Clean up validation for task and pipeline refs

This commit creates separate files for testing validation of Task and Pipeline references, and moves test cases related to this validation into those files. It also updates the error message for when a bundle is included in a reference without the "enable-tekton-oci-bundles" flag set to "true" to instruct the user to set that flag. In addition, it updates the error message for when resolvers are set without the "enable-api-fields" flag set to "alpha" to instruct the user to set that flag.
tektoncd · Jun 28, 2022 · 0692a5f · 0692a5f
1 parent 8611c55
commit 0692a5f
Show file tree

Hide file tree

Showing 6 changed files with 430 additions and 411 deletions.
diff --git a/pkg/apis/pipeline/v1beta1/pipelineref_validation.go b/pkg/apis/pipeline/v1beta1/pipelineref_validation.go
@@ -18,6 +18,7 @@ package v1beta1
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/tektoncd/pipeline/pkg/apis/config"
@@ -27,62 +28,47 @@ import (
 // Validate ensures that a supplied PipelineRef field is populated
 // correctly. No errors are returned for a nil PipelineRef.
 func (ref *PipelineRef) Validate(ctx context.Context) (errs *apis.FieldError) {
-	cfg := config.FromContextOrDefaults(ctx)
 	if ref == nil {
 		return
 	}
-	if cfg.FeatureFlags.EnableAPIFields == config.AlphaAPIFields {
-		errs = errs.Also(ref.validateAlphaRef(ctx))
-	} else {
-		errs = errs.Also(ref.validateInTreeRef(ctx))
-	}
-	return
-}
-
-// validateInTreeRef returns errors if the given pipelineRef is not
-// valid for Pipelines' built-in resolution machinery.
-func (ref *PipelineRef) validateInTreeRef(ctx context.Context) (errs *apis.FieldError) {
-	cfg := config.FromContextOrDefaults(ctx)
-	if ref.Resolver != "" {
-		errs = errs.Also(apis.ErrDisallowedFields("resolver"))
-	}
-	if ref.Resource != nil {
-		errs = errs.Also(apis.ErrDisallowedFields("resource"))
-	}
-	if ref.Name == "" {
-		errs = errs.Also(apis.ErrMissingField("name"))
-	}
-	if cfg.FeatureFlags.EnableTektonOCIBundles {
-		if ref.Bundle != "" && ref.Name == "" {
-			errs = errs.Also(apis.ErrMissingField("name"))
-		}
-		if ref.Bundle != "" {
-			if _, err := name.ParseReference(ref.Bundle); err != nil {
-				errs = errs.Also(apis.ErrInvalidValue("invalid bundle reference", "bundle", err.Error()))
-			}
-		}
-	} else if ref.Bundle != "" {
-		errs = errs.Also(apis.ErrDisallowedFields("bundle"))
-	}
-	return
-}
 
