knative.dev/hack v0.0.0-20240607132042-09143140a254
-	knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4
-	knative.dev/serving v0.41.1-0.20240626185720-a043ddf2770a
+	knative.dev/eventing v0.41.1-0.20240704114759-332d97416ac4
+	knative.dev/hack v0.0.0-20240704013904-b9799599afcf
+	knative.dev/pkg v0.0.0-20240704013837-7ecd5485cbc6
+	knative.dev/serving v0.41.1-0.20240704121952-208138f3c357
 )
 
 require (

go.sum

@@ -723,16 +723,16 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
 k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.41.1-0.20240627060150-a6ac8111e82f h1:FuJQSlda7F1Yk1eaSSvWXq7ic9h4Lo/s9EjMnKCoFcg=
-knative.dev/eventing v0.41.1-0.20240627060150-a6ac8111e82f/go.mod h1:3h0QrfHELs61mrTI4GDPEQh4rwsap0YYA5XgRrNgnlc=
-knative.dev/hack v0.0.0-20240607132042-09143140a254 h1:1YFnu3U6dWZg0oxm6GU8kEdA9A+BvSWKJO7sg3N0kq8=
-knative.dev/hack v0.0.0-20240607132042-09143140a254/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
+knative.dev/eventing v0.41.1-0.20240704114759-332d97416ac4 h1:ws/Nij9JHKBiszBhKKrBIvI3fSBxDQZpoDnPW7IeGGo=
+knative.dev/eventing v0.41.1-0.20240704114759-332d97416ac4/go.mod h1:3h0QrfHELs61mrTI4GDPEQh4rwsap0YYA5XgRrNgnlc=
+knative.dev/hack v0.0.0-20240704013904-b9799599afcf h1:n92FmZRywgtHso7pFAku7CW0qvRAs1hXtMQqO0R6eiE=
+knative.dev/hack v0.0.0-20240704013904-b9799599afcf/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c h1:Q+DdJYzvhwAVWMQtP6mbEr5dNxpr+K9HAF9RqJmZefY=
 knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c/go.mod h1:WhZLv94eOMDGHbdZiMrw6cnRfN3WEcFgpjUcV0A48pI=
-knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4 h1:slPKf3UKdBFZlz+hFy+KXzTgY9yOePLzRuEhKzgc5a4=
-knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4/go.mod h1:Wikg4u73T6vk9TctrxZt60VXzqmGEQIx0iKfk1+9o4c=
-knative.dev/serving v0.41.1-0.20240626185720-a043ddf2770a h1:HAhAQRkvCMr1CBGtmUghy9DseqcTFs4SFNb/slg5ics=
-knative.dev/serving v0.41.1-0.20240626185720-a043ddf2770a/go.mod h1:7+wAf1rE/O2O+92Ft8Bfw3LnDirkg4c/+jKU3giMIoc=
+knative.dev/pkg v0.0.0-20240704013837-7ecd5485cbc6 h1:/oGRGm/csTc0sUHo00MQ3NQrJaRP7iMTGC9bXpeEuuU=
+knative.dev/pkg v0.0.0-20240704013837-7ecd5485cbc6/go.mod h1:Wikg4u73T6vk9TctrxZt60VXzqmGEQIx0iKfk1+9o4c=
+knative.dev/serving v0.41.1-0.20240704121952-208138f3c357 h1:LUUArHnvmOanPVY9m79b3Ye6o4Nq3VnsoNoaBFyv3Gg=
+knative.dev/serving v0.41.1-0.20240704121952-208138f3c357/go.mod h1:7+wAf1rE/O2O+92Ft8Bfw3LnDirkg4c/+jKU3giMIoc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go

@@ -32,6 +32,7 @@ const (
 	BrokerConditionFilter                 apis.ConditionType = "FilterReady"
 	BrokerConditionAddressable            apis.ConditionType = "Addressable"
 	BrokerConditionDeadLetterSinkResolved apis.ConditionType = "DeadLetterSinkResolved"
+	BrokerConditionEventPoliciesReady     apis.ConditionType = "EventPoliciesReady"
 )
 
 var brokerCondSet = apis.NewLivingConditionSet(
@@ -40,6 +41,7 @@ var brokerCondSet = apis.NewLivingConditionSet(
 	BrokerConditionFilter,
 	BrokerConditionAddressable,
 	BrokerConditionDeadLetterSinkResolved,
+	BrokerConditionEventPoliciesReady,
 )
 var brokerCondSetLock = sync.RWMutex{}
 
