diff --git a/config/config-feature-flags.yaml b/config/config-feature-flags.yaml index 2baa580b8f9..80e951efb4a 100644 --- a/config/config-feature-flags.yaml +++ b/config/config-feature-flags.yaml @@ -81,11 +81,6 @@ data: # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. trusted-resources-verification-no-match-policy: "ignore" - # Setting this flag to "true" enables populating the "provenance" field in TaskRun - # and PipelineRun status. This field contains metadata about resources used - # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline - # definition was fetched. - enable-provenance-in-status: "false" # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. # If set to "none", then Tekton will not have non-falsifiable provenance. diff --git a/docs/additional-configs.md b/docs/additional-configs.md index f0f3021d3e7..f606ba18071 100644 --- a/docs/additional-configs.md +++ b/docs/additional-configs.md @@ -245,10 +245,6 @@ Defaults to "ignore". - `results-from`: set this flag to "termination-message" to use the container's termination message to fetch results from. This is the default method of extracting results. Set it to "sidecar-logs" to enable use of a results sidecar logs to extract results instead of termination message. -- `enable-provenance-in-status`: set this flag to "true" to enable recording - the `provenance` field in `TaskRun` and `PipelineRun` status. The `provenance` - field contains metadata about resources used in the TaskRun/PipelineRun such as the - source from where a remote Task/Pipeline definition was fetched. For example: @@ -284,7 +280,6 @@ Features currently in "alpha" are: | [Task-level Resource Requirements](compute-resources.md#task-level-compute-resources-configuration) | [TEP-0104](https://github.com/tektoncd/community/blob/main/teps/0104-tasklevel-resource-requirements.md) | [v0.39.0](https://github.com/tektoncd/pipeline/releases/tag/v0.39.0) | | | [Object Params and Results](pipelineruns.md#specifying-parameters) | [TEP-0075](https://github.com/tektoncd/community/blob/main/teps/0075-object-param-and-result-types.md) | [v0.38.0](https://github.com/tektoncd/pipeline/releases/tag/v0.38.0) | | | | [Trusted Resources](./trusted-resources.md) | [TEP-0091](https://github.com/tektoncd/community/blob/main/teps/0091-trusted-resources.md) | N/A | `trusted-resources-verification-no-match-policy` | -| [`Provenance` field in Status](pipeline-api.md#provenance) | [issue#5550](https://github.com/tektoncd/pipeline/issues/5550) | N/A | `enable-provenance-in-status` | | [Larger Results via Sidecar Logs](#enabling-larger-results-using-sidecar-logs) | [TEP-0127](https://github.com/tektoncd/community/blob/main/teps/0127-larger-results-via-sidecar-logs.md) | [v0.43.0](https://github.com/tektoncd/pipeline/releases/tag/v0.43.0) | `results-from` | | [Configure Default Resolver](./resolution.md#configuring-built-in-resolvers) | [TEP-0133](https://github.com/tektoncd/community/blob/main/teps/0133-configure-default-resolver.md) | N/A | | diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go index 699a65516e4..778b24e2cc9 100644 --- a/pkg/apis/config/feature_flags.go +++ b/pkg/apis/config/feature_flags.go @@ -70,8 +70,6 @@ const ( DefaultEnforceNonfalsifiability = EnforceNonfalsifiabilityNone // DefaultNoMatchPolicyConfig is the default value for "trusted-resources-verification-no-match-policy". DefaultNoMatchPolicyConfig = IgnoreNoMatchPolicy - // DefaultEnableProvenanceInStatus is the default value for "enable-provenance-status". - DefaultEnableProvenanceInStatus = false // DefaultResultExtractionMethod is the default value for ResultExtractionMethod DefaultResultExtractionMethod = ResultExtractionMethodTerminationMessage // DefaultMaxResultSize is the default value in bytes for the size of a result @@ -87,7 +85,6 @@ const ( sendCloudEventsForRuns = "send-cloudevents-for-runs" enforceNonfalsifiability = "enforce-nonfalsifiability" verificationNoMatchPolicy = "trusted-resources-verification-no-match-policy" - enableProvenanceInStatus = "enable-provenance-in-status" resultExtractionMethod = "results-from" maxResultSize = "max-result-size" ) @@ -113,7 +110,6 @@ type FeatureFlags struct { // warn: skip trusted resources verification when no