Add support for ClusterTriggerBinding

This will add the support for ClusterTriggerBinding
in triggers which is like TrigerBinding but
cluster-scoped

This is designed to encourage reusability across cluster
You need to add Kind field along with TriggerBinding name
to use ClusterTriggerBinding, by default it is
TriggerBinding

Add docs, examples, and tests for clustertriggerbinding

Little refactoring in code.

Add builders for multipleTriggerBindings in a trigger

Refactored e2e test to use both triggerBinding and
clusterTriggerBinding

Closes #322

README.md

@@ -47,6 +47,8 @@ architecture with the following CRDs:
   `TriggerBinding` (and any supplied static parameters) to create the resources
   specified in the corresponding `TriggerTemplate`. It also optionally allows an
   external service to pre-process the event payload via the `interceptor` field.
+- [`ClusterTriggerBinding`](docs/clustertriggerbindings.md) - A cluster-scoped
+  TriggerBinding
 
 Using `tektoncd/triggers` in conjunction with `tektoncd/pipeline` enables you to
 easily create full-fledged CI/CD systems where the execution is defined

cmd/webhook/main.go

@@ -70,9 +70,10 @@ func main() {
 		ResourceAdmissionControllerPath: "/",
 	}
 	resourceHandlers := map[schema.GroupVersionKind]webhook.GenericCRD{
-		v1alpha1.SchemeGroupVersion.WithKind("EventListener"):   &v1alpha1.EventListener{},
-		v1alpha1.SchemeGroupVersion.WithKind("TriggerBinding"):  &v1alpha1.TriggerBinding{},
-		v1alpha1.SchemeGroupVersion.WithKind("TriggerTemplate"): &v1alpha1.TriggerTemplate{},
+		v1alpha1.SchemeGroupVersion.WithKind("ClusterTriggerBinding"): &v1alpha1.ClusterTriggerBinding{},
+		v1alpha1.SchemeGroupVersion.WithKind("EventListener"):         &v1alpha1.EventListener{},
+		v1alpha1.SchemeGroupVersion.WithKind("TriggerBinding"):        &v1alpha1.TriggerBinding{},
+		v1alpha1.SchemeGroupVersion.WithKind("TriggerTemplate"):       &v1alpha1.TriggerTemplate{},
 	}
 	resourceAdmissionController := webhook.NewResourceAdmissionController(resourceHandlers, options, true)
 	admissionControllers := map[string]webhook.AdmissionController{

config/200-clusterrole.yaml

@@ -27,10 +27,10 @@ rules:
     resources: ["mutatingwebhookconfigurations"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["tekton.dev"]
-    resources: ["eventlisteners", "triggerbindings", "triggertemplates", "eventlisteners/finalizers"]
+    resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "eventlisteners/finalizers"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["tekton.dev"]
-    resources: ["eventlisteners/status", "triggerbindings/status", "triggertemplates/status"]
+    resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["policy"]
     resources: ["podsecuritypolicies"]

config/300-clustertriggerbinding.yaml

@@ -0,0 +1,33 @@
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clustertriggerbindings.tekton.dev
+spec:
+  group: tekton.dev
+  scope: Cluster
+  names:
+    kind: ClusterTriggerBinding
+    plural: clustertriggerbindings
+    singular: clustertriggerbinding
+    shortNames:
+      - ctb
+    categories:
+      - tekton
+      - tekton-triggers
+  subresources:
+    status: {}
+  version: v1alpha1

config/clusterrole-aggregate-edit.yaml

@@ -9,6 +9,7 @@ rules:
 - apiGroups:
   - tekton.dev
   resources:
+  - clustertriggerbindings
   - eventlisteners
   - triggerbindings
   - triggertemplates

config/clusterrole-aggregate-view.yaml

@@ -8,6 +8,7 @@ rules:
 - apiGroups:
   - tekton.dev
   resources:
+  - clustertriggerbindings
   - eventlisteners
   - triggerbindings
   - triggertemplates

docs/README.md

@@ -15,6 +15,7 @@ See the following links for more on each of the resources involved:
 - [`TriggerTemplate`](triggertemplates.md)
 - [`TriggerBinding`](triggerbindings.md)
 - [`EventListener`](eventlisteners.md)
+- [`ClusterTriggerBinding`](clustertriggerbindings.md)
 
