Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix that the controller did not use creator's token to trigger a Jenkins job #384

Merged
merged 4 commits into from Nov 29, 2021
Merged

Fix that the controller did not use creator's token to trigger a Jenkins job #384

merged 4 commits into from Nov 29, 2021

Conversation

JohnNiang
Copy link
Member

@JohnNiang JohnNiang commented Nov 26, 2021
edited

What dose this PR?

  1. Add devops.kubesphere.io/creator into annotations of PipelineRun
  2. Trigger PipelineRun with specific token which is issued by devops.kubesphere.io/creator

Why do we need it?

At present, if we trigger a Pipeline using non-admin account, we will get message Started by admin always.

Steps to test

Docker images for test:

johnniang/devops-apiserver:dev-v3.2.1-rc.1-2debd81
johnniang/devops-controller:dev-v3.2.1-rc.1-2debd81
  1. Create a Workspace, DevOps Project, Pipeline using admin account
  2. Create another account tester and invite him/her into that Workspace and DevOps Project
  3. Trigger that Pipeline using tester account
  4. See the Last Message column

image

/kind bug
/milestone v3.2
/cc @kubesphere/sig-devops

@JohnNiang
Trigger PipelineRun with creator
4deb5d9 
Signed-off-by: John Niang <johnniang@fastmail.com>
@ks-ci-bot ks-ci-bot requested a review from a team November 26, 2021 15:34
@ks-ci-bot
Copy link
Collaborator

@JohnNiang: You must be a member of the kubesphere/milestone-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your and have them propose you as an additional delegate for this responsibility.

In response to this:

What dose this PR?

  1. Add devops.kubesphere.io/creator into annotations of PipelineRun
  2. Trigger PipelineRun with specific token which is issued by devops.kubesphere.io/creator

Why do we need it?

At present, if we trigger a Pipeline using non-admin account, we will get message Started by admin always.

Steps to test

Docker images for test:

johnniang/devops-controller:dev-v3.2.1-rc.1-4deb5d9
johnniang/devops-apiserver:dev-v3.2.1-rc.1-4deb5d9
  1. Create a Workspace, DevOps Project, Pipeline using admin account
  2. Create another account tester and invite him/her into that Workspace and DevOps Project
  3. Trigger that Pipeline using tester account
  4. See the Last Message column

/kind bug
/milestone v3.2
/cc @kubesphere/sig-devops

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ks-ci-bot ks-ci-bot added kind/bug Categorizes issue or PR as related to a bug. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 26, 2021
@codecov
Copy link

codecov bot commented Nov 26, 2021
edited

Codecov Report

Merging #384 (2debd81) into master (ba24eff) will increase coverage by 0.05%.
The diff coverage is 36.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master    #384      +/-   ##
=========================================
+ Coverage    7.72%   7.78%   +0.05%     
=========================================
  Files          96      96              
  Lines       21582   21605      +23     
=========================================
+ Hits         1668    1682      +14     
- Misses      19791   19799       +8     
- Partials      123     124       +1
Flag Coverage Δ
unittests 7.78% <36.00%> (+0.05%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
cmd/tools/jwt/app/jwt_root.go 100.00% <ø> (ø)
pkg/api/devops/v1alpha3/groupversion_info.go 0.00% <ø> (ø)
pkg/jwt/token/jwt.go 54.54% <ø> (ø)
pkg/kapis/devops/v1alpha3/pipelinerun/handler.go 0.00% <0.00%> (ø)
...lers/jenkins/pipelinerun/pipelinerun_controller.go 16.47% <50.00%> (+4.13%) ⬆️
controllers/s2irun/s2irun_controller.go 33.57% <0.00%> (-3.65%) ⬇️
...rs/devopscredential/devopscredential_controller.go 36.48% <0.00%> (+3.37%) ⬆️
controllers/pipeline/pipeline_controller.go 41.91% <0.00%> (+3.67%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ba24eff...2debd81. Read the comment docs.

@LinuxSuRen
Copy link
Member

/cherrypick release-3.2

@ks-ci-bot
Copy link
Collaborator

@LinuxSuRen: once the present PR merges, I will cherry-pick it on top of release-3.2 in a new PR and assign it to you.