-// validateAlphaRef ensures that the user has passed either a
-// valid remote resource reference or a valid in-tree resource reference,
-// but not both.
-func (ref *PipelineRef) validateAlphaRef(ctx context.Context) (errs *apis.FieldError) {
 	switch {
-	case ref.Resolver == "" && ref.Resource != nil:
-		errs = errs.Also(apis.ErrMissingField("resolver"))
-	case ref.Resolver == "":
-		errs = errs.Also(ref.validateInTreeRef(ctx))
-	default:
+	case ref.Resolver != "":
+		errs = errs.Also(ValidateEnabledAPIFields(ctx, "resolver", config.AlphaAPIFields).ViaField("resolver"))
 		if ref.Name != "" {
 			errs = errs.Also(apis.ErrMultipleOneOf("name", "resolver"))
 		}
 		if ref.Bundle != "" {
 			errs = errs.Also(apis.ErrMultipleOneOf("bundle", "resolver"))
 		}
+	case ref.Resource != nil:
+		errs = errs.Also(ValidateEnabledAPIFields(ctx, "resource", config.AlphaAPIFields).ViaField("resource"))
+		if ref.Name != "" {
+			errs = errs.Also(apis.ErrMultipleOneOf("name", "resource"))
+		}
+		if ref.Bundle != "" {
+			errs = errs.Also(apis.ErrMultipleOneOf("bundle", "resource"))
+		}
+		if ref.Resolver == "" {
+			errs = errs.Also(apis.ErrMissingField("resolver"))
+		}
+	case ref.Name == "":
+		errs = errs.Also(apis.ErrMissingField("name"))
+	case ref.Bundle != "":
+		errs = errs.Also(validateBundleFeatureFlag(ctx, "bundle", true).ViaField("bundle"))
+		if _, err := name.ParseReference(ref.Bundle); err != nil {
+			errs = errs.Also(apis.ErrInvalidValue("invalid bundle reference", "bundle", err.Error()))
+		}
 	}
 	return
 }
+
+func validateBundleFeatureFlag(ctx context.Context, featureName string, wantValue bool) *apis.FieldError {
+	flagValue := config.FromContextOrDefaults(ctx).FeatureFlags.EnableTektonOCIBundles
+	if flagValue != wantValue {
+		var errs *apis.FieldError
+		message := fmt.Sprintf(`%s requires "enable-tekton-oci-bundles" feature gate to be %t but it is %t`, featureName, wantValue, flagValue)
+		return errs.Also(apis.ErrGeneric(message))
+	}
+	return nil
+}
diff --git a/pkg/apis/pipeline/v1beta1/pipelineref_validation_test.go b/pkg/apis/pipeline/v1beta1/pipelineref_validation_test.go
@@ -0,0 +1,200 @@
+/*
+Copyright 2020 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/tektoncd/pipeline/pkg/apis/config"
+	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
+	"github.com/tektoncd/pipeline/test/diff"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/apis"
+	logtesting "knative.dev/pkg/logging/testing"
+)
+
+func TestPipelineRef_Invalid(t *testing.T) {
+	tests := []struct {
+		name        string
+		ref         *v1beta1.PipelineRef
+		wantErr     *apis.FieldError
+		withContext func(context.Context) context.Context
+	}{{
+		name: "use of bundle without the feature flag set",
+		ref: &v1beta1.PipelineRef{
+			Name:   "my-pipeline",
+			Bundle: "docker.io/foo",
+		},
+		wantErr: apis.ErrGeneric("bundle requires \"enable-tekton-oci-bundles\" feature gate to be true but it is false"),
+	}, {
+		name: "bundle missing name",
+		ref: &v1beta1.PipelineRef{
+			Bundle: "docker.io/foo",
+		},
+		wantErr:     apis.ErrMissingField("name"),
+		withContext: enableTektonOCIBundles(t),
+	}, {
+		name: "invalid bundle reference",
+		ref: &v1beta1.PipelineRef{
+			Name:   "my-pipeline",
+			Bundle: "not a valid reference",
+		},
+		wantErr:     apis.ErrInvalidValue("invalid bundle reference", "bundle", "could not parse reference: not a valid reference"),
+		withContext: enableTektonOCIBundles(t),
+	}, {
+		name:    "pipelineRef without Pipeline Name",
+		ref:     &v1beta1.PipelineRef{},
+		wantErr: apis.ErrMissingField("name"),
+	}, {
+		name: "pipelineref resolver disallowed without alpha feature gate",
+		ref: &v1beta1.PipelineRef{
+			ResolverRef: v1beta1.ResolverRef{
+				Resolver: "foo",
+			},
+		},
+		wantErr: apis.ErrGeneric("resolver requires \"enable-api-fields\" feature gate to be \"alpha\" but it is \"stable\""),
+	}, {
+		name: "pipelineref resource disallowed without alpha feature gate",
+		ref: &v1beta1.PipelineRef{
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{},
+			},
+		},
+		wantErr: apis.ErrMissingField("resolver").Also(apis.ErrGeneric("resource requires \"enable-api-fields\" feature gate to be \"alpha\" but it is \"stable\"")),
+	}, {
+		name: "pipelineref resource disallowed without resolver",
+		ref: &v1beta1.PipelineRef{
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{},
+			},
+		},
+		wantErr:     apis.ErrMissingField("resolver"),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resolver disallowed in conjunction with pipelineref name",
+		ref: &v1beta1.PipelineRef{
+			Name: "foo",
+			ResolverRef: v1beta1.ResolverRef{
+				Resolver: "bar",
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("name", "resolver"),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resolver disallowed in conjunction with pipelineref bundle",
+		ref: &v1beta1.PipelineRef{
+			Bundle: "foo",
+			ResolverRef: v1beta1.ResolverRef{
+				Resolver: "baz",
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("bundle", "resolver"),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resource disallowed in conjunction with taskref name",
+		ref: &v1beta1.PipelineRef{
+			Name: "bar",
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{{
+					Name:  "foo",
+					Value: "bar",
+				}},
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("name", "resource").Also(apis.ErrMissingField("resolver")),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resource disallowed in conjunction with taskref bundle",
+		ref: &v1beta1.PipelineRef{
+			Bundle: "bar",
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{{
+					Name:  "foo",
+					Value: "bar",
+				}},
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("bundle", "resource").Also(apis.ErrMissingField("resolver")),
+		withContext: enableAlphaAPIFields,
+	}}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			ctx := context.Background()
+			if tc.withContext != nil {
+				ctx = tc.withContext(ctx)
+			}
+			err := tc.ref.Validate(ctx)
+			if d := cmp.Diff(tc.wantErr.Error(), err.Error()); d != "" {
+				t.Error(diff.PrintWantGot(d))
+			}
+		})
+	}
+}
+
+func TestPipelineRef_Valid(t *testing.T) {
+	tests := []struct {
+		name string
+		ref  *v1beta1.PipelineRef
+		wc   func(context.Context) context.Context
+	}{{
+		name: "no pipelineRef",
+		ref:  nil,
+	}, {
+		name: "alpha feature: valid resolver",
+		ref:  &v1beta1.PipelineRef{ResolverRef: v1beta1.ResolverRef{Resolver: "git"}},
+		wc:   enableAlphaAPIFields,
+	}, {
+		name: "alpha feature: valid resolver with resource parameters",
+		ref: &v1beta1.PipelineRef{ResolverRef: v1beta1.ResolverRef{Resolver: "git", Resource: []v1beta1.ResolverParam{{
+			Name:  "repo",
+			Value: "https://github.com/tektoncd/pipeline.git",
+		}, {
+			Name:  "branch",
+			Value: "baz",
+		}}}},
+		wc: enableAlphaAPIFields,
+	}}
+
+	for _, ts := range tests {
+		t.Run(ts.name, func(t *testing.T) {
+			ctx := context.Background()
+			if ts.wc != nil {
+				ctx = ts.wc(ctx)
+			}
+			if err := ts.ref.Validate(ctx); err != nil {
+				t.Error(err)
+			}
+		})
+	}
+}
+
+func enableTektonOCIBundles(t *testing.T) func(context.Context) context.Context {
+	return func(ctx context.Context) context.Context {
+		s := config.NewStore(logtesting.TestLogger(t))
+		s.OnConfigChanged(&corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{Name: config.GetFeatureFlagsConfigName()},
+			Data: map[string]string{
+				"enable-tekton-oci-bundles": "true",
+			},
+		})
+		return s.ToContext(ctx)
+	}
+}