Skip to content

Commit

Permalink
feat: support for variable interpolation in workspace.* (in PipelineR…
Browse files Browse the repository at this point in the history
…un and TaskRun)

fix tektoncd#7667

Support for variable interpolation in:

* spec.workspaces[].configMap.items[].*
* spec.workspaces[].secret.items[].*
* spec.workspaces[].projected.sources[].configMap.items[].*
* spec.workspaces[].projected.sources[].secret.items[].*
  • Loading branch information
l-qing committed Feb 17, 2024
1 parent fd17c74 commit 7a8abcd
Show file tree
Hide file tree
Showing 6 changed files with 392 additions and 121 deletions.
66 changes: 42 additions & 24 deletions docs/variables.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,22 +85,22 @@ For instructions on using variable substitutions see the relevant section of [th
| `Task` | `spec.steps[].script` |
| `Task` | `spec.steps[].onError` |
| `Task` | `spec.steps[].env.value` |
| `Task` | `spec.steps[].env.valuefrom.secretkeyref.name` |
| `Task` | `spec.steps[].env.valuefrom.secretkeyref.key` |
| `Task` | `spec.steps[].env.valuefrom.configmapkeyref.name` |
| `Task` | `spec.steps[].env.valuefrom.configmapkeyref.key` |
| `Task` | `spec.steps[].volumemounts.name` |
| `Task` | `spec.steps[].volumemounts.mountpath` |
| `Task` | `spec.steps[].volumemounts.subpath` |
| `Task` | `spec.steps[].env.valueFrom.secretKeyRef.name` |
| `Task` | `spec.steps[].env.valueFrom.secretKeyRef.key` |
| `Task` | `spec.steps[].env.valueFrom.configMapKeyRef.name` |
| `Task` | `spec.steps[].env.valueFrom.configMapKeyRef.key` |
| `Task` | `spec.steps[].volumeMounts.name` |
| `Task` | `spec.steps[].volumeMounts.mountPath` |
| `Task` | `spec.steps[].volumeMounts.subPath` |
| `Task` | `spec.volumes[].name` |
| `Task` | `spec.volumes[].configmap.name` |
| `Task` | `spec.volumes[].configmap.items[].key` |
| `Task` | `spec.volumes[].configmap.items[].path` |
| `Task` | `spec.volumes[].secret.secretname` |
| `Task` | `spec.volumes[].configMap.name` |
| `Task` | `spec.volumes[].configMap.items[].key` |
| `Task` | `spec.volumes[].configMap.items[].path` |
| `Task` | `spec.volumes[].secret.secretName` |
| `Task` | `spec.volumes[].secret.items[].key` |
| `Task` | `spec.volumes[].secret.items[].path` |
| `Task` | `spec.volumes[].persistentvolumeclaim.claimname` |
| `Task` | `spec.volumes[].projected.sources.configmap.name` |
| `Task` | `spec.volumes[].persistentVolumeClaim.claimName` |
| `Task` | `spec.volumes[].projected.sources.configMap.name` |
| `Task` | `spec.volumes[].projected.sources.secret.name` |
| `Task` | `spec.volumes[].projected.sources.serviceaccounttoken.audience` |
| `Task` | `spec.volumes[].csi.nodepublishsecretref.name` |
Expand All @@ -109,22 +109,31 @@ For instructions on using variable substitutions see the relevant section of [th
| `Task` | `spec.sidecars[].image` |
| `Task` | `spec.sidecars[].imagePullPolicy` |
| `Task` | `spec.sidecars[].env.value` |
| `Task` | `spec.sidecars[].env.valuefrom.secretkeyref.name` |
| `Task` | `spec.sidecars[].env.valuefrom.secretkeyref.key` |
| `Task` | `spec.sidecars[].env.valuefrom.configmapkeyref.name` |
| `Task` | `spec.sidecars[].env.valuefrom.configmapkeyref.key` |
| `Task` | `spec.sidecars[].volumemounts.name` |
| `Task` | `spec.sidecars[].volumemounts.mountpath` |
| `Task` | `spec.sidecars[].volumemounts.subpath` |
| `Task` | `spec.sidecars[].env.valueFrom.secretKeyRef.name` |
| `Task` | `spec.sidecars[].env.valueFrom.secretKeyRef.key` |
| `Task` | `spec.sidecars[].env.valueFrom.configMapKeyRef.name` |
| `Task` | `spec.sidecars[].env.valueFrom.configMapKeyRef.key` |
| `Task` | `spec.sidecars[].volumeMounts.name` |
| `Task` | `spec.sidecars[].volumeMounts.mountPath` |
| `Task` | `spec.sidecars[].volumeMounts.subpath` |
| `Task` | `spec.sidecars[].command` |
| `Task` | `spec.sidecars[].args` |
| `Task` | `spec.sidecars[].script` |
| `Task` | `spec.workspaces[].mountPath` |
| `TaskRun` | `spec.workspaces[].subPath` |
| `TaskRun` | `spec.workspaces[].persistentVolumeClaim.claimName` |
| `TaskRun` | `spec.workspaces[].configmap.name` |
| `TaskRun` | `spec.workspaces[].configMap.name` |
| `TaskRun` | `spec.workspaces[].configMap.items[].key` |
| `TaskRun` | `spec.workspaces[].configMap.items[].path` |
| `TaskRun` | `spec.workspaces[].secret.secretName` |
| `TaskRun` | `spec.workspaces[].projected.sources[].configMap.name` |
| `TaskRun` | `spec.workspaces[].secret.items[].key` |
| `TaskRun` | `spec.workspaces[].secret.items[].path` |
| `TaskRun` | `spec.workspaces[].projected.sources[].secret.name` |
| `TaskRun` | `spec.workspaces[].projected.sources[].secret.items[].key` |
| `TaskRun` | `spec.workspaces[].projected.sources[].secret.items[].path` |
