Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

switch trigger sa ref from global to namespace scoped #704

Merged
merged 1 commit into from
Aug 11, 2020
Merged

switch trigger sa ref from global to namespace scoped #704

merged 1 commit into from
Aug 11, 2020

Conversation

gabemontero
Copy link
Contributor

@gabemontero gabemontero commented Aug 10, 2020
edited
Loading

Changes

So in getting caught up on some thing related to the trigger crd tep, I came across this type and #628

It appears to me that to some extent there was a simple copy done in #628 of https://github.com/tektoncd/triggers/blob/master/pkg/apis/triggers/v1alpha1/event_listener_types.go#L77-L92
including my verbose comment and TODO around the ServiceAccount field.

Now, as already indicated in tektoncd/community#148 and the use of a string type serviceAccountName, as well in the WG discussion, any SA assoicated with a Trigger should be in the same namespace as the trigger

So why make this correction now vs. just waiting until the TEP is implemented?

@dibyom 's comment #628 (comment) is what motivated me to submit this for consideration.

If the "run CLI tool" item noted there drops with sufficient time before the tep does, then we don't want the precedent of triggers using SAs from other namespaces being established.

Thoughts @khrm @dibyom @dorismeixing ?

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Release Notes

@tekton-robot tekton-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Aug 10, 2020
@gabemontero
Copy link
Contributor Author

BTW, reducing the scope of https://github.com/tektoncd/triggers/blob/master/pkg/apis/triggers/v1alpha1/event_listener_types.go#L91 could also be a consderation, though maybe that is a bit muddied by any pre tektoncd/community#148 attempts to have a single event listener in one namespace manage triggers / interceptors in multilpe namespaces

My thought was to tackle that possible discussion separately, but don't feel strongly about that.

@gabemontero
Copy link
Contributor Author

/assign @dibyom
/assign @khrm

khrm
khrm approved these changes Aug 10, 2020
View reviewed changes
Copy link
Contributor

@khrm khrm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Aug 10, 2020
@gabemontero gabemontero mentioned this pull request Aug 11, 2020
Merged
@dibyom
Copy link
Member

dibyom commented Aug 11, 2020

SGTM, the CLI basically ignores the SA field at the moment but this makes it future proof

/approve

@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dibyom, khrm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 11, 2020
@tekton-robot tekton-robot merged commit 44a7079 into tektoncd:master Aug 11, 2020
@gabemontero gabemontero deleted the trigger-sa-2-ns-scope branch August 11, 2020 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khrm khrm khrm approved these changes

@bobcatfish bobcatfish Awaiting requested review from bobcatfish

@wlynch wlynch Awaiting requested review from wlynch

Assignees

@khrm khrm

@dibyom dibyom

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@gabemontero @dibyom @tekton-robot @khrm