From a898fe79e0717fa775a9aa22d7817402234a7201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Va=C5=A1ek?= Date: Tue, 11 Jun 2024 15:38:33 +0200 Subject: [PATCH] fix: PaC build (#2341) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fixed detection of PaC controller URL for unprivileged users. * Use fn.Deploy.Image before fn.Image since the fn.Image may not be populated. Signed-off-by: Matej VaĊĦek --- pkg/pipelines/tekton/pac/pac.go | 19 +++++++++++-------- .../tekton/pipelines_pac_provider.go | 13 +++++++++---- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/pkg/pipelines/tekton/pac/pac.go b/pkg/pipelines/tekton/pac/pac.go index bf134c4648..69b38f3800 100644 --- a/pkg/pipelines/tekton/pac/pac.go +++ b/pkg/pipelines/tekton/pac/pac.go @@ -23,10 +23,10 @@ const ( // DetectPACInstallation checks whether PAC is installed on the cluster // Taken and slightly modified from https://github.com/openshift-pipelines/pipelines-as-code/blob/6a7f043f9bb51d04ab729505b26446695595df1f/pkg/cmd/tknpac/bootstrap/bootstrap.go -func DetectPACInstallation(ctx context.Context, wantedNamespace string) (bool, string, error) { +func DetectPACInstallation(ctx context.Context) (bool, string, error) { var installed bool - clientPac, _, err := NewTektonPacClientAndResolvedNamespace("") + clientPac, cns, err := NewTektonPacClientAndResolvedNamespace("") if err != nil { return false, "", err } @@ -36,20 +36,23 @@ func DetectPACInstallation(ctx context.Context, wantedNamespace string) (bool, s return false, "", err } - _, err = clientPac.Repositories("").List(ctx, metav1.ListOptions{}) + _, err = clientPac.Repositories(cns).List(ctx, metav1.ListOptions{}) if err != nil && k8serrors.IsNotFound(err) { return false, "", nil } installed = true - if wantedNamespace != "" { - _, err := clientK8s.CoreV1().ConfigMaps(wantedNamespace).Get(ctx, infoConfigMap, metav1.GetOptions{}) - if err == nil { - return installed, wantedNamespace, nil + + // First search namespaces that usually contains PaC, this check may be done even by unprivileged user. + for _, suspectedNS := range []string{"pipelines-as-code", "openshift-pipelines"} { + _, e := clientK8s.CoreV1().ConfigMaps(suspectedNS).Get(ctx, infoConfigMap, metav1.GetOptions{}) + if e == nil { + return installed, suspectedNS, nil } - return installed, "", fmt.Errorf("could not detect Pipelines as Code configmap in %s namespace : %w, please reinstall", wantedNamespace, err) } + // Search all namespaces if the usual suspects do not contain the desired configmap. + // This may require elevated privileges in cluster. cms, err := clientK8s.CoreV1().ConfigMaps("").List(ctx, metav1.ListOptions{ LabelSelector: configMapPacLabel, }) diff --git a/pkg/pipelines/tekton/pipelines_pac_provider.go b/pkg/pipelines/tekton/pipelines_pac_provider.go index 6bb4031758..c67f6cbb0b 100644 --- a/pkg/pipelines/tekton/pipelines_pac_provider.go +++ b/pkg/pipelines/tekton/pipelines_pac_provider.go @@ -147,7 +147,7 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn } // figure out pac installation namespace - installed, _, err := pac.DetectPACInstallation(ctx, "") + installed, _, err := pac.DetectPACInstallation(ctx) if !installed { errMsg := "" if err != nil { @@ -168,7 +168,12 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn labels = pp.decorator.UpdateLabels(f, labels) } - registry, err := docker.GetRegistry(f.Image) + img := f.Deploy.Image + if img == "" { + img = f.Image + } + + registry, err := docker.GetRegistry(img) if err != nil { return fmt.Errorf("problem in resolving image registry name: %w", err) } @@ -177,7 +182,7 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn registry = authn.DefaultAuthKey } - creds, err := pp.credentialsProvider(ctx, f.Image) + creds, err := pp.credentialsProvider(ctx, img) if err != nil { return err } @@ -213,7 +218,7 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn func (pp *PipelinesProvider) createRemotePACResources(ctx context.Context, f fn.Function, metadata pipelines.PacMetadata) error { // figure out pac installation namespace - installed, installationNS, err := pac.DetectPACInstallation(ctx, "") + installed, installationNS, err := pac.DetectPACInstallation(ctx) if !installed { errMsg := "" if err != nil {