Move MakePod to pkg/pod and unexport things

pkg/pod/creds_init.go

@@ -28,12 +28,15 @@ import (
 	"k8s.io/client-go/kubernetes"
 )
 
-const (
-	// Name of the credential initialization container.
-	credsInit = "credential-initializer"
-)
-
-func CredsInit(credsImage string, serviceAccountName, namespace string, kubeclient kubernetes.Interface, volumeMounts []corev1.VolumeMount, implicitEnvVars []corev1.EnvVar) (*corev1.Container, []corev1.Volume, error) {
+// credsInit returns an init container that initializes credentials based on
+// annotated secrets available to the service account.
+//
+// If no such secrets are found, it returns a nil container, and no creds init
+// process is necessary.
+//
+// If it finds secrets, it also returns a set of Volumes to attach to the Pod
+// to provide those secrets to this initialization.
+func credsInit(credsImage string, serviceAccountName, namespace string, kubeclient kubernetes.Interface, volumeMounts []corev1.VolumeMount, implicitEnvVars []corev1.EnvVar) (*corev1.Container, []corev1.Volume, error) {
 	if serviceAccountName == "" {
 		serviceAccountName = "default"
 	}
@@ -84,7 +87,7 @@ func CredsInit(credsImage string, serviceAccountName, namespace string, kubeclie
 	}
 
 	return &corev1.Container{
-		Name:         names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(credsInit),
+		Name:         names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("credential-initializer"),
 		Image:        credsImage,
 		Command:      []string{"/ko-app/creds-init"},
 		Args:         args,

pkg/pod/creds_init_test.go

@@ -28,7 +28,6 @@ import (
 )
 
 const (
-	credsImage         = "creds-image"
 	serviceAccountName = "my-service-account"
 	namespace          = "namespacey-mcnamespace"
 )
@@ -101,7 +100,7 @@ func TestCredsInit(t *testing.T) {
 		},
 		want: &corev1.Container{
 			Name:    "credential-initializer-mz4c7",
-			Image:   credsImage,
+			Image:   images.CredsImage,
 			Command: []string{"/ko-app/creds-init"},
 			Args: []string{
 				"-basic-docker=my-creds=https://docker.io",
@@ -119,9 +118,9 @@ func TestCredsInit(t *testing.T) {
 		t.Run(c.desc, func(t *testing.T) {
 			names.TestingSeed()
 			kubeclient := fakek8s.NewSimpleClientset(c.objs...)
-			got, volumes, err := CredsInit(credsImage, serviceAccountName, namespace, kubeclient, volumeMounts, envVars)
+			got, volumes, err := credsInit(images.CredsImage, serviceAccountName, namespace, kubeclient, volumeMounts, envVars)
 			if err != nil {
-				t.Fatalf("CredsInit: %v", err)
+				t.Fatalf("credsInit: %v", err)
 			}
 			if got == nil && len(volumes) > 0 {
 				t.Errorf("Got nil creds-init container, with non-empty volumes: %v", volumes)

pkg/pod/entrypoint.go

@@ -1,3 +1,19 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package pod
 
 import (
@@ -19,48 +35,46 @@ const (
 	downwardVolumeName     = "downward"
 	downwardMountPoint     = "/tekton/downward"
 	downwardMountReadyFile = "ready"
-	ReadyAnnotation        = "tekton.dev/ready"
-	ReadyAnnotationValue   = "READY"
+	readyAnnotation        = "tekton.dev/ready"
+	readyAnnotationValue   = "READY"
 
-	StepPrefix    = "step-"
-	SidecarPrefix = "sidecar-"
+	stepPrefix    = "step-"
+	sidecarPrefix = "sidecar-"
 )
 
 var (
 	// TODO(#1605): Generate volumeMount names, to avoid collisions.
-	// TODO(#1605): Unexport these vars when Pod conversion is entirely within
-	// this package.
-	ToolsMount = corev1.VolumeMount{
+	toolsMount = corev1.VolumeMount{
 		Name:      toolsVolumeName,
 		MountPath: mountPoint,
 	}
-	ToolsVolume = corev1.Volume{
+	toolsVolume = corev1.Volume{
 		Name:         toolsVolumeName,
 		VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
 	}
 
