Add InterceptorType as a cluster scoped CRD for registering interceptors

This commit adds a new CRD type called InterceptorType. In TEP-0026 this type was called InterceptorConfig though InterceptorType sounds a bit clearer. The `spec` currently only contains a clientConfig field to locate where the interceptoris running. Other fields will be added as they are implemented in follow ups. This commit also adds a simple reconciler for this type that resolves the clientConfig to a URL and adds it to the `status.address.url` field. Part of tektoncd#868 Signed-off-by: Dibyo Mukherjee <dibyo@google.com>
dibyom · Feb 17, 2021 · 075c304 · 075c304
1 parent 9371a71
commit 075c304
Show file tree

Hide file tree

Showing 32 changed files with 2,110 additions and 7 deletions.
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -19,6 +19,8 @@ import (
 	"flag"
 	"os"
 
+	"github.com/tektoncd/triggers/pkg/reconciler/v1alpha1/interceptortype"
+
 	corev1 "k8s.io/api/core/v1"
 	"knative.dev/pkg/injection"
 	"knative.dev/pkg/injection/sharedmain"
@@ -69,5 +71,7 @@ func main() {
 		injection.WithNamespaceScope(signals.NewContext(), corev1.NamespaceAll),
 		ControllerLogKey,
 		cfg,
-		eventlistener.NewController(c))
+		eventlistener.NewController(c),
+		interceptortype.NewController(),
+	)
 }
diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml
@@ -30,10 +30,10 @@ rules:
     resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"]
+    resources: ["clustertriggerbindings", "eventlisteners", "interceptortypes", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"]
+    resources: ["clustertriggerbindings/status", "eventlisteners/status", "interceptortypes/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   # We uses leases for leaderelection
   - apiGroups: ["coordination.k8s.io"]