matching verification policies found and log a warning // fail: fail the taskrun or pipelines run if no matching verification policies found VerificationNoMatchPolicy string - EnableProvenanceInStatus bool ResultExtractionMethod string MaxResultSize int } @@ -167,9 +163,6 @@ func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) { if err := setVerificationNoMatchPolicy(cfgMap, DefaultNoMatchPolicyConfig, &tc.VerificationNoMatchPolicy); err != nil { return nil, err } - if err := setFeature(enableProvenanceInStatus, DefaultEnableProvenanceInStatus, &tc.EnableProvenanceInStatus); err != nil { - return nil, err - } if err := setResultExtractionMethod(cfgMap, DefaultResultExtractionMethod, &tc.ResultExtractionMethod); err != nil { return nil, err } diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go index b4d5ad5d31e..85f49dd8c0b 100644 --- a/pkg/apis/config/feature_flags_test.go +++ b/pkg/apis/config/feature_flags_test.go @@ -48,7 +48,6 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) { EnableAPIFields: config.DefaultEnableAPIFields, SendCloudEventsForRuns: config.DefaultSendCloudEventsForRuns, VerificationNoMatchPolicy: config.DefaultNoMatchPolicyConfig, - EnableProvenanceInStatus: config.DefaultEnableProvenanceInStatus, ResultExtractionMethod: config.DefaultResultExtractionMethod, MaxResultSize: config.DefaultMaxResultSize, }, @@ -65,7 +64,6 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) { SendCloudEventsForRuns: true, EnforceNonfalsifiability: "spire", VerificationNoMatchPolicy: config.FailNoMatchPolicy, - EnableProvenanceInStatus: true, ResultExtractionMethod: "termination-message", MaxResultSize: 4096, }, @@ -172,7 +170,6 @@ func TestNewFeatureFlagsFromEmptyConfigMap(t *testing.T) { SendCloudEventsForRuns: config.DefaultSendCloudEventsForRuns, EnforceNonfalsifiability: config.DefaultEnforceNonfalsifiability, VerificationNoMatchPolicy: config.DefaultNoMatchPolicyConfig, - EnableProvenanceInStatus: config.DefaultEnableProvenanceInStatus, ResultExtractionMethod: config.DefaultResultExtractionMethod, MaxResultSize: config.DefaultMaxResultSize, } diff --git a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml index 07f5f33a9de..af3c4377dbc 100644 --- a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml +++ b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml @@ -28,4 +28,3 @@ data: send-cloudevents-for-runs: "true" enforce-nonfalsifiability: "spire" trusted-resources-verification-no-match-policy: "fail" - enable-provenance-in-status: "true" diff --git a/pkg/apis/pipeline/v1beta1/pipelinerun_conversion_test.go b/pkg/apis/pipeline/v1beta1/pipelinerun_conversion_test.go index bf309b0a58d..8f357046769 100644 --- a/pkg/apis/pipeline/v1beta1/pipelinerun_conversion_test.go +++ b/pkg/apis/pipeline/v1beta1/pipelinerun_conversion_test.go @@ -138,6 +138,8 @@ func TestPipelineRunConversionBadType(t *testing.T) { } func TestPipelineRunConversion(t *testing.T) { + defaultFeatureFlags, _ := config.NewFeatureFlagsFromMap(map[string]string{}) + tests := []struct { name string in *v1beta1.PipelineRun @@ -305,14 +307,7 @@ func TestPipelineRunConversion(t *testing.T) { URI: "test-uri", Digest: map[string]string{"sha256": "digest"}, }, - FeatureFlags: &config.FeatureFlags{ - RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars, - EnableAPIFields: config.DefaultEnableAPIFields, - AwaitSidecarReadiness: config.DefaultAwaitSidecarReadiness, - VerificationNoMatchPolicy: config.DefaultNoMatchPolicyConfig, - ResultExtractionMethod: config.DefaultResultExtractionMethod, - MaxResultSize: config.DefaultMaxResultSize, - }, + FeatureFlags: defaultFeatureFlags, }, }, }, diff --git a/pkg/apis/pipeline/v1beta1/taskrun_conversion_test.go b/pkg/apis/pipeline/v1beta1/taskrun_conversion_test.go index e0fe1b59127..874a8970d07 100644 --- a/pkg/apis/pipeline/v1beta1/taskrun_conversion_test.go +++ b/pkg/apis/pipeline/v1beta1/taskrun_conversion_test.go @@ -51,6 +51,8 @@ func TestTaskRunConversionBadType(t *testing.T) { } func TestTaskRunConversion(t *testing.T) { + defaultFeatureFlags, _ := config.NewFeatureFlagsFromMap(map[string]string{}) + tests := []struct { name string in *v1beta1.TaskRun @@ -237,14 +239,7 @@ func TestTaskRunConversion(t *testing.T) { URI: "test-uri", Digest: map[string]string{"sha256": "digest"}, }, - FeatureFlags: &config.FeatureFlags{ - RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars, - EnableAPIFields: config.DefaultEnableAPIFields, - AwaitSidecarReadiness: config.DefaultAwaitSidecarReadiness, - VerificationNoMatchPolicy: config.DefaultNoMatchPolicyConfig, - ResultExtractionMethod: config.DefaultResultExtractionMethod, - MaxResultSize: config.DefaultMaxResultSize, - }, + FeatureFlags: defaultFeatureFlags, }}, }, }, diff --git a/pkg/reconciler/pipelinerun/pipelinerun.go b/pkg/reconciler/pipelinerun/pipelinerun.go index 39f89587e43..de58f5c45f1 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun.go +++ b/pkg/reconciler/pipelinerun/pipelinerun.go @@ -1224,19 +1224,17 @@ func storePipelineSpecAndMergeMeta(ctx context.Context, pr *v1beta1.PipelineRun, // Propagate refSource from remote resolution to PipelineRun Status // This lives outside of the status.spec check to avoid the case where only the spec is available in the first reconcile and source comes in next reconcile. cfg := config.FromContextOrDefaults(ctx) - if cfg.FeatureFlags.EnableProvenanceInStatus { - if pr.Status.Provenance == nil { - pr.Status.Provenance = &v1beta1.Provenance{} - } - // Store FeatureFlags in the Provenance. - pr.Status.Provenance.FeatureFlags = cfg.FeatureFlags + if pr.Status.Provenance == nil { + pr.Status.Provenance = &v1beta1.Provenance{} + } + // Store FeatureFlags in the Provenance. + pr.Status.Provenance.FeatureFlags = cfg.FeatureFlags - if meta != nil && meta.RefSource != nil && pr.Status.Provenance.RefSource == nil { - pr.Status.Provenance.RefSource = meta.RefSource - } - if meta != nil && meta.RefSource != nil && pr.Status.Provenance.ConfigSource == nil { - pr.Status.Provenance.ConfigSource = (*v1beta1.ConfigSource)(meta.RefSource) - } + if meta != nil && meta.RefSource != nil && pr.Status.Provenance.RefSource == nil { + pr.Status.Provenance.RefSource = meta.RefSource + } + if meta != nil && meta.RefSource != nil && pr.Status.Provenance.ConfigSource == nil { + pr.Status.Provenance.ConfigSource = (*v1beta1.ConfigSource)(meta.RefSource) } return nil diff --git a/pkg/reconciler/pipelinerun/pipelinerun_test.go b/pkg/reconciler/pipelinerun/pipelinerun_test.go index b2ac6502d8c..eb2d35accdf 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun_test.go +++ b/pkg/reconciler/pipelinerun/pipelinerun_test.go @@ -100,6 +100,11 @@ var ( now = time.Date(2022, time.January, 1, 0, 0, 0, 0, time.UTC) testClock = clock.NewFakePassiveClock(now) + + defaultFeatureFlags, _ = config.NewFeatureFlagsFromMap(map[string]string{}) + alphaFeatureFlags, _ = config.NewFeatureFlagsFromMap(map[string]string{ + "enable-api-fields": "alpha", + }) ) const ( @@ -4591,6 +4596,9 @@ status: `) expectedPr := expectedPrStatus + expectedPr.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: defaultFeatureFlags, + } if d := cmp.Diff(expectedPr, reconciledRun, ignoreResourceVersion, ignoreLastTransitionTime, ignoreCompletionTime, ignoreStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected to see pipeline run results created. Diff %s", diff.PrintWantGot(d)) @@ -4739,6 +4747,9 @@ status: `) expectedPr := expectedPrStatus + expectedPr.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: defaultFeatureFlags, + } if d := cmp.Diff(expectedPr, reconciledRun, ignoreResourceVersion, ignoreLastTransitionTime, ignoreCompletionTime, ignoreStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected to see pipeline run results created. Diff %s", diff.PrintWantGot(d)) @@ -4898,15 +4909,7 @@ metadata: Provenance: &v1beta1.Provenance{ RefSource: refSource.DeepCopy(), ConfigSource: (*v1beta1.ConfigSource)(refSource.DeepCopy()), - FeatureFlags: &config.FeatureFlags{ - RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars, - EnableAPIFields: config.DefaultEnableAPIFields, - AwaitSidecarReadiness: config.DefaultAwaitSidecarReadiness, - VerificationNoMatchPolicy: config.DefaultNoMatchPolicyConfig, - EnableProvenanceInStatus: true, - ResultExtractionMethod: config.DefaultResultExtractionMethod, - MaxResultSize: config.DefaultMaxResultSize, - }, + FeatureFlags: defaultFeatureFlags, }, }, } @@ -4957,9 +4960,8 @@ metadata: } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { - ctx := ttesting.EnableFeatureFlagField(context.Background(), t, "enable-provenance-in-status") // mock first reconcile - if err := storePipelineSpecAndMergeMeta(ctx, pr, tc.reconcile1Args.pipelineSpec, tc.reconcile1Args.resolvedObjectMeta); err != nil { + if err := storePipelineSpecAndMergeMeta(context.Background(), pr, tc.reconcile1Args.pipelineSpec, tc.reconcile1Args.resolvedObjectMeta); err != nil { t.Errorf("storePipelineSpec() error = %v", err) } if d := cmp.Diff(pr, tc.wantPipelineRun); d != "" { @@ -4967,7 +4969,7 @@ metadata: } // mock second reconcile - if err := storePipelineSpecAndMergeMeta(ctx, pr, tc.reconcile2Args.pipelineSpec, tc.reconcile2Args.resolvedObjectMeta); err != nil { + if err := storePipelineSpecAndMergeMeta(context.Background(), pr, tc.reconcile2Args.pipelineSpec, tc.reconcile2Args.resolvedObjectMeta); err != nil { t.Errorf("storePipelineSpec() error = %v", err) } if d := cmp.Diff(pr, tc.wantPipelineRun); d != "" { @@ -8085,6 +8087,9 @@ spec: if err != nil { t.Fatalf("Got an error getting reconciled run out of fake client: %s", err) } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } @@ -8332,6 +8337,10 @@ labels: t.Errorf("expected to see TaskRun %v created. Diff %s", expectedTaskRuns[i].Name, diff.PrintWantGot(d)) } } + + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("found PipelineRun does not match expected PipelineRun. Diff %s", diff.PrintWantGot(d)) } @@ -8870,6 +8879,9 @@ spec: if err != nil { t.Fatalf("Got an error getting reconciled run out of fake client: %s", err) } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } @@ -9092,6 +9104,9 @@ spec: if err != nil { t.Fatalf("Got an error getting reconciled run out of fake client: %s", err) } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } @@ -9685,6 +9700,9 @@ spec: if err != nil { t.Fatalf("Got an error getting reconciled run out of fake client: %s", err) } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } @@ -10033,6 +10051,9 @@ spec: } } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } @@ -10477,6 +10498,9 @@ status: if err != nil { t.Fatalf("Got an error getting reconciled run out of fake client: %s", err) } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, cmpopts.SortSlices(lessChildReferences), cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } @@ -10997,6 +11021,9 @@ spec: if err != nil { t.Fatalf("Got an error getting reconciled run out of fake client: %s", err) } + tt.expectedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: alphaFeatureFlags, + } if d := cmp.Diff(tt.expectedPipelineRun, pipelineRun, ignoreResourceVersion, ignoreTypeMeta, ignoreLastTransitionTime, ignoreStartTime, ignoreFinallyStartTime, cmpopts.EquateEmpty()); d != "" { t.Errorf("expected PipelineRun was not created. Diff %s", diff.PrintWantGot(d)) } diff --git a/pkg/reconciler/taskrun/taskrun.go b/pkg/reconciler/taskrun/taskrun.go index bbcf5436553..00afe656dee 100644 --- a/pkg/reconciler/taskrun/taskrun.go +++ b/pkg/reconciler/taskrun/taskrun.go @@ -881,20 +881,18 @@ func storeTaskSpecAndMergeMeta(ctx context.Context, tr *v1beta1.TaskRun, ts *v1b } cfg := config.FromContextOrDefaults(ctx) - if cfg.FeatureFlags.EnableProvenanceInStatus { - if tr.Status.Provenance == nil { - tr.Status.Provenance = &v1beta1.Provenance{} - } - // Store FeatureFlags in the Provenance. - tr.Status.Provenance.FeatureFlags = cfg.FeatureFlags - // Propagate RefSource from remote resolution to TaskRun Status - // This lives outside of the status.spec check to avoid the case where only the spec is available in the first reconcile and refSource comes in next reconcile. - if meta != nil && meta.RefSource != nil && tr.Status.Provenance.RefSource == nil { - tr.Status.Provenance.RefSource = meta.RefSource - } - if meta != nil && meta.RefSource != nil && tr.Status.Provenance.ConfigSource == nil { - tr.Status.Provenance.ConfigSource = (*v1beta1.ConfigSource)(meta.RefSource) - } + if tr.Status.Provenance == nil { + tr.Status.Provenance = &v1beta1.Provenance{} + } + // Store FeatureFlags in the Provenance. + tr.Status.Provenance.FeatureFlags = cfg.FeatureFlags + // Propagate RefSource from remote resolution to TaskRun Status + // This lives outside of the