Clean up validation for task and pipeline refs

This commit creates separate files for testing validation of Task and Pipeline references, and moves test cases related to this validation into those files. It also updates the error message for when a bundle is included in a reference without the "enable-tekton-oci-bundles" flag set to "true" to instruct the user to set that flag. In addition, it updates the error message for when resolvers are set without the "enable-api-fields" flag set to "alpha" to instruct the user to set that flag.
tektoncd · Jul 7, 2022 · b3b623a · b3b623a
1 parent 74e7567
commit b3b623a
Show file tree

Hide file tree

Showing 12 changed files with 528 additions and 467 deletions.
diff --git a/pkg/apis/pipeline/v1beta1/openapi_generated.go b/pkg/apis/pipeline/v1beta1/openapi_generated.go
diff --git a/pkg/apis/pipeline/v1beta1/pipelineref_types.go b/pkg/apis/pipeline/v1beta1/pipelineref_types.go
@@ -0,0 +1,35 @@
+/*
+Copyright 2022 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+// PipelineRef can be used to refer to a specific instance of a Pipeline.
+type PipelineRef struct {
+	// Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names
+	Name string `json:"name,omitempty"`
+	// API version of the referent
+	// +optional
+	APIVersion string `json:"apiVersion,omitempty"`
+	// Bundle url reference to a Tekton Bundle.
+	// +optional
+	Bundle string `json:"bundle,omitempty"`
+
+	// ResolverRef allows referencing a Pipeline in a remote location
+	// like a git repo. This field is only supported when the alpha
+	// feature gate is enabled.
+	// +optional
+	ResolverRef `json:",omitempty"`
+}
diff --git a/pkg/apis/pipeline/v1beta1/pipelineref_validation.go b/pkg/apis/pipeline/v1beta1/pipelineref_validation.go
@@ -18,71 +18,58 @@ package v1beta1
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/tektoncd/pipeline/pkg/apis/config"
+	"github.com/tektoncd/pipeline/pkg/apis/version"
 	"knative.dev/pkg/apis"
 )
 
 // Validate ensures that a supplied PipelineRef field is populated
 // correctly. No errors are returned for a nil PipelineRef.
 func (ref *PipelineRef) Validate(ctx context.Context) (errs *apis.FieldError) {
-	cfg := config.FromContextOrDefaults(ctx)
 	if ref == nil {
 		return
 	}
-	if cfg.FeatureFlags.EnableAPIFields == config.AlphaAPIFields {
-		errs = errs.Also(ref.validateAlphaRef(ctx))
-	} else {
-		errs = errs.Also(ref.validateInTreeRef(ctx))
-	}
-	return
-}
-
-// validateInTreeRef returns errors if the given pipelineRef is not
-// valid for Pipelines' built-in resolution machinery.
-func (ref *PipelineRef) validateInTreeRef(ctx context.Context) (errs *apis.FieldError) {
-	cfg := config.FromContextOrDefaults(ctx)
-	if ref.Resolver != "" {
-		errs = errs.Also(apis.ErrDisallowedFields("resolver"))
-	}
-	if ref.Resource != nil {
-		errs = errs.Also(apis.ErrDisallowedFields("resource"))
-	}
-	if ref.Name == "" {
-		errs = errs.Also(apis.ErrMissingField("name"))
-	}
-	if cfg.FeatureFlags.EnableTektonOCIBundles {
-		if ref.Bundle != "" && ref.Name == "" {
-			errs = errs.Also(apis.ErrMissingField("name"))
-		}
-		if ref.Bundle != "" {
-			if _, err := name.ParseReference(ref.Bundle); err != nil {
-				errs = errs.Also(apis.ErrInvalidValue("invalid bundle reference", "bundle", err.Error()))
-			}
-		}
-	} else if ref.Bundle != "" {
-		errs = errs.Also(apis.ErrDisallowedFields("bundle"))
-	}
-	return
-}
 
-// validateAlphaRef ensures that the user has passed either a
-// valid remote resource reference or a valid in-tree resource reference,
-// but not both.
-func (ref *PipelineRef) validateAlphaRef(ctx context.Context) (errs *apis.FieldError) {
 	switch {
-	case ref.Resolver == "" && ref.Resource != nil:
-		errs = errs.Also(apis.ErrMissingField("resolver"))
-	case ref.Resolver == "":
-		errs = errs.Also(ref.validateInTreeRef(ctx))
-	default:
+	case ref.Resolver != "":
+		errs = errs.Also(version.ValidateEnabledAPIFields(ctx, "resolver", config.AlphaAPIFields).ViaField("resolver"))
 		if ref.Name != "" {
 			errs = errs.Also(apis.ErrMultipleOneOf("name", "resolver"))
 		}
 		if ref.Bundle != "" {
 			errs = errs.Also(apis.ErrMultipleOneOf("bundle", "resolver"))
 		}
+	case ref.Resource != nil:
+		errs = errs.Also(version.ValidateEnabledAPIFields(ctx, "resource", config.AlphaAPIFields).ViaField("resource"))
+		if ref.Name != "" {
+			errs = errs.Also(apis.ErrMultipleOneOf("name", "resource"))
+		}
+		if ref.Bundle != "" {
+			errs = errs.Also(apis.ErrMultipleOneOf("bundle", "resource"))
+		}
+		if ref.Resolver == "" {
+			errs = errs.Also(apis.ErrMissingField("resolver"))
+		}
+	case ref.Name == "":
+		errs = errs.Also(apis.ErrMissingField("name"))
+	case ref.Bundle != "":
+		errs = errs.Also(validateBundleFeatureFlag(ctx, "bundle", true).ViaField("bundle"))
+		if _, err := name.ParseReference(ref.Bundle); err != nil {
+			errs = errs.Also(apis.ErrInvalidValue("invalid bundle reference", "bundle", err.Error()))
+		}
 	}
 	return
 }
+
+func validateBundleFeatureFlag(ctx context.Context, featureName string, wantValue bool) *apis.FieldError {
+	flagValue := config.FromContextOrDefaults(ctx).FeatureFlags.EnableTektonOCIBundles
+	if flagValue != wantValue {
+		var errs *apis.FieldError
+		message := fmt.Sprintf(`%s requires "enable-tekton-oci-bundles" feature gate to be %t but it is %t`, featureName, wantValue, flagValue)
+		return errs.Also(apis.ErrGeneric(message))
+	}
+	return nil
+}
diff --git a/pkg/apis/pipeline/v1beta1/pipelineref_validation_test.go b/pkg/apis/pipeline/v1beta1/pipelineref_validation_test.go
@@ -0,0 +1,200 @@
+/*
+Copyright 2020 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/tektoncd/pipeline/pkg/apis/config"
+	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
+	"github.com/tektoncd/pipeline/test/diff"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/apis"
+	logtesting "knative.dev/pkg/logging/testing"
+)
+
+func TestPipelineRef_Invalid(t *testing.T) {
+	tests := []struct {
+		name        string
+		ref         *v1beta1.PipelineRef
+		wantErr     *apis.FieldError
+		withContext func(context.Context) context.Context
+	}{{
+		name: "use of bundle without the feature flag set",
+		ref: &v1beta1.PipelineRef{
+			Name:   "my-pipeline",
+			Bundle: "docker.io/foo",
+		},
+		wantErr: apis.ErrGeneric("bundle requires \"enable-tekton-oci-bundles\" feature gate to be true but it is false"),
+	}, {
+		name: "bundle missing name",
+		ref: &v1beta1.PipelineRef{
+			Bundle: "docker.io/foo",
+		},
+		wantErr:     apis.ErrMissingField("name"),
+		withContext: enableTektonOCIBundles(t),
+	}, {
+		name: "invalid bundle reference",
+		ref: &v1beta1.PipelineRef{
+			Name:   "my-pipeline",
+			Bundle: "not a valid reference",
+		},
+		wantErr:     apis.ErrInvalidValue("invalid bundle reference", "bundle", "could not parse reference: not a valid reference"),
+		withContext: enableTektonOCIBundles(t),
+	}, {
+		name:    "pipelineRef without Pipeline Name",
+		ref:     &v1beta1.PipelineRef{},
+		wantErr: apis.ErrMissingField("name"),
+	}, {
+		name: "pipelineref resolver disallowed without alpha feature gate",
+		ref: &v1beta1.PipelineRef{
+			ResolverRef: v1beta1.ResolverRef{
+				Resolver: "foo",
+			},
+		},
+		wantErr: apis.ErrGeneric("resolver requires \"enable-api-fields\" feature gate to be \"alpha\" but it is \"stable\""),
+	}, {
+		name: "pipelineref resource disallowed without alpha feature gate",
+		ref: &v1beta1.PipelineRef{
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{},
+			},
+		},
+		wantErr: apis.ErrMissingField("resolver").Also(apis.ErrGeneric("resource requires \"enable-api-fields\" feature gate to be \"alpha\" but it is \"stable\"")),
+	}, {
+		name: "pipelineref resource disallowed without resolver",
