From c98847b79df325893c76dbdf22ce50a841934214 Mon Sep 17 00:00:00 2001 From: Yongxuan Zhang Date: Thu, 19 Oct 2023 19:14:14 +0000 Subject: [PATCH] [TEP-0145] Add CEL field to WhenExpression, and feature flag to guard the field add cel to the WhenExpression, a feature flag enable-cel-in-whenexpression to guard thie new api field. Signed-off-by: Yongxuan Zhang yongxuanzhang@google.com --- docs/pipeline-api.md | 28 ++++++++ pkg/apis/config/feature_flags.go | 9 ++- pkg/apis/config/feature_flags_test.go | 4 ++ .../testdata/feature-flags-all-flags-set.yaml | 1 + ...-invalid-enable-cel-in-whenexpression.yaml | 21 ++++++ pkg/apis/pipeline/v1/openapi_generated.go | 10 ++- pkg/apis/pipeline/v1/pipeline_validation.go | 8 +-- pkg/apis/pipeline/v1/swagger.json | 15 ++--- pkg/apis/pipeline/v1/when_types.go | 12 +++- pkg/apis/pipeline/v1/when_validation.go | 22 +++++-- pkg/apis/pipeline/v1/when_validation_test.go | 41 +++++++++++- .../pipeline/v1beta1/openapi_generated.go | 10 ++- .../pipeline/v1beta1/pipeline_validation.go | 8 +-- pkg/apis/pipeline/v1beta1/swagger.json | 15 ++--- pkg/apis/pipeline/v1beta1/when_types.go | 12 +++- pkg/apis/pipeline/v1beta1/when_validation.go | 22 +++++-- .../pipeline/v1beta1/when_validation_test.go | 65 ++++++++++++++++++- 17 files changed, 250 insertions(+), 53 deletions(-) create mode 100644 pkg/apis/config/testdata/feature-flags-invalid-enable-cel-in-whenexpression.yaml diff --git a/docs/pipeline-api.md b/docs/pipeline-api.md index 573745f4a61..9b73b9e7e40 100644 --- a/docs/pipeline-api.md +++ b/docs/pipeline-api.md @@ -5782,6 +5782,20 @@ k8s.io/apimachinery/pkg/selection.Operator It must be non-empty

+ + +cel
+ +string + + + +(Optional) +

CEL is a string of Common Language Expression, which can be used to conditionally execute +the task based on the result of the expression evaluation +More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md

+ +

WhenExpressions @@ -14549,6 +14563,20 @@ k8s.io/apimachinery/pkg/selection.Operator It must be non-empty

+ + +cel
+ +string + + + +(Optional) +

CEL is a string of Common Language Expression, which can be used to conditionally execute +the task based on the result of the expression evaluation +More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md

+ +

WhenExpressions diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go index 5ad99f228ee..c284a9dbef9 100644 --- a/pkg/apis/config/feature_flags.go +++ b/pkg/apis/config/feature_flags.go @@ -92,6 +92,10 @@ const ( KeepPodOnCancel = "keep-pod-on-cancel" // DefaultEnableKeepPodOnCancel is the default value for "keep-pod-on-cancel" DefaultEnableKeepPodOnCancel = false + // EnableCelInWhenExpression is the flag to enabled CEL in WhenExpression + EnableCelInWhenExpression = "enable-cel-in-whenexpression" + // DefaultEnableCelInWhenExpression is the default value for EnableCelInWhenExpression + DefaultEnableCelInWhenExpression = false disableAffinityAssistantKey = "disable-affinity-assistant" disableCredsInitKey = "disable-creds-init" @@ -140,6 +144,7 @@ type FeatureFlags struct { MaxResultSize int SetSecurityContext bool Coschedule string + EnableCelInWhenExpression bool } // GetFeatureFlagsConfigName returns the name of the configmap containing all @@ -209,10 +214,12 @@ func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) { if err := setFeature(setSecurityContextKey, DefaultSetSecurityContext, &tc.SetSecurityContext); err != nil { return nil, err } - if err := setCoschedule(cfgMap, DefaultCoschedule, tc.DisableAffinityAssistant, &tc.Coschedule); err != nil { return nil, err } + if err := setFeature(EnableCelInWhenExpression, DefaultEnableCelInWhenExpression, &tc.EnableCelInWhenExpression); err != nil { + return nil, err + } // Given that they are alpha features, Tekton Bundles and Custom Tasks should be switched on if // enable-api-fields is "alpha". If enable-api-fields is not "alpha" then fall back to the value of // each feature's individual flag. diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go index a6f4e60bb1a..137be820e2a 100644 --- a/pkg/apis/config/feature_flags_test.go +++ b/pkg/apis/config/feature_flags_test.go @@ -73,6 +73,7 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) { MaxResultSize: 4096, SetSecurityContext: true, Coschedule: config.CoscheduleDisabled, + EnableCelInWhenExpression: true, }, fileName: "feature-flags-all-flags-set", }, @@ -269,6 +270,9 @@ func TestNewFeatureFlagsConfigMapErrors(t *testing.T) { }, { fileName: "feature-flags-invalid-disable-affinity-assistant", want: `failed parsing feature flags config "truee": strconv.ParseBool: parsing "truee": invalid syntax`, + }, { + fileName: "feature-flags-invalid-enable-cel-in-whenexpression", + want: `failed parsing feature flags config "invalid": strconv.ParseBool: parsing "invalid": invalid syntax`, }} { t.Run(tc.fileName, func(t *testing.T) { cm := test.ConfigMapFromTestFile(t, tc.fileName) diff --git a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml index 9e01abd1944..63015ec07c1 100644 --- a/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml +++ b/pkg/apis/config/testdata/feature-flags-all-flags-set.yaml @@ -32,3 +32,4 @@ data: enable-provenance-in-status: "false" set-security-context: "true" keep-pod-on-cancel: "true" + enable-cel-in-whenexpression: "true" diff --git a/pkg/apis/config/testdata/feature-flags-invalid-enable-cel-in-whenexpression.yaml b/pkg/apis/config/testdata/feature-flags-invalid-enable-cel-in-whenexpression.yaml new file mode 100644 index 00000000000..fca3049351f --- /dev/null +++ b/pkg/apis/config/testdata/feature-flags-invalid-enable-cel-in-whenexpression.yaml @@ -0,0 +1,21 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines +data: + enable-cel-in-whenexpression: "invalid" diff --git a/pkg/apis/pipeline/v1/openapi_generated.go b/pkg/apis/pipeline/v1/openapi_generated.go index b5a14a692f1..6425ec1de3b 100644 --- a/pkg/apis/pipeline/v1/openapi_generated.go +++ b/pkg/apis/pipeline/v1/openapi_generated.go @@ -4289,7 +4289,6 @@ func schema_pkg_apis_pipeline_v1_WhenExpression(ref common.ReferenceCallback) co "input": { SchemaProps: spec.SchemaProps{ Description: "Input is the string for guard checking which can be a static input or an output from a parent Task", - Default: "", Type: []string{"string"}, Format: "", }, @@ -4297,7 +4296,6 @@ func schema_pkg_apis_pipeline_v1_WhenExpression(ref common.ReferenceCallback) co "operator": { SchemaProps: spec.SchemaProps{ Description: "Operator that represents an Input's relationship to the values", - Default: "", Type: []string{"string"}, Format: "", }, @@ -4322,8 +4320,14 @@ func schema_pkg_apis_pipeline_v1_WhenExpression(ref common.ReferenceCallback) co }, }, }, + "cel": { + SchemaProps: spec.SchemaProps{ + Description: "CEL is a string of Common Language Expression, which can be used to conditionally execute the task based on the result of the expression evaluation More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md", + Type: []string{"string"}, + Format: "", + }, + }, }, - Required: []string{"input", "operator", "values"}, }, }, } diff --git a/pkg/apis/pipeline/v1/pipeline_validation.go b/pkg/apis/pipeline/v1/pipeline_validation.go index 7b2de9f77ff..f20247bc6b1 100644 --- a/pkg/apis/pipeline/v1/pipeline_validation.go +++ b/pkg/apis/pipeline/v1/pipeline_validation.go @@ -88,7 +88,7 @@ func (ps *PipelineSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validatePipelineResults(ps.Results, ps.Tasks, ps.Finally)) errs = errs.Also(validateTasksAndFinallySection(ps)) errs = errs.Also(validateFinalTasks(ps.Tasks, ps.Finally)) - errs = errs.Also(validateWhenExpressions(ps.Tasks, ps.Finally)) + errs = errs.Also(validateWhenExpressions(ctx, ps.Tasks, ps.Finally)) errs = errs.Also(validateMatrix(ctx, ps.Tasks).ViaField("tasks")) errs = errs.Also(validateMatrix(ctx, ps.Finally).ViaField("finally")) return errs @@ -745,12 +745,12 @@ func validateResultsVariablesExpressionsInFinally(expressions []string, pipeline return errs } -func validateWhenExpressions(tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { +func validateWhenExpressions(ctx context.Context, tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { for i, t := range tasks { - errs = errs.Also(t.When.validate().ViaFieldIndex("tasks", i)) + errs = errs.Also(t.When.validate(ctx).ViaFieldIndex("tasks", i)) } for i, t := range finalTasks { - errs = errs.Also(t.When.validate().ViaFieldIndex("finally", i)) + errs = errs.Also(t.When.validate(ctx).ViaFieldIndex("finally", i)) } return errs } diff --git a/pkg/apis/pipeline/v1/swagger.json b/pkg/apis/pipeline/v1/swagger.json index bb031c72730..76d325bfff0 100644 --- a/pkg/apis/pipeline/v1/swagger.json +++ b/pkg/apis/pipeline/v1/swagger.json @@ -2220,21 +2220,18 @@ "v1.WhenExpression": { "description": "WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run to determine whether the Task should be executed or skipped", "type": "object", - "required": [ - "input", - "operator", - "values" - ], "properties": { + "cel": { + "description": "CEL is a string of Common Language Expression, which can be used to conditionally execute the task based on the result of the expression evaluation More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md", + "type": "string" + }, "input": { "description": "Input is the string for guard checking which can be a static input or an output from a parent Task", - "type": "string", - "default": "" + "type": "string" }, "operator": { "description": "Operator that represents an Input's relationship to the values", - "type": "string", - "default": "" + "type": "string" }, "values": { "description": "Values is an array of strings, which is compared against the input, for guard checking It must be non-empty", diff --git a/pkg/apis/pipeline/v1/when_types.go b/pkg/apis/pipeline/v1/when_types.go index 58af7273d2b..45a8bdbd98c 100644 --- a/pkg/apis/pipeline/v1/when_types.go +++ b/pkg/apis/pipeline/v1/when_types.go @@ -27,15 +27,21 @@ import ( // to determine whether the Task should be executed or skipped type WhenExpression struct { // Input is the string for guard checking which can be a static input or an output from a parent Task - Input string `json:"input"` + Input string `json:"input,omitempty"` // Operator that represents an Input's relationship to the values - Operator selection.Operator `json:"operator"` + Operator selection.Operator `json:"operator,omitempty"` // Values is an array of strings, which is compared against the input, for guard checking // It must be non-empty // +listType=atomic - Values []string `json:"values"` + Values []string `json:"values,omitempty"` + + // CEL is a string of Common Language Expression, which can be used to conditionally execute + // the task based on the result of the expression evaluation + // More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + // +optional + CEL string `json:"cel,omitempty"` } func (we *WhenExpression) isInputInValues() bool { diff --git a/pkg/apis/pipeline/v1/when_validation.go b/pkg/apis/pipeline/v1/when_validation.go index f445d13ed6a..01dafbb59b0 100644 --- a/pkg/apis/pipeline/v1/when_validation.go +++ b/pkg/apis/pipeline/v1/when_validation.go @@ -17,11 +17,13 @@ limitations under the License. package v1 import ( + "context" "fmt" "strings" // TODO(#7244): Pull the cel-go library for now, the following PR will use the library. _ "github.com/google/cel-go/cel" + "github.com/tektoncd/pipeline/pkg/apis/config" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/selection" "k8s.io/apimachinery/pkg/util/sets" @@ -33,18 +35,28 @@ var validWhenOperators = []string{ string(selection.NotIn), } -func (wes WhenExpressions) validate() *apis.FieldError { - return wes.validateWhenExpressionsFields().ViaField("when") +func (wes WhenExpressions) validate(ctx context.Context) *apis.FieldError { + return wes.validateWhenExpressionsFields(ctx).ViaField("when") } -func (wes WhenExpressions) validateWhenExpressionsFields() (errs *apis.FieldError) { +func (wes WhenExpressions) validateWhenExpressionsFields(ctx context.Context) (errs *apis.FieldError) { for idx, we := range wes { - errs = errs.Also(we.validateWhenExpressionFields().ViaIndex(idx)) + errs = errs.Also(we.validateWhenExpressionFields(ctx).ViaIndex(idx)) } return errs } -func (we *WhenExpression) validateWhenExpressionFields() *apis.FieldError { +func (we *WhenExpression) validateWhenExpressionFields(ctx context.Context) *apis.FieldError { + if we.CEL != "" { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableCelInWhenExpression { + return apis.ErrGeneric("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCelInWhenExpression, we.CEL) + } + if we.Input != "" || we.Operator != "" || len(we.Values) != 0 { + return apis.ErrGeneric(fmt.Sprintf("cel and input+operator+values cannot be set in one WhenExpression: %v", we)) + } + return nil + } + if equality.Semantic.DeepEqual(we, &WhenExpression{}) || we == nil { return apis.ErrMissingField(apis.CurrentField) } diff --git a/pkg/apis/pipeline/v1/when_validation_test.go b/pkg/apis/pipeline/v1/when_validation_test.go index 8cb2a891356..dd755a1deac 100644 --- a/pkg/apis/pipeline/v1/when_validation_test.go +++ b/pkg/apis/pipeline/v1/when_validation_test.go @@ -17,8 +17,10 @@ limitations under the License. package v1 import ( + "context" "testing" + "github.com/tektoncd/pipeline/pkg/apis/config" "k8s.io/apimachinery/pkg/selection" ) @@ -54,7 +56,7 @@ func TestWhenExpressions_Valid(t *testing.T) { }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := tt.wes.validate(); err != nil { + if err := tt.wes.validate(context.Background()); err != nil { t.Errorf("WhenExpressions.validate() returned an error for valid when expressions: %s", tt.wes) } }) @@ -97,9 +99,44 @@ func TestWhenExpressions_Invalid(t *testing.T) { }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := tt.wes.validate(); err == nil { + if err := tt.wes.validate(context.Background()); err == nil { t.Errorf("WhenExpressions.validate() did not return error for invalid when expressions: %s, %s", tt.wes, err) } }) } } + +func TestCELWhenExpressions_Invalid(t *testing.T) { + tests := []struct { + name string + wes WhenExpressions + enableFeatureFlag bool + }{{ + name: "feature flag not set", + wes: []WhenExpression{{ + CEL: " 'foo' == 'foo' ", + }}, + enableFeatureFlag: false, + }, { + name: "CEL should not coexist with input+operator+values", + wes: []WhenExpression{{ + CEL: "'foo' != 'foo'", + Input: "foo", + Operator: selection.In, + Values: []string{"foo"}, + }}, + enableFeatureFlag: true, + }} + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := config.ToContext(context.Background(), &config.Config{ + FeatureFlags: &config.FeatureFlags{ + EnableCelInWhenExpression: tt.enableFeatureFlag, + }, + }) + if err := tt.wes.validate(ctx); err == nil { + t.Errorf("WhenExpressions.validate() did not return error for invalid when expressions: %s", tt.wes) + } + }) + } +} diff --git a/pkg/apis/pipeline/v1beta1/openapi_generated.go b/pkg/apis/pipeline/v1beta1/openapi_generated.go index 74a6be3b64f..eba5a872419 100644 --- a/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -5693,7 +5693,6 @@ func schema_pkg_apis_pipeline_v1beta1_WhenExpression(ref common.ReferenceCallbac "input": { SchemaProps: spec.SchemaProps{ Description: "Input is the string for guard checking which can be a static input or an output from a parent Task", - Default: "", Type: []string{"string"}, Format: "", }, @@ -5701,7 +5700,6 @@ func schema_pkg_apis_pipeline_v1beta1_WhenExpression(ref common.ReferenceCallbac "operator": { SchemaProps: spec.SchemaProps{ Description: "Operator that represents an Input's relationship to the values", - Default: "", Type: []string{"string"}, Format: "", }, @@ -5726,8 +5724,14 @@ func schema_pkg_apis_pipeline_v1beta1_WhenExpression(ref common.ReferenceCallbac }, }, }, + "cel": { + SchemaProps: spec.SchemaProps{ + Description: "CEL is a string of Common Language Expression, which can be used to conditionally execute the task based on the result of the expression evaluation More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md", + Type: []string{"string"}, + Format: "", + }, + }, }, - Required: []string{"input", "operator", "values"}, }, }, } diff --git a/pkg/apis/pipeline/v1beta1/pipeline_validation.go b/pkg/apis/pipeline/v1beta1/pipeline_validation.go index 2a0cbd6d2b6..118fff45a15 100644 --- a/pkg/apis/pipeline/v1beta1/pipeline_validation.go +++ b/pkg/apis/pipeline/v1beta1/pipeline_validation.go @@ -86,7 +86,7 @@ func (ps *PipelineSpec) Validate(ctx context.Context) (errs *apis.FieldError) { errs = errs.Also(validatePipelineResults(ps.Results, ps.Tasks, ps.Finally)) errs = errs.Also(validateTasksAndFinallySection(ps)) errs = errs.Also(validateFinalTasks(ps.Tasks, ps.Finally)) - errs = errs.Also(validateWhenExpressions(ps.Tasks, ps.Finally)) + errs = errs.Also(validateWhenExpressions(ctx, ps.Tasks, ps.Finally)) errs = errs.Also(validateMatrix(ctx, ps.Tasks).ViaField("tasks")) errs = errs.Also(validateMatrix(ctx, ps.Finally).ViaField("finally")) return errs @@ -707,12 +707,12 @@ func validateResultsVariablesExpressionsInFinally(expressions []string, pipeline return errs } -func validateWhenExpressions(tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { +func validateWhenExpressions(ctx context.Context, tasks []PipelineTask, finalTasks []PipelineTask) (errs *apis.FieldError) { for i, t := range tasks { - errs = errs.Also(t.WhenExpressions.validate().ViaFieldIndex("tasks", i)) + errs = errs.Also(t.WhenExpressions.validate(ctx).ViaFieldIndex("tasks", i)) } for i, t := range finalTasks { - errs = errs.Also(t.WhenExpressions.validate().ViaFieldIndex("finally", i)) + errs = errs.Also(t.WhenExpressions.validate(ctx).ViaFieldIndex("finally", i)) } return errs } diff --git a/pkg/apis/pipeline/v1beta1/swagger.json b/pkg/apis/pipeline/v1beta1/swagger.json index 97f789dbcbf..4ff7d3d43ab 100644 --- a/pkg/apis/pipeline/v1beta1/swagger.json +++ b/pkg/apis/pipeline/v1beta1/swagger.json @@ -3111,21 +3111,18 @@ "v1beta1.WhenExpression": { "description": "WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run to determine whether the Task should be executed or skipped", "type": "object", - "required": [ - "input", - "operator", - "values" - ], "properties": { + "cel": { + "description": "CEL is a string of Common Language Expression, which can be used to conditionally execute the task based on the result of the expression evaluation More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md", + "type": "string" + }, "input": { "description": "Input is the string for guard checking which can be a static input or an output from a parent Task", - "type": "string", - "default": "" + "type": "string" }, "operator": { "description": "Operator that represents an Input's relationship to the values", - "type": "string", - "default": "" + "type": "string" }, "values": { "description": "Values is an array of strings, which is compared against the input, for guard checking It must be non-empty", diff --git a/pkg/apis/pipeline/v1beta1/when_types.go b/pkg/apis/pipeline/v1beta1/when_types.go index e98eff147c7..76a78ea0ea1 100644 --- a/pkg/apis/pipeline/v1beta1/when_types.go +++ b/pkg/apis/pipeline/v1beta1/when_types.go @@ -27,15 +27,21 @@ import ( // to determine whether the Task should be executed or skipped type WhenExpression struct { // Input is the string for guard checking which can be a static input or an output from a parent Task - Input string `json:"input"` + Input string `json:"input,omitempty"` // Operator that represents an Input's relationship to the values - Operator selection.Operator `json:"operator"` + Operator selection.Operator `json:"operator,omitempty"` // Values is an array of strings, which is compared against the input, for guard checking // It must be non-empty // +listType=atomic - Values []string `json:"values"` + Values []string `json:"values,omitempty"` + + // CEL is a string of Common Language Expression, which can be used to conditionally execute + // the task based on the result of the expression evaluation + // More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + // +optional + CEL string `json:"cel,omitempty"` } func (we *WhenExpression) isInputInValues() bool { diff --git a/pkg/apis/pipeline/v1beta1/when_validation.go b/pkg/apis/pipeline/v1beta1/when_validation.go index 17bb55c56cf..b6eaa8cbc0a 100644 --- a/pkg/apis/pipeline/v1beta1/when_validation.go +++ b/pkg/apis/pipeline/v1beta1/when_validation.go @@ -17,9 +17,11 @@ limitations under the License. package v1beta1 import ( + "context" "fmt" "strings" + "github.com/tektoncd/pipeline/pkg/apis/config" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/selection" "k8s.io/apimachinery/pkg/util/sets" @@ -31,18 +33,28 @@ var validWhenOperators = []string{ string(selection.NotIn), } -func (wes WhenExpressions) validate() *apis.FieldError { - return wes.validateWhenExpressionsFields().ViaField("when") +func (wes WhenExpressions) validate(ctx context.Context) *apis.FieldError { + return wes.validateWhenExpressionsFields(ctx).ViaField("when") } -func (wes WhenExpressions) validateWhenExpressionsFields() (errs *apis.FieldError) { +func (wes WhenExpressions) validateWhenExpressionsFields(ctx context.Context) (errs *apis.FieldError) { for idx, we := range wes { - errs = errs.Also(we.validateWhenExpressionFields().ViaIndex(idx)) + errs = errs.Also(we.validateWhenExpressionFields(ctx).ViaIndex(idx)) } return errs } -func (we *WhenExpression) validateWhenExpressionFields() *apis.FieldError { +func (we *WhenExpression) validateWhenExpressionFields(ctx context.Context) *apis.FieldError { + if we.CEL != "" { + if !config.FromContextOrDefaults(ctx).FeatureFlags.EnableCelInWhenExpression { + return apis.ErrGeneric("feature flag %s should be set to true to use CEL: %s in WhenExpression", config.EnableCelInWhenExpression, we.CEL) + } + if we.Input != "" || we.Operator != "" || len(we.Values) != 0 { + return apis.ErrGeneric(fmt.Sprintf("cel and input+operator+values cannot be set in one WhenExpression: %v", we)) + } + return nil + } + if equality.Semantic.DeepEqual(we, &WhenExpression{}) || we == nil { return apis.ErrMissingField(apis.CurrentField) } diff --git a/pkg/apis/pipeline/v1beta1/when_validation_test.go b/pkg/apis/pipeline/v1beta1/when_validation_test.go index ac23b41d402..f5c77e7bcf5 100644 --- a/pkg/apis/pipeline/v1beta1/when_validation_test.go +++ b/pkg/apis/pipeline/v1beta1/when_validation_test.go @@ -17,8 +17,10 @@ limitations under the License. package v1beta1 import ( + "context" "testing" + "github.com/tektoncd/pipeline/pkg/apis/config" "k8s.io/apimachinery/pkg/selection" ) @@ -54,7 +56,7 @@ func TestWhenExpressions_Valid(t *testing.T) { }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := tt.wes.validate(); err != nil { + if err := tt.wes.validate(context.Background()); err != nil { t.Errorf("WhenExpressions.validate() returned an error for valid when expressions: %s", tt.wes) } }) @@ -97,9 +99,68 @@ func TestWhenExpressions_Invalid(t *testing.T) { }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := tt.wes.validate(); err == nil { + if err := tt.wes.validate(context.Background()); err == nil { t.Errorf("WhenExpressions.validate() did not return error for invalid when expressions: %s, %s", tt.wes, err) } }) } } + +func TestCELinWhenExpressions_Valid(t *testing.T) { + ctx := config.ToContext(context.Background(), &config.Config{ + FeatureFlags: &config.FeatureFlags{ + EnableCelInWhenExpression: true, + }, + }) + tests := []struct { + name string + wes WhenExpressions + }{{ + name: "valid cel", + wes: []WhenExpression{{ + CEL: " 'foo' == 'foo' ", + }}, + }} + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := tt.wes.validate(ctx); err != nil { + t.Errorf("WhenExpressions.validate() returned an error: %s for valid when expressions: %s", err, tt.wes) + } + }) + } +} + +func TestCELWhenExpressions_Invalid(t *testing.T) { + tests := []struct { + name string + wes WhenExpressions + enableFeatureFlag bool + }{{ + name: "feature flag not set", + wes: []WhenExpression{{ + CEL: " 'foo' == 'foo' ", + }}, + enableFeatureFlag: false, + }, { + name: "CEL should not coexist with input+operator+values", + wes: []WhenExpression{{ + CEL: "'foo' != 'foo'", + Input: "foo", + Operator: selection.In, + Values: []string{"foo"}, + }}, + enableFeatureFlag: true, + }} + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := config.ToContext(context.Background(), &config.Config{ + FeatureFlags: &config.FeatureFlags{ + EnableCelInWhenExpression: tt.enableFeatureFlag, + }, + }) + if err := tt.wes.validate(ctx); err == nil { + t.Errorf("WhenExpressions.validate() did not return error for invalid when expressions: %s", tt.wes) + } + }) + } +}