fix: PaC build (#2341)

* Fixed detection of PaC controller URL for unprivileged users. * Use fn.Deploy.Image before fn.Image since the fn.Image may not be populated. Signed-off-by: Matej Vašek <mvasek@redhat.com>
2024-06-11 15:38:33 +02:00 · 2024-06-11 15:38:33 +02:00 · a898fe79e0
parent f7451b1a9a
commit a898fe79e0
2 changed files with 20 additions and 12 deletions
--- a/pkg/pipelines/tekton/pac/pac.go
+++ b/pkg/pipelines/tekton/pac/pac.go
@ -23,10 +23,10 @@ const (

 // DetectPACInstallation checks whether PAC is installed on the cluster
 // Taken and slightly modified from https://github.com/openshift-pipelines/pipelines-as-code/blob/6a7f043f9bb51d04ab729505b26446695595df1f/pkg/cmd/tknpac/bootstrap/bootstrap.go
-func DetectPACInstallation(ctx context.Context, wantedNamespace string) (bool, string, error) {
+func DetectPACInstallation(ctx context.Context) (bool, string, error) {
 	var installed bool

-	clientPac, _, err := NewTektonPacClientAndResolvedNamespace("")
+	clientPac, cns, err := NewTektonPacClientAndResolvedNamespace("")
 	if err != nil {
 		return false, "", err
 	}
@ -36,20 +36,23 @@ func DetectPACInstallation(ctx context.Context, wantedNamespace string) (bool, s
 		return false, "", err
 	}

-	_, err = clientPac.Repositories("").List(ctx, metav1.ListOptions{})
+	_, err = clientPac.Repositories(cns).List(ctx, metav1.ListOptions{})
 	if err != nil && k8serrors.IsNotFound(err) {
 		return false, "", nil
 	}

 	installed = true
-	if wantedNamespace != "" {
-		_, err := clientK8s.CoreV1().ConfigMaps(wantedNamespace).Get(ctx, infoConfigMap, metav1.GetOptions{})
-		if err == nil {
-			return installed, wantedNamespace, nil
+
+	// First search namespaces that usually contains PaC, this check may be done even by unprivileged user.
+	for _, suspectedNS := range []string{"pipelines-as-code", "openshift-pipelines"} {
+		_, e := clientK8s.CoreV1().ConfigMaps(suspectedNS).Get(ctx, infoConfigMap, metav1.GetOptions{})
+		if e == nil {
+			return installed, suspectedNS, nil
 		}
-		return installed, "", fmt.Errorf("could not detect Pipelines as Code configmap in %s namespace : %w, please reinstall", wantedNamespace, err)
 	}

+	// Search all namespaces if the usual suspects do not contain the desired configmap.
+	// This may require elevated privileges in cluster.
 	cms, err := clientK8s.CoreV1().ConfigMaps("").List(ctx, metav1.ListOptions{
 		LabelSelector: configMapPacLabel,
 	})
--- a/pkg/pipelines/tekton/pipelines_pac_provider.go
+++ b/pkg/pipelines/tekton/pipelines_pac_provider.go
@ -147,7 +147,7 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn
 	}

 	// figure out pac installation namespace
-	installed, _, err := pac.DetectPACInstallation(ctx, "")
+	installed, _, err := pac.DetectPACInstallation(ctx)
 	if !installed {
 		errMsg := ""
 		if err != nil {
@ -168,7 +168,12 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn
 		labels = pp.decorator.UpdateLabels(f, labels)
 	}

-	registry, err := docker.GetRegistry(f.Image)
+	img := f.Deploy.Image
+	if img == "" {
+		img = f.Image
+	}
+
+	registry, err := docker.GetRegistry(img)
 	if err != nil {
 		return fmt.Errorf("problem in resolving image registry name: %w", err)
 	}
@ -177,7 +182,7 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn
 		registry = authn.DefaultAuthKey
 	}

-	creds, err := pp.credentialsProvider(ctx, f.Image)
+	creds, err := pp.credentialsProvider(ctx, img)
 	if err != nil {
 		return err
 	}
@ -213,7 +218,7 @@ func (pp *PipelinesProvider) createClusterPACResources(ctx context.Context, f fn
 func (pp *PipelinesProvider) createRemotePACResources(ctx context.Context, f fn.Function, metadata pipelines.PacMetadata) error {

 	// figure out pac installation namespace
-	installed, installationNS, err := pac.DetectPACInstallation(ctx, "")
+	installed, installationNS, err := pac.DetectPACInstallation(ctx)
 	if !installed {
 		errMsg := ""
 		if err != nil {