 ## Getting Started Tasks
 

docs/clustertriggerbindings.md

@@ -0,0 +1,47 @@
+# ClusterTriggerBindings
+
+`ClusterTriggerBindings` is similar to TriggerBinding which is used to extract field from event payload.
+The only difference is it is cluster-scoped and designed to encourage reusability clusterwide.
+You can reference a ClusterTriggerBinding in any EventListener in any namespace.
+
+<!-- FILE: examples/clustertriggerbindings/clustertriggerbinding.yaml -->
+```YAML
+apiVersion: tekton.dev/v1alpha1
+kind: ClusterTriggerBinding
+metadata:
+  name: pipeline-clusterbinding
+spec:
+  params:
+    - name: gitrevision
+      value: $(body.head_commit.id)
+    - name: gitrepositoryurl
+      value: $(body.repository.url)
+    - name: contenttype
+      value: $(header.Content-Type)
+```
+
+You can specify multiple ClusterTriggerBindings in a Trigger. You can use a ClusterTriggerBinding in multiple Triggers.
+
+In case of using a ClusterTriggerBinding, the `Binding` kind should be added. The default
+kind is TriggerBinding which represents a namespaced TriggerBinding.
+
+<!-- FILE: examples/eventlisteners/eventlistener-clustertriggerbinding.yaml -->
+```YAML
+---
+apiVersion: tekton.dev/v1alpha1
+kind: EventListener
+metadata:
+  name: listener-clustertriggerbinding
+spec:
+  serviceAccountName: tekton-triggers-example-sa
+  triggers:
+    - name: foo-trig
+      bindings:
+        - name: pipeline-clusterbinding
+          kind: ClusterTriggerBinding
+        - name: message-clusterbinding
+          kind: ClusterTriggerBinding
+      template:
+        name: pipeline-template
+```
+

docs/eventlisteners.md

@@ -6,7 +6,7 @@ where the service account is connected, which specifies what permissions the
 resources will be created (or at least attempted) with. The service account must
 have the following role bound.
 
-<!-- FILE: examples/role-resources/role.yaml -->
+<!-- FILE: examples/role-resources/triggerbinding-roles/role.yaml -->
 ```YAML
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -26,6 +26,7 @@ rules:
   verbs: ["create"]
 ```
 
+
 Note that currently, JSON is the only accepted MIME type for events.
 
 When an `EventListener` is successfully created, a service is created that
@@ -144,6 +145,7 @@ spec:
         name: pipeline-template
 ```
 
+
 ### GitHub Interceptors
 
 GitHub interceptors contain logic to validate and filter webhooks that come from
@@ -188,6 +190,7 @@ spec:
         name: pipeline-template
 ```
 
+
 ### GitLab Interceptors
 
 GitLab interceptors contain logic to validate and filter requests that come from
@@ -233,6 +236,7 @@ spec:
         name: pipeline-template
 ```
 
+
 ### CEL Interceptors
 
 CEL interceptors parse expressions to filter requests based on JSON bodies and

docs/triggerbindings.md

@@ -21,6 +21,7 @@ spec:
     value: $(header.Content-Type)
 ```
 
+
 `TriggerBinding`s are connected to `TriggerTemplate`s within an
 [`EventListener`](eventlisteners.md), which is where the pod is actually
 instantiated that "listens" for the respective events.

docs/triggertemplates.md

@@ -46,6 +46,7 @@ spec:
             value: $(params.gitrepositoryurl)
 ```
 
+
 Similar to
 [Pipelines](https://github.com/tektoncd/pipeline/blob/master/docs/pipelines.md),`TriggerTemplate`s
 do not do any actual work, but instead act as the blueprint for what resources

examples/README.md

@@ -9,7 +9,9 @@ messages.
 1. Create the resources for the example
 
