-
Bug
-
Resolution: Done
-
Major
-
Pipelines 1.20.0
-
2
-
False
-
-
False
-
-
-
Pipelines Sprint Pioneers 37
Description of problem:
Any parameters passed in the approval task via pipelines require validation
Prerequisites (if any, like setup, operators/versions):
OSP 1.20.0
MAG 0.7.0
Steps to Reproduce
1. Install OSP 1.20.0 and MAG 0.7.0
2. Create respective groups and users
3. Apply the pipelines below and start
apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: deployment-pipeline spec: tasks: - name: build taskRef: name: build-task - name: test taskRef: name: test-task runAfter: [build] - name: approval-gate taskRef: apiVersion: openshift-pipelines.org/v1alpha1 kind: ApprovalTask params: - name: approvers value: - user1 - "user5" - group:approver-group - group:approver-group2 - group: approver-group3 # Extra space - name: numberOfApprovalsRequired value: "2" - name: description value: "Approve deployment to production" runAfter: [test] - name: deploy taskRef: name: deploy-task runAfter: [approval-gate]
Actual results:
There are ** no users or group users present
# oc edit approvaltask deployment-pipeline-run-m746x-approval-gate -n test apiVersion: openshift-pipelines.org/v1alpha1 kind: ApprovalTask metadata: annotations: tekton.dev/last-applied-hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b creationTimestamp: "2025-08-20T05:52:55Z" generation: 1 labels: tekton.dev/customRun: deployment-pipeline-run-m746x-approval-gate tekton.dev/memberOf: tasks tekton.dev/pipeline: deployment-pipeline tekton.dev/pipelineRun: deployment-pipeline-run-m746x tekton.dev/pipelineRunUID: f0978a92-7f95-4edb-81a0-6155289685ab tekton.dev/pipelineTask: approval-gate name: deployment-pipeline-run-m746x-approval-gate namespace: test ownerReferences: - apiVersion: tekton.dev/v1beta1 blockOwnerDeletion: true controller: true kind: CustomRun name: deployment-pipeline-run-m746x-approval-gate uid: 638c021b-88d0-4469-854e-3b50e236f68a resourceVersion: "1148705" uid: fbd3c0a7-3ed1-4d26-b6b3-82f83cd71e15 spec: approvers: null description: Approve deployment to production numberOfApprovalsRequired: 2 status: approvalsRequired: 2 startTime: "2025-08-20T05:52:55Z" state: Pending
Expected results:
Validation ** should be present, and it should error for improper parameters fields
Reproducibility (Always/Intermittent/Only Once):
Always
Additional info (Such as Logs, Screenshots, etc):
Normal approval task with correct params field without extra space will look like below
apiVersion: openshift-pipelines.org/v1alpha1 kind: ApprovalTask metadata: annotations: tekton.dev/last-applied-hash: 7e62b914e459464b25f8d8be3f896b88e827f8948cb7d477c2c842d514574da8 creationTimestamp: "2025-08-19T10:22:44Z" generation: 3 labels: tekton.dev/customRun: deployment-pipeline-run-5vdpb-approval-gate tekton.dev/memberOf: tasks tekton.dev/pipeline: deployment-pipeline tekton.dev/pipelineRun: deployment-pipeline-run-5vdpb tekton.dev/pipelineRunUID: 1819698e-60e4-48e0-81dd-59b22ffbb967 tekton.dev/pipelineTask: approval-gate name: deployment-pipeline-run-5vdpb-approval-gate namespace: test ownerReferences: - apiVersion: tekton.dev/v1beta1 blockOwnerDeletion: true controller: true kind: CustomRun name: deployment-pipeline-run-5vdpb-approval-gate uid: 7464d47b-912b-444f-b73f-4fac814c80c0 resourceVersion: "480863" uid: 0f053a9a-2250-404b-984b-e11128f79d8e spec: approvers: - input: pending name: user1 type: User - input: pending name: user5 type: User - input: pending name: approver-group type: Group - input: approve name: approver-group2 type: Group users: - input: approve name: user4 - input: approve name: user3 description: Approve deployment to production numberOfApprovalsRequired: 2 status: approvalsReceived: 2 approvalsRequired: 2 approvers: - user1 - user5 - approver-group - approver-group2 approversResponse: - groupMembers: - name: user4 response: approved - name: user3 response: approved name: approver-group2 response: approved type: Group startTime: "2025-08-19T10:22:44Z" state: approved
