Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Eventlistener container crashes with eventlistener created with SA having no permissions to use eventlisteners. #809

Closed
sravankumar777 opened this issue Oct 22, 2020 · 1 comment · Fixed by #810
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@sravankumar777
Copy link
Contributor

Expected Behavior

  • Eventlistener shoud log error message & not crash, when event listener is created with a serviceaccount not having permissions for eventlisteners objects.
  • Eventlistener could hang-in failure state provided with error message to check for right permissions of serviceaccount.

Actual Behavior

Event Listener container crashes, when an eventlistener created with invalid(serviceaccount) & fired a bitbucket event to check for working condition with eventlistener service url.

Steps to Reproduce the Problem

  1. Create EventListener with an invalid serviceaccount(not have permissions for serviceaccount to use eventlistener objects).
  2. Using event listener service url, fire an event from any git repository(in this case, i have used bitbucket repository).
  3. Check for eventlistener logs in that particular namespace.

Additional Info

EventListener Logs:

{"level":"fatal","logger":"eventlistener","caller":"sink/sink.go:73","msg":"Error getting EventListener tekton-cnb-el in Namespace test-namespace: eventlisteners.triggers.tekton.dev \"tekton-cnb-el\" is forbidden: User \"system:serviceaccount:test-namespace:tenant-pipeline-default\" cannot get resource \"eventlisteners\" in API group \"triggers.tekton.dev\" in the namespace \"test-namespace\"","knative.dev/controller":"eventlistener","stacktrace":"github.com/tektoncd/triggers/pkg/sink.Sink.HandleEvent\n\tgithub.com/tektoncd/triggers/pkg/sink/sink.go:73\nnet/http.HandlerFunc.ServeHTTP\n\tnet/http/server.go:2012\nnet/http.(*ServeMux).ServeHTTP\n\tnet/http/server.go:2387\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2807\nnet/http.(*conn).serve\n\tnet/http/server.go:1895"}
$ kubectl -n tekton-pipelines get deployments tekton-triggers-controller -ojsonpath='{.metadata.labels.triggers\.tekton\.dev\/release}'
v0.8.0
@sravankumar777
Copy link
Contributor Author

/kind bug

@tekton-robot tekton-robot added the kind/bug Categorizes issue or PR as related to a bug. label Oct 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants