Add InterceptorType as a cluster scoped CRD for registering interceptors

This commit adds a new CRD type called InterceptorType. In TEP-0026 this type was called InterceptorConfig though InterceptorType sounds a bit clearer. The `spec` currently only contains a clientConfig field to locate where the interceptor is running. Other fields will be added as they are implemented in follow ups. This commit also adds a simple reconciler for this type that resolves the clientConfig to a URL and adds it to the `status.address.url` field. Part of tektoncd#868 Signed-off-by: Dibyo Mukherjee <[email protected]>
dibyom · Feb 19, 2021 · 1e3d813 · 1e3d813
1 parent 9371a71
commit 1e3d813
Show file tree

Hide file tree

Showing 34 changed files with 2,317 additions and 6 deletions.
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -19,6 +19,8 @@ import (
 	"flag"
 	"os"
 
+	"github.com/tektoncd/triggers/pkg/reconciler/v1alpha1/interceptortype"
+
 	corev1 "k8s.io/api/core/v1"
 	"knative.dev/pkg/injection"
 	"knative.dev/pkg/injection/sharedmain"
@@ -69,5 +71,7 @@ func main() {
 		injection.WithNamespaceScope(signals.NewContext(), corev1.NamespaceAll),
 		ControllerLogKey,
 		cfg,
-		eventlistener.NewController(c))
+		eventlistener.NewController(c),
+		interceptortype.NewController(),
+	)
 }
diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
@@ -37,6 +37,7 @@ import (
 
 var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{
 	v1alpha1.SchemeGroupVersion.WithKind("ClusterTriggerBinding"): &v1alpha1.ClusterTriggerBinding{},
+	v1alpha1.SchemeGroupVersion.WithKind("InterceptorType"):       &v1alpha1.InterceptorType{},
 	v1alpha1.SchemeGroupVersion.WithKind("EventListener"):         &v1alpha1.EventListener{},
 	v1alpha1.SchemeGroupVersion.WithKind("TriggerBinding"):        &v1alpha1.TriggerBinding{},
 	v1alpha1.SchemeGroupVersion.WithKind("TriggerTemplate"):       &v1alpha1.TriggerTemplate{},

diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml
@@ -30,10 +30,10 @@ rules:
     resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"]
+    resources: ["clustertriggerbindings", "eventlisteners", "interceptortypes", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"]
+    resources: ["clustertriggerbindings/status", "eventlisteners/status", "interceptortypes/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   # We uses leases for leaderelection
   - apiGroups: ["coordination.k8s.io"]