 	// TODO(#1605): Signal sidecar readiness by injecting entrypoint,
 	// remove dependency on Downward API.
-	DownwardVolume = corev1.Volume{
+	downwardVolume = corev1.Volume{
 		Name: downwardVolumeName,
 		VolumeSource: corev1.VolumeSource{
 			DownwardAPI: &corev1.DownwardAPIVolumeSource{
 				Items: []corev1.DownwardAPIVolumeFile{{
 					Path: downwardMountReadyFile,
 					FieldRef: &corev1.ObjectFieldSelector{
-						FieldPath: fmt.Sprintf("metadata.annotations['%s']", ReadyAnnotation),
+						FieldPath: fmt.Sprintf("metadata.annotations['%s']", readyAnnotation),
 					},
 				}},
 			},
 		},
 	}
-	DownwardMount = corev1.VolumeMount{
+	downwardMount = corev1.VolumeMount{
 		Name:      downwardVolumeName,
 		MountPath: downwardMountPoint,
 	}
 )
 
-// OrderContainers returns the specified steps, modified so that they are
+// orderContainers returns the specified steps, modified so that they are
 // executed in order by overriding the entrypoint binary. It also returns the
 // init container that places the entrypoint binary pulled from the
 // entrypointImage.
@@ -70,12 +84,12 @@ var (
 // method, using entrypoint_lookup.go.
 //
 // TODO(#1605): Also use entrypoint injection to order sidecar start/stop.
-func OrderContainers(entrypointImage string, steps []corev1.Container) (corev1.Container, []corev1.Container, error) {
+func orderContainers(entrypointImage string, steps []corev1.Container) (corev1.Container, []corev1.Container, error) {
 	toolsInit := corev1.Container{
 		Name:         "place-tools",
 		Image:        entrypointImage,
 		Command:      []string{"cp", "/ko-app/entrypoint", entrypointBinary},
-		VolumeMounts: []corev1.VolumeMount{ToolsMount},
+		VolumeMounts: []corev1.VolumeMount{toolsMount},
 	}
 
 	if len(steps) == 0 {
@@ -114,10 +128,10 @@ func OrderContainers(entrypointImage string, steps []corev1.Container) (corev1.C
 
 		steps[i].Command = []string{entrypointBinary}
 		steps[i].Args = argsForEntrypoint
-		steps[i].VolumeMounts = append(steps[i].VolumeMounts, ToolsMount)
+		steps[i].VolumeMounts = append(steps[i].VolumeMounts, toolsMount)
 	}
 	// Mount the Downward volume into the first step container.
-	steps[0].VolumeMounts = append(steps[0].VolumeMounts, DownwardMount)
+	steps[0].VolumeMounts = append(steps[0].VolumeMounts, downwardMount)
 
 	return toolsInit, steps, nil
 }
@@ -135,8 +149,8 @@ func UpdateReady(kubeclient kubernetes.Interface, pod corev1.Pod) error {
 	if newPod.ObjectMeta.Annotations == nil {
 		newPod.ObjectMeta.Annotations = map[string]string{}
 	}
-	if newPod.ObjectMeta.Annotations[ReadyAnnotation] != ReadyAnnotationValue {
-		newPod.ObjectMeta.Annotations[ReadyAnnotation] = ReadyAnnotationValue
+	if newPod.ObjectMeta.Annotations[readyAnnotation] != readyAnnotationValue {
+		newPod.ObjectMeta.Annotations[readyAnnotation] = readyAnnotationValue
 		if _, err := kubeclient.CoreV1().Pods(newPod.Namespace).Update(newPod); err != nil {
 			return fmt.Errorf("Error adding ready annotation to Pod %q: %w", pod.Name, err)
 		}
@@ -173,8 +187,16 @@ func StopSidecars(nopImage string, kubeclient kubernetes.Interface, pod corev1.P
 	return nil
 }
 
