Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate PipelineRun Parameters #2719

Merged
merged 1 commit into from
Jun 16, 2020

Conversation

jerop
Copy link
Member

@jerop jerop commented May 29, 2020

Changes

While working on allowing PipelineRuns to provide extra parameters (#2513), we found that providing extra parameters was unintentionally allowed. That's because, currently, there's no validation that all parameters expected by the Pipeline is provided by the PipelineRun.

In this PR, we add validation for PipelineRun parameters by generating a list of provided parameters then iterating through the expected parameters to ensure they are in the list of provided parameters. Note that parameters which have default values specified in Pipeline are not required to be provided by PipelineRun.

In the validation, we still allow PipelineRuns to provide extra parameters. If we disallow PipelineRuns from providing extra parameters, the Pipelines would fail. As a result, systems that autogenerate PipelineRuns would need to look at each pipeline to see what parameters they need so it can provide only the required parameters. That means users would have to resort to more complex designs to solve this issue, as further described in (#2513).

By allowing PipelineRuns to provide extra parameters, we make the process of autogenerating of PipelineRuns simpler.

Fixes #2708.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Double check this list of stuff that's easy to miss:

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

- PipelineRun parameters are validated to ensure that all the parameters required by the Pipeline are provided by the PipelineRun.

- PipelineRun parameters validation allows PipelineRuns to provide extra parameters in addition to the required parameters.

- Warning: backwards incompatible change that will force users to pass in default parameter values or provide the required parameters. 

@tekton-robot tekton-robot requested review from bobcatfish and dibyom May 29, 2020 21:33
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 29, 2020
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

1 similar comment
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@jerop jerop changed the title Validate PipelineRun parameters Validate PipelineRun Parameters May 29, 2020
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.3% -0.0

@jerop jerop force-pushed the pipeline-validation branch from 0697022 to bcf1c72 Compare May 29, 2020 21:39
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.3% -0.0

@jerop jerop force-pushed the pipeline-validation branch from bcf1c72 to 4e0550c Compare May 29, 2020 21:56
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.3% -0.0

@jerop jerop force-pushed the pipeline-validation branch from 4e0550c to 8347846 Compare May 29, 2020 22:08
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.5% 0.2

@jerop jerop force-pushed the pipeline-validation branch from 8347846 to 13759ed Compare May 29, 2020 22:11
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.5% 0.2

@jerop jerop force-pushed the pipeline-validation branch from 13759ed to b0a3bac Compare May 29, 2020 22:13
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.5% 0.2

@jerop jerop marked this pull request as draft May 31, 2020 15:42
@jerop jerop force-pushed the pipeline-validation branch from b0a3bac to 9fc4144 Compare May 31, 2020 15:55
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.5% 0.2

@jerop jerop force-pushed the pipeline-validation branch from 9fc4144 to 264032d Compare June 1, 2020 13:09
@tekton-robot
Copy link
Collaborator

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 75.3% 75.5% 0.2

@jerop jerop force-pushed the pipeline-validation branch from 264032d to 5b8b6d2 Compare June 1, 2020 14:42
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Jun 9, 2020
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 81.7% 81.9% 0.2

@jerop jerop force-pushed the pipeline-validation branch from 25120c4 to 7eab836 Compare June 9, 2020 16:41
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 81.7% 81.9% 0.2

@jerop jerop force-pushed the pipeline-validation branch from 7eab836 to 582f848 Compare June 9, 2020 16:45
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 81.7% 81.9% 0.2

@jerop
Copy link
Member Author

jerop commented Jun 9, 2020

thanks for the review @vdemeester and @pritidesai!

made the changes and the test case with default params is here

@jerop jerop requested review from vdemeester and pritidesai June 9, 2020 17:01
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastic, this is going to make writing test infra much easier.

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 9, 2020
Copy link
Member

@pritidesai pritidesai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great, thanks @jerop for addressing all the comments 🙏

Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

/hold
I just want a last look from @tektoncd/core-maintainers. This will force task to setup default value for parameters if the parameters can be an empty string.

# […]
spec:
  params:
  - name: extraOptions
    type: string
  steps:
  - name: foooooo
    image: bash
    script: |
      ls -l ${extraOptions}

Without specifying the parameter extraOptions, the above task would succeed before this change and "fail" after. We will need a pass on the catalog to add default field where needed.

@tekton-robot tekton-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Jun 10, 2020
@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pritidesai, sbwsg, vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@bobcatfish
Copy link
Collaborator

@vdemeester if anyone was relying on this for Pipelines + PipelineRuns we definitely want to warn them, so I think it makes sense to put a warning in the release notes.

I think the catalog shouldn't need any updates b/c this PR is only updating Pipelines + PipelinesRuns, and it looks like Tasks + TaskRuns already have this validation, for example this Task:

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: hello
spec:
  params:
  - name: extraOptions
    type: string
  steps:
    - name: hello
      image: ubuntu
      command:
        - echo
      args:
        - "Hello World $(params.extraOptions)"

With this TaskRun:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  generateName: hello-
spec:
  taskRef:
    name: hello

The TaskRun fails with:

invalid input params: missing values for these params which have no default values: [extraOptions]

While working on allowing PipelineRuns to provide extra parameters (tektoncd#2513),
we found that providing extra parameters was unintentionally allowed. That's
because, currently, there's no validation that all parameters expected by
the Pipeline is provided by the PipelineRun.

In this PR, we add validation for PipelineRun parameters by generating a
list of provided parameters then iterating through the required parameters
to ensure they are in the list of provided parameters. Note that parameters
which have default values specified in Pipeline are not required.

In the validation, we still allow PipelineRuns to provide extra parameters.
If we disallow PipelineRuns from provides extra parameters, the Pipelines
would fail. As a result, systems that autogenerate PipelineRuns need to
lookat each pipeline to see what parameters they need so it can provide
only the required parameters. That means users would have to resort to
more complex designs to solve this issue, as further described in (tektoncd#2513).
By allowing PipelineRuns to provide extra parameters, we make the process
of autogenerating of PipelineRuns simpler.

Fixes tektoncd#2708.
@jerop jerop force-pushed the pipeline-validation branch from 582f848 to 47f39ac Compare June 15, 2020 14:54
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Jun 15, 2020
@bobcatfish
Copy link
Collaborator

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 15, 2020
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 82.0% 82.1% 0.1

@jerop
Copy link
Member Author

jerop commented Jun 15, 2020

/retest

@vdemeester
Copy link
Member

@vdemeester if anyone was relying on this for Pipelines + PipelineRuns we definitely want to warn them, so I think it makes sense to put a warning in the release notes.

I think the catalog shouldn't need any updates b/c this PR is only updating Pipelines + PipelinesRuns, and it looks like Tasks + TaskRuns already have this validation, for example this Task:

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: hello
spec:
  params:
  - name: extraOptions
    type: string
  steps:
    - name: hello
      image: ubuntu
      command:
        - echo
      args:
        - "Hello World $(params.extraOptions)"

With this TaskRun:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  generateName: hello-
spec:
  taskRef:
    name: hello

The TaskRun fails with:

invalid input params: missing values for these params which have no default values: [extraOptions]

Ahh good then ! It's a less scaring change 🙃
/hold cancel

@tekton-robot tekton-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 16, 2020
@tekton-robot tekton-robot merged commit db66eca into tektoncd:master Jun 16, 2020
@jerop jerop deleted the pipeline-validation branch September 30, 2020 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Validate PipelineRun parameters
5 participants