In response to this:

/cherrypick release-3.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

LinuxSuRen
LinuxSuRen requested changes Nov 27, 2021
View reviewed changes
cmd/controller/app/options/options.go Outdated Show resolved Hide resolved
controllers/jenkins/pipelinerun/pipelinerun_controller.go Outdated Show resolved Hide resolved
controllers/jenkins/pipelinerun/pipelinerun_controller.go Outdated Show resolved Hide resolved
controllers/jenkins/pipelinerun/pipelinerun_controller.go Outdated Show resolved Hide resolved
@JohnNiang
Add JWTOptions option to replce AuthenticationOptions
0e88c48 
Signed-off-by: John Niang <johnniang@fastmail.com>
@JohnNiang
Refine PipelineRun controller according review
311a9b9 
Signed-off-by: John Niang <johnniang@fastmail.com>
@JohnNiang
Copy link
Member Author

/label tide/merge-method-squash

@ks-ci-bot ks-ci-bot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Nov 28, 2021
LinuxSuRen
LinuxSuRen requested changes Nov 29, 2021
View reviewed changes
cmd/controller/app/controllers.go Outdated Show resolved Hide resolved
@JohnNiang
Move JWT from apiserver package to common
2debd81 
Signed-off-by: John Niang <johnniang@fastmail.com>
@JohnNiang
Copy link
Member Author

/retest Test

@ks-ci-bot
Copy link
Collaborator

@JohnNiang: No presubmit jobs available for kubesphere/ks-devops@master

In response to this:

/retest Test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@JohnNiang
Copy link
Member Author

/test ?

@ks-ci-bot
Copy link
Collaborator

@JohnNiang: No presubmit jobs available for kubesphere/ks-devops@master

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@JohnNiang
Copy link
Member Author

I've run make test in my local environment many times, and it always passes.

image

I'm going to re-run the workflow by closing and reopening this PR.

@JohnNiang JohnNiang closed this Nov 29, 2021
@JohnNiang JohnNiang reopened this Nov 29, 2021
@JohnNiang
Copy link
Member Author

/ping @kubesphere/sig-devops

@LinuxSuRen
Copy link
Member

hi @JohnNiang , The real problem is that the controller didn't use the correct user to trigger a Jenkins job.

showing wrong message "started by admin" while triggering by non-admin user describes a UI issue.

So, I suggest you provide a more accurate title.

@JohnNiang
Copy link
Member Author

hi @JohnNiang , The real problem is that the controller didn't use the correct user to trigger a Jenkins job.

showing wrong message "started by admin" while triggering by non-admin user describes a UI issue.

So, I suggest you provide a more accurate title.

Thanks for your suggestion!

/retitle Enable the controller to trigger a Jenkins job with the token of the creator

@ks-ci-bot ks-ci-bot changed the title Fix the problem of showing wrong message "started by admin" while triggering by non-admin user Enable the controller to trigger a Jenkins job with the token of the creator Nov 29, 2021
@JohnNiang
Copy link
Member Author

/retitle Fix that the controller did not use creator's token to trigger a Jenkins job

@ks-ci-bot ks-ci-bot changed the title Enable the controller to trigger a Jenkins job with the token of the creator Fix that the controller did not use creator's token to trigger a Jenkins job Nov 29, 2021
LinuxSuRen
LinuxSuRen reviewed Nov 29, 2021
View reviewed changes
Copy link
Member

@LinuxSuRen LinuxSuRen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tested it manually. It works well.
/lgtm
/approve

@ks-ci-bot ks-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 29, 2021
@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang, LinuxSuRen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ks-ci-bot ks-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 29, 2021
@ks-ci-bot ks-ci-bot merged commit 4757017 into kubesphere:master Nov 29, 2021
@JohnNiang JohnNiang deleted the bug/trigger-pipelinerun branch November 29, 2021 13:21
@ks-ci-bot ks-ci-bot mentioned this pull request Nov 29, 2021
Merged
@ks-ci-bot
Copy link
Collaborator

@LinuxSuRen: new pull request created: #388

In response to this:

/cherrypick release-3.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@JohnNiang JohnNiang linked an issue Dec 2, 2021 that may be closed by this pull request
Last message is wrong in activity of pipeline list #249
Closed
@JohnNiang JohnNiang mentioned this pull request Dec 2, 2021
Closed
@JohnNiang JohnNiang added this to the v3.2 milestone Dec 2, 2021
@JohnNiang JohnNiang mentioned this pull request Mar 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LinuxSuRen LinuxSuRen LinuxSuRen requested changes

Assignees

@LinuxSuRen LinuxSuRen

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
v3.2
Development

Successfully merging this pull request may close these issues.

Last message is wrong in activity of pipeline list
3 participants
@JohnNiang @ks-ci-bot @LinuxSuRen