| `TaskRun` | `spec.workspaces[].projected.sources[].configMap.name` |
| `TaskRun` | `spec.workspaces[].projected.sources[].configMap.items[].key` |
| `TaskRun` | `spec.workspaces[].projected.sources[].configMap.items[].path` |
| `TaskRun` | `spec.workspaces[].csi.driver` |
| `TaskRun` | `spec.workspaces[].csi.nodePublishSecretRef.name` |
| `Pipeline` | `spec.tasks[].params[].value` |
Expand All @@ -134,10 +143,19 @@ For instructions on using variable substitutions see the relevant section of [th
| `Pipeline` | `spec.tasks[].when[].values` |
| `Pipeline` | `spec.tasks[].workspaces[].subPath` |
| `Pipeline` | `spec.tasks[].displayName` |
| `PipelineRun` | `spec.workspaces[].subPath` |
| `PipelineRun` | `spec.workspaces[].persistentVolumeClaim.claimName` |
| `PipelineRun` | `spec.workspaces[].configmap.name` |
| `PipelineRun` | `spec.workspaces[].configMap.name` |
| `PipelineRun` | `spec.workspaces[].configMap.items[].key` |
| `PipelineRun` | `spec.workspaces[].configMap.items[].path` |
| `PipelineRun` | `spec.workspaces[].secret.secretName` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].configMap.name` |
| `PipelineRun` | `spec.workspaces[].secret.items[].key` |
| `PipelineRun` | `spec.workspaces[].secret.items[].path` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].secret.name` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].secret.items[].key` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].secret.items[].path` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].configMap.name` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].configMap.items[].key` |
| `PipelineRun` | `spec.workspaces[].projected.sources[].configMap.items[].path` |
| `PipelineRun` | `spec.workspaces[].csi.driver` |
| `PipelineRun` | `spec.workspaces[].csi.nodePublishSecretRef.name` |
66 changes: 53 additions & 13 deletions pkg/reconciler/pipelinerun/pipelinerun_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4891,18 +4891,18 @@ spec:
steps:
- name: s1
image: alpine
script: |
script: |
echo $(params.version) + $(params.tag)
- name: b-task
params:
params:
- name: ref-p1
value: $(params.version)
- name: ref-p2
value: "v3"
taskRef:
name: ref-task
- name: c-task-matrixed
matrix:
matrix:
params:
- name: ref-p1
value: [v1, v2]
Expand Down Expand Up @@ -4981,7 +4981,7 @@ spec:
steps:
- name: s1
image: alpine
script: |
script: |
echo $(params.version)
`)}
prs := []*v1.PipelineRun{parse.MustParseV1PipelineRun(t, `
Expand Down Expand Up @@ -5967,7 +5967,7 @@ spec:
serviceAccountName: test-sa-0
workspaces:
- name: ws-1
secret:
secret:
secretName: $(tasks.a-task.results.aResult)
`)},
expectedTr: mustParseTaskRunWithObjectMeta(t,
Expand Down Expand Up @@ -5997,7 +5997,7 @@ spec:
serviceAccountName: test-sa-0
workspaces:
- name: ws-1
projected:
projected:
sources:
- configMap:
name: $(tasks.a-task.results.aResult)
Expand All @@ -6012,10 +6012,10 @@ spec:
kind: Task
workspaces:
- name: s1
projected:
projected:
sources:
- configMap:
name: aResultValue
name: aResultValue
`),
},
{
Expand All @@ -6031,7 +6031,7 @@ spec:
serviceAccountName: test-sa-0
workspaces:
- name: ws-1
projected:
projected:
sources:
- secret:
name: $(tasks.a-task.results.aResult)
Expand All @@ -6046,10 +6046,50 @@ spec:
kind: Task
workspaces:
- name: s1
projected:
projected:
sources:
- secret:
name: aResultValue
`),
},
{
name: "projected.sources.secret.items success",
prs: []*v1.PipelineRun{parse.MustParseV1PipelineRun(t, `
metadata:
name: test-pipeline-run-different-service-accs
namespace: foo
spec:
pipelineRef:
name: test-pipeline
taskRunTemplate:
serviceAccountName: test-sa-0
workspaces:
- name: ws-1
projected:
sources:
- secret:
name: name
items:
- key: $(tasks.a-task.results.aResult)
path: $(tasks.a-task.results.aResult)
`)},
expectedTr: mustParseTaskRunWithObjectMeta(t,
taskRunObjectMeta("test-pipeline-run-different-service-accs-b-task", "foo",
"test-pipeline-run-different-service-accs", "test-pipeline", "b-task", false),
`spec:
serviceAccountName: test-sa-0
taskRef:
name: b-task
kind: Task
workspaces:
- name: s1
projected:
sources:
- secret:
name: aResultValue
name: name
items:
- key: aResultValue
path: aResultValue
`),
},
{
Expand Down Expand Up @@ -6079,7 +6119,7 @@ spec:
workspaces:
- name: s1
csi:
driver: aResultValue
driver: aResultValue
`),
},
{
Expand Down Expand Up @@ -6110,7 +6150,7 @@ spec:
workspaces:
- name: s1
csi:
nodePublishSecretRef:
nodePublishSecretRef:
name: aResultValue
`),
},
Expand Down
59 changes: 3 additions & 56 deletions pkg/reconciler/pipelinerun/resources/apply.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
"github.com/tektoncd/pipeline/pkg/reconciler/taskrun/resources"
"github.com/tektoncd/pipeline/pkg/substitution"
"github.com/tektoncd/pipeline/pkg/workspace"
)

