[PR] Fix #6675: disable builder.tasks injection via operator env var [camel-k]

Tue, 16 Jun 2026 00:30:36 -0700 


HarshMehta112 opened a new pull request, #6683:
URL: https://github.com/apache/camel-k/pull/6683

   ## Summary
     
     Adds an operator-level toggle to enable or disable custom pipeline task 
injection via the
     `builder.tasks` trait, preventing CR authors from running arbitrary build 
containers in
     environments where that capability should be restricted.
   
     **How it works:**
   
     Set `BUILDER_TASKS_ENABLED=false` on the operator deployment to disable 
custom tasks:
   
     BUILDER_TASKS_ENABLED=false
     
     - When unset or any value other than `"false"` → custom tasks are allowed 
(backward compatible, no behavior change)
     - When set to `"false"` (case-insensitive) → `builder.tasks` values are 
ignored; an info message is logged
   
     When disabled the pod-strategy validation is also skipped, so CR authors 
do not receive a misleading "use pod strategy" error for tasks that will never 
run.
   
     ## Changes
     
     - `pkg/platform/env_platform.go` — new `BuilderTasksEnabled()` reads 
`BUILDER_TASKS_ENABLED`; returns `true` by default
     - `pkg/trait/builder.go` — gate in `Apply()` wraps `determineCustomTasks` 
call; logs at info level and skips when disabled
     - `pkg/platform/env_platform_test.go` — 5 tests covering not-set, 
`"true"`, `"false"`, `"FALSE"`, and empty-string cases
     - `pkg/trait/builder_test.go` — `TestBuilderTraitTasksDisabledByOperator` 
(pipeline has no custom tasks when disabled) and 
`TestBuilderTraitTasksEnabledByDefault` (tasks flow through when var is unset)
     - `docs/modules/ROOT/pages/installation/builds.adoc` — 
`BUILDER_TASKS_ENABLED` added to build env var table
     - `docs/modules/traits/pages/builder.adoc` — "Custom Pipeline Tasks" 
section added with NOTE about the operator gate
   
     ## Test plan
     
     - [x] `make test` passes locally
     - [x] `TestBuilderTasksEnabled_*` (platform) — env var parsing and boolean 
logic
     - [x] `TestBuilderTraitTasksDisabledByOperator` — verifies no custom tasks 
in pipeline when `BUILDER_TASKS_ENABLED=false`
     - [x] `TestBuilderTraitTasksEnabledByDefault` — verifies tasks work 
normally when var is unset
     - [x] Manual: deploy operator with `BUILDER_TASKS_ENABLED=false`; apply an 
Integration with `builder.tasks` set; confirm no custom container in builder 
pod and info log emitted
   
     Fixes #6675


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to