feat: declarative config for cluster and repo(#4734) (#5102)

* Declarative config for cluster and repo

Signed-off-by: kshamajain99 <kshamajain99@gmail.com>

* Review comments

Signed-off-by: kshamajain99 <kshamajain99@gmail.com>

cmd/argocd-util/commands/argocd_util.go

@@ -52,6 +52,7 @@ func NewCommand() *cobra.Command {
 	var (
 		logFormat string
 		logLevel  string
+		pathOpts  = clientcmd.NewDefaultPathOptions()
 	)
 
 	var command = &cobra.Command{
@@ -74,7 +75,7 @@ func NewCommand() *cobra.Command {
 	command.AddCommand(NewSettingsCommand())
 	command.AddCommand(NewAppsCommand())
 	command.AddCommand(NewRBACCommand())
-	command.AddCommand(NewGenerateConfigCommand())
+	command.AddCommand(NewGenerateConfigCommand(pathOpts))
 
 	command.Flags().StringVar(&logFormat, "logformat", "text", "Set the logging format. One of: text|json")
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")

cmd/argocd-util/commands/config.go

@@ -1,16 +1,35 @@
 package commands
 
 import (
-	"log"
+	"context"
+	"fmt"
+	"io/ioutil"
 	"os"
 
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	apiv1 "k8s.io/api/core/v1"
+	apierr "k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/fake"
+	"k8s.io/client-go/tools/clientcmd"
 
 	cmdutil "github.com/argoproj/argo-cd/cmd/util"
+	"github.com/argoproj/argo-cd/common"
+	argoappv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/util/cli"
+	"github.com/argoproj/argo-cd/util/db"
 	"github.com/argoproj/argo-cd/util/errors"
+	"github.com/argoproj/argo-cd/util/git"
+	"github.com/argoproj/argo-cd/util/settings"
 )
 
-func NewGenerateConfigCommand() *cobra.Command {
+const (
+	ArgoCDNamespace  = "argocd"
+	repoSecretPrefix = "repo"
+)
+
+func NewGenerateConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command {
 	var command = &cobra.Command{
 		Use:   "config",
 		Short: "Generate declarative configuration files",
@@ -20,6 +39,8 @@ func NewGenerateConfigCommand() *cobra.Command {
 	}
 	command.AddCommand(NewGenAppConfigCommand())
 	command.AddCommand(NewGenProjectConfigCommand())
+	command.AddCommand(NewGenClusterConfigCommand(pathOpts))
+	command.AddCommand(NewGenRepoConfigCommand())
 
 	return command
 }
@@ -64,13 +85,15 @@ func NewGenAppConfigCommand() *cobra.Command {
 				os.Exit(1)
 			}
 
-			errors.CheckError(cmdutil.PrintResource(app, outputFormat))
+			var printResources []interface{}
+			printResources = append(printResources, app)
+			errors.CheckError(cmdutil.PrintResources(printResources, outputFormat))
 		},
 	}
 	command.Flags().StringVar(&appName, "name", "", "A name for the app, ignored if a file is set (DEPRECATED)")
 	command.Flags().StringVarP(&fileURL, "file", "f", "", "Filename or URL to Kubernetes manifests for the app")
 	command.Flags().StringArrayVarP(&labels, "label", "l", []string{}, "Labels to apply to the app")
-	command.Flags().StringVar(&outputFormat, "o", "yaml", "Output format (yaml|json)")
+	command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml")
 
 	// Only complete files with appropriate extension.
 	err := command.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{"json", "yaml", "yml"})
@@ -94,11 +117,13 @@ func NewGenProjectConfigCommand() *cobra.Command {
 			proj, err := cmdutil.ConstructAppProj(fileURL, args, opts, c)
 			errors.CheckError(err)
 
-			errors.CheckError(cmdutil.PrintResource(proj, outputFormat))
+			var printResources []interface{}
+			printResources = append(printResources, proj)
+			errors.CheckError(cmdutil.PrintResources(printResources, outputFormat))
 		},
 	}
 	command.