diff --git a/config/300-interceptor.yaml b/config/300-interceptor.yaml
@@ -0,0 +1,54 @@
+# Copyright 2021 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: interceptortypes.triggers.tekton.dev
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-triggers
+    triggers.tekton.dev/release: "devel"
+    version: "devel"
+spec:
+  group: triggers.tekton.dev
+  scope: Cluster
+  names:
+    kind: InterceptorType
+    plural: interceptortypes
+    singular: interceptortype
+    shortNames:
+      - it
+    categories:
+      - tekton
+      - tekton-triggers
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          # One can use x-kubernetes-preserve-unknown-fields: true
+          # at the root of the schema (and inside any properties, additionalProperties)
+          # to get the traditional CRD behaviour that nothing is pruned, despite
+          # setting spec.preserveUnknownProperties: false.
+          #
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          # See issue: https://github.com/knative/serving/issues/912
+          x-kubernetes-preserve-unknown-fields: true
+      # Opt into the status subresource so metadata.generation
+      # starts to increment
+      subresources:
+        status: {}
diff --git a/docs/interceptortypes.md b/docs/interceptortypes.md
@@ -0,0 +1,57 @@
+<!--
+---
+linkTitle: "InterceptorType"
+weight: 9
+---
+-->
+# InterceptorType
+
+A `InterceptorType` is cluster scoped resource that registers a new Interceptor that 
+can be invoked during the processing of a trigger to modify the behavior or payload of Triggers. The
+custom resource describes how an EventListener can connect to a workload that
+is running the interceptor business logic (and in the future what extra
+paramters the interceptor accepts).
+
+**NOTE**: This doc is a WIP. Please also see the [Interceptors section](./eventlisteners.md#interceptors) in the EventListener doc.
+
+- [Interceptors](#interceptors)
+  - [Syntax](#syntax)
+    - [clientConfig](#clientConfig)
+
+## Syntax
+
+To define a configuration file for an `Interceptor` resource, you can specify
+the following fields:
+
+- Required:
+  - [`apiVersion`][kubernetes-overview] - Specifies the API version, for example
+    `triggers.tekton.dev/v1alpha1`.
+  - [`kind`][kubernetes-overview] - Specifies the `Trigger` resource
+    object.
+  - [`metadata`][kubernetes-overview] - Specifies data to uniquely identify the
+    `Interceptor` resource object, for example a `name`.
+  - [`spec`][kubernetes-overview] - Specifies the configuration information for
+    your Interceptor resource object. The spec include:
+    - [`clientConfig`] -  Specifies how a client (e.g. an EventListener) can communicate with the Interceptor.
+
+### clientConfig
+
+The `clientConfig` field describes how a client can communicate with an
+interceptor. It can contain either the `url` field whose value is
+a resolvable URL or it can contain a reference to a Kubernetes service where the Interceptor is running.
+EventListeners will send forward requests to this service or URL.
+
+```yaml
+spec:
+  clientConfig:
+    url: "http://interceptor-svc.default.svc/"
+---
+spec:
+  clientConfig:
+    service:
+      name: "my-interceptor-svc" # required
+      namespace: "default" # required
+      path: "/optional-path" # optional
+      port: 8081 # defaults to 80
+```
+
diff --git a/examples/rbac.yaml b/examples/rbac.yaml
@@ -13,9 +13,8 @@ rules:
   resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
   verbs: ["get", "list", "watch"]
 - apiGroups: [""]
- # secrets are only needed for GitHub/GitLab interceptors
  # configmaps is needed for updating logging config
-  resources: ["configmaps", "secrets"]
+  resources: ["configmaps"]
   verbs: ["get", "list", "watch"]
  # Permissions to create resources in associated TriggerTemplates
 - apiGroups: ["tekton.dev"]
@@ -48,7 +47,7 @@ metadata:
 rules:
   # EventListeners need to be able to fetch any clustertriggerbindings
 - apiGroups: ["triggers.tekton.dev"]
-  resources: ["clustertriggerbindings"]
+  resources: ["clustertriggerbindings", "interceptortypes"]
   verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/pkg/apis/triggers/v1alpha1/interceptor_type_defaults.go b/pkg/apis/triggers/v1alpha1/interceptor_type_defaults.go
@@ -0,0 +1,34 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"context"
+
+	"knative.dev/pkg/ptr"
+)
+
+// SetDefaults sets the defaults on the object.
+func (it *InterceptorType) SetDefaults(ctx context.Context) {
+	if IsUpgradeViaDefaulting(ctx) {
+		if svc := it.Spec.ClientConfig.Service; svc != nil {
+			if svc.Port == nil {
+				svc.Port = ptr.Int32(80)
+			}
+		}
+	}
+}
