From ba0e5a8dae6ab456447543b3bfd5c3cb1d9226dd Mon Sep 17 00:00:00 2001 From: Dan Lorenc Date: Mon, 20 Apr 2020 09:53:48 -0500 Subject: [PATCH] Dereference the TaskSpec into TaskRun.Status. The Task definition used for a TaskRun can change after the TaskRun has started. This poses problems for auditability post-run. Rather than chase down every part of a Task that we might like to audit later, let's just add the entire thing here. This is a replacement for https://github.com/tektoncd/pipeline/pull/2399 --- docs/taskruns.md | 2 ++ pkg/reconciler/taskrun/taskrun.go | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/docs/taskruns.md b/docs/taskruns.md index fa564c222eb..3333da7aa40 100644 --- a/docs/taskruns.md +++ b/docs/taskruns.md @@ -320,6 +320,8 @@ status in the `steps.results` field using the following command, where `` The exact Task Spec used to instantiate the TaskRun is also included in the Status for full auditability. +The exact Task Spec used to instantiate the TaskRun is also included in the Status for full auditability. + ### Steps The corresponding statuses appear in the `status.steps` list in the order in which the `Steps` have been diff --git a/pkg/reconciler/taskrun/taskrun.go b/pkg/reconciler/taskrun/taskrun.go index ed5345a4c39..249d77b202e 100644 --- a/pkg/reconciler/taskrun/taskrun.go +++ b/pkg/reconciler/taskrun/taskrun.go @@ -259,6 +259,11 @@ func (c *Reconciler) prepare(ctx context.Context, tr *v1beta1.TaskRun) (*v1beta1 c.Logger.Errorf("Failed to store TaskSpec on TaskRun.Statusfor taskrun %s: %v", tr.Name, err) } + // Store the fetched TaskSpec on the TaskRun for auditing + if err := storeTaskSpec(ctx, tr, taskSpec); err != nil { + c.Logger.Errorf("Failed to store TaskSpec on TaskRun.Statusfor taskrun %s: %v", tr.Name, err) + } + // Propagate labels from Task to TaskRun. if tr.ObjectMeta.Labels == nil { tr.ObjectMeta.Labels = make(map[string]string, len(taskMeta.Labels)+1)