From b0de69e79d1d25aa4ba51a4a3c637d8fd32c0a6a Mon Sep 17 00:00:00 2001 From: jagathprakash <31057312+jagathprakash@users.noreply.github.com> Date: Mon, 7 Nov 2022 10:33:43 -0500 Subject: [PATCH] [TEP-0089] Enable SPIRE for signing taskrun results in alpha. Breaking down PR #4759 originally proposed by @pxp928 to address TEP-0089 according @lumjjb suggestions. Plan for breaking down PR is PR 1.1: api PR 1.2: entrypointer (+cmd line + test/entrypointer) Entrypoint takes results and signs the results (termination message). PR 1.3: reconciler + pod + cmd/controller + integration tests Controller will verify the signed result. This commit corresponds to 1.3 above. --- pkg/reconciler/taskrun/taskrun_test.go | 4 ++-- test/embed_test.go | 2 +- test/helm_task_test.go | 2 +- test/pipelinerun_test.go | 4 ++-- test/taskrun_test.go | 3 +++ 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go index be87c1bf3b1..11686dc99c3 100644 --- a/pkg/reconciler/taskrun/taskrun_test.go +++ b/pkg/reconciler/taskrun/taskrun_test.go @@ -1420,7 +1420,7 @@ spec: d := test.Data{ ConfigMaps: cms, - TaskRuns: []*v1beta1.TaskRun{tr}, + TaskRuns: []*v1beta1.TaskRun{tr}, ServiceAccounts: []*corev1.ServiceAccount{{ ObjectMeta: metav1.ObjectMeta{Name: tr.Spec.ServiceAccountName, Namespace: "foo"}, }}, @@ -1528,7 +1528,7 @@ spec: d := test.Data{ ConfigMaps: cms, - TaskRuns: []*v1beta1.TaskRun{tr}, + TaskRuns: []*v1beta1.TaskRun{tr}, ServiceAccounts: []*corev1.ServiceAccount{{ ObjectMeta: metav1.ObjectMeta{Name: tr.Spec.ServiceAccountName, Namespace: "foo"}, }}, diff --git a/test/embed_test.go b/test/embed_test.go index 718c49ef97e..7678303ac64 100644 --- a/test/embed_test.go +++ b/test/embed_test.go @@ -89,7 +89,7 @@ func embeddedResourceTest(t *testing.T, spireEnabled bool) { // completion of the TaskRun means the TaskRun did what it was intended. if spireEnabled { - tr, err := c.TaskRunClient.Get(ctx, embedTaskRunName, metav1.GetOptions{}) + tr, err := c.V1beta1TaskRunClient.Get(ctx, embedTaskRunName, metav1.GetOptions{}) if err != nil { t.Errorf("Error retrieving taskrun: %s", err) } diff --git a/test/helm_task_test.go b/test/helm_task_test.go index 05ea298b3c9..f71edff19ed 100644 --- a/test/helm_task_test.go +++ b/test/helm_task_test.go @@ -123,7 +123,7 @@ func helmDeploytest(t *testing.T, spireEnabled bool) { } if spireEnabled { - taskrunList, err := c.TaskRunClient.List(ctx, metav1.ListOptions{LabelSelector: "tekton.dev/pipelineRun=" + helmDeployPipelineRunName}) + taskrunList, err := c.V1beta1TaskRunClient.List(ctx, metav1.ListOptions{LabelSelector: "tekton.dev/pipelineRun=" + helmDeployPipelineRunName}) if err != nil { t.Fatalf("Error listing TaskRuns for PipelineRun %s: %s", helmDeployPipelineRunName, err) } diff --git a/test/pipelinerun_test.go b/test/pipelinerun_test.go index 78070f74586..13d55707e1c 100644 --- a/test/pipelinerun_test.go +++ b/test/pipelinerun_test.go @@ -554,7 +554,7 @@ spec: } if spireEnabled { - taskrunList, err := c.TaskRunClient.List(ctx, metav1.ListOptions{LabelSelector: "tekton.dev/pipelineRun=" + prName}) + taskrunList, err := c.V1beta1TaskRunClient.List(ctx, metav1.ListOptions{LabelSelector: "tekton.dev/pipelineRun=" + prName}) if err != nil { t.Fatalf("Error listing TaskRuns for PipelineRun %s: %s", prName, err) } @@ -670,7 +670,7 @@ spec: t.Fatalf("Error waiting for PipelineRun %s to finish: %s", prName, err) } if spireEnabled { - taskrunList, err := c.TaskRunClient.List(ctx, metav1.ListOptions{LabelSelector: "tekton.dev/pipelineRun=" + prName}) + taskrunList, err := c.V1beta1TaskRunClient.List(ctx, metav1.ListOptions{LabelSelector: "tekton.dev/pipelineRun=" + prName}) if err != nil { t.Fatalf("Error listing TaskRuns for PipelineRun %s: %s", prName, err) } diff --git a/test/taskrun_test.go b/test/taskrun_test.go index aef66584656..d768c90bc0a 100644 --- a/test/taskrun_test.go +++ b/test/taskrun_test.go @@ -21,12 +21,14 @@ package test import ( "context" + "encoding/json" "fmt" "regexp" "strings" "testing" "github.com/tektoncd/pipeline/test/parse" + jsonpatch "gomodules.xyz/jsonpatch/v2" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" @@ -34,6 +36,7 @@ import ( "github.com/tektoncd/pipeline/pkg/pod" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" knativetest "knative.dev/pkg/test" "knative.dev/pkg/test/helpers" )