From fc24674a2e65a724a183e2b8f01314bb7f17d629 Mon Sep 17 00:00:00 2001 From: Jonas Pettersson Date: Mon, 11 May 2020 22:56:40 +0200 Subject: [PATCH] Add variable expansion for params in Projected Volume fields A [projected volume](https://kubernetes.io/docs/concepts/storage/volumes/#projected) can mount/project files from `Secrets`, `ConfigMaps` and `ServiceAccountTokens`. Is is good if the end user can choose the name of `Secrets`, `ConfigMaps` and the audience of `ServiceAccountTokens`. With this commit, the task author can use `params` for `secret.name`, `configmap.name` and `serviceaccounttoken.audience` in a Projected Volume. See examples of use cases in #2597 Fixes #2597 --- docs/tasks.md | 2 +- pkg/reconciler/taskrun/resources/apply.go | 13 ++++++++++ .../taskrun/resources/apply_test.go | 24 +++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/docs/tasks.md b/docs/tasks.md index f736696bce7..3ab55ac1d86 100644 --- a/docs/tasks.md +++ b/docs/tasks.md @@ -545,7 +545,7 @@ The `description` field is an optional field that allows you to add an informati `Tasks` allow you to substitute variable names for the following entities: -- [Parameters and resources]](#substituting-parameters-and-resources) +- [Parameters and resources](#substituting-parameters-and-resources) - [`Array` parameters](#substituting-array-parameters) - [`Workspaces`](#substituting-workspace-paths) - [`Volume` names and types](#substituting-volume-names-and-paths) diff --git a/pkg/reconciler/taskrun/resources/apply.go b/pkg/reconciler/taskrun/resources/apply.go index 42e9344293b..dfbf6ece3da 100644 --- a/pkg/reconciler/taskrun/resources/apply.go +++ b/pkg/reconciler/taskrun/resources/apply.go @@ -166,6 +166,19 @@ func ApplyReplacements(spec *v1beta1.TaskSpec, stringReplacements map[string]str if v.PersistentVolumeClaim != nil { spec.Volumes[i].PersistentVolumeClaim.ClaimName = substitution.ApplyReplacements(v.PersistentVolumeClaim.ClaimName, stringReplacements) } + if v.Projected != nil { + for _, s := range spec.Volumes[i].Projected.Sources { + if s.ConfigMap != nil { + s.ConfigMap.Name = substitution.ApplyReplacements(s.ConfigMap.Name, stringReplacements) + } + if s.Secret != nil { + s.Secret.Name = substitution.ApplyReplacements(s.Secret.Name, stringReplacements) + } + if s.ServiceAccountToken != nil { + s.ServiceAccountToken.Audience = substitution.ApplyReplacements(s.ServiceAccountToken.Audience, stringReplacements) + } + } + } } // Apply variable substitution to the sidecar definitions diff --git a/pkg/reconciler/taskrun/resources/apply_test.go b/pkg/reconciler/taskrun/resources/apply_test.go index 99b4e2990c8..3fd2acc1ef6 100644 --- a/pkg/reconciler/taskrun/resources/apply_test.go +++ b/pkg/reconciler/taskrun/resources/apply_test.go @@ -159,6 +159,27 @@ var ( ClaimName: "$(inputs.params.FOO)", }, }, + }, { + Name: "some-projected-volumes", + VolumeSource: corev1.VolumeSource{ + Projected: &corev1.ProjectedVolumeSource{ + Sources: []corev1.VolumeProjection{{ + ConfigMap: &corev1.ConfigMapProjection{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "$(inputs.params.FOO)", + }, + }, + Secret: &corev1.SecretProjection{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "$(inputs.params.FOO)", + }, + }, + ServiceAccountToken: &corev1.ServiceAccountTokenProjection{ + Audience: "$(inputs.params.FOO)", + }, + }}, + }, + }, }}, Resources: &v1beta1.TaskResources{ Inputs: []v1beta1.TaskResource{{ @@ -515,6 +536,9 @@ func TestApplyParameters(t *testing.T) { spec.Volumes[0].VolumeSource.ConfigMap.LocalObjectReference.Name = "world" spec.Volumes[1].VolumeSource.Secret.SecretName = "world" spec.Volumes[2].VolumeSource.PersistentVolumeClaim.ClaimName = "world" + spec.Volumes[3].VolumeSource.Projected.Sources[0].ConfigMap.Name = "world" + spec.Volumes[3].VolumeSource.Projected.Sources[0].Secret.Name = "world" + spec.Volumes[3].VolumeSource.Projected.Sources[0].ServiceAccountToken.Audience = "world" spec.Sidecars[0].Container.Image = "bar" spec.Sidecars[0].Container.Env[0].Value = "world"