Provide a way to specify default service accounts

This PR allows defaults service-account (configurable though the configmap) to be set when none is specified in a PipelineRun. Fixes: #1213 Signed-off-by: Sunil Thaha <sthaha@redhat.com>
tektoncd · Aug 21, 2019 · f80266a · f80266a
1 parent c371bef
commit f80266a
Show file tree

Hide file tree

Showing 8 changed files with 78 additions and 1 deletion.
diff --git a/config/config-defaults.yaml b/config/config-defaults.yaml
@@ -37,3 +37,7 @@ data:
     # default-timeout-minutes contains the default number of
     # minutes to use for TaskRun and PipelineRun, if none is specified.
     default-timeout-minutes: "60"  # 60 minutes
+
+    # default-service-account contains the default service account name
+    # to use for TaskRun and PipelineRun, if none is specified.
+    default-service-account: "default"
diff --git a/pkg/apis/config/default.go b/pkg/apis/config/default.go
@@ -30,17 +30,20 @@ const (
 	DefaultTimeoutMinutes    = 60
 	NoTimeoutDuration        = 0 * time.Minute
 	defaultTimeoutMinutesKey = "default-timeout-minutes"
+	defaultServiceAccountKey = "default-service-account"
 )
 
 // Defaults holds the default configurations
 // +k8s:deepcopy-gen=true
 type Defaults struct {
 	DefaultTimeoutMinutes int
+	DefaultServiceAccount string
 }
 
 // Equals returns true if two Configs are identical
 func (cfg *Defaults) Equals(other *Defaults) bool {
-	return other.DefaultTimeoutMinutes == cfg.DefaultTimeoutMinutes
+	return other.DefaultTimeoutMinutes == cfg.DefaultTimeoutMinutes &&
+		other.DefaultServiceAccount == cfg.DefaultServiceAccount
 }
 
 // NewDefaultsFromMap returns a Config given a map corresponding to a ConfigMap
@@ -56,6 +59,10 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) {
 		tc.DefaultTimeoutMinutes = int(timeout)
 	}
 
+	if defaultServiceAccount, ok := cfgMap[defaultServiceAccountKey]; ok {
+		tc.DefaultServiceAccount = defaultServiceAccount
+	}
+
 	return &tc, nil
 }
 

diff --git a/pkg/apis/config/default_test.go b/pkg/apis/config/default_test.go
@@ -26,6 +26,7 @@ import (
 func TestNewDefaultsFromConfigMap(t *testing.T) {
 	expectedConfig := &Defaults{
 		DefaultTimeoutMinutes: 50,
+		DefaultServiceAccount: "tekton",
 	}
 	verifyConfigFileWithExpectedConfig(t, DefaultsConfigName, expectedConfig)
 }

diff --git a/pkg/apis/config/testdata/config-defaults.yaml b/pkg/apis/config/testdata/config-defaults.yaml
@@ -19,3 +19,4 @@ metadata:
   namespace: tekton-pipelines
 data:
   default-timeout-minutes: "50"
+  default-service-account: "tekton"
diff --git a/pkg/apis/pipeline/v1alpha1/pipelinerun_defaults.go b/pkg/apis/pipeline/v1alpha1/pipelinerun_defaults.go
@@ -42,4 +42,9 @@ func (prs *PipelineRunSpec) SetDefaults(ctx context.Context) {
 		}
 		prs.Timeout = timeout
 	}
+
+	defaultSA := cfg.Defaults.DefaultServiceAccount
+	if prs.ServiceAccount == "" && defaultSA != "" {
+		prs.ServiceAccount = defaultSA
+	}
 }
diff --git a/pkg/apis/pipeline/v1alpha1/pipelinerun_defaults_test.go b/pkg/apis/pipeline/v1alpha1/pipelinerun_defaults_test.go
@@ -123,6 +123,33 @@ func TestPipelineRunDefaulting(t *testing.T) {
 			})
 			return s.ToContext(ctx)
 		},
+	}, {
+		name: "PipelineRef default config context with sa",
+		in: &v1alpha1.PipelineRun{
+			Spec: v1alpha1.PipelineRunSpec{
+				PipelineRef: v1alpha1.PipelineRef{Name: "foo"},
+			},
+		},
+		want: &v1alpha1.PipelineRun{
+			Spec: v1alpha1.PipelineRunSpec{
+				PipelineRef:    v1alpha1.PipelineRef{Name: "foo"},
+				Timeout:        &metav1.Duration{Duration: 5 * time.Minute},
+				ServiceAccount: "tekton",
+			},
+		},
+		wc: func(ctx context.Context) context.Context {
+			s := config.NewStore(logtesting.TestLogger(t))
+			s.OnConfigChanged(&corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: config.DefaultsConfigName,
+				},
+				Data: map[string]string{
+					"default-timeout-minutes": "5",
+					"default-service-account": "tekton",
+				},
+			})
+			return s.ToContext(ctx)
+		},
 	}}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {

diff --git a/pkg/apis/pipeline/v1alpha1/taskrun_defaults.go b/pkg/apis/pipeline/v1alpha1/taskrun_defaults.go
@@ -46,4 +46,9 @@ func (trs *TaskRunSpec) SetDefaults(ctx context.Context) {
 		}
 		trs.Timeout = timeout
 	}
+
+	defaultSA := cfg.Defaults.DefaultServiceAccount
+	if trs.ServiceAccount == "" && defaultSA != "" {
+		trs.ServiceAccount = defaultSA
+	}
 }
diff --git a/pkg/apis/pipeline/v1alpha1/taskrun_defaults_test.go b/pkg/apis/pipeline/v1alpha1/taskrun_defaults_test.go
@@ -146,6 +146,33 @@ func TestTaskRunDefaulting(t *testing.T) {
 			})
 			return s.ToContext(ctx)
 		},
+	}, {
+		name: "TaskRef default config context with SA",
+		in: &v1alpha1.TaskRun{
+			Spec: v1alpha1.TaskRunSpec{
+				TaskRef: &v1alpha1.TaskRef{Name: "foo"},
+			},
+		},
+		want: &v1alpha1.TaskRun{
+			Spec: v1alpha1.TaskRunSpec{
+				TaskRef:        &v1alpha1.TaskRef{Name: "foo", Kind: v1alpha1.NamespacedTaskKind},
+				Timeout:        &metav1.Duration{Duration: 5 * time.Minute},
+				ServiceAccount: "tekton",
+			},
+		},
+		wc: func(ctx context.Context) context.Context {
+			s := config.NewStore(logtesting.TestLogger(t))
+			s.OnConfigChanged(&corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: config.DefaultsConfigName,
+				},
+				Data: map[string]string{
+					"default-timeout-minutes": "5",
+					"default-service-account": "tekton",
+				},
+			})
+			return s.ToContext(ctx)
+		},
 	}}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {