Feature flag for provenance field in status

Introduced a dedicated feature flag of boolean type named "enable-provenance-in-status" in feature-flags configmap to enable the provenance field in status. The `provenance` field was introducted to *run status in tektoncd#5580 status to record authenticated metadata about how a software artifact was built i.e. the source where remote resource came from. By default, this feature flag is false. Signed-off-by: Chuang Wang <chuangw@google.com>
chuangw6 · Oct 20, 2022 · 267f1a4 · 267f1a4
1 parent 07bf470
commit 267f1a4
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 7 deletions.
diff --git a/config/config-feature-flags.yaml b/config/config-feature-flags.yaml
@@ -81,3 +81,7 @@ data:
   # Setting this flag to "true" enables CloudEvents for Runs, as long as a
   # CloudEvents sink is configured in the config-defaults config map
   send-cloudevents-for-runs: "false"
+  # Setting this flag to "true" enables populating the "provenance" field in TaskRun
+  # and PipelineRun status. This field contains the key authenticated metadata about how a
+  # software artifact was built i.e. the source where remote resource came from.
+  enable-provenance-in-status: "false"
diff --git a/docs/install.md b/docs/install.md
@@ -442,6 +442,11 @@ features](#alpha-features) to be used.
   name, kind, and API version information for each `TaskRun` and `Run` in the `PipelineRun` instead. Set it to "both" to
   do both. For more information, see [Configuring usage of `TaskRun` and `Run` embedded statuses](pipelineruns.md#configuring-usage-of-taskrun-and-run-embedded-statuses).
 
+- `enable-provenance-in-status`: set this flag to "true" to enable recording 
+  the `provenance` field in `TaskRun` and `PipelineRun` status. The `provenance` field contains 
+  the key authenticated metadata about how a software artifact was built i.e. the source
+  where remote resource came from.
+
 For example:
 
 ```yaml

diff --git a/docs/pipelineruns.md b/docs/pipelineruns.md
@@ -1386,6 +1386,7 @@ Your `PipelineRun`'s `status` field can contain the following fields:
     - [`kind`][kubernetes-overview] - Generally either `TaskRun` or `Run`.
     - [`apiVersion`][kubernetes-overview] - The API version for the underlying `TaskRun` or `Run`.
     - [`whenExpressions`](pipelines.md#guard-task-execution-using-when-expressions) - The list of when expressions guarding the execution of this task.
+  - `provenance` - A list of fields recording the key authenticated metadata about how a software artifact was built i.e. the source where remote resource came from. 
 
 ### Configuring usage of `TaskRun` and `Run` embedded statuses
 

diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go
@@ -64,6 +64,8 @@ const (
 	DefaultEmbeddedStatus = FullEmbeddedStatus
 	// DefaultEnableSpire is the default value for "enable-spire".
 	DefaultEnableSpire = false
+	// DefaultEnableProvenanceInStatus is the default value for "enable-provenance-status".
+	DefaultEnableProvenanceInStatus = false
 
 	disableAffinityAssistantKey         = "disable-affinity-assistant"
 	disableCredsInitKey                 = "disable-creds-init"
@@ -76,6 +78,7 @@ const (
 	sendCloudEventsForRuns              = "send-cloudevents-for-runs"
 	embeddedStatus                      = "embedded-status"
 	enableSpire                         = "enable-spire"
+	enableProvenanceInStatus            = "enable-provenance-in-status"
 )
 
 // FeatureFlags holds the features configurations
@@ -93,6 +96,7 @@ type FeatureFlags struct {
 	AwaitSidecarReadiness            bool
 	EmbeddedStatus                   string
 	EnableSpire                      bool
+	EnableProvenanceInStatus         bool
 }
 
 // GetFeatureFlagsConfigName returns the name of the configmap containing all
@@ -144,6 +148,9 @@ func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) {
 	if err := setEmbeddedStatus(cfgMap, DefaultEmbeddedStatus, &tc.EmbeddedStatus); err != nil {
 		return nil, err
 	}
+	if err := setFeature(enableProvenanceInStatus, DefaultEnableProvenanceInStatus, &tc.EnableProvenanceInStatus); err != nil {
+		return nil, err
+	}
 
 	// Given that they are alpha features, Tekton Bundles and Custom Tasks should be switched on if
 	// enable-api-fields is "alpha". If enable-api-fields is not "alpha" then fall back to the value of

diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go
@@ -38,13 +38,14 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) {
 				RunningInEnvWithInjectedSidecars: true,
 				RequireGitSSHSecretKnownHosts:    false,
 
-				DisableCredsInit:       config.DefaultDisableCredsInit,
-				AwaitSidecarReadiness:  config.DefaultAwaitSidecarReadiness,
-				EnableTektonOCIBundles: config.DefaultEnableTektonOciBundles,
-				EnableCustomTasks:      config.DefaultEnableCustomTasks,
-				EnableAPIFields:        config.DefaultEnableAPIFields,
-				SendCloudEventsForRuns: config.DefaultSendCloudEventsForRuns,
-				EmbeddedStatus:         config.DefaultEmbeddedStatus,
+				DisableCredsInit:         config.DefaultDisableCredsInit,
+				AwaitSidecarReadiness:    config.DefaultAwaitSidecarReadiness,
+				EnableTektonOCIBundles:   config.DefaultEnableTektonOciBundles,
+				EnableCustomTasks:        config.DefaultEnableCustomTasks,
+				EnableAPIFields:          config.DefaultEnableAPIFields,
+				SendCloudEventsForRuns:   config.DefaultSendCloudEventsForRuns,
+				EmbeddedStatus:           config.DefaultEmbeddedStatus,
+				EnableProvenanceInStatus: config.DefaultEnableProvenanceInStatus,
 			},
 			fileName: config.GetFeatureFlagsConfigName(),
 		},
@@ -60,6 +61,7 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) {
 				SendCloudEventsForRuns:           true,
 				EmbeddedStatus:                   "both",
 				EnableSpire:                      true,
+				EnableProvenanceInStatus:         true,
 			},
 			fileName: "feature-flags-all-flags-set",
 		},
@@ -150,6 +152,7 @@ func TestNewFeatureFlagsFromEmptyConfigMap(t *testing.T) {
 		SendCloudEventsForRuns:           config.DefaultSendCloudEventsForRuns,
 		EmbeddedStatus:                   config.DefaultEmbeddedStatus,
 		EnableSpire:                      config.DefaultEnableSpire,
+		EnableProvenanceInStatus:         config.DefaultEnableProvenanceInStatus,
 	}
 	verifyConfigFileWithExpectedFeatureFlagsConfig(t, FeatureFlagsConfigEmptyName, expectedConfig)
 }

diff --git a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml
@@ -28,3 +28,4 @@ data:
   send-cloudevents-for-runs: "true"
   embedded-status: "both"
   enable-spire: "true"
+  enable-provenance-in-status: "true"