From e6fe3bf4812a5d1d5694be94eda2d08e21a8f803 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 29 Jul 2020 11:37:06 +0200 Subject: [PATCH] =?UTF-8?q?Deprecate=20PipelineRun.Spec.ServiceAccountName?= =?UTF-8?q?s=20=F0=9F=A6=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `PipelineRun.Spec.TaskRunSpecs` already allows to specify a `ServiceAccountName` for a specific task. This marks `PipelineRun.Spec.ServiceAccountNames` as deprecated and to be removed in about 9 months. This also make sure `PipelineRun.Spec.ServiceAccountNames` are not ignored. Signed-off-by: Vincent Demeester --- docs/deprecations.md | 13 +++++++------ pkg/apis/pipeline/v1beta1/pipelinerun_types.go | 2 ++ pkg/reconciler/pipelinerun/pipelinerun.go | 11 ++++++++++- .../resources/pipelinerunresolution.go | 17 ++++++++++++++++- 4 files changed, 35 insertions(+), 8 deletions(-) diff --git a/docs/deprecations.md b/docs/deprecations.md index 3084d41c6e1..97c92bb5cd8 100644 --- a/docs/deprecations.md +++ b/docs/deprecations.md @@ -18,9 +18,10 @@ being deprecated. ## Deprecation Table -| Feature Being Deprecated | Deprecation Announcement | [API Compatibility Policy](https://github.com/tektoncd/pipeline/tree/master/api_compatibility_policy.md) | Earliest Date or Release of Removal | -| ------------------------ | ------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------------ | -| [`tekton.dev/task` label on ClusterTasks](https://github.com/tektoncd/pipeline/issues/2533) | [v0.12.0](https://github.com/tektoncd/pipeline/releases/tag/v0.12.0) | Beta | January 30 2021 | -| [Step `$HOME` env var defaults to `/tekton/home`](https://github.com/tektoncd/pipeline/issues/2013) | [v0.11.0-rc1](https://github.com/tektoncd/pipeline/releases/tag/v0.11.0-rc1) | Beta | December 4 2020 | -| [Step `workingDir` defaults to `/workspace`](https://github.com/tektoncd/pipeline/issues/1836) | [v0.11.0-rc1](https://github.com/tektoncd/pipeline/releases/tag/v0.11.0-rc1) | Beta | December 4 2020 | -| [The `TaskRun.Status.ResourceResults.ResourceRef` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2694) | [v0.14.0](https://github.com/tektoncd/pipeline/releases/tag/v0.13.0) | Beta | April 30 2021 | +| Feature Being Deprecated | Deprecation Announcement | [API Compatibility Policy](https://github.com/tektoncd/pipeline/tree/master/api_compatibility_policy.md) | Earliest Date or Release of Removal | +| ------------------------ | ------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------------ | +| [`tekton.dev/task` label on ClusterTasks](https://github.com/tektoncd/pipeline/issues/2533) | [v0.12.0](https://github.com/tektoncd/pipeline/releases/tag/v0.12.0) | Beta | January 30 2021 | +| [Step `$HOME` env var defaults to `/tekton/home`](https://github.com/tektoncd/pipeline/issues/2013) | [v0.11.0-rc1](https://github.com/tektoncd/pipeline/releases/tag/v0.11.0-rc1) | Beta | December 4 2020 | +| [Step `workingDir` defaults to `/workspace`](https://github.com/tektoncd/pipeline/issues/1836) | [v0.11.0-rc1](https://github.com/tektoncd/pipeline/releases/tag/v0.11.0-rc1) | Beta | December 4 2020 | +| [The `TaskRun.Status.ResourceResults.ResourceRef` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2694) | [v0.14.0](https://github.com/tektoncd/pipeline/releases/tag/v0.14.0) | Beta | April 30 2021 | +| [The `PipelineRun.Spec.ServiceAccountNames` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2614) | [v0.15.0](https://github.com/tektoncd/pipeline/releases/tag/v0.15.0) | Beta | May 15 2021 | diff --git a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go index f8928f80c05..267f5e19491 100644 --- a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go +++ b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go @@ -164,6 +164,8 @@ type PipelineRunSpec struct { Params []Param `json:"params,omitempty"` // +optional ServiceAccountName string `json:"serviceAccountName,omitempty"` + + // Deprecated: use taskRunSpecs.ServiceAccountName instead // +optional ServiceAccountNames []PipelineRunSpecServiceAccountName `json:"serviceAccountNames,omitempty"` // Used for cancelling a pipelinerun (and maybe more later on) diff --git a/pkg/reconciler/pipelinerun/pipelinerun.go b/pkg/reconciler/pipelinerun/pipelinerun.go index ac1b5772730..d9677ef7bd6 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun.go +++ b/pkg/reconciler/pipelinerun/pipelinerun.go @@ -366,7 +366,8 @@ func (c *Reconciler) reconcile(ctx context.Context, pr *v1beta1.PipelineRun) err return controller.NewPermanentError(err) } - // Ensure that the ServiceAccountNames defined correct. + // Ensure that the ServiceAccountNames defined are correct. + // This is "deprecated". if err := resources.ValidateServiceaccountMapping(pipelineSpec, pr); err != nil { pr.Status.MarkFailed(ReasonInvalidServiceAccountMapping, "PipelineRun %s/%s doesn't define ServiceAccountNames correctly: %s", @@ -374,6 +375,14 @@ func (c *Reconciler) reconcile(ctx context.Context, pr *v1beta1.PipelineRun) err return controller.NewPermanentError(err) } + // Ensure that the TaskRunSpecs defined are correct. + if err := resources.ValidateTaskRunSpecs(pipelineSpec, pr); err != nil { + pr.Status.MarkFailed(ReasonInvalidServiceAccountMapping, + "PipelineRun %s/%s doesn't define taskRunSpecs correctly: %s", + pr.Namespace, pr.Name, err) + return controller.NewPermanentError(err) + } + // Apply parameter substitution from the PipelineRun pipelineSpec = resources.ApplyParameters(pipelineSpec, pr) pipelineSpec = resources.ApplyContexts(pipelineSpec, pipelineMeta.Name, pr) diff --git a/pkg/reconciler/pipelinerun/resources/pipelinerunresolution.go b/pkg/reconciler/pipelinerun/resources/pipelinerunresolution.go index d8f014ef084..4c377879703 100644 --- a/pkg/reconciler/pipelinerun/resources/pipelinerunresolution.go +++ b/pkg/reconciler/pipelinerun/resources/pipelinerunresolution.go @@ -374,6 +374,21 @@ func ValidateWorkspaceBindings(p *v1beta1.PipelineSpec, pr *v1beta1.PipelineRun) return nil } +// ValidateTaskRunSpecs that the TaskRunSpecs defined by a PipelineRun are correct. +func ValidateTaskRunSpecs(p *v1beta1.PipelineSpec, pr *v1beta1.PipelineRun) error { + pipelineTasks := make(map[string]string) + for _, task := range p.Tasks { + pipelineTasks[task.Name] = task.Name + } + + for _, taskrunSpec := range pr.Spec.TaskRunSpecs { + if _, ok := pipelineTasks[taskrunSpec.PipelineTaskName]; !ok { + return fmt.Errorf("PipelineRun's taskrunSpecs defined wrong taskName: %q, does not exist in Pipeline", taskrunSpec.PipelineTaskName) + } + } + return nil +} + // ValidateServiceaccountMapping validates that the ServiceAccountNames defined by a PipelineRun are not correct. func ValidateServiceaccountMapping(p *v1beta1.PipelineSpec, pr *v1beta1.PipelineRun) error { pipelineTasks := make(map[string]string) @@ -383,7 +398,7 @@ func ValidateServiceaccountMapping(p *v1beta1.PipelineSpec, pr *v1beta1.Pipeline for _, name := range pr.Spec.ServiceAccountNames { if _, ok := pipelineTasks[name.TaskName]; !ok { - return fmt.Errorf("PipelineRun's ServiceAccountNames defined wrong taskName: %q, not existed in Pipeline", name.TaskName) + return fmt.Errorf("PipelineRun's ServiceAccountNames defined wrong taskName: %q, does not exist in Pipeline", name.TaskName) } } return nil