status.spec check to avoid the case where only the spec is available in the first reconcile and refSource comes in next reconcile. + if meta != nil && meta.RefSource != nil && tr.Status.Provenance.RefSource == nil { + tr.Status.Provenance.RefSource = meta.RefSource + } + if meta != nil && meta.RefSource != nil && tr.Status.Provenance.ConfigSource == nil { + tr.Status.Provenance.ConfigSource = (*v1beta1.ConfigSource)(meta.RefSource) } return nil diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go index 65bb2e93bd7..29ba4081c80 100644 --- a/pkg/reconciler/taskrun/taskrun_test.go +++ b/pkg/reconciler/taskrun/taskrun_test.go @@ -82,7 +82,9 @@ const ( var ( defaultActiveDeadlineSeconds = int64(config.DefaultTimeoutMinutes * 60 * 1.5) - images = pipeline.Images{ + defaultFeatureFlags, _ = config.NewFeatureFlagsFromMap(map[string]string{}) + + images = pipeline.Images{ EntrypointImage: "override-with-entrypoint:latest", NopImage: "override-with-nop:latest", ShellImage: "busybox", @@ -1697,6 +1699,22 @@ status: type: Succeeded `) ) + featureFlags, _ := config.NewFeatureFlagsFromMap(map[string]string{ + "enable-api-fields": "alpha", + }) + + failedOnReconcileFailureTaskRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: featureFlags, + } + failedOnReconcileFailureTaskRun.Status.RetriesStatus[0].Provenance = &v1beta1.Provenance{ + FeatureFlags: featureFlags, + } + + defaultFeatureFlags, _ := config.NewFeatureFlagsFromMap(map[string]string{}) + + retriedTaskRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: defaultFeatureFlags, + } for _, tc := range []struct { name string @@ -3768,15 +3786,7 @@ spec: Provenance: &v1beta1.Provenance{ RefSource: refSource.DeepCopy(), ConfigSource: (*v1beta1.ConfigSource)(refSource.DeepCopy()), - FeatureFlags: &config.FeatureFlags{ - RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars, - EnableAPIFields: config.DefaultEnableAPIFields, - AwaitSidecarReadiness: config.DefaultAwaitSidecarReadiness, - VerificationNoMatchPolicy: config.DefaultNoMatchPolicyConfig, - EnableProvenanceInStatus: true, - ResultExtractionMethod: config.DefaultResultExtractionMethod, - MaxResultSize: config.DefaultMaxResultSize, - }, + FeatureFlags: defaultFeatureFlags, }, }, } @@ -3828,9 +3838,8 @@ spec: for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { - ctx := ttesting.EnableFeatureFlagField(context.Background(), t, "enable-provenance-in-status") // mock first reconcile - if err := storeTaskSpecAndMergeMeta(ctx, tr, tc.reconcile1Args.taskSpec, tc.reconcile1Args.resolvedObjectMeta); err != nil { + if err := storeTaskSpecAndMergeMeta(context.Background(), tr, tc.reconcile1Args.taskSpec, tc.reconcile1Args.resolvedObjectMeta); err != nil { t.Errorf("storePipelineSpec() error = %v", err) } if d := cmp.Diff(tr, tc.wantTaskRun); d != "" { @@ -3838,7 +3847,7 @@ spec: } // mock second reconcile - if err := storeTaskSpecAndMergeMeta(ctx, tr, tc.reconcile2Args.taskSpec, tc.reconcile2Args.resolvedObjectMeta); err != nil { + if err := storeTaskSpecAndMergeMeta(context.Background(), tr, tc.reconcile2Args.taskSpec, tc.reconcile2Args.resolvedObjectMeta); err != nil { t.Errorf("storePipelineSpec() error = %v", err) } if d := cmp.Diff(tr, tc.wantTaskRun); d != "" { diff --git a/test/conversion_test.go b/test/conversion_test.go index f2ffc5f6f98..3be5f1703fa 100644 --- a/test/conversion_test.go +++ b/test/conversion_test.go @@ -23,6 +23,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + "github.com/tektoncd/pipeline/pkg/apis/config" v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1" "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" "github.com/tektoncd/pipeline/test/parse" @@ -33,6 +34,10 @@ import ( ) var ( + betaFeatureFlags, _ = config.NewFeatureFlagsFromMap(map[string]string{ + "enable-api-fields": "beta", + }) + ReleaseAnnotation = "pipeline.tekton.dev/release" // release Annotation is ignored when populated by TaskRuns @@ -81,7 +86,7 @@ spec: - name: messages mountPath: /messages imagePullPolicy: IfNotPresent - securityContext: + securityContext: runAsNonRoot: true timeout: 60s secret: @@ -109,7 +114,7 @@ spec: - name: messages mountPath: /messages imagePullPolicy: IfNotPresent - securityContext: + securityContext: runAsNonRoot: true