pkg/tekton: add support for parsing secrets and configmaps…

… and fixing a small issue with commented yamls.

Signed-off-by: Vincent Demeester <[email protected]>

Author: vdemeester

pkg/tekton/load.go

@@ -1,11 +1,13 @@
 package tekton
 
 import (
+	"regexp"
 	"strings"
 
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
+	corev1 "k8s.io/api/core/v1"
 	k8scheme "k8s.io/client-go/kubernetes/scheme"
 )
 
@@ -14,19 +16,29 @@ type objects struct {
 	taskruns     []*v1beta1.TaskRun
 	pipelines    []*v1beta1.Pipeline
 	pipelineruns []*v1beta1.PipelineRun
+	secrets      []*corev1.Secret
+	configs      []*corev1.ConfigMap
 }
 
 type TaskRun struct {
-	main  *v1beta1.TaskRun
-	tasks map[string]*v1beta1.Task
+	main    *v1beta1.TaskRun
+	tasks   map[string]*v1beta1.Task
+	secrets []*corev1.Secret
+	configs []*corev1.ConfigMap
 }
 
 type PipelineRun struct {
 	main      *v1beta1.PipelineRun
 	tasks     map[string]*v1beta1.Task
 	pipelines map[string]*v1beta1.Pipeline
+	secrets   []*corev1.Secret
+	configs   []*corev1.ConfigMap
 }
 
+var (
+	reg = regexp.MustCompile(`(?m)^\s*#([^#].*?)$`)
+)
+
 func readResources(main string, additionals []string) (interface{}, error) {
 	s := k8scheme.Scheme
 	if err := v1beta1.AddToScheme(s); err != nil {
@@ -38,9 +50,22 @@ func readResources(main string, additionals []string) (interface{}, error) {
 	}
 	switch {
 	case len(objs.taskruns) == 1 && len(objs.pipelineruns) == 0:
-		return populateTaskRun(objs.taskruns[0], additionals)
+		r := TaskRun{
+			main:    objs.taskruns[0],
+			secrets: objs.secrets,
+			configs: objs.configs,
+			tasks:   map[string]*v1beta1.Task{},
+		}
+		return populateTaskRun(r, additionals)
 	case len(objs.taskruns) == 0 && len(objs.pipelineruns) == 1:
-		return populatePipelineRun(objs.pipelineruns[0], additionals)
+		r := PipelineRun{
+			main:      objs.pipelineruns[0],
+			secrets:   objs.secrets,
+			configs:   objs.configs,
+			tasks:     map[string]*v1beta1.Task{},
+			pipelines: map[string]*v1beta1.Pipeline{},
+		}
+		return populatePipelineRun(r, additionals)
 	case len(objs.taskruns) == 0 && len(objs.pipelineruns) == 0:
 		return nil, errors.New("No taskrun or pipelinern to run")
 	case len(objs.taskruns) == 1 && len(objs.pipelineruns) == 1:
@@ -52,13 +77,9 @@ func readResources(main string, additionals []string) (interface{}, error) {
 	}
 }
 
-func populateTaskRun(tr *v1beta1.TaskRun, additionals []string) (TaskRun, error) {
-	r := TaskRun{
-		main:  tr,
-		tasks: map[string]*v1beta1.Task{},
-	}
+func populateTaskRun(r TaskRun, additionals []string) (TaskRun, error) {
 	for _, data := range additionals {
-		for _, doc := range strings.Split(strings.Trim(data, "-"), "---") {
+		for _, doc := range strings.Split(strings.Trim(reg.ReplaceAllString(data, ""), "-"), "---") {
 			obj, err := parseTektonYAML(doc)
 			if err != nil {
 				return r, errors.Wrapf(err, "failed to unmarshal %v", doc)
@@ -74,14 +95,9 @@ func populateTaskRun(tr *v1beta1.TaskRun, additionals []string) (TaskRun, error)
 	return r, nil
 }
 