-func IsContainerStep(name string) bool    { return strings.HasPrefix(name, StepPrefix) }
-func IsContainerSidecar(name string) bool { return strings.HasPrefix(name, SidecarPrefix) }
+// TODO(#1605): Move taskrunpod.go into pkg/pod and unexport these methods.
+
+// IsContainerStep returns true if the container name indicates that it represents a step.
+func IsContainerStep(name string) bool { return strings.HasPrefix(name, stepPrefix) }
+
+// IsContainerSidecar returns true if the container name indicates that it represents a sidecar.
+func IsContainerSidecar(name string) bool { return strings.HasPrefix(name, sidecarPrefix) }
+
+// TrimStepPrefix returns the container name, stripped of its step prefix.
+func TrimStepPrefix(name string) string { return strings.TrimPrefix(name, stepPrefix) }
 
-func TrimStepPrefix(name string) string    { return strings.TrimPrefix(name, StepPrefix) }
-func TrimSidecarPrefix(name string) string { return strings.TrimPrefix(name, SidecarPrefix) }
+// TrimSidecarPrefix returns the container name, stripped of its sidecar prefix.
+func TrimSidecarPrefix(name string) string { return strings.TrimPrefix(name, sidecarPrefix) }

pkg/pod/entrypoint_lookup.go

@@ -27,12 +27,12 @@ type EntrypointCache interface {
 	Get(imageName, namespace, serviceAccountName string) (cmd []string, d name.Digest, err error)
 }
 
-// ResolveEntrypoints looks up container image ENTRYPOINTs for all steps that
+// resolveEntrypoints looks up container image ENTRYPOINTs for all steps that
 // don't specify a Command.
 //
 // Images that are not specified by digest will be specified by digest after
 // lookup in the resulting list of containers.
-func ResolveEntrypoints(cache EntrypointCache, namespace, serviceAccountName string, steps []corev1.Container) ([]corev1.Container, error) {
+func resolveEntrypoints(cache EntrypointCache, namespace, serviceAccountName string, steps []corev1.Container) ([]corev1.Container, error) {
 	// Keep a local cache of image->digest lookups, just for the scope of
 	// resolving this set of steps. If the image is pushed to, we need to
 	// resolve its digest and entrypoint again, but we can skip lookups

pkg/pod/entrypoint_lookup_test.go

@@ -1,3 +1,19 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package pod
 
 import (
@@ -24,7 +40,7 @@ func TestResolveEntrypoints(t *testing.T) {
 		},
 	}
 
-	got, err := ResolveEntrypoints(cache, "namespace", "serviceAccountName", []corev1.Container{{
+	got, err := resolveEntrypoints(cache, "namespace", "serviceAccountName", []corev1.Container{{
 		Image:   "fully-specified",
 		Command: []string{"specified", "command"}, // nothing to resolve
 	}, {
@@ -35,7 +51,7 @@ func TestResolveEntrypoints(t *testing.T) {
 		Image: "my-image", // Check whether we look it up again.
 	}})
 	if err != nil {
-		t.Fatalf("Error resolving entrypoints: %v", err)
+		t.Fatalf("resolveEntrypoints: %v", err)
 	}
 
 	want := []corev1.Container{{

pkg/pod/entrypoint_test.go

@@ -1,3 +1,19 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package pod
 
 import (
@@ -10,8 +26,6 @@ import (
 	fakek8s "k8s.io/client-go/kubernetes/fake"
 )
 