@@ -118,3 +120,19 @@ func (bs *BrokerStatus) MarkDeadLetterSinkResolvedFailed(reason, messageFormat s
 	bs.DeliveryStatus = eventingduck.DeliveryStatus{}
 	bs.GetConditionSet().Manage(bs).MarkFalse(BrokerConditionDeadLetterSinkResolved, reason, messageFormat, messageA...)
 }
+
+func (bs *BrokerStatus) MarkEventPoliciesTrue() {
+	bs.GetConditionSet().Manage(bs).MarkTrue(BrokerConditionEventPoliciesReady)
+}
+
+func (bs *BrokerStatus) MarkEventPoliciesTrueWithReason(reason, messageFormat string, messageA ...interface{}) {
+	bs.GetConditionSet().Manage(bs).MarkTrueWithReason(BrokerConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
+func (bs *BrokerStatus) MarkEventPoliciesFailed(reason, messageFormat string, messageA ...interface{}) {
+	bs.GetConditionSet().Manage(bs).MarkFalse(BrokerConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
+func (bs *BrokerStatus) MarkEventPoliciesUnknown(reason, messageFormat string, messageA ...interface{}) {
+	bs.GetConditionSet().Manage(bs).MarkUnknown(BrokerConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}

vendor/knative.dev/eventing/pkg/apis/eventing/v1/test_helper.go

@@ -66,6 +66,7 @@ func (t testHelper) ReadyBrokerStatus() *BrokerStatus {
 		URL: apis.HTTP("example.com"),
 	})
 	bs.MarkDeadLetterSinkResolvedSucceeded(eventingduckv1.DeliveryStatus{})
+	bs.MarkEventPoliciesTrue()
 	return bs
 }
 
@@ -77,6 +78,7 @@ func (t testHelper) ReadyBrokerStatusWithoutDLS() *BrokerStatus {
 	bs.SetAddress(&duckv1.Addressable{
 		URL: apis.HTTP("example.com"),
 	})
+	bs.MarkEventPoliciesTrue()
 	bs.MarkDeadLetterSinkNotConfigured()
 	return bs
 }

vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2020 The Knative Authors
+Copyright 2024 The Knative Authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -20,10 +20,12 @@ import (
 	"knative.dev/pkg/apis"
 )
 
-var eventPolicyCondSet = apis.NewLivingConditionSet()
+var eventPolicyCondSet = apis.NewLivingConditionSet(EventPolicyConditionAuthenticationEnabled, EventPolicyConditionSubjectsResolved)
 
 const (
-	EventPolicyConditionReady = apis.ConditionReady
+	EventPolicyConditionReady                                    = apis.ConditionReady
+	EventPolicyConditionAuthenticationEnabled apis.ConditionType = "AuthenticationEnabled"
+	EventPolicyConditionSubjectsResolved      apis.ConditionType = "SubjectsResolved"
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -32,21 +34,41 @@ func (*EventPolicy) GetConditionSet() apis.ConditionSet {
 }
 
 // GetCondition returns the condition currently associated with the given type, or nil.
-func (et *EventPolicyStatus) GetCondition(t apis.ConditionType) *apis.Condition {
-	return eventPolicyCondSet.Manage(et).GetCondition(t)
+func (ep *EventPolicyStatus) GetCondition(t apis.ConditionType) *apis.Condition {
+	return eventPolicyCondSet.Manage(ep).GetCondition(t)
 }
 
 // IsReady returns true if the resource is ready overall.
-func (et *EventPolicyStatus) IsReady() bool {
-	return et.GetTopLevelCondition().IsTrue()
+func (ep *EventPolicyStatus) IsReady() bool {
+	return ep.GetTopLevelCondition().IsTrue()
 }
 
 // GetTopLevelCondition returns the top level Condition.
-func (et *EventPolicyStatus) GetTopLevelCondition() *apis.Condition {
-	return eventPolicyCondSet.Manage(et).GetTopLevelCondition()
+func (ep *EventPolicyStatus) GetTopLevelCondition() *apis.Condition {
+	return eventPolicyCondSet.Manage(ep).GetTopLevelCondition()
 }
 
 // InitializeConditions sets relevant unset conditions to Unknown state.
-func (et *EventPolicyStatus) InitializeConditions() {
-	eventPolicyCondSet.Manage(et).InitializeConditions()
+func (ep *EventPolicyStatus) InitializeConditions() {
+	eventPolicyCondSet.Manage(ep).InitializeConditions()
+}
+
+// MarkOIDCAuthenticationEnabled sets EventPolicyConditionAuthenticationEnabled condition to true.
+func (ep *EventPolicyStatus) MarkOIDCAuthenticationEnabled() {
+	eventPolicyCondSet.Manage(ep).MarkTrue(EventPolicyConditionAuthenticationEnabled)
+}
+
+// MarkOIDCAuthenticationDisabled sets EventPolicyConditionAuthenticationEnabled condition to false.
+func (ep *EventPolicyStatus) MarkOIDCAuthenticationDisabled(reason, messageFormat string, messageA ...interface{}) {
+	eventPolicyCondSet.Manage(ep).MarkFalse(EventPolicyConditionAuthenticationEnabled, reason, messageFormat, messageA...)
+}
+
+// MarkSubjectsResolved sets EventPolicyConditionSubjectsResolved condition to true.
+func (ep *EventPolicyStatus) MarkSubjectsResolvedSucceeded() {
+	eventPolicyCondSet.Manage(ep).MarkTrue(EventPolicyConditionSubjectsResolved)
+}
+
+// MarkSubjectsNotResolved sets EventPolicyConditionSubjectsResolved condition to false.
+func (ep *EventPolicyStatus) MarkSubjectsResolvedFailed(reason, messageFormat string, messageA ...interface{}) {
+	eventPolicyCondSet.Manage(ep).MarkFalse(EventPolicyConditionSubjectsResolved, reason, messageFormat, messageA...)
 }

