Feature: Bind Workspaces for PipelineRun

UI: Add workspaces dropdown with all possible volume sources for PipelineRun Support volume sources: configmap, secret, pvc, emptydir Backend: intercept k8s response for configmap, secret or pvc and modify response to contain only non-sensitive data RBAC: allow to list \ watch those volume sources Support Optional Workspaces
tektoncd · Sep 25, 2022 · 94a6ddc · 94a6ddc
1 parent 9ce8ac8
commit 94a6ddc
Show file tree

Hide file tree

Showing 51 changed files with 2,017 additions and 68 deletions.
diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ replace (
 )
 
 require (
+	github.com/stretchr/testify v1.8.0
 	github.com/tektoncd/plumbing v0.0.0-20220907123230-d2c8ccb63d02
 	go.uber.org/zap v1.23.0
 	k8s.io/apimachinery v0.22.0
@@ -29,6 +30,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect

diff --git a/go.sum b/go.sum
diff --git a/overlays/patches/read-write/clusterrole-backend-patch.yaml b/overlays/patches/read-write/clusterrole-backend-patch.yaml
@@ -24,6 +24,18 @@
       - get
       - list
       - watch
+- op: add
+  path: /rules/-
+  value:
+    apiGroups:
+      - ''
+    resources:
+      - secrets
+      - configmaps
+      - persistentvolumeclaims
+    verbs:
+      - list
+      - watch
 - op: add
   path: /rules/-
   value:

diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/e2e/cypress/e2e/write/create-pipeline-run-with-ws.cy.js b/packages/e2e/cypress/e2e/write/create-pipeline-run-with-ws.cy.js
@@ -0,0 +1,65 @@
+/*
+Copyright 2022 The Tekton Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+describe('Create Pipeline Run with Workspace', () => {
+  let testNamespace;
+  beforeEach(() => {
+    testNamespace = Cypress.env('TEST_NAMESPACE');
+    if (!testNamespace) {
+      testNamespace = 'tekton-test';
+    }
+  });
+  it('should create pipelinerun workspace', function () {
+    cy.visit(
+      `/#/pipelineruns/create?namespace=${testNamespace}&pipelineName=pipeline-with-ws`
+    );
+    cy.contains('Pipeline Workspace Description');
+
+    cy.contains('configmap-ws').click();
+    cy.contains('configmap-test').click();
+
+    cy.contains('secret-ws').click();
+    cy.contains('secret-test').click();
+
+    cy.contains('empDir-ws').click();
+    cy.contains('emptyDir').click();
+
+    cy.contains('optional-ws').click();
+    cy.contains('configmap-test').click();
+
+    cy.contains('button', 'Create').click();
+
+    cy.contains('pipeline-with-ws-run-').first().click();
+
+    cy.get('header[class="tkn--pipeline-run-header"]', { timeout: 10000 })
+      .find('span[class="tkn--status-label"]', { timeout: 15000 })
+      .should('have.text', 'Succeeded');
+  });
+
+  it('should create pipelinerun workspace with pvc', function () {
+    cy.visit(
+      `/#/pipelineruns/create?namespace=${testNamespace}&pipelineName=pipeline-with-ws-pvc`
+    );
+
+    cy.contains('pvc-ws').click();
+    cy.contains('pvc-test').click();
+
+    cy.contains('button', 'Create').click();
+
+    cy.contains('pipeline-with-ws-pvc-run-').first().click();
+
+    cy.get('header[class="tkn--pipeline-run-header"]', { timeout: 10000 })
+      .find('span[class="tkn--status-label"]', { timeout: 15000 })
+      .should('have.text', 'Succeeded');
+  });
+});
diff --git a/packages/e2e/cypress/e2e/write/query-secrets.cy.js b/packages/e2e/cypress/e2e/write/query-secrets.cy.js
@@ -0,0 +1,34 @@
+/*
+Copyright 2022 The Tekton Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+describe('Query Secrets', () => {
+  let testNamespace;
+  beforeEach(() => {
+    testNamespace = Cypress.env('TEST_NAMESPACE');
+    if (!testNamespace) {
+      testNamespace = 'tekton-test';
+    }
+  });
+  it('get secrets no sensitive data', function () {
+    cy.request('GET', `api/v1/namespaces/${testNamespace}/secrets`).then(
+      response => {
+        expect(response.status).to.eq(200);
+        expect(response.body.items).length.greaterThan(0);
+        Object.values(response.body.items).forEach(item => {
+          expect(item).to.have.property('metadata');
+          expect(item).to.not.have.property('data');
+        });
+      }
+    );
+  });
+});
diff --git a/pkg/endpoints/.test/k8s_configmap_incorrect_test.json b/pkg/endpoints/.test/k8s_configmap_incorrect_test.json
@@ -0,0 +1,8 @@
+{
+    "apiVersion": "v1",
+    "data": {
+        "version": "v0.39.0"
+    },
+    "kind": "ConfigMap",
+    "metadata": []
+}
diff --git a/pkg/endpoints/.test/k8s_configmap_incorrect_test_expected.txt b/pkg/endpoints/.test/k8s_configmap_incorrect_test_expected.txt
@@ -0,0 +1 @@
+json: cannot unmarshal array into Go struct field K8sItem.metadata of type endpoints.K8sObjectMeta
diff --git a/pkg/endpoints/.test/k8s_configmap_test.json b/pkg/endpoints/.test/k8s_configmap_test.json
@@ -0,0 +1,21 @@
+{
+    "apiVersion": "v1",
+    "data": {
+        "version": "v0.39.0"
+    },
+    "kind": "ConfigMap",
+    "metadata": {
+        "annotations": {
+            "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"data\":{\"version\":\"v0.39.0\"},\"kind\":\"ConfigMap\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/instance\":\"default\",\"app.kubernetes.io/part-of\":\"tekton-pipelines\"},\"name\":\"pipelines-info\",\"namespace\":\"tekton-pipelines\"}}\n"
+        },
+        "creationTimestamp": "2022-09-04T20:18:20Z",
+        "labels": {
+            "app.kubernetes.io/instance": "default",
+            "app.kubernetes.io/part-of": "tekton-pipelines"
+        },
+        "name": "pipelines-info",
+        "namespace": "tekton-pipelines",
+        "resourceVersion": "458",
+        "uid": "00554c67-fbe3-4d86-a3d4-3738ab16a300"
+    }
+}
diff --git a/pkg/endpoints/.test/k8s_configmap_test_expected.json b/pkg/endpoints/.test/k8s_configmap_test_expected.json
@@ -0,0 +1,13 @@
+{
+  "kind": "ConfigMap",
+  "apiVersion": "v1",
+  "metadata": {
+    "name": "pipelines-info",
+    "namespace": "tekton-pipelines",
+    "labels": {
+      "app.kubernetes.io/instance": "default",
+      "app.kubernetes.io/part-of": "tekton-pipelines"
+    },
+    "resourceVersion": "458"
+  }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		json: cannot unmarshal array into Go struct field K8sItem.metadata of type endpoints.K8sObjectMeta