-const entrypointImage = "entrypoint"
-
 var volumeMount = corev1.VolumeMount{
 	Name:      "my-mount",
 	MountPath: "/mount/point",
@@ -42,7 +56,7 @@ func TestOrderContainers(t *testing.T) {
 			"-entrypoint", "cmd", "--",
 			"arg1", "arg2",
 		},
-		VolumeMounts: []corev1.VolumeMount{ToolsMount, DownwardMount},
+		VolumeMounts: []corev1.VolumeMount{toolsMount, downwardMount},
 	}, {
 		Image:   "step-2",
 		Command: []string{entrypointBinary},
@@ -53,7 +67,7 @@ func TestOrderContainers(t *testing.T) {
 			"cmd2", "cmd3",
 			"arg1", "arg2",
 		},
-		VolumeMounts: []corev1.VolumeMount{volumeMount, ToolsMount},
+		VolumeMounts: []corev1.VolumeMount{volumeMount, toolsMount},
 	}, {
 		Image:   "step-3",
 		Command: []string{entrypointBinary},
@@ -63,21 +77,21 @@ func TestOrderContainers(t *testing.T) {
 			"-entrypoint", "cmd", "--",
 			"arg1", "arg2",
 		},
-		VolumeMounts: []corev1.VolumeMount{ToolsMount},
+		VolumeMounts: []corev1.VolumeMount{toolsMount},
 	}}
-	gotInit, got, err := OrderContainers(entrypointImage, steps)
+	gotInit, got, err := orderContainers(images.EntrypointImage, steps)
 	if err != nil {
-		t.Fatalf("OrderContainers: %v", err)
+		t.Fatalf("orderContainers: %v", err)
 	}
 	if d := cmp.Diff(want, got); d != "" {
 		t.Errorf("Diff (-want, +got): %s", d)
 	}
 
 	wantInit := corev1.Container{
 		Name:         "place-tools",
-		Image:        entrypointImage,
+		Image:        images.EntrypointImage,
 		Command:      []string{"cp", "/ko-app/entrypoint", entrypointBinary},
-		VolumeMounts: []corev1.VolumeMount{ToolsMount},
+		VolumeMounts: []corev1.VolumeMount{toolsMount},
 	}
 	if d := cmp.Diff(wantInit, gotInit); d != "" {
 		t.Errorf("Init Container Diff (-want, +got): %s", d)
@@ -98,7 +112,7 @@ func TestUpdateReady(t *testing.T) {
 			},
 		},
 		wantAnnotations: map[string]string{
-			ReadyAnnotation: ReadyAnnotationValue,
+			readyAnnotation: readyAnnotationValue,
 		},
 	}, {
 		desc: "Pod with existing annotations has it appended",
@@ -112,20 +126,20 @@ func TestUpdateReady(t *testing.T) {
 		},
 		wantAnnotations: map[string]string{
 			"something":     "else",
-			ReadyAnnotation: ReadyAnnotationValue,
+			readyAnnotation: readyAnnotationValue,
 		},
 	}, {
 		desc: "Pod with other annotation value has it updated",
 		pod: corev1.Pod{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "pod",
 				Annotations: map[string]string{
-					ReadyAnnotation: "something else",
+					readyAnnotation: "something else",
 				},
 			},
 		},
 		wantAnnotations: map[string]string{
-			ReadyAnnotation: ReadyAnnotationValue,
+			readyAnnotation: readyAnnotationValue,
 		},
 	}} {
 		t.Run(c.desc, func(t *testing.T) {
@@ -150,11 +164,11 @@ const nopImage = "nop-image"
 // image.
 func TestStopSidecars(t *testing.T) {
 	stepContainer := corev1.Container{
-		Name:  StepPrefix + "my-step",
+		Name:  stepPrefix + "my-step",
 		Image: "foo",
 	}
 	sidecarContainer := corev1.Container{
-		Name:    SidecarPrefix + "-my-sidecar",
+		Name:    sidecarPrefix + "my-sidecar",
 		Image:   "original-image",
 		Command: []string{"my", "command"},
 		Args:    []string{"my", "args"},