sidecars: - name: server @@ -179,7 +184,7 @@ spec: - name: messages mountPath: /messages imagePullPolicy: IfNotPresent - securityContext: + securityContext: runAsNonRoot: true timeout: 60s secret: @@ -200,7 +205,7 @@ spec: - name: messages mountPath: /messages imagePullPolicy: IfNotPresent - securityContext: + securityContext: runAsNonRoot: true sidecars: - name: server @@ -405,7 +410,7 @@ spec: - name: output workspaces: - emptyDir: {} - name: output + name: output status: conditions: - reason: Succeeded @@ -447,7 +452,7 @@ spec: allowPrivilegeEscalation: false workspaces: - emptyDir: {} - name: output + name: output taskSpec: steps: - computeResources: {} @@ -477,7 +482,7 @@ spec: allowPrivilegeEscalation: false workspaces: - emptyDir: {} - name: output + name: output taskSpec: steps: - computeResources: {} @@ -726,6 +731,7 @@ func TestTaskCRDConversion(t *testing.T) { // executed by the webhook for roundtrip. And then it creates the v1 TaskRun CRD using // v1Clients and requests it by v1beta1Clients to compare with v1beta1. func TestTaskRunCRDConversion(t *testing.T) { + // featureFlags, _ := config.NewFeatureFlagsFromConfigMap() ctx := context.Background() ctx, cancel := context.WithCancel(ctx) defer cancel() @@ -741,6 +747,12 @@ func TestTaskRunCRDConversion(t *testing.T) { v1TaskRunExpected := parse.MustParseV1TaskRun(t, fmt.Sprintf(v1TaskRunExpectedYaml, v1beta1TaskRunName, namespace, v1beta1TaskRunName)) v1beta1TaskRunRoundTripExpected := parse.MustParseV1beta1TaskRun(t, fmt.Sprintf(v1beta1TaskRunExpectedYaml, v1beta1TaskRunName, namespace, v1beta1TaskRunName)) + v1TaskRunExpected.Status.Provenance = &v1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + v1beta1TaskRunRoundTripExpected.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: betaFeatureFlags, + } if _, err := c.V1beta1TaskRunClient.Create(ctx, v1beta1TaskRun, metav1.CreateOptions{}); err != nil { t.Fatalf("Failed to create v1beta1 TaskRun: %s", err) } @@ -769,6 +781,13 @@ func TestTaskRunCRDConversion(t *testing.T) { v1beta1TaskRunExpected := parse.MustParseV1beta1TaskRun(t, fmt.Sprintf(v1beta1TaskRunExpectedYaml, v1TaskRunName, namespace, v1TaskRunName)) v1TaskRunRoundTripExpected := parse.MustParseV1TaskRun(t, fmt.Sprintf(v1TaskRunExpectedYaml, v1TaskRunName, namespace, v1TaskRunName)) + v1beta1TaskRunExpected.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + v1TaskRunRoundTripExpected.Status.Provenance = &v1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + if _, err := c.V1TaskRunClient.Create(ctx, v1TaskRun, metav1.CreateOptions{}); err != nil { t.Fatalf("Failed to create v1 TaskRun: %s", err) } @@ -875,6 +894,13 @@ func TestPipelineRunCRDConversion(t *testing.T) { v1PipelineRunExpected := parse.MustParseV1PipelineRun(t, fmt.Sprintf(v1PipelineRunExpectedYaml, v1beta1ToV1PipelineRunName, namespace, v1beta1ToV1PipelineRunName)) v1beta1PRRoundTripExpected := parse.MustParseV1beta1PipelineRun(t, fmt.Sprintf(v1beta1PipelineRunExpectedYaml, v1beta1ToV1PipelineRunName, namespace, v1beta1ToV1PipelineRunName)) + v1PipelineRunExpected.Status.Provenance = &v1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + v1beta1PRRoundTripExpected.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + if _, err := c.V1beta1PipelineRunClient.Create(ctx, v1beta1PipelineRun, metav1.CreateOptions{}); err != nil { t.Fatalf("Failed to create v1beta1 PipelineRun: %s", err) } @@ -903,6 +929,13 @@ func TestPipelineRunCRDConversion(t *testing.T) { v1beta1PipelineRunExpected := parse.MustParseV1beta1PipelineRun(t, fmt.Sprintf(v1beta1PipelineRunExpectedYaml, v1ToV1beta1PRName, namespace, v1ToV1beta1PRName)) v1PRRoundTripExpected := parse.MustParseV1PipelineRun(t, fmt.Sprintf(v1PipelineRunExpectedYaml, v1ToV1beta1PRName, namespace, v1ToV1beta1PRName)) + v1beta1PipelineRunExpected.