Following updating to OCP pipelines version 1.17 on a Multi-arch 4.16 OCP cluster, I enabled the cluster resolver as described in the documentation (1). While configuring the resolver, my edit to the tektonconfig object looked like:
  
  pipeline:
    cluster-resolver-config:
      default-kind: pipeline
      default-namespace: openshift-pipelines
      allowed-namespaces: petstore, openshift-pipelines

Next, I updated a pipeline in the petstore namespace that referenced the git-clone task in the openshift-pipelines namespace. My reference in the pipeline looks like this:

tasks:
  - name: fetch-repository
    params:
      ...
    taskRef:
      params:
      - name: kind
        value: task
      - name: name
        value: git-clone
      - name: namespace
        value: openshift-pipelines
      resolver: cluster
    workspaces:
    - name: output
      workspace: shared-ws

When I went to run the pipeline, the pipelinerun failed and I got the following error message:

Pipeline petstore/multiarch-petstore-build can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "resolver type cluster\nname = git-clone\n": error requesting remote resource: invalid resource request "petstore/cluster-1ec90b5b4893b4ef235aab697274cb27": access to specified namespace openshift-pipelines is not allowed

After some trial and error I realized that I could not have a space between `petstore` and `openshift-pipelines`, however, the sample text in the documentation (1) shows `namespace1, namespace2` with a space.


(1) Link to instructions used: https://docs.openshift.com/pipelines/1.17/create/remote-pipelines-tasks-resolvers.html#resolver-cluster-config_remote-pipelines-tasks-resolvers

    OCP Pipelines version 1.17
    OCP cluster version 4.16.18
    Multi-arch cluster with x86 managers and workers plus additional s390x workers

    I was able to reproduce

    1. Install pipelines operator version 1.17
    2. Edit the tektonconfig config object to enable the cluster resolver that with default-kind, default-namespace and allowed-namespaces defined but no blocked-namespaces defined. Define at least two allowed-namespaces separating each with a comma and space, for instance `namespace1, openshift-pipelines`.
    3. Try to run a pipeline in one namespace1 that references a task defined in the openshift-pipelines namespace
    

    Pipelinerun fails with error stating that it cannot access the requested task

    Pipelinerun is able to use the task defined in the allowed-namespace specified namespace

    I think suitable fixes could be 1. allowing for a comma and space 2. not permitting the edit to be completed/throwing some sort of error or 3. updating the docs example to not have a comma and space (I see the instructions do specify a comma separated list already)