const (
Expand Down Expand Up @@ -396,34 +397,7 @@ func ApplyResultsToWorkspaceBindings(trResults map[string][]v1.TaskRunResult, pr
}
}

for i, binding := range pr.Spec.Workspaces {
if pr.Spec.Workspaces[i].PersistentVolumeClaim != nil {
pr.Spec.Workspaces[i].PersistentVolumeClaim.ClaimName = substitution.ApplyReplacements(binding.PersistentVolumeClaim.ClaimName, stringReplacements)
}
pr.Spec.Workspaces[i].SubPath = substitution.ApplyReplacements(binding.SubPath, stringReplacements)
if pr.Spec.Workspaces[i].ConfigMap != nil {
pr.Spec.Workspaces[i].ConfigMap.Name = substitution.ApplyReplacements(binding.ConfigMap.Name, stringReplacements)
}
if pr.Spec.Workspaces[i].CSI != nil {
pr.Spec.Workspaces[i].CSI.Driver = substitution.ApplyReplacements(binding.CSI.Driver, stringReplacements)
if pr.Spec.Workspaces[i].CSI.NodePublishSecretRef != nil {
pr.Spec.Workspaces[i].CSI.NodePublishSecretRef.Name = substitution.ApplyReplacements(binding.CSI.NodePublishSecretRef.Name, stringReplacements)
}
}
if pr.Spec.Workspaces[i].Secret != nil {
pr.Spec.Workspaces[i].Secret.SecretName = substitution.ApplyReplacements(binding.Secret.SecretName, stringReplacements)
}
if pr.Spec.Workspaces[i].Projected != nil {
for j, source := range binding.Projected.Sources {
if pr.Spec.Workspaces[i].Projected.Sources[j].ConfigMap != nil {
pr.Spec.Workspaces[i].Projected.Sources[j].ConfigMap.Name = substitution.ApplyReplacements(source.ConfigMap.Name, stringReplacements)
}
if pr.Spec.Workspaces[i].Projected.Sources[j].Secret != nil {
pr.Spec.Workspaces[i].Projected.Sources[j].Secret.Name = substitution.ApplyReplacements(source.Secret.Name, stringReplacements)
}
}
}
}
pr.Spec.Workspaces = workspace.ReplaceWorkspaceBindingsVars(pr.Spec.Workspaces, stringReplacements)
}