vendor/knative.dev/eventing/pkg/apis/feature/features.go

@@ -18,6 +18,7 @@ package feature
 
 import (
 	"fmt"
+	"log"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -186,7 +187,8 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
 		} else if strings.Contains(k, NodeSelectorLabel) {
 			flags[sanitizedKey] = Flag(v)
 		} else {
-			return flags, fmt.Errorf("cannot parse the feature flag '%s' = '%s'", k, v)
+			flags[k] = Flag(v)
+			log.Printf("Warning: unknown feature flag value %q=%q\n", k, v)
 		}
 	}
 

vendor/knative.dev/eventing/pkg/apis/flows/v1/sequence_lifecycle.go

@@ -28,7 +28,13 @@ import (
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 )
 
-var sCondSet = apis.NewLivingConditionSet(SequenceConditionReady, SequenceConditionChannelsReady, SequenceConditionSubscriptionsReady, SequenceConditionAddressable)
+var sCondSet = apis.NewLivingConditionSet(
+	SequenceConditionReady,
+	SequenceConditionChannelsReady,
+	SequenceConditionSubscriptionsReady,
+	SequenceConditionAddressable,
+	SequenceConditionEventPoliciesReady,
+)
 
 const (
 	// SequenceConditionReady has status True when all subconditions below have been set to True.
@@ -45,6 +51,10 @@ const (
 	// SequenceConditionAddressable has status true when this Sequence meets
 	// the Addressable contract and has a non-empty hostname.
 	SequenceConditionAddressable apis.ConditionType = "Addressable"
+
+	// SequenceConditionEventPoliciesReady has status True when all the applying EventPolicies for this
+	// Sequence are ready.
+	SequenceConditionEventPoliciesReady apis.ConditionType = "EventPoliciesReady"
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -189,6 +199,22 @@ func (ss *SequenceStatus) MarkAddressableNotReady(reason, messageFormat string,
 	sCondSet.Manage(ss).MarkUnknown(SequenceConditionAddressable, reason, messageFormat, messageA...)
 }
 
+func (ss *SequenceStatus) MarkEventPoliciesFailed(reason, messageFormat string, messageA ...interface{}) {
+	sCondSet.Manage(ss).MarkFalse(SequenceConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
+func (ss *SequenceStatus) MarkEventPoliciesUnknown(reason, messageFormat string, messageA ...interface{}) {
+	sCondSet.Manage(ss).MarkUnknown(SequenceConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
+func (ss *SequenceStatus) MarkEventPoliciesTrue() {
+	sCondSet.Manage(ss).MarkTrue(SequenceConditionEventPoliciesReady)
+}
+
+func (ss *SequenceStatus) MarkEventPoliciesTrueWithReason(reason, messageFormat string, messageA ...interface{}) {
+	sCondSet.Manage(ss).MarkTrueWithReason(SequenceConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
 func (ss *SequenceStatus) setAddress(address *duckv1.Addressable) {
 	if address == nil || address.URL == nil {
 		ss.Address = duckv1.Addressable{}

vendor/knative.dev/eventing/pkg/apis/sinks/v1alpha1/job_sink_lifecycle.go

@@ -23,17 +23,23 @@ import (
 	"knative.dev/pkg/apis"
 
 	"knative.dev/eventing/pkg/apis/sinks"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
 )
 
 const (
 	// JobSinkConditionReady has status True when the JobSink is ready to send events.
 	JobSinkConditionReady = apis.ConditionReady
 
 	JobSinkConditionAddressable apis.ConditionType = "Addressable"
+
+	// JobSinkConditionEventPoliciesReady has status True when all the applying EventPolicies for this
+	// JobSink are ready.
+	JobSinkConditionEventPoliciesReady apis.ConditionType = "EventPoliciesReady"
 )
 
 var JobSinkCondSet = apis.NewLivingConditionSet(
 	JobSinkConditionAddressable,
+	JobSinkConditionEventPoliciesReady,
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -71,8 +77,43 @@ func (s *JobSinkStatus) InitializeConditions() {
 	JobSinkCondSet.Manage(s).InitializeConditions()
 }
 
