Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update securityContext to include required configurations when the flag el-security-context is enabled #1736

Merged
merged 1 commit into from
Jun 5, 2024
Merged

Update securityContext to include required configurations when the flag el-security-context is enabled #1736

merged 1 commit into from
Jun 5, 2024

Conversation

savitaashture
Copy link
Contributor

@savitaashture savitaashture commented May 20, 2024
edited
Loading

As part of this PR, when the flag el-security-context is enabled the securityContext have all configuration
except RunAsUser and RunAsGroup

Added new fields default-run-as-user and default-run-as-group to config-defaults-triggers configmap so that RunAsUser and RunAsGroup can be now configured through CM

This change handles cases in environments where user ID 65532 is not allowed, such as OpenShift.

Signed-off-by: Savita Ashture sashture@redhat.com

Changes

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs if any changes are user facing, including updates to minimum requirements e.g. Kubernetes version bumps
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including functionality, content, code)
  • Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings). See some examples of good release notes.
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

* el-security-context flag will set securityContext except RunAsUser and RunAsGroup
* Added new fields default-run-as-user and default-run-as-group to config-defaults-triggers configmap so that RunAsUser and RunAsGroup can be now configured through CM

@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label May 20, 2024
@tekton-robot tekton-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 20, 2024
@savitaashture savitaashture requested review from dibyom and removed request for bobcatfish May 20, 2024 07:25
khrm
khrm reviewed May 20, 2024
View reviewed changes
Copy link
Contributor

@khrm khrm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/kind feature

@tekton-robot tekton-robot added the kind/feature Categorizes issue or PR as related to a new feature. label May 20, 2024
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-none Denotes a PR that doesnt merit a release note. labels May 29, 2024
@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-triggers-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/config/default.go 92.3% 51.9% -40.5
pkg/reconciler/eventlistener/eventlistener.go 71.3% 71.5% 0.2

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-triggers-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/config/default.go 92.3% 81.5% -10.8
pkg/reconciler/eventlistener/eventlistener.go 71.3% 71.5% 0.2

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-triggers-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/config/default.go 92.3% 88.9% -3.4
pkg/reconciler/eventlistener/eventlistener.go 71.3% 71.5% 0.2

@dibyom
Copy link
Member

dibyom commented May 31, 2024

One nit and looks like we need to fix the yaml files. Otherwise, LGTM

pkg/apis/config/testdata/config-defaults-triggers-empty-val.yaml
  24:1      error    too many blank lines (1 > 0)  (empty-lines)
pkg/apis/config/testdata/config-defaults-triggers.yaml
  24:1      error    too many blank lines (1 > 0)  (empty-lines)

/approve

@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dibyom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 31, 2024
@savitaashture
Update securityContext to include required configurations other than …
cf79605 
…runAsUser and runAsGroup

As part of this PR, when the flag el-security-context is enabled the securityContext have all configuration
except RunAsUser and RunAsGroup
Added new fields default-run-as-user and default-run-as-group to config-defaults-triggers configmap so that RunAsUser and RunAsGroup can be now configured through CM
This change handles cases in environments where user ID 65532 is not allowed, such as OpenShift.

Signed-off-by: Savita Ashture <sashture@redhat.com>
@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-triggers-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/config/default.go 92.3% 88.9% -3.4
pkg/reconciler/eventlistener/eventlistener.go 71.3% 71.5% 0.2

@savitaashture
Copy link
Contributor Author

@khrm PTAL
Thank you

khrm
khrm reviewed Jun 5, 2024
View reviewed changes
Copy link
Contributor

@khrm khrm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 5, 2024
@tekton-robot tekton-robot merged commit b7f0ebb into tektoncd:main Jun 5, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khrm khrm khrm left review comments

@dibyom dibyom Awaiting requested review from dibyom

Assignees

@khrm khrm

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@savitaashture @tekton-robot @dibyom @khrm