// PropagateResults propagate the result of the completed task to the unfinished task that is not explicitly specify in the params
Expand Down Expand Up @@ -605,32 +579,5 @@ func runResultValue(taskName string, resultName string, runResults map[string][]
// placeholders in various binding types with values from provided parameters.
func ApplyParametersToWorkspaceBindings(ctx context.Context, pr *v1.PipelineRun) {
parameters, _, _ := paramsFromPipelineRun(ctx, pr)
for i, binding := range pr.Spec.Workspaces {
if pr.Spec.Workspaces[i].PersistentVolumeClaim != nil {
pr.Spec.Workspaces[i].PersistentVolumeClaim.ClaimName = substitution.ApplyReplacements(binding.PersistentVolumeClaim.ClaimName, parameters)
}
pr.Spec.Workspaces[i].SubPath = substitution.ApplyReplacements(binding.SubPath, parameters)
if pr.Spec.Workspaces[i].ConfigMap != nil {
pr.Spec.Workspaces[i].ConfigMap.Name = substitution.ApplyReplacements(binding.ConfigMap.Name, parameters)
}
if pr.Spec.Workspaces[i].Secret != nil {
pr.Spec.Workspaces[i].Secret.SecretName = substitution.ApplyReplacements(binding.Secret.SecretName, parameters)
}
if pr.Spec.Workspaces[i].CSI != nil {
pr.Spec.Workspaces[i].CSI.Driver = substitution.ApplyReplacements(binding.CSI.Driver, parameters)
if pr.Spec.Workspaces[i].CSI.NodePublishSecretRef != nil {
pr.Spec.Workspaces[i].CSI.NodePublishSecretRef.Name = substitution.ApplyReplacements(binding.CSI.NodePublishSecretRef.Name, parameters)
}
}
if pr.Spec.Workspaces[i].Projected != nil {
for j, source := range binding.Projected.Sources {
if pr.Spec.Workspaces[i].Projected.Sources[j].ConfigMap != nil {
pr.Spec.Workspaces[i].Projected.Sources[j].ConfigMap.Name = substitution.ApplyReplacements(source.ConfigMap.Name, parameters)
}
if pr.Spec.Workspaces[i].Projected.Sources[j].Secret != nil {
pr.Spec.Workspaces[i].Projected.Sources[j].Secret.Name = substitution.ApplyReplacements(source.Secret.Name, parameters)
}
}
}
}
pr.Spec.Workspaces = workspace.ReplaceWorkspaceBindingsVars(pr.Spec.Workspaces, parameters)
}
30 changes: 2 additions & 28 deletions pkg/reconciler/taskrun/resources/apply.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"github.com/tektoncd/pipeline/pkg/internal/resultref"
"github.com/tektoncd/pipeline/pkg/pod"
"github.com/tektoncd/pipeline/pkg/substitution"
"github.com/tektoncd/pipeline/pkg/workspace"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/sets"
)
Expand Down Expand Up @@ -312,34 +313,7 @@ func ApplyWorkspaces(ctx context.Context, spec *v1.TaskSpec, declarations []v1.W
func ApplyParametersToWorkspaceBindings(ts *v1.TaskSpec, tr *v1.TaskRun) *v1.TaskRun {
tsCopy := ts.DeepCopy()
parameters, _, _ := getTaskParameters(tsCopy, tr, tsCopy.Params...)
for i, binding := range tr.Spec.Workspaces {
if tr.Spec.Workspaces[i].PersistentVolumeClaim != nil {
tr.Spec.Workspaces[i].PersistentVolumeClaim.ClaimName = substitution.ApplyReplacements(binding.PersistentVolumeClaim.ClaimName, parameters)
}
tr.Spec.Workspaces[i].SubPath = substitution.ApplyReplacements(binding.SubPath, parameters)
if tr.Spec.Workspaces[i].ConfigMap != nil {
tr.Spec.Workspaces[i].ConfigMap.Name = substitution.ApplyReplacements(binding.ConfigMap.Name, parameters)
}
if tr.Spec.Workspaces[i].Secret != nil {
tr.Spec.Workspaces[i].Secret.SecretName = substitution.ApplyReplacements(binding.Secret.SecretName, parameters)
}
if tr.Spec.Workspaces[i].CSI != nil {
tr.Spec.Workspaces[i].CSI.Driver = substitution.ApplyReplacements(binding.CSI.Driver, parameters)
if tr.Spec.Workspaces[i].CSI.NodePublishSecretRef != nil {
tr.Spec.Workspaces[i].CSI.NodePublishSecretRef.Name = substitution.ApplyReplacements(binding.CSI.NodePublishSecretRef.Name, parameters)
}
}
if binding.Projected != nil {
for j, source := range binding.Projected.Sources {
if source.ConfigMap != nil {
tr.Spec.Workspaces[i].Projected.Sources[j].ConfigMap.Name = substitution.ApplyReplacements(source.ConfigMap.Name, parameters)
}
if source.Secret != nil {
tr.Spec.Workspaces[i].Projected.Sources[j].Secret.Name = substitution.ApplyReplacements(source.Secret.Name, parameters)
}
}
}
}
tr.Spec.Workspaces = workspace.ReplaceWorkspaceBindingsVars(tr.Spec.Workspaces, parameters)
return tr
}

Expand Down
Loading

0 comments on commit 7a8abcd

Please sign in to comment.