-func populatePipelineRun(pr *v1beta1.PipelineRun, additionals []string) (PipelineRun, error) {
-	r := PipelineRun{
-		main:      pr,
-		tasks:     map[string]*v1beta1.Task{},
-		pipelines: map[string]*v1beta1.Pipeline{},
-	}
+func populatePipelineRun(r PipelineRun, additionals []string) (PipelineRun, error) {
 	for _, data := range additionals {
-		for _, doc := range strings.Split(strings.Trim(data, "-"), "---") {
+		for _, doc := range strings.Split(strings.Trim(reg.ReplaceAllString(data, ""), "-"), "---") {
 			obj, err := parseTektonYAML(doc)
 			if err != nil {
 				return r, errors.Wrapf(err, "failed to unmarshal %v", doc)
@@ -105,8 +121,11 @@ func parseTektonYAMLs(s string) (*objects, error) {
 		taskruns:     []*v1beta1.TaskRun{},
 		pipelines:    []*v1beta1.Pipeline{},
 		pipelineruns: []*v1beta1.PipelineRun{},
+		secrets:      []*corev1.Secret{},
+		configs:      []*corev1.ConfigMap{},
 	}
-	for _, doc := range strings.Split(strings.Trim(s, "-"), "---") {
+
+	for _, doc := range strings.Split(strings.Trim(reg.ReplaceAllString(s, ""), "-"), "---") {
 		obj, err := parseTektonYAML(doc)
 		if err != nil {
 			return r, errors.Wrapf(err, "failed to unmarshal %v", doc)
@@ -120,6 +139,10 @@ func parseTektonYAMLs(s string) (*objects, error) {
 			r.pipelines = append(r.pipelines, o)
 		case *v1beta1.PipelineRun:
 			r.pipelineruns = append(r.pipelineruns, o)
+		case *corev1.Secret:
+			r.secrets = append(r.secrets, o)
+		case *corev1.ConfigMap:
+			r.configs = append(r.configs, o)
 		}
 	}
 	return r, nil

pkg/tekton/load_test.go

@@ -19,7 +19,15 @@ func TestReadResources(t *testing.T) {
 	tt := []struct {
 		main        string
 		additionals []string
-	}{}
+	}{{
+		main:        "another-pipelinerun.yaml",
+		additionals: []string{"git-clone.yaml"},
+	}, {
+		main:        "pipelinerun-with-parallel-tasks-using-pvc.yaml",
+		additionals: []string{"serviceaccount.yaml"},
+	}, {
+		main: "workspaces.yaml",
+	}}
 	for _, tc := range tt {
 		tc := tc
 		name := fmt.Sprintf("%s-%s", tc.main, strings.Join(tc.additionals, "_"))
@@ -29,11 +37,22 @@ func TestReadResources(t *testing.T) {
 
 func testReadResources(main string, additionals []string) func(*testing.T) {
 	return func(t *testing.T) {
-		_, err := ioutil.ReadFile(fmt.Sprintf("testdata/%s", main))
+		m, err := ioutil.ReadFile(fmt.Sprintf("testdata/%s", main))
 		if err != nil {
 			t.Fatalf("ReadFile() = %v", err)
 		}
-
+		a := []string{}
+		for _, ad := range additionals {
+			d, err := ioutil.ReadFile(fmt.Sprintf("testdata/%s", ad))
+			if err != nil {
+				t.Fatalf("ReadFile() = %v", err)
+			}
+			a = append(a, string(d))
+		}
+		_, err = readResources(string(m), a)
+		if err != nil {
+			t.Fatalf("readResources() = %v", err)
+		}
 	}
 }
 

