Use Listers to fetch data in the Sink

This commit closes #797.

This PR uses Listers to get resources in the Eventlistener Sink, rather than directly making calls to the API server.
Currently, multiple informers need to be setup when creating a Sink object. But the Sink in the cmd/triggerrun still makes the direct
API calls because it only makes the call once when executed, which means Lister cache is not useful in this case.

All examples work under this change.

cmd/eventlistenersink/main.go

@@ -17,6 +17,7 @@ limitations under the License.
 package main
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"net/http"
@@ -26,11 +27,13 @@ import (
 
 	dynamicClientset "github.com/tektoncd/triggers/pkg/client/dynamic/clientset"
 	"github.com/tektoncd/triggers/pkg/client/dynamic/clientset/tekton"
-	"github.com/tektoncd/triggers/pkg/logging"
+	"github.com/tektoncd/triggers/pkg/client/informers/externalversions"
+	triggerLogging "github.com/tektoncd/triggers/pkg/logging"
 	"github.com/tektoncd/triggers/pkg/sink"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	"knative.dev/pkg/logging"
 	"knative.dev/pkg/signals"
 )
 
@@ -43,7 +46,7 @@ const (
 
 func main() {
 	// set up signals so we handle the first shutdown signal gracefully
-	stopCh := signals.SetupSignalHandler()
+	ctx := signals.NewContext()
 
 	clusterConfig, err := rest.InClusterConfig()
 	if err != nil {
@@ -61,7 +64,8 @@ func main() {
 	}
 	dynamicCS := dynamicClientset.New(tekton.WithClient(dynamicClient))
 
-	logger := logging.ConfigureLogging(EventListenerLogKey, ConfigName, stopCh, kubeClient)
+	logger := triggerLogging.ConfigureLogging(EventListenerLogKey, ConfigName, ctx.Done(), kubeClient)
+	ctx = logging.WithLogger(ctx, logger)
 	defer func() {
 		err := logger.Sync()
 		if err != nil {
@@ -81,17 +85,29 @@ func main() {
 		logger.Fatal(err)
 	}
 
+	factory := externalversions.NewSharedInformerFactoryWithOptions(sinkClients.TriggersClient,
+		30*time.Second, externalversions.WithNamespace(sinkArgs.ElNamespace))
+	go func(ctx context.Context) {
+		factory.Start(ctx.Done())
+		<-ctx.Done()
+	}(ctx)
+
 	// Create EventListener Sink
 	r := sink.Sink{
-		KubeClientSet:          kubeClient,
-		DiscoveryClient:        sinkClients.DiscoveryClient,
-		DynamicClient:          dynamicCS,
-		TriggersClient:         sinkClients.TriggersClient,
-		HTTPClient:             http.DefaultClient,
-		EventListenerName:      sinkArgs.ElName,
-		EventListenerNamespace: sinkArgs.ElNamespace,
-		Logger:                 logger,
-		Auth:                   sink.DefaultAuthOverride{},
+		KubeClientSet:               kubeClient,
+		DiscoveryClient:             sinkClients.DiscoveryClient,
+		DynamicClient:               dynamicCS,
+		TriggersClient:              sinkClients.TriggersClient,
+		HTTPClient:                  http.DefaultClient,
+		EventListenerName:           sinkArgs.ElName,
+		EventListenerNamespace:      sinkArgs.ElNamespace,
+		Logger:                      logger,
+		Auth:                        sink.DefaultAuthOverride{},
+		EventListenerLister:         factory.Triggers().V1alpha1().EventListeners().Lister(),
+		TriggerLister:               factory.Triggers().V1alpha1().Triggers().Lister(),
+		TriggerBindingLister:        factory.Triggers().V1alpha1().TriggerBindings().Lister(),
+		ClusterTriggerBindingLister: factory.Triggers().V1alpha1().ClusterTriggerBindings().Lister(),
+		TriggerTemplateLister:       factory.Triggers().V1alpha1().TriggerTemplates().Lister(),
 	}
 