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + v1PRRoundTripExpected.Status.Provenance = &v1.Provenance{ + FeatureFlags: betaFeatureFlags, + } + if _, err := c.V1PipelineRunClient.Create(ctx, v1PipelineRun, metav1.CreateOptions{}); err != nil { t.Fatalf("Failed to create v1 PipelineRun: %s", err) } diff --git a/test/custom_task_test.go b/test/custom_task_test.go index 44aba46a3d5..65a03147425 100644 --- a/test/custom_task_test.go +++ b/test/custom_task_test.go @@ -30,6 +30,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/pipeline" "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" "github.com/tektoncd/pipeline/test/diff" @@ -397,6 +398,9 @@ func cleanUpV1Beta1Controller(t *testing.T) { } func TestWaitCustomTask_V1Beta1_PipelineRun(t *testing.T) { + featureFlags, _ := config.NewFeatureFlagsFromMap(map[string]string{ + "enable-api-fields": "beta", + }) ctx := context.Background() ctx, cancel := context.WithCancel(ctx) defer cancel() @@ -635,6 +639,9 @@ func TestWaitCustomTask_V1Beta1_PipelineRun(t *testing.T) { }, }, }, + Provenance: &v1beta1.Provenance{ + FeatureFlags: featureFlags, + }, }, }, } diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh index 66d39911000..6e99b50d16c 100755 --- a/test/e2e-tests.sh +++ b/test/e2e-tests.sh @@ -57,7 +57,7 @@ function set_feature_gate() { kubectl patch configmap feature-flags -n tekton-pipelines -p "$jsonpatch" if [ "$gate" == "alpha" ]; then printf "enabling resolvers\n" - jsonpatch=$(printf "{\"data\": {\"enable-git-resolver\": \"true\", \"enable-hub-resolver\": \"true\", \"enable-bundles-resolver\": \"true\", \"enable-cluster-resolver\": \"true\", \"enable-provenance-in-status\": \"true\"}}") + jsonpatch=$(printf "{\"data\": {\"enable-git-resolver\": \"true\", \"enable-hub-resolver\": \"true\", \"enable-bundles-resolver\": \"true\", \"enable-cluster-resolver\": \"true\"}}") echo "resolvers-feature-flags ConfigMap patch: ${jsonpatch}" kubectl patch configmap resolvers-feature-flags -n tekton-pipelines-resolvers -p "$jsonpatch" fi diff --git a/test/larger_results_sidecar_logs_test.go b/test/larger_results_sidecar_logs_test.go index ef31475eaa4..78908dd70da 100644 --- a/test/larger_results_sidecar_logs_test.go +++ b/test/larger_results_sidecar_logs_test.go @@ -42,6 +42,10 @@ var ( requireSidecarLogResultsGate = map[string]string{ "results-from": "sidecar-logs", } + featureFlagsForSidecarLogs, _ = config.NewFeatureFlagsFromMap(map[string]string{ + "enable-api-fields": "beta", + "results-from": "sidecar-logs", + }) ) func TestLargerResultsSidecarLogs(t *testing.T) { @@ -73,6 +77,11 @@ func TestLargerResultsSidecarLogs(t *testing.T) { t.Logf("Setting up test resources for %q test in namespace %s", td.name, namespace) pipelineRun, expectedResolvedPipelineRun, expectedTaskRuns := td.pipelineRunFunc(t, namespace) + + expectedResolvedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: featureFlagsForSidecarLogs, + } + prName := pipelineRun.Name _, err := c.V1beta1PipelineRunClient.Create(ctx, pipelineRun, metav1.CreateOptions{}) if err != nil { @@ -98,6 +107,9 @@ func TestLargerResultsSidecarLogs(t *testing.T) { t.Fatalf(`The resolved spec does not match the expected spec. Here is the diff: %v`, d) } for _, tr := range expectedTaskRuns { + tr.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: featureFlagsForSidecarLogs, + } t.Logf("Checking Taskrun %s", tr.Name) taskrun, _ := c.V1beta1TaskRunClient.Get(ctx, tr.Name, metav1.GetOptions{}) d = cmp.Diff(tr, taskrun, @@ -162,7 +174,7 @@ spec: echo -n "$(params.param1)">> $(results.large-result.path); echo -n "$(params.param2)">> $(results.large-result.path); results: - - name: large-result + - name: large-result value: $(tasks.task2.results.large-result) `, namespace, strings.Repeat("a", 2000), strings.Repeat("b", 2000))) expectedPipelineRun := parse.MustParseV1beta1PipelineRun(t, fmt.Sprintf(` @@ -211,7 +223,7 @@ spec: echo -n "$(params.param1)">> $(results.large-result.path); echo -n "$(params.param2)">> $(results.large-result.path); results: - - name: large-result + - name: large-result value: $(tasks.task2.results.large-result) status: pipelineSpec: @@ -253,7 +265,7 @@ status: echo -n "$(params.param1)">> $(results.large-result.path); echo -n "$(params.param2)">> $(results.large-result.path); results: - - name: large-result + - name: large-result value: $(tasks.task2.results.large-result) pipelineResults: - name: large-result @@ -305,7 +317,7 @@ status: value: %s sidecars: - name: tekton-log-results - container: sidecar-tekton-log-results + container: sidecar-tekton-log-results `, namespace, strings.Repeat("a", 2000), strings.Repeat("b", 2000), strings.Repeat("a", 