Add function to clear the runAsGroup and runAsUser values in the defa…

…ult cm for triggers
tektoncd · Jul 8, 2024 · 5286871 · 5286871
1 parent 2d1f579
commit 5286871
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 7 deletions.
diff --git a/cmd/openshift/operator/kodata/openshift/00-prereconcile/openshift-pipelines-scc.yaml b/cmd/openshift/operator/kodata/openshift/00-prereconcile/openshift-pipelines-scc.yaml
@@ -32,8 +32,6 @@ seLinuxContext:
   type: MustRunAs
 supplementalGroups:
   type: RunAsAny
-seccompProfiles:
-- runtime/default
 volumes:
 - configMap
 - downwardAPI

diff --git a/pkg/apis/operator/v1alpha1/tektontrigger_defaults.go b/pkg/apis/operator/v1alpha1/tektontrigger_defaults.go
@@ -20,6 +20,7 @@ import (
 	"context"
 
 	"github.com/tektoncd/triggers/pkg/apis/config"
+	"knative.dev/pkg/ptr"
 )
 
 var (
@@ -46,4 +47,11 @@ func (t *Trigger) openshiftDefaulting() {
 	if t.DefaultServiceAccount == "" {
 		t.DefaultServiceAccount = DefaultOpenshiftSA
 	}
+
+	if t.DefaultRunAsUser == nil {
+		t.DefaultRunAsUser = ptr.String("")
+	}
+	if t.DefaultRunAsGroup == nil {
+		t.DefaultRunAsGroup = ptr.String("")
+	}
 }
diff --git a/pkg/apis/operator/v1alpha1/tektontrigger_types.go b/pkg/apis/operator/v1alpha1/tektontrigger_types.go
@@ -92,5 +92,7 @@ type TriggersProperties struct {
 // OptionalTriggersProperties defines the fields which are to be
 // defined for triggers only if user pass them
 type OptionalTriggersProperties struct {
-	DefaultServiceAccount string `json:"default-service-account,omitempty"`
+	DefaultServiceAccount string  `json:"default-service-account,omitempty"`
+	DefaultRunAsUser      *string `json:"default-run-as-user,omitempty"`
+	DefaultRunAsGroup     *string `json:"default-run-as-group,omitempty"`
 }
diff --git a/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/reconciler/openshift/tektontrigger/transformers_test.go b/pkg/reconciler/openshift/tektontrigger/transformers_test.go
@@ -56,13 +56,12 @@ func TestReplaceImages(t *testing.T) {
 		}
 
 		newManifest, err := manifest.Transform(
-			replaceDeploymentArgs("-el-security-context", "false"),
 			replaceDeploymentArgs("-el-events", "enable"),
 		)
 		if err != nil {
 			t.Errorf("assertion failed; expected no error %v", err)
 		}
-		assertDeployContainerArgsValue(t, newManifest.Resources(), "-el-security-context", "false")
+		assertDeployContainerArgsValue(t, newManifest.Resources(), "-el-security-context", "true")
 		assertDeployContainerArgsValue(t, newManifest.Resources(), "-el-events", "enable")
 	})
 }