diff --git a/config/300-interceptor.yaml b/config/300-interceptor.yaml
@@ -0,0 +1,54 @@
+# Copyright 2021 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: interceptortypes.triggers.tekton.dev
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-triggers
+    triggers.tekton.dev/release: "devel"
+    version: "devel"
+spec:
+  group: triggers.tekton.dev
+  scope: Cluster
+  names:
+    kind: InterceptorType
+    plural: interceptortypes
+    singular: interceptortype
+    shortNames:
+      - it
+    categories:
+      - tekton
+      - tekton-triggers
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          # One can use x-kubernetes-preserve-unknown-fields: true
+          # at the root of the schema (and inside any properties, additionalProperties)
+          # to get the traditional CRD behaviour that nothing is pruned, despite
+          # setting spec.preserveUnknownProperties: false.
+          #
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          # See issue: https://github.com/knative/serving/issues/912
+          x-kubernetes-preserve-unknown-fields: true
+      # Opt into the status subresource so metadata.generation
+      # starts to increment
+      subresources:
+        status: {}
diff --git a/docs/interceptortypes.md b/docs/interceptortypes.md
@@ -0,0 +1,56 @@
+<!--
+---
+linkTitle: "InterceptorType"
+weight: 9
+---
+-->
+# InterceptorType
+
+A `InterceptorType` is cluster scoped resource that registers a new Interceptor that 
+can be invoked during the processing of a trigger to modify the behavior or payload of Triggers. The
+custom resource describes how an EventListener can connect to a workload that
+is running the interceptor business logic (and in the future what extra
+paramters the interceptor accepts).
+
+**NOTE**: This doc is a WIP. Please also see the [Interceptors section](./eventlisteners.md#interceptors) in the EventListener doc.
+
+- [Interceptors](#interceptors)
+  - [Syntax](#syntax)
+    - [clientConfig](#clientConfig)
+
+## Syntax
+
+To define a configuration file for an `Interceptor` resource, you can specify
+the following fields:
+
+- Required:
+  - [`apiVersion`][kubernetes-overview] - Specifies the API version, for example
+    `triggers.tekton.dev/v1alpha1`.
+  - [`kind`][kubernetes-overview] - Specifies the `Trigger` resource
+    object.
+  - [`metadata`][kubernetes-overview] - Specifies data to uniquely identify the
+    `Interceptor` resource object, for example a `name`.
+  - [`spec`][kubernetes-overview] - Specifies the configuration information for
+    your Interceptor resource object. The spec include:
+    - [`clientConfig`] -  Specifies how a client (e.g. an EventListener) can communicate with the Interceptor.
+
+### clientConfig
+
+The `clientConfig` field describes how a client can communicate with an
+interceptor. It can contain either the `url` field whose value is
+a resolvable URL or it can contain a reference to a Kubernetes service where the Interceptor is running.
+EventListeners will send forward requests to this service or URL.
+
+```yaml
+spec:
+  clientConfig:
+    url: "http://interceptor-svc.default.svc/"
+---
+spec:
+  clientConfig:
+    name: "my-interceptor-svc"
+    namespace: "default"
+    path: "/optional-path"
+    port: 8081 # defaults to 80
+```
+
diff --git a/examples/rbac.yaml b/examples/rbac.yaml
@@ -10,12 +10,11 @@ metadata:
 rules:
 # EventListeners need to be able to fetch all namespaced resources
 - apiGroups: ["triggers.tekton.dev"]
-  resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+  resources: ["eventlisteners",  "triggerbindings", "triggertemplates", "triggers"]
   verbs: ["get", "list", "watch"]
 - apiGroups: [""]
- # secrets are only needed for GitHub/GitLab interceptors
  # configmaps is needed for updating logging config
-  resources: ["configmaps", "secrets"]
+  resources: ["configmaps"]
   verbs: ["get", "list", "watch"]
  # Permissions to create resources in associated TriggerTemplates
 - apiGroups: ["tekton.dev"]
@@ -48,7 +47,7 @@ metadata:
 rules:
   # EventListeners need to be able to fetch any clustertriggerbindings
 - apiGroups: ["triggers.tekton.dev"]
-  resources: ["clustertriggerbindings"]
+  resources: ["clustertriggerbindings", "interceptortypes"]
   verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/pkg/apis/triggers/v1alpha1/interceptor_type_defaults.go b/pkg/apis/triggers/v1alpha1/interceptor_type_defaults.go
@@ -0,0 +1,37 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+
+	"github.com/tektoncd/triggers/pkg/system"
+)
+
+// SetDefaults sets the defaults on the object.
+func (it *InterceptorType) SetDefaults(ctx context.Context) {
+	if IsUpgradeViaDefaulting(ctx) {
+		if svc := it.Spec.ClientConfig.Service; svc != nil {
+			if svc.Namespace == "" {
+				svc.Namespace = system.GetNamespace()
+			}
+			if svc.Port == 0 {
+				svc.Port = 80 // TODO: Should we use a pointer type instead of 0?
+			}
+		}
+	}
+}
diff --git a/pkg/apis/triggers/v1alpha1/interceptor_type_defaults_test.go b/pkg/apis/triggers/v1alpha1/interceptor_type_defaults_test.go
@@ -0,0 +1,87 @@
+package v1alpha1_test
+
+import (
+	"context"
+	"github.com/google/go-cmp/cmp"
+	triggersv1 "github.com/tektoncd/triggers/pkg/apis/triggers/v1alpha1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"testing"
+)
+
+func TestInterceptorTypeSetDefaults(t *testing.T) {
+	tests := []struct {
+		name string
+		in   triggersv1.InterceptorType
+		want triggersv1.InterceptorType
+	}{{
+		name: "sets default service namespace",
+		in: triggersv1.InterceptorType{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "github",
+			},
+			Spec: triggersv1.InterceptorTypeSpec{
+				ClientConfig: triggersv1.ClientConfig{
+					Service: &triggersv1.ServiceReference{
+						Namespace: "",
+						Name:      "github-svc",
+						Port:      8080,
+					},
+				},
+			},
+		},
+		want: triggersv1.InterceptorType{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "github",
+			},
+			Spec: triggersv1.InterceptorTypeSpec{
+				ClientConfig: triggersv1.ClientConfig{
+					Service: &triggersv1.ServiceReference{
+						Namespace: "tekton-pipelines",
+						Name:      "github-svc",
+						Port:      8080,
+					},
+				},
+			},
+		},
+	}, {
+		name: "sets default service port",
+		in: triggersv1.InterceptorType{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "github",
+			},
+			Spec: triggersv1.InterceptorTypeSpec{
+				ClientConfig: triggersv1.ClientConfig{
+					Service: &triggersv1.ServiceReference{
+						Namespace: "default",
+						Name:      "github-svc",
+					},
+				},
+			},
+		},
+		want: triggersv1.InterceptorType{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "github",
+			},
+			Spec: triggersv1.InterceptorTypeSpec{
+				ClientConfig: triggersv1.ClientConfig{
+					Service: &triggersv1.ServiceReference{
+						Namespace: "default",
+						Name:      "github-svc",
+						Port:      80,
+					},
+				},
+			},
+		},
+	}}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := tc.in
+			got.SetDefaults(triggersv1.WithUpgradeViaDefaulting(context.Background()))
+			if diff := cmp.Diff(tc.want, got); diff != "" {
+				t.Fatalf("InterceptorType SetDefaults error: %s", diff)
+			}
+		})
+	}
+}
+