Comments (10)
I've added this to the 0.1 milestone cuz I think we should answer this before 0.1 - and maybe the answer is to leave it as is!
from triggers.
Sorry, I'm a little late adding my opinion to this issue.
One benefit I see of not restricting TriggerTemplates to only Tekton resources, is that it decouples the Triggers project from the Pipelines project. So, if Pipelines creates new resources, or modifies its resources (which will happen in the future since it's still in alpha), the Triggers project might become broken from these changes, and/or Triggers might need to be updated to support these changes. I think the benefits of keeping the Triggers project decoupled or loosely coupled to the Pipelines project might outweigh the costs stated above.
from triggers.
@dibyom The root README specifies:
This repo draws inspiration from Tekton, but can used stand alone since TriggerTemplates can create any Kubernetes resource.
Implementation specifics or otherwise, seems good to update this and potentially add some info other places.
from triggers.
I believe we already have the full scope since that is how it is implemented as per c9537c0. If we wanted to restrict this to core tekton objects for the initial release, we could do so at the apiGroup/resource level. However, if such a restriction were added, we would still need some other abstraction to validate at the resource templates before event time since their structure is not known.
from triggers.
From the WG discussion, we seem to be aligned that restricting resource creation to the tekton.dev
apigroup makes sense for a first release. TBD on implementation. Should we add a ConfigMap
whitelisting the permissible apigroups for creation? Use environment variables?
from triggers.
I think a ConfigMap
makes sense! I'll take a stab at this
/assign
from triggers.
Leaving this open until the follow up PR is in with the ConfigMap
implementation, which should also update the documentation.
from triggers.
I'll update the docs and then close this issue and open a new one for the ConfigMap implementation.
from triggers.
Gulp -- I'd like to be able to create Secrets too. e.g. the event contains information that I use to create a Secret needed later in my pipeline.
from triggers.
So, chatted with @vtereso and here is what we are thinking:
-
We'll keep the static restriction for 0.1
-
In the future we'll add two checks:
-
does the EventListener ServiceAccount have access to the Resources in the template?
-
does the user creating the EventListener have access to the Resources in the template as well as the EventListener ServiceAccount?
Once we have these two checks we'll deprecate the static whitelist of allowed types.
from triggers.
Related Issues (20)
- A slash character in a TriggerBinding value does not work. HOT 2
- Make all cel extensions available HOT 3
- Content-Type isn't send to Interceptor HOT 4
- Triggers called multiple times by EventListener or never called at all HOT 6
- Event listener restarts when under minimal stress HOT 78
- CEL overlay from headers error: couldn't unmarshal json from the TriggerTemplate: invalid character "X" after object key:value pair HOT 2
- Change Leader Election Configmap for Controllers and Webhook
- Event listener failing to run in OKD HOT 3
- getting started example error HOT 3
- Knative undefined: injection.Dynamic HOT 5
- Cant't creating EventListener HOT 3
- Allow Event Listener to Filter on Ingress URL HOT 2
- Trigger interceptor updated the certificate on every restart
- Knative undefined: injection.Dynamic HOT 6
- Example doesn't work well with both SSH and HTTPS enabled in Bitbucket HOT 4
- False negative during integration testing HOT 2
- webhook触发成功。没有生成流水线运行 HOT 4
- Unable to run pipeline after webhook is triggered HOT 4
- TriggerTemplate `.spec.resourcetemplates` capitalization breaks Terraform `kubernetes_manifest` HOT 3
- `namespaceSelector` under `tiggerGroups` will not set `--is-multi-ns=true` on `EventListener` `Pod`. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from triggers.