Disable pipelines-scc validation for SCC.Default

This commit disables checking for presence of `pipelines-scc` on the cluster for TektonConfig.Spec....SCC.Default field as `pipelines-scc` is created at a later point in time when the RBAC reconciler is run. Note that this validation will still happen when the SCC priorities are compared when `maxAllowed` or namespace SCC are added.
tektoncd · Sep 26, 2023 · 9d8d78e · 9d8d78e
1 parent 2a0eb28
commit 9d8d78e
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/pkg/apis/operator/v1alpha1/tektonconfig_validation.go b/pkg/apis/operator/v1alpha1/tektonconfig_validation.go
@@ -55,8 +55,13 @@ func (tc *TektonConfig) Validate(ctx context.Context) (errs *apis.FieldError) {
 		}
 
 		// verify default SCC exists on the cluster
-		if err := verifySCCExists(ctx, tc.Spec.Platforms.OpenShift.SCC.Default); err != nil {
-			errs = errs.Also(apis.ErrGeneric(fmt.Sprintf("error verifying SCC exists: %s - %v", tc.Spec.Platforms.OpenShift.SCC.Default, err), "spec.platforms.openshift.scc.default"))
+
+		// we don't want to verify pipelines-scc here as it will be created
+		// later when the RBAC reconciler will be run
+		if defaultSCC != PipelinesSCC {
+			if err := verifySCCExists(ctx, tc.Spec.Platforms.OpenShift.SCC.Default); err != nil {
+				errs = errs.Also(apis.ErrGeneric(fmt.Sprintf("error verifying SCC exists: %s - %v", tc.Spec.Platforms.OpenShift.SCC.Default, err), "spec.platforms.openshift.scc.default"))
+			}
 		}
 
 		maxAllowedSCC := tc.Spec.Platforms.OpenShift.SCC.MaxAllowed