 	// Listen and serve
@@ -113,6 +129,6 @@ func main() {
 	}
 
 	if err := srv.ListenAndServe(); err != nil {
-		logger.Fatalf("faiiled to start eventlistener sink: %v", err)
+		logger.Fatalf("failed to start eventlistener sink: %v", err)
 	}
 }

cmd/triggerrun/cmd/root.go

@@ -19,6 +19,7 @@ package cmd
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -37,6 +38,7 @@ import (
 	"github.com/tektoncd/triggers/pkg/sink"
 	"github.com/tektoncd/triggers/pkg/template"
 	"go.uber.org/zap"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/serializer/streaming"
 
 	"k8s.io/client-go/dynamic"
@@ -210,9 +212,15 @@ func processTriggerSpec(kubeClient kubernetes.Interface, client triggersclientse
 	}
 
 	rt, err := template.ResolveTrigger(el,
-		client.TriggersV1alpha1().TriggerBindings(tri.Namespace).Get,
-		client.TriggersV1alpha1().ClusterTriggerBindings().Get,
-		client.TriggersV1alpha1().TriggerTemplates(tri.Namespace).Get)
+		func(name string) (*triggersv1.TriggerBinding, error) {
+			return client.TriggersV1alpha1().TriggerBindings(tri.Namespace).Get(context.Background(), name, metav1.GetOptions{})
+		},
+		func(name string) (*triggersv1.ClusterTriggerBinding, error) {
+			return client.TriggersV1alpha1().ClusterTriggerBindings().Get(context.Background(), name, metav1.GetOptions{})
+		},
+		func(name string) (*triggersv1.TriggerTemplate, error) {
+			return client.TriggersV1alpha1().TriggerTemplates(tri.Namespace).Get(context.Background(), name, metav1.GetOptions{})
+		})
 	if err != nil {
 		log.Error("Failed to resolve Trigger: ", err)
 		return nil, err

docs/eventlisteners.md

@@ -87,7 +87,7 @@ rules:
 # Permissions for every EventListener deployment to function
 - apiGroups: ["triggers.tekton.dev"]
   resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
-  verbs: ["get"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: [""]
   # secrets are only needed for GitHub/GitLab interceptors
   resources: ["configmaps", "secrets"]

