From 5553d54d15c3d1dbe8a4e21b4e6989c126a79195 Mon Sep 17 00:00:00 2001
From: Minho Ryang <minhoryang@gmail.com>
Date: Sun, 22 Oct 2023 19:51:08 +0900
Subject: [PATCH 1/2] #6938 Disallow unknown keys in feature-flags configmap

Signed-off-by: Minho Ryang <minhoryang@gmail.com>
---
 pkg/apis/config/feature_flags.go              | 34 +++++++++++++++++++
 pkg/apis/config/feature_flags_test.go         |  3 ++
 .../testdata/feature-flags-invalid-key.yaml   | 21 ++++++++++++
 3 files changed, 58 insertions(+)
 create mode 100644 pkg/apis/config/testdata/feature-flags-invalid-key.yaml

diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go
index 6b4940c0880..9a2b759f053 100644
--- a/pkg/apis/config/feature_flags.go
+++ b/pkg/apis/config/feature_flags.go
@@ -24,6 +24,7 @@ import (
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
 )
 
 const (
@@ -114,6 +115,34 @@ const (
 	coscheduleKey                       = "coschedule"
 )
 
+var knownFeatureFlagKeys = sets.NewString(
+	KeepPodOnCancel,
+	EnableCELInWhenExpression,
+
+	disableAffinityAssistantKey,
+	disableCredsInitKey,
+	runningInEnvWithInjectedSidecarsKey,
+	awaitSidecarReadinessKey,
+	requireGitSSHSecretKnownHostsKey,
+	enableTektonOCIBundles,
+	enableAPIFields,
+	sendCloudEventsForRuns,
+	enforceNonfalsifiability,
+	verificationNoMatchPolicy,
+	enableProvenanceInStatus,
+	resultExtractionMethod,
+	maxResultSize,
+	setSecurityContextKey,
+	coscheduleKey,
+
+	// TEP-0114: Remove Feature Flag enable-custom-tasks #5975 (v0.47.0)
+	"enable-custom-tasks",
+	// Used on `pkg/pod/pod.go` #2158
+	"enable-ready-annotation-on-pod-create",
+	// Used on `./testdata/feature-flags-empty.yaml`
+	"_example",
+)
+
 // DefaultFeatureFlags holds all the default configurations for the feature flags configmap.
 var DefaultFeatureFlags, _ = NewFeatureFlagsFromMap(map[string]string{})
 
@@ -158,6 +187,11 @@ func GetFeatureFlagsConfigName() string {
 
 // NewFeatureFlagsFromMap returns a Config given a map corresponding to a ConfigMap
 func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error) {
+	unknownFeatureFlagKeys := sets.StringKeySet(cfgMap).Difference(knownFeatureFlagKeys)
+	if unknownFeatureFlagKeys.Len() != 0 {
+		return nil, fmt.Errorf("invalid feature flags: %q", strings.Join(unknownFeatureFlagKeys.List(), ","))
+	}
+
 	setFeature := func(key string, defaultValue bool, feature *bool) error {
 		if cfg, ok := cfgMap[key]; ok {
 			value, err := strconv.ParseBool(cfg)
diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go
index 65756040698..056bfc47540 100644
--- a/pkg/apis/config/feature_flags_test.go
+++ b/pkg/apis/config/feature_flags_test.go
@@ -273,6 +273,9 @@ func TestNewFeatureFlagsConfigMapErrors(t *testing.T) {
 	}, {
 		fileName: "feature-flags-invalid-enable-cel-in-whenexpression",
 		want:     `failed parsing feature flags config "invalid": strconv.ParseBool: parsing "invalid": invalid syntax`,
+	}, {
+		fileName: "feature-flags-invalid-key",
+		want:     `invalid feature flags: "invalid"`,
 	}} {
 		t.Run(tc.fileName, func(t *testing.T) {
 			cm := test.ConfigMapFromTestFile(t, tc.fileName)
diff --git a/pkg/apis/config/testdata/feature-flags-invalid-key.yaml b/pkg/apis/config/testdata/feature-flags-invalid-key.yaml
new file mode 100644
index 00000000000..aed53de0b48
--- /dev/null
+++ b/pkg/apis/config/testdata/feature-flags-invalid-key.yaml
@@ -0,0 +1,21 @@
+# Copyright 2023 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: feature-flags
+  namespace: tekton-pipelines
+data:
+  invalid: "invalid"

From b1f79f689f500e2b762054eca66503f432248c2d Mon Sep 17 00:00:00 2001
From: Minho Ryang <minhoryang@gmail.com>
Date: Tue, 31 Oct 2023 05:43:53 +0000
Subject: [PATCH 2/2] Update knownFeatureFlagKeys by adding EnableParamEnum

Signed-off-by: Minho Ryang <minhoryang@gmail.com>
---
 pkg/apis/config/feature_flags.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go
index 27aeef64f05..c3cbf0de2c5 100644
--- a/pkg/apis/config/feature_flags.go
+++ b/pkg/apis/config/feature_flags.go
@@ -133,6 +133,7 @@ var knownFeatureFlagKeys = sets.NewString(
 	KeepPodOnCancel,
 	EnableCELInWhenExpression,
 	EnableStepActions,
+	EnableParamEnum,
 
 	disableAffinityAssistantKey,
 	disableCredsInitKey,