Skip to content

Commit

Permalink
Add variable expansion for params in Projected Volume fields
Browse files Browse the repository at this point in the history
A [projected volume](https://kubernetes.io/docs/concepts/storage/volumes/#projected)
can mount/project files from `Secrets`, `ConfigMaps` and `ServiceAccountTokens`.

Is is good if the end user can choose the name of `Secrets`, `ConfigMaps` and the audience of `ServiceAccountTokens`.
With this commit, the task author can use `params` for `secret.name`, `configmap.name` and `serviceaccounttoken.audience`
in a Projected Volume.

See examples of use cases in #2597

Fixes #2597
  • Loading branch information
jlpettersson committed May 12, 2020
1 parent 1fbac2a commit df7e19e
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 1 deletion.
2 changes: 1 addition & 1 deletion docs/tasks.md
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ The `description` field is an optional field that allows you to add an informati

`Tasks` allow you to substitute variable names for the following entities:

- [Parameters and resources]](#substituting-parameters-and-resources)
- [Parameters and resources](#substituting-parameters-and-resources)
- [`Array` parameters](#substituting-array-parameters)
- [`Workspaces`](#substituting-workspace-paths)
- [`Volume` names and types](#substituting-volume-names-and-paths)
Expand Down
13 changes: 13 additions & 0 deletions pkg/reconciler/taskrun/resources/apply.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,19 @@ func ApplyReplacements(spec *v1beta1.TaskSpec, stringReplacements map[string]str
if v.PersistentVolumeClaim != nil {
spec.Volumes[i].PersistentVolumeClaim.ClaimName = substitution.ApplyReplacements(v.PersistentVolumeClaim.ClaimName, stringReplacements)
}
if v.Projected != nil {
for _, s := range spec.Volumes[i].Projected.Sources {
if s.ConfigMap != nil {
s.ConfigMap.Name = substitution.ApplyReplacements(s.ConfigMap.Name, stringReplacements)
}
if s.Secret != nil {
s.Secret.Name = substitution.ApplyReplacements(s.Secret.Name, stringReplacements)
}
if s.ServiceAccountToken != nil {
s.ServiceAccountToken.Audience = substitution.ApplyReplacements(s.ServiceAccountToken.Audience, stringReplacements)
}
}
}
}

// Apply variable substitution to the sidecar definitions
Expand Down
24 changes: 24 additions & 0 deletions pkg/reconciler/taskrun/resources/apply_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,27 @@ var (
SecretRef: &corev1.SecretEnvSource{
LocalObjectReference: corev1.LocalObjectReference{Name: "secret-$(inputs.params.FOO)"},
},
}, {
Name: "some-projected-volumes",
VolumeSource: corev1.VolumeSource{
Projected: &corev1.ProjectedVolumeSource{
Sources: []corev1.VolumeProjection{{
ConfigMap: &corev1.ConfigMapProjection{
LocalObjectReference: corev1.LocalObjectReference{
Name: "$(inputs.params.FOO)",
},
},
Secret: &corev1.SecretProjection{
LocalObjectReference: corev1.LocalObjectReference{
Name: "$(inputs.params.FOO)",
},
},
ServiceAccountToken: &corev1.ServiceAccountTokenProjection{
Audience: "$(inputs.params.FOO)",
},
}},
},
},
}},
}}, {Container: corev1.Container{
Name: "outputs-resources-path-ab",
Expand Down Expand Up @@ -515,6 +536,9 @@ func TestApplyParameters(t *testing.T) {
spec.Volumes[0].VolumeSource.ConfigMap.LocalObjectReference.Name = "world"
spec.Volumes[1].VolumeSource.Secret.SecretName = "world"
spec.Volumes[2].VolumeSource.PersistentVolumeClaim.ClaimName = "world"
spec.Volumes[3].VolumeSource.Projected.Sources[0].ConfigMap.Name = "world"
spec.Volumes[3].VolumeSource.Projected.Sources[0].Secret.Name = "world"
spec.Volumes[3].VolumeSource.Projected.Sources[0].ServiceAccountToken.Audience = "world"

spec.Sidecars[0].Container.Image = "bar"
spec.Sidecars[0].Container.Env[0].Value = "world"
Expand Down

0 comments on commit df7e19e

Please sign in to comment.