From 7a816b71ba275ae43a68793d0acb5f543842b5a1 Mon Sep 17 00:00:00 2001 From: Chuang Wang Date: Thu, 20 Oct 2022 07:42:25 -0700 Subject: [PATCH] Feature flag for provenance field in status Introduced a dedicated feature flag of boolean type named "enable-provenance-in-status" in feature-flags configmap to enable the provenance field in status. The `provenance` field was introducted to *run status in https://github.com/tektoncd/pipeline/pull/5580 status to record authenticated metadata about how a software artifact was built i.e. the source where remote resource came from. By default, this feature flag is false. Signed-off-by: Chuang Wang --- config/config-feature-flags.yaml | 4 ++++ docs/install.md | 21 ++++++++++++------- docs/pipelineruns.md | 1 + pkg/apis/config/feature_flags.go | 7 +++++++ pkg/apis/config/feature_flags_test.go | 17 ++++++++------- .../testdata/feature-flags-all-flags-set.yaml | 1 + 6 files changed, 37 insertions(+), 14 deletions(-) diff --git a/config/config-feature-flags.yaml b/config/config-feature-flags.yaml index 843f03e2515..0b1ebbf5a9f 100644 --- a/config/config-feature-flags.yaml +++ b/config/config-feature-flags.yaml @@ -81,3 +81,7 @@ data: # Setting this flag to "true" enables CloudEvents for Runs, as long as a # CloudEvents sink is configured in the config-defaults config map send-cloudevents-for-runs: "false" + # Setting this flag to "true" enables populating the "provenance" field in TaskRun + # and PipelineRun status. This field contains the key authenticated metadata about how a + # software artifact was built i.e. the source where remote resource came from. + enable-provenance-in-status: "false" diff --git a/docs/install.md b/docs/install.md index c67249b349e..59a04785708 100644 --- a/docs/install.md +++ b/docs/install.md @@ -442,6 +442,11 @@ features](#alpha-features) to be used. name, kind, and API version information for each `TaskRun` and `Run` in the `PipelineRun` instead. Set it to "both" to do both. For more information, see [Configuring usage of `TaskRun` and `Run` embedded statuses](pipelineruns.md#configuring-usage-of-taskrun-and-run-embedded-statuses). +- `enable-provenance-in-status`: set this flag to "true" to enable recording + the `provenance` field in `TaskRun` and `PipelineRun` status. The `provenance` field contains + the key authenticated metadata about how a software artifact was built i.e. the source + where remote resource came from. + For example: ```yaml @@ -455,15 +460,16 @@ data: ### Alpha Features -Alpha features are still in development and their syntax is subject to change. -To enable these, set the `enable-api-fields` feature flag to `"alpha"` in -the `feature-flags` ConfigMap alongside your Tekton Pipelines deployment via -`kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}'`. -Setting `enable-api-fields` to "alpha" also enables [beta features](#beta-features). +Alpha features in the following table are still in development and their syntax is subject to change. +- To enable the features ***without*** an individual flag: + set the `enable-api-fields` feature flag to `"alpha"` in the `feature-flags` ConfigMap alongside your Tekton Pipelines deployment via `kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"enable-api-fields":"alpha"}}'`. +- To enable the features ***with*** an individual flag: + set the individual flag accordingly in the `feature-flag` ConfigMap alongside your Tekton Pipelines deployment. Example: `kubectl patch cm feature-flags -n tekton-pipelines -p '{"data":{"":""}}'`. + Features currently in "alpha" are: -| Feature | TEP | Release | Individual Flag | +| Feature | Proposal | Release | Individual Flag | |:------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:----------------------------| | [Bundles ](./pipelineruns.md#tekton-bundles) | [TEP-0005](https://github.com/tektoncd/community/blob/main/teps/0005-tekton-oci-bundles.md) | [v0.18.0](https://github.com/tektoncd/pipeline/releases/tag/v0.18.0) | `enable-tekton-oci-bundles` | | [`Runs` and `Custom Tasks`](./runs.md) | [TEP-0002](https://github.com/tektoncd/community/blob/main/teps/0002-custom-tasks.md) | [v0.19.0](https://github.com/tektoncd/pipeline/releases/tag/v0.19.0) | `enable-custom-tasks` | @@ -475,11 +481,12 @@ Features currently in "alpha" are: | [Debug](./debug.md) | [TEP-0042](https://github.com/tektoncd/community/blob/main/teps/0042-taskrun-breakpoint-on-failure.md) | [v0.26.0](https://github.com/tektoncd/pipeline/releases/tag/v0.26.0) | | | [Step and Sidecar Overrides](./taskruns.md#overriding-task-steps-and-sidecars) | [TEP-0094](https://github.com/tektoncd/community/blob/main/teps/0094-specifying-resource-requirements-at-runtime.md) | [v0.34.0](https://github.com/tektoncd/pipeline/releases/tag/v0.34.0) | | | [Matrix](./matrix.md) | [TEP-0090](https://github.com/tektoncd/community/blob/main/teps/0090-matrix.md) | [v0.38.0](https://github.com/tektoncd/pipeline/releases/tag/v0.38.0) | | -| [Embedded Statuses](pipelineruns.md#configuring-usage-of-taskrun-and-run-embedded-statuses) | [TEP-0100](https://github.com/tektoncd/community/blob/main/teps/0100-embedded-taskruns-and-runs-status-in-pipelineruns.md) | [v0.35.0](https://github.com/tektoncd/pipeline/releases/tag/v0.35.0) | embedded-status | +| [Embedded Statuses](pipelineruns.md#configuring-usage-of-taskrun-and-run-embedded-statuses) | [TEP-0100](https://github.com/tektoncd/community/blob/main/teps/0100-embedded-taskruns-and-runs-status-in-pipelineruns.md) | [v0.35.0](https://github.com/tektoncd/pipeline/releases/tag/v0.35.0) | `embedded-status` | | [Task-level Resource Requirements](compute-resources.md#task-level-compute-resources-configuration) | [TEP-0104](https://github.com/tektoncd/community/blob/main/teps/0104-tasklevel-resource-requirements.md) | [v0.39.0](https://github.com/tektoncd/pipeline/releases/tag/v0.39.0) | | | [CSI Workspace Type](workspaces.md#csi) | N/A | [v0.38.0](https://github.com/tektoncd/pipeline/releases/tag/v0.38.0) | | | [Object Params and Results](pipelineruns.md#specifying-parameters) | [TEP-0075](https://github.com/tektoncd/community/blob/main/teps/0075-object-param-and-result-types.md) | [v0.38.0](https://github.com/tektoncd/pipeline/releases/tag/v0.38.0) | | | [Array Results](pipelineruns.md#specifying-parameters) | [TEP-0076](https://github.com/tektoncd/community/blob/main/teps/0076-array-result-types.md) | [v0.38.0](https://github.com/tektoncd/pipeline/releases/tag/v0.38.0) | | +|[`Provenance`](pipeline-api.md#provenance) field in Status|[issue#5550](https://github.com/tektoncd/pipeline/issues/5550)|N/A|`enable-provenance-in-status`| ### Beta Features diff --git a/docs/pipelineruns.md b/docs/pipelineruns.md index 7043a8013ec..73987f8c9f8 100644 --- a/docs/pipelineruns.md +++ b/docs/pipelineruns.md @@ -1386,6 +1386,7 @@ Your `PipelineRun`'s `status` field can contain the following fields: - [`kind`][kubernetes-overview] - Generally either `TaskRun` or `Run`. - [`apiVersion`][kubernetes-overview] - The API version for the underlying `TaskRun` or `Run`. - [`whenExpressions`](pipelines.md#guard-task-execution-using-when-expressions) - The list of when expressions guarding the execution of this task. + - `provenance` - A list of fields recording the key authenticated metadata about how a software artifact was built i.e. the source where remote resource came from. ### Configuring usage of `TaskRun` and `Run` embedded statuses diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go index 7fe56eb5926..2e92c112601 100644 --- a/pkg/apis/config/feature_flags.go +++ b/pkg/apis/config/feature_flags.go @@ -64,6 +64,8 @@ const ( DefaultEmbeddedStatus = FullEmbeddedStatus // DefaultEnableSpire is the default value for "enable-spire". DefaultEnableSpire = false + // DefaultEnableProvenanceInStatus is the default value for "enable-provenance-status". + DefaultEnableProvenanceInStatus = false disableAffinityAssistantKey = "disable-affinity-assistant" disableCredsInitKey = "disable-creds-init" @@ -76,6 +78,7 @@ const ( sendCloudEventsForRuns = "send-cloudevents-for-runs" embeddedStatus = "embedded-status" enableSpire = "enable-spire" + enableProvenanceInStatus = "enable-provenance-in-status" ) // FeatureFlags holds the features configurations @@ -93,6 +96,7 @@ type FeatureFlags struct { AwaitSidecarReadiness bool EmbeddedStatus string EnableSpire bool + EnableProvenanceInStatus bool } // GetFeatureFlagsConfigName returns the name of the configmap containing all @@ -144,6 +148,9 @@ func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) { if err := setEmbeddedStatus(cfgMap, DefaultEmbeddedStatus, &tc.EmbeddedStatus); err != nil { return nil, err } + if err := setFeature(enableProvenanceInStatus, DefaultEnableProvenanceInStatus, &tc.EnableProvenanceInStatus); err != nil { + return nil, err + } // Given that they are alpha features, Tekton Bundles and Custom Tasks should be switched on if // enable-api-fields is "alpha". If enable-api-fields is not "alpha" then fall back to the value of diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go index 06b0c7ed91c..02b889c2252 100644 --- a/pkg/apis/config/feature_flags_test.go +++ b/pkg/apis/config/feature_flags_test.go @@ -38,13 +38,14 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) { RunningInEnvWithInjectedSidecars: true, RequireGitSSHSecretKnownHosts: false, - DisableCredsInit: config.DefaultDisableCredsInit, - AwaitSidecarReadiness: config.DefaultAwaitSidecarReadiness, - EnableTektonOCIBundles: config.DefaultEnableTektonOciBundles, - EnableCustomTasks: config.DefaultEnableCustomTasks, - EnableAPIFields: config.DefaultEnableAPIFields, - SendCloudEventsForRuns: config.DefaultSendCloudEventsForRuns, - EmbeddedStatus: config.DefaultEmbeddedStatus, + DisableCredsInit: config.DefaultDisableCredsInit, + AwaitSidecarReadiness: config.DefaultAwaitSidecarReadiness, + EnableTektonOCIBundles: config.DefaultEnableTektonOciBundles, + EnableCustomTasks: config.DefaultEnableCustomTasks, + EnableAPIFields: config.DefaultEnableAPIFields, + SendCloudEventsForRuns: config.DefaultSendCloudEventsForRuns, + EmbeddedStatus: config.DefaultEmbeddedStatus, + EnableProvenanceInStatus: config.DefaultEnableProvenanceInStatus, }, fileName: config.GetFeatureFlagsConfigName(), }, @@ -60,6 +61,7 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) { SendCloudEventsForRuns: true, EmbeddedStatus: "both", EnableSpire: true, + EnableProvenanceInStatus: true, }, fileName: "feature-flags-all-flags-set", }, @@ -150,6 +152,7 @@ func TestNewFeatureFlagsFromEmptyConfigMap(t *testing.T) { SendCloudEventsForRuns: config.DefaultSendCloudEventsForRuns, EmbeddedStatus: config.DefaultEmbeddedStatus, EnableSpire: config.DefaultEnableSpire, + EnableProvenanceInStatus: config.DefaultEnableProvenanceInStatus, } verifyConfigFileWithExpectedFeatureFlagsConfig(t, FeatureFlagsConfigEmptyName, expectedConfig) } diff --git a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml index 751d6670185..8b7a8cecc81 100644 --- a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml +++ b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml @@ -28,3 +28,4 @@ data: send-cloudevents-for-runs: "true" embedded-status: "both" enable-spire: "true" + enable-provenance-in-status: "true"