 ```sh
-kubectl apply -f role-resources
+kubectl apply -f role-resources/secret.yaml
+kubectl apply -f role-resources/serviceaccount.yaml
+kubectl apply -f role-resources/triggerbinding-roles
 kubectl apply -f triggertemplates/triggertemplate.yaml
 kubectl apply -f triggerbindings/triggerbinding.yaml
 kubectl apply -f triggerbindings/triggerbinding-message.yaml

examples/clustertriggerbindings/clustertriggerbinding-message.yaml

@@ -0,0 +1,8 @@
+apiVersion: tekton.dev/v1alpha1
+kind: ClusterTriggerBinding
+metadata:
+  name: message-clusterbinding
+spec:
+  params:
+    - name: message
+      value: Hello from the Triggers EventListener!

examples/clustertriggerbindings/clustertriggerbinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: tekton.dev/v1alpha1
+kind: ClusterTriggerBinding
+metadata:
+  name: pipeline-clusterbinding
+spec:
+  params:
+    - name: gitrevision
+      value: $(body.head_commit.id)
+    - name: gitrepositoryurl
+      value: $(body.repository.url)
+    - name: contenttype
+      value: $(header.Content-Type)

examples/eventlisteners/eventlistener-clustertriggerbinding.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: EventListener
+metadata:
+  name: listener-clustertriggerbinding
+spec:
+  serviceAccountName: tekton-triggers-example-sa
+  triggers:
+    - name: foo-trig
+      bindings:
+        - name: pipeline-clusterbinding
+          kind: ClusterTriggerBinding
+        - name: message-clusterbinding
+          kind: ClusterTriggerBinding
+      template:
+        name: pipeline-template

examples/role-resources/clustertriggerbinding-roles/clusterbinding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-example-clusterbinding
+subjects:
+- kind: ServiceAccount
+  name: tekton-triggers-example-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-example-clusterrole

examples/role-resources/clustertriggerbinding-roles/clusterrole.yaml

@@ -0,0 +1,16 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-example-clusterrole
+rules:
+# Permissions for every EventListener deployment to function
+- apiGroups: ["tekton.dev"]
+  resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "tasks", "taskruns"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["configmaps", "secrets"] # secrets are only needed for Github/Gitlab interceptors
+  verbs: ["get", "list", "watch"]
+# Permissions to create resources in associated TriggerTemplates
+- apiGroups: ["tekton.dev"]
+  resources: ["pipelineruns", "pipelineresources", "taskruns"]
+  verbs: ["create"]

pkg/apis/triggers/v1alpha1/cluster_trigger_binding_defaults.go

@@ -0,0 +1,24 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+)
+
+// SetDefaults initializes ClusterTriggerBinding ctb with its default values.
+func (ctb *ClusterTriggerBinding) SetDefaults(ctx context.Context) {}

pkg/apis/triggers/v1alpha1/cluster_trigger_binding_types.go

@@ -0,0 +1,69 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/apis"
+)
+
+// Check that ClusterTriggerBinding may be validated and defaulted.
+var _ apis.Validatable = (*ClusterTriggerBinding)(nil)
+var _ apis.Defaultable = (*ClusterTriggerBinding)(nil)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:openapi-gen=true
+
+// ClusterTriggerBinding is a TriggerBinding with a cluster scope.
+// ClusterTriggerBindings are used to represent TriggerBindings that
+// should be publicly addressable from any namespace in the cluster.
+type ClusterTriggerBinding struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec holds the desired state of the ClusterTriggerBinding from the client
+	// +optional
+	Spec TriggerBindingSpec `json:"spec,omitempty"`
+
+	// +optional
+	Status TriggerBindingStatus `json:"status"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterTriggerBindingList contains a list of ClusterTriggerBinding
+type ClusterTriggerBindingList struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterTriggerBinding `json:"items"`
+}
+
+func (ctb *ClusterTriggerBinding) TriggerBindingSpec() TriggerBindingSpec {
+	return ctb.Spec
+}
+
+func (ctb *ClusterTriggerBinding) TriggerBindingMetadata() metav1.ObjectMeta {
+	return ctb.ObjectMeta
+}
+
+func (ctb *ClusterTriggerBinding) Copy() TriggerBindingInterface {
+	return ctb.DeepCopy()
+}