2000), strings.Repeat("b", 2000), strings.Repeat("a", 2000), strings.Repeat("b", 2000))) taskRun2 := parse.MustParseV1beta1TaskRun(t, fmt.Sprintf(` metadata: @@ -317,9 +329,9 @@ spec: params: - name: param1 type: string - value: %s + value: %s - name: param2 - type: string + type: string value: %s taskSpec: params: @@ -367,7 +379,7 @@ status: value: %s%s sidecars: - name: tekton-log-results - container: sidecar-tekton-log-results + container: sidecar-tekton-log-results `, namespace, strings.Repeat("a", 2000), strings.Repeat("b", 2000), strings.Repeat("a", 2000), strings.Repeat("b", 2000), strings.Repeat("a", 2000), strings.Repeat("b", 2000))) return pipelineRun, expectedPipelineRun, []*v1beta1.TaskRun{taskRun1, taskRun2} } diff --git a/test/propagated_params_test.go b/test/propagated_params_test.go index e1d9a7e4ff6..55f78f2547b 100644 --- a/test/propagated_params_test.go +++ b/test/propagated_params_test.go @@ -91,6 +91,11 @@ func TestPropagatedParams(t *testing.T) { t.Logf("Setting up test resources for %q test in namespace %s", td.name, namespace) pipelineRun, expectedResolvedPipelineRun, expectedTaskRuns := td.pipelineRunFunc(t, namespace) + + expectedResolvedPipelineRun.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: featureFlagsForSidecarLogs, + } + prName := pipelineRun.Name _, err := c.V1beta1PipelineRunClient.Create(ctx, pipelineRun, metav1.CreateOptions{}) if err != nil { @@ -118,6 +123,9 @@ func TestPropagatedParams(t *testing.T) { } for _, tr := range expectedTaskRuns { t.Logf("Checking Taskrun %s", tr.Name) + tr.Status.Provenance = &v1beta1.Provenance{ + FeatureFlags: featureFlagsForSidecarLogs, + } taskrun, _ := c.V1beta1TaskRunClient.Get(ctx, tr.Name, metav1.GetOptions{}) d = cmp.Diff(tr, taskrun, ignoreTypeMeta, diff --git a/test/status_test.go b/test/status_test.go index 72b790d456e..d37c6b31291 100644 --- a/test/status_test.go +++ b/test/status_test.go @@ -33,16 +33,12 @@ import ( "github.com/tektoncd/pipeline/test/diff" "github.com/tektoncd/pipeline/test/parse" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "knative.dev/pkg/system" knativetest "knative.dev/pkg/test" "knative.dev/pkg/test/helpers" "sigs.k8s.io/yaml" ) var ( - provenanceFeatureFlags = requireAllGates(map[string]string{ - "enable-provenance-in-status": "true", - }) ignoreFeatureFlags = cmpopts.IgnoreFields(v1beta1.Provenance{}, "FeatureFlags") ) @@ -126,9 +122,9 @@ spec: // about the remote task i.e. refSource info . func TestProvenanceFieldInPipelineRunTaskRunStatus(t *testing.T) { ctx := context.Background() - c, namespace := setupProvenance(ctx, t, clusterFeatureFlags, provenanceFeatureFlags) - knativetest.CleanupOnInterrupt(func() { unsetProvenanceFlags(ctx, t, c) }, t.Logf) - defer unsetProvenanceFlags(ctx, t, c) + ctx, cancel := context.WithCancel(ctx) + defer cancel() + c, namespace := setup(ctx, t) knativetest.CleanupOnInterrupt(func() { tearDown(ctx, t, c, namespace) }, t.Logf) defer tearDown(ctx, t, c, namespace) @@ -152,9 +148,6 @@ func TestProvenanceFieldInPipelineRunTaskRunStatus(t *testing.T) { URI: fmt.Sprintf("/apis/%s/namespaces/%s/%s/%s@%s", v1beta1.SchemeGroupVersion.String(), namespace, "task", exampleTask.Name, exampleTask.UID), Digest: map[string]string{"sha256": sha256CheckSum(taskSpec)}, }, - FeatureFlags: &config.FeatureFlags{ - EnableProvenanceInStatus: true, - }, } // example pipeline @@ -304,27 +297,3 @@ func sha256CheckSum(input []byte) string { h.Write(input) return hex.EncodeToString(h.Sum(nil)) } - -func setupProvenance(ctx context.Context, t *testing.T, fn ...func(context.Context, *testing.T, *clients, string)) (*clients, string) { - t.Helper() - c, ns := setup(ctx, t) - configMapData := map[string]string{ - "enable-provenance-in-status": "true", - } - - if err := updateConfigMap(ctx, c.KubeClient, system.Namespace(), config.GetFeatureFlagsConfigName(), configMapData); err != nil { - t.Fatal(err) - } - return c, ns -} - -func unsetProvenanceFlags(ctx context.Context, t *testing.T, c *clients) { - t.Helper() - configMapData := map[string]string{ - "enable-provenance-in-status": "false", - } - - if err := updateConfigMap(ctx, c.KubeClient, system.Namespace(), config.GetFeatureFlagsConfigName(), configMapData); err != nil { - t.Fatal(err) - } -}