pkg/tekton/testdata/pipelinerun-with-parallel-tasks-using-pvc.yaml

@@ -0,0 +1,205 @@
+# This example shows how both sequential and parallel Tasks can share data
+# using a PersistentVolumeClaim as a workspace. The TaskRun pods that share
+# workspace will be scheduled to the same Node in your cluster with an
+# Affinity Assistant (unless it is disabled). The REPORTER task does not
+# use a workspace so it does not get affinity to the Affinity Assistant
+# and can be scheduled to any Node. If multiple concurrent PipelineRuns are
+# executed, their Affinity Assistant pods will repel eachother to different
+# Nodes in a Best Effort fashion.
+#
+# A PipelineRun will pass a message parameter to the Pipeline in this example.
+# The STARTER task will write the message to a file in the workspace. The UPPER
+# and LOWER tasks will execute in parallel and process the message written by
+# the STARTER, and transform it to upper case and lower case. The REPORTER task
+# is will use the Task Result from the UPPER task and print it - it is intended
+# to mimic a Task that sends data to an external service and shows a Task that
+# doesn't use a workspace. The VALIDATOR task will validate the result from
+# UPPER and LOWER.
+#
+# Use the runAfter property in a Pipeline to configure that a task depend on
+# another task. Output can be shared both via Task Result (e.g. like REPORTER task)
+# or via files in a workspace.
+#
+#             -- (upper) -- (reporter)
+#           /                         \
+#  (starter)                           (validator)
+#           \                         /
+#             -- (lower) ------------
+
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: parallel-pipeline
+spec:
+  params:
+    - name: message
+      type: string
+
+  workspaces:
+    - name: ws
+
+  tasks:
+    - name: starter          # Tasks that does not declare a runAfter property
+      taskRef:               # will start execution immediately
+        name: persist-param
+      params:
+        - name: message
+          value: $(params.message)
+      workspaces:
+        - name: task-ws
+          workspace: ws
+          subPath: init
+
+    - name: upper
+      runAfter:               # Note the use of runAfter here to declare that this task
+        - starter             # depends on a previous task
+      taskRef:
+        name: to-upper
+      params:
+        - name: input-path
+          value: init/message
+      workspaces:
+        - name: w
+          workspace: ws
+
+    - name: lower
+      runAfter:
+        - starter
+      taskRef:
+        name: to-lower
+      params:
+        - name: input-path
+          value: init/message
+      workspaces:
+        - name: w
+          workspace: ws
+
+    - name: reporter          # This task does not use workspace and may be scheduled to
+      runAfter:               # any Node in the cluster.
+        - upper
+      taskRef:
+        name: result-reporter
+      params:
+        - name: result-to-report
+          value: $(tasks.upper.results.message)  # A result from a previous task is used as param
+
+    - name: validator         # This task validate the output from upper and lower Task
+      runAfter:               # It does not strictly depend on the reporter Task
+        - reporter            # But you may want to skip this task if the reporter Task fail
+        - lower
+      taskRef:
+        name: validator
+      workspaces:
+        - name: files
+          workspace: ws
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: persist-param
+spec:
+  params:
+    - name: message
+      type: string
+  results:
+    - name: message
+      description: A result message
+  steps:
+    - name: write
+      image: ubuntu
+      script: echo $(params.message) | tee $(workspaces.task-ws.path)/message $(results.message.path)
+  workspaces:
+    - name: task-ws
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: to-upper
+spec:
+  description: |
+    This task read and process a file from the workspace and write the result
+    both to a file in the workspace and as a Task Result.
+  params:
+    - name: input-path
+      type: string
+  results:
+    - name: message
+      description: Input message in upper case
+  steps:
+    - name: to-upper
+      image: ubuntu
+      script: cat $(workspaces.w.path)/$(params.input-path) | tr '[:lower:]' '[:upper:]' | tee $(workspaces.w.path)/upper $(results.message.path)
+  workspaces:
+    - name: w
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: to-lower
+spec:
+  description: |
+    This task read and process a file from the workspace and write the result
+    both to a file in the workspace and as a Task Result
+  params:
+    - name: input-path
+      type: string
+  results:
+    - name: message
+      description: Input message in lower case
+  steps:
+    - name: to-lower
+      image: ubuntu
+      script: cat $(workspaces.w.path)/$(params.input-path) | tr '[:upper:]' '[:lower:]' | tee $(workspaces.w.path)/lower $(results.message.path)
+  workspaces:
+    - name: w
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: result-reporter
+spec:
+  description: |
+    This task is supposed to mimic a service that post data from the Pipeline,
+    e.g. to an remote HTTP service or a Slack notification.
+  params:
+    - name: result-to-report
+      type: string
+  steps:
+    - name: report-result
+      image: ubuntu
+      script: echo $(params.result-to-report)
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: validator
+spec:
+  steps:
+    - name: validate-upper
+      image: ubuntu
+      script: cat $(workspaces.files.path)/upper | grep HELLO\ TEKTON
+    - name: validate-lower
+      image: ubuntu
+      script: cat $(workspaces.files.path)/lower | grep hello\ tekton
+  workspaces:
+    - name: files
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: parallel-pipelinerun-
+spec:
+  params:
+    - name: message
+      value: Hello Tekton
+  pipelineRef:
+    name: parallel-pipeline
+  workspaces:
+    - name: ws
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi

pkg/tekton/testdata/serviceaccount.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: umoci-sa
+secrets:
+  - name: regcred