Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TEP-0089] Apis to handle SPIRE signing and verification. #5647

Merged
merged 1 commit into from
Oct 20, 2022
Merged

[TEP-0089] Apis to handle SPIRE signing and verification. #5647

merged 1 commit into from
Oct 20, 2022

Conversation

jagathprakash
Copy link
Member

@jagathprakash jagathprakash commented Oct 17, 2022
edited
Loading

Changes

Breaking down PR #4759 originally proposed by @pxp928 to address TEP-0089
according @lumjjb suggestions.
Plan for breaking down PR is
PR 1.1: api
PR 1.2: entrypointer (+cmd line + test/entrypointer)
Entrypoint takes results and signs the results (termination message).
PR 1.3: reconciler + pod + cmd/controller + integration tests
Controller will verify the signed result.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

@tekton-robot
Copy link
Collaborator

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@tekton-robot tekton-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 17, 2022
@jagathprakash
Copy link
Member Author

/assign @pxp928

@tekton-robot
Copy link
Collaborator

@jagathprakash: GitHub didn't allow me to assign the following users: pxp928.

Note that only tektoncd members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @pxp928

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jagathprakash
Copy link
Member Author

/assign @pxp928

@tekton-robot
Copy link
Collaborator

@jagathprakash: GitHub didn't allow me to assign the following users: pxp928.

Note that only tektoncd members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @pxp928

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jagathprakash
Copy link
Member Author

/assign @lumjjb

@tekton-robot
Copy link
Collaborator

@jagathprakash: GitHub didn't allow me to assign the following users: lumjjb.

Note that only tektoncd members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @lumjjb

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jagathprakash
Copy link
Member Author

/assign @lumjjb

@tekton-robot
Copy link
Collaborator

@jagathprakash: GitHub didn't allow me to assign the following users: lumjjb.

Note that only tektoncd members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @lumjjb

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@pxp928
Copy link
Member

pxp928 commented Oct 17, 2022

Thanks @jagathprakash. Not sure why its not assigning me as I am part of the tektoncd members.

@jagathprakash
Copy link
Member Author

Thanks @jagathprakash. Not sure why its not assigning me as I am part of the tektoncd members.

@pxp928, @lumjjb I tried to assign both of you but could not. Please do take a look. Thanks!

@lumjjb
Copy link
Contributor

lumjjb commented Oct 17, 2022

This looks good!! Thanks @jagathprakash for helping to modularize the PR! I think it should be good to get out of draft?

@tekton-robot tekton-robot added release-note-none Denotes a PR that doesnt merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Oct 17, 2022
@afrittoli
Copy link
Member

@jagathprakash Thanks for your PR!
As you finalise the PR, could you remove the merge commits and make sure the PR is only made of one commit (two or three may also be ok, if needed). Thank you!

@jagathprakash
Copy link
Member Author

@jagathprakash Thanks for your PR! As you finalise the PR, could you remove the merge commits and make sure the PR is only made of one commit (two or three may also be ok, if needed). Thank you!

Done. Thanks!

@jagathprakash jagathprakash reopened this Oct 17, 2022
@jagathprakash jagathprakash marked this pull request as ready for review October 17, 2022 21:28
@tekton-robot tekton-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 17, 2022
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/config/feature_flags.go 78.9% 78.3% -0.6
pkg/apis/pipeline/v1beta1/taskrun_types.go 76.9% 78.2% 1.3

@jagathprakash
Copy link
Member Author

This looks good!! Thanks @jagathprakash for helping to modularize the PR! I think it should be good to get out of draft?

Removed out of draft.

@jagathprakash jagathprakash changed the title Spire_apis [TEP-0089] Apis to handle SPIRE signing and verification. Oct 18, 2022
@jagathprakash
Copy link
Member Author

/kind feature

@tekton-robot tekton-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 18, 2022
@florianl @jagathprakash
[TEP-0089] Apis to handle SPIRE signing and verification.
9f4ae40 
This is the first PR to breakdown PR #4759
proposed by @pxp928
according @lumjjb suggestions.
Plan for breaking down PR is
PR 1.1: api
PR 1.2: entrypointer (+cmd line + test/entrypointer)
Entrypoint takes results and signs the results (termination message).
PR 1.3: reconciler + pod + cmd/controller + integration tests
Controller will verify the signed result.
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/apis/config/feature_flags.go 78.9% 78.3% -0.6
pkg/apis/pipeline/v1beta1/taskrun_types.go 76.9% 78.2% 1.3

afrittoli
afrittoli reviewed Oct 19, 2022
View reviewed changes
Copy link
Member

@afrittoli afrittoli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay, thanks for this, looking forward to this feature!
/approve

pkg/apis/pipeline/v1beta1/taskrun_types.go Show resolved Hide resolved
pkg/apis/config/feature_flags.go
Comment on lines +65 to +66
// DefaultEnableSpire is the default value for "enable-spire".
DefaultEnableSpire = false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: The flag is not in the config map YAML under config/ and not in the docs, which makes sense since the feature is not available yet. Perhaps we could have a comment here saying that the feature is not yet available?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment would be invalid in an immediate next PR. Will skip for now. Let me know if you feel strongly about it and I can add it.

@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: afrittoli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 19, 2022
@dibyom
Copy link
Member

dibyom commented Oct 20, 2022

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 20, 2022
@jagathprakash
Copy link
Member Author

/retest

@tekton-robot tekton-robot merged commit 07bf470 into tektoncd:main Oct 20, 2022
@jagathprakash jagathprakash deleted the spire_apis branch October 20, 2022 17:30
@jagathprakash jagathprakash mentioned this pull request Feb 22, 2023
Closed
7 tasks
This was referenced Apr 12, 2023
Merged
Merged
This was referenced Apr 28, 2023
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afrittoli afrittoli afrittoli left review comments

@dibyom dibyom Awaiting requested review from dibyom

@imjasonh imjasonh Awaiting requested review from imjasonh

@pritidesai pritidesai Awaiting requested review from pritidesai

Assignees

@dibyom dibyom

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@jagathprakash @tekton-robot @pxp928 @lumjjb @afrittoli @dibyom @florianl