+// MarkAddressableReady marks the Addressable condition to True.
+func (s *JobSinkStatus) MarkAddressableReady() {
+	JobSinkCondSet.Manage(s).MarkTrue(JobSinkConditionAddressable)
+}
+
+// MarkEventPoliciesFailed marks the EventPoliciesReady condition to False with the given reason and message.
+func (s *JobSinkStatus) MarkEventPoliciesFailed(reason, messageFormat string, messageA ...interface{}) {
+	JobSinkCondSet.Manage(s).MarkFalse(JobSinkConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
+// MarkEventPoliciesUnknown marks the EventPoliciesReady condition to Unknown with the given reason and message.
+func (s *JobSinkStatus) MarkEventPoliciesUnknown(reason, messageFormat string, messageA ...interface{}) {
+	JobSinkCondSet.Manage(s).MarkUnknown(JobSinkConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
+// MarkEventPoliciesTrue marks the EventPoliciesReady condition to True.
+func (s *JobSinkStatus) MarkEventPoliciesTrue() {
+	JobSinkCondSet.Manage(s).MarkTrue(JobSinkConditionEventPoliciesReady)
+}
+
+// MarkEventPoliciesTrueWithReason marks the EventPoliciesReady condition to True with the given reason and message.
+func (s *JobSinkStatus) MarkEventPoliciesTrueWithReason(reason, messageFormat string, messageA ...interface{}) {
+	JobSinkCondSet.Manage(s).MarkTrueWithReason(JobSinkConditionEventPoliciesReady, reason, messageFormat, messageA...)
+}
+
 func (e *JobSink) SetJobStatusSelector() {
 	if e.Spec.Job != nil {
 		e.Status.JobStatus.Selector = fmt.Sprintf("%s=%s", sinks.JobSinkNameLabel, e.GetName())
 	}
 }
+
+func (s *JobSinkStatus) SetAddress(address *duckv1.Addressable) {
+	s.Address = address
+	if address == nil || address.URL.IsEmpty() {
+		JobSinkCondSet.Manage(s).MarkFalse(JobSinkConditionAddressable, "EmptyHostname", "hostname is the empty string")
+	} else {
+		JobSinkCondSet.Manage(s).MarkTrue(JobSinkConditionAddressable)
+
+	}
+}

vendor/knative.dev/eventing/pkg/apis/sinks/v1alpha1/job_sink_types.go

@@ -22,6 +22,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	eventingduckv1 "knative.dev/eventing/pkg/apis/duck/v1"
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 	"knative.dev/pkg/kmeta"
 )
@@ -68,6 +69,10 @@ type JobSinkStatus struct {
 
 	// +optional
 	JobStatus JobStatus `json:"job,omitempty"`
+
+	// AppliedEventPoliciesStatus contains the list of EventPolicies which apply to this JobSink
+	// +optional
+	eventingduckv1.AppliedEventPoliciesStatus `json:",inline"`
 }
 
 type JobStatus struct {

vendor/knative.dev/eventing/pkg/apis/sinks/v1alpha1/test_helpers.go

@@ -0,0 +1,28 @@
+/*
+Copyright 2024 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"knative.dev/pkg/apis"
+)
+
+var (
+	ignoreAllButTypeAndStatus = cmpopts.IgnoreFields(
+		apis.Condition{},
+		"LastTransitionTime", "Message", "Reason", "Severity")
+)

vendor/knative.dev/eventing/pkg/auth/event_policy.go

@@ -35,6 +35,10 @@ import (
 	"knative.dev/pkg/resolver"
 )
 
+const (
+	kubernetesServiceAccountPrefix = "system:serviceaccount"
+)
+
 // GetEventPoliciesForResource returns the applying EventPolicies for a given resource
 func GetEventPoliciesForResource(lister listerseventingv1alpha1.EventPolicyLister, resourceGVK schema.GroupVersionKind, resourceObjectMeta metav1.ObjectMeta) ([]*v1alpha1.EventPolicy, error) {
 	policies, err := lister.EventPolicies(resourceObjectMeta.GetNamespace()).List(labels.Everything())
@@ -194,7 +198,7 @@ func resolveSubjectsFromReference(resolver *resolver.AuthenticatableResolver, re
 
 	objFullSANames := make([]string, 0, len(objSAs))
 	for _, sa := range objSAs {
-		objFullSANames = append(objFullSANames, fmt.Sprintf("system:serviceaccount:%s:%s", reference.Namespace, sa))
+		objFullSANames = append(objFullSANames, fmt.Sprintf("%s:%s:%s", kubernetesServiceAccountPrefix, reference.Namespace, sa))
 	}
 
 	return objFullSANames, nil