diff --git a/pkg/apis/triggers/v1alpha1/interceptor_type_defaults_test.go b/pkg/apis/triggers/v1alpha1/interceptor_type_defaults_test.go
@@ -0,0 +1,58 @@
+package v1alpha1_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	triggersv1 "github.com/tektoncd/triggers/pkg/apis/triggers/v1alpha1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/ptr"
+)
+
+func TestInterceptorTypeSetDefaults(t *testing.T) {
+	tests := []struct {
+		name string
+		in   triggersv1.InterceptorType
+		want triggersv1.InterceptorType
+	}{{
+		name: "sets default service port",
+		in: triggersv1.InterceptorType{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "github",
+			},
+			Spec: triggersv1.InterceptorTypeSpec{
+				ClientConfig: triggersv1.ClientConfig{
+					Service: &triggersv1.ServiceReference{
+						Namespace: "default",
+						Name:      "github-svc",
+					},
+				},
+			},
+		},
+		want: triggersv1.InterceptorType{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "github",
+			},
+			Spec: triggersv1.InterceptorTypeSpec{
+				ClientConfig: triggersv1.ClientConfig{
+					Service: &triggersv1.ServiceReference{
+						Namespace: "default",
+						Name:      "github-svc",
+						Port:      ptr.Int32(80),
+					},
+				},
+			},
+		},
+	}}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := tc.in
+			got.SetDefaults(triggersv1.WithUpgradeViaDefaulting(context.Background()))
+			if diff := cmp.Diff(tc.want, got); diff != "" {
+				t.Fatalf("InterceptorType SetDefaults error: %s", diff)
+			}
+		})
+	}
+}
diff --git a/pkg/apis/triggers/v1alpha1/interceptor_type_types.go b/pkg/apis/triggers/v1alpha1/interceptor_type_types.go
@@ -0,0 +1,106 @@
+package v1alpha1
+
+import (
+	"errors"
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/apis"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+)
+
+// Check that EventListener may be validated and defaulted.
+var _ apis.Validatable = (*InterceptorType)(nil)
+var _ apis.Defaultable = (*InterceptorType)(nil)
+
+// +genclient
+// +genclient:nonNamespaced
+// +genreconciler:krshapedlogic=false
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:openapi-gen=true
+// InterceptorType describes a pluggable interceptor including configuration
+// such as the fields it accepts and its deployment address
+type InterceptorType struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec InterceptorTypeSpec `json:"spec"`
+	// +optional
+	Status InterceptorTypeStatus `json:"status"`
+}
+
+// InterceptorTypeSpec describes the Spec for an InterceptorType
+type InterceptorTypeSpec struct {
+	ClientConfig ClientConfig `json:"clientConfig"`
+}
+
+// InterceptorTypeStatus holds the status of the InterceptorType
+// +k8s:deepcopy-gen=true
+type InterceptorTypeStatus struct {
+	duckv1.Status `json:",inline"`
+
+	// InterceptorType is Addressable and exposes the URL where the Interceptor is running
+	duckv1.AddressStatus `json:",inline"`
+}
+
+// ClientConfig describes how a client can communicate with the Interceptor
+type ClientConfig struct {
+	// URL is a fully formed URL pointing to the interceptor
+	// Mutually exclusive with Service
+	URL *apis.URL `json:"url,omitempty"`
+
+	// Service is a reference to a Service object where the interceptor is running
+	// Mutually exclusive with URL
+	Service *ServiceReference `json:"service,omitempty"`
+}
+
+// ServServiceReference is a reference to a Service object
+// with an optional path
+type ServiceReference struct {
+	// Name is the name of the service
+	Name string `json:"name"`
+
+	// Namespace is the namespace of the service
+	Namespace string `json:"namespace"`
+
+	// Path is an optional URL path
+	// +optional
+	Path string `json:"path"`
+
+	// Port is a valid port number
+	Port *int32 `json:"port"`
+} 
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// InterceptorTypeList contains a list of InterceptorTypes
+// We don't use this but it's required for certain codegen features.
+type InterceptorTypeList struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []InterceptorType `json:"items"`
+}
+
+var ErrNilURL = errors.New("interceptor URL was nil")
+
+// ResolveAddress returns the URL where the interceptor is running using its clientConfig
+func (it *InterceptorType) ResolveAddress() (*apis.URL, error) {
+	if url := it.Spec.ClientConfig.URL; url != nil {
+		return url, nil
+	}
+	svc := it.Spec.ClientConfig.Service
+	if svc == nil {
+		return nil, ErrNilURL
+	}
+	port := int32(80)
+	if svc.Port != nil {
+		port = *svc.Port
+	}
+	url := &apis.URL{
+		Scheme: "http", // TODO: Support HTTPs if caBundle is present
+		Host:   fmt.Sprintf("%s.%s.svc:%d", svc.Name, svc.Namespace, port),
+		Path:   svc.Path,
+	}
+	return url, nil
+}