examples/README.md

@@ -11,6 +11,7 @@ messages.
 ```sh
 kubectl apply -f role-resources/secret.yaml
 kubectl apply -f role-resources/serviceaccount.yaml
+kubectl apply -f role-resources/clustertriggerbinding-roles
 kubectl apply -f role-resources/triggerbinding-roles
 kubectl apply -f triggertemplates/triggertemplate.yaml
 kubectl apply -f triggerbindings/triggerbinding.yaml

examples/bitbucket/role.yaml

@@ -12,8 +12,8 @@ metadata:
 rules:
   # Permissions for every EventListener deployment to function
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
-    verbs: ["get"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     # secrets are only needed for GitHub/GitLab interceptors, serviceaccounts only for per trigger authorization
     resources: ["configmaps", "secrets", "serviceaccounts"]
@@ -33,4 +33,30 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: tekton-triggers-bitbucket-minimal
+  name: tekton-triggers-bitbucket-minimal
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-bitbucket-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-bitbucket-sa
+    namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-bitbucket-minimal
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-bitbucket-minimal
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-triggers
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["clustertriggerbindings"]
+    verbs: ["get", "list", "watch"]

examples/cron/binding.yaml

@@ -8,4 +8,17 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: tekton-triggers-cron-minimal
+  name: tekton-triggers-cron-minimal
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-cron-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-cron-sa
+    namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-cron-minimal

examples/cron/role.yaml

@@ -5,8 +5,8 @@ metadata:
 rules:
   # Permissions for every EventListener deployment to function
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
-    verbs: ["get"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     # secrets are only needed for GitHub/GitLab interceptors, serviceaccounts only for per trigger authorization
     resources: ["configmaps", "secrets", "serviceaccounts"]
@@ -15,3 +15,16 @@ rules:
   - apiGroups: ["tekton.dev"]
     resources: ["pipelineruns", "pipelineresources", "taskruns"]
     verbs: ["create"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-cron-minimal
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-triggers
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["clustertriggerbindings"]
+    verbs: ["get", "list", "watch"]

examples/github/role.yaml

@@ -24,8 +24,8 @@ metadata:
 rules:
   # Permissions for every EventListener deployment to function
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
-    verbs: ["get"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     # secrets are only needed for GitHub/GitLab interceptors, serviceaccounts only for per trigger authorization
     resources: ["configmaps", "secrets", "serviceaccounts"]
@@ -34,3 +34,29 @@ rules:
   - apiGroups: ["tekton.dev"]
     resources: ["pipelineruns", "pipelineresources", "taskruns"]
     verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-github-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-github-sa
+    namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-github-minimal
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-github-minimal
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-triggers
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["clustertriggerbindings"]
+    verbs: ["get", "list", "watch"]

examples/gitlab/binding.yaml

@@ -8,4 +8,17 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: tekton-triggers-gitlab-minimal
+  name: tekton-triggers-gitlab-minimal
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tekton-triggers-gitlab-binding
+subjects:
+  - kind: ServiceAccount
+    name: tekton-triggers-gitlab-sa
+    namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-gitlab-minimal

examples/gitlab/role.yaml

@@ -5,8 +5,8 @@ metadata:
 rules:
   # Permissions for every EventListener deployment to function
   - apiGroups: ["triggers.tekton.dev"]
-    resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
-    verbs: ["get"]
+    resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     # secrets are only needed for GitHub/GitLab interceptors, serviceaccounts only for per trigger authorization
     resources: ["configmaps", "secrets", "serviceaccounts"]
@@ -15,3 +15,16 @@ rules:
   - apiGroups: ["tekton.dev"]
     resources: ["pipelineruns", "pipelineresources", "taskruns"]
     verbs: ["create"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tekton-triggers-gitlab-minimal
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-triggers
+rules:
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["clustertriggerbindings"]
+    verbs: ["get", "list", "watch"]

examples/role-resources/clustertriggerbinding-roles/clusterbinding.yaml

@@ -5,6 +5,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: tekton-triggers-example-sa
+  namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

examples/role-resources/clustertriggerbinding-roles/clusterrole.yaml

@@ -3,15 +3,15 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: tekton-triggers-example-clusterrole
 rules:
-# Permissions for every EventListener deployment to function
-- apiGroups: ["triggers.tekton.dev"]
-  resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
-  verbs: ["get"]
-- apiGroups: [""]
-  # secrets are only needed for GitHub/GitLab interceptors
-  resources: ["configmaps", "secrets"]
-  verbs: ["get", "list", "watch"]
-# Permissions to create resources in associated TriggerTemplates
-- apiGroups: ["tekton.dev"]
-  resources: ["pipelineruns", "pipelineresources", "taskruns"]
-  verbs: ["create"]
+  # Permissions for every EventListener deployment to function
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    # secrets are only needed for Github/Gitlab interceptors
+    resources: ["configmaps", "secrets"]
+    verbs: ["get", "list", "watch"]
+  # Permissions to create resources in associated TriggerTemplates
+  - apiGroups: ["tekton.dev"]
+    resources: ["pipelineruns", "pipelineresources", "taskruns"]
+    verbs: ["create"]

examples/role-resources/triggerbinding-roles/role.yaml

@@ -6,7 +6,7 @@ rules:
 # Permissions for every EventListener deployment to function
 - apiGroups: ["triggers.tekton.dev"]
   resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
-  verbs: ["get"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: [""]
   # secrets are only needed for GitHub/GitLab interceptors
   resources: ["configmaps", "secrets"]