+		ref: &v1beta1.PipelineRef{
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{},
+			},
+		},
+		wantErr:     apis.ErrMissingField("resolver"),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resolver disallowed in conjunction with pipelineref name",
+		ref: &v1beta1.PipelineRef{
+			Name: "foo",
+			ResolverRef: v1beta1.ResolverRef{
+				Resolver: "bar",
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("name", "resolver"),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resolver disallowed in conjunction with pipelineref bundle",
+		ref: &v1beta1.PipelineRef{
+			Bundle: "foo",
+			ResolverRef: v1beta1.ResolverRef{
+				Resolver: "baz",
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("bundle", "resolver"),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resource disallowed in conjunction with taskref name",
+		ref: &v1beta1.PipelineRef{
+			Name: "bar",
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{{
+					Name:  "foo",
+					Value: "bar",
+				}},
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("name", "resource").Also(apis.ErrMissingField("resolver")),
+		withContext: enableAlphaAPIFields,
+	}, {
+		name: "pipelineref resource disallowed in conjunction with taskref bundle",
+		ref: &v1beta1.PipelineRef{
+			Bundle: "bar",
+			ResolverRef: v1beta1.ResolverRef{
+				Resource: []v1beta1.ResolverParam{{
+					Name:  "foo",
+					Value: "bar",
+				}},
+			},
+		},
+		wantErr:     apis.ErrMultipleOneOf("bundle", "resource").Also(apis.ErrMissingField("resolver")),
+		withContext: enableAlphaAPIFields,
+	}}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			ctx := context.Background()
+			if tc.withContext != nil {
+				ctx = tc.withContext(ctx)
+			}
+			err := tc.ref.Validate(ctx)
+			if d := cmp.Diff(tc.wantErr.Error(), err.Error()); d != "" {
+				t.Error(diff.PrintWantGot(d))
+			}
+		})
+	}
+}
+
+func TestPipelineRef_Valid(t *testing.T) {
+	tests := []struct {
+		name string
+		ref  *v1beta1.PipelineRef
+		wc   func(context.Context) context.Context
+	}{{
+		name: "no pipelineRef",
+		ref:  nil,
+	}, {
+		name: "alpha feature: valid resolver",
+		ref:  &v1beta1.PipelineRef{ResolverRef: v1beta1.ResolverRef{Resolver: "git"}},
+		wc:   enableAlphaAPIFields,
+	}, {
+		name: "alpha feature: valid resolver with resource parameters",
+		ref: &v1beta1.PipelineRef{ResolverRef: v1beta1.ResolverRef{Resolver: "git", Resource: []v1beta1.ResolverParam{{
+			Name:  "repo",
+			Value: "https://github.com/tektoncd/pipeline.git",
+		}, {
+			Name:  "branch",
+			Value: "baz",
+		}}}},
+		wc: enableAlphaAPIFields,
+	}}
+
+	for _, ts := range tests {
+		t.Run(ts.name, func(t *testing.T) {
+			ctx := context.Background()
+			if ts.wc != nil {
+				ctx = ts.wc(ctx)
+			}
+			if err := ts.ref.Validate(ctx); err != nil {
+				t.Error(err)
+			}
+		})
+	}
+}
+
+func enableTektonOCIBundles(t *testing.T) func(context.Context) context.Context {
+	return func(ctx context.Context) context.Context {
+		s := config.NewStore(logtesting.TestLogger(t))
+		s.OnConfigChanged(&corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{Name: config.GetFeatureFlagsConfigName()},
+			Data: map[string]string{
+				"enable-tekton-oci-bundles": "true",
+			},
+		})
+		return s.ToContext(ctx)
+	}
+}
diff --git a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go
@@ -265,25 +265,6 @@ const (
 	PipelineRunSpecStatusPending = "PipelineRunPending"
 )
 
-// PipelineRef can be used to refer to a specific instance of a Pipeline.
-// Copied from CrossVersionObjectReference: https://github.com/kubernetes/kubernetes/blob/169df7434155cbbc22f1532cba8e0a9588e29ad8/pkg/apis/autoscaling/types.go#L64
-type PipelineRef struct {
-	// Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names
-	Name string `json:"name,omitempty"`
-	// API version of the referent
-	// +optional
-	APIVersion string `json:"apiVersion,omitempty"`
-	// Bundle url reference to a Tekton Bundle.
-	// +optional
-	Bundle string `json:"bundle,omitempty"`
-
-	// ResolverRef allows referencing a Pipeline in a remote location
-	// like a git repo. This field is only supported when the alpha
-	// feature gate is enabled.
-	// +optional
-	ResolverRef `json:",omitempty"`
-}
-
 // PipelineRunStatus defines the observed state of PipelineRun
 type PipelineRunStatus struct {
 	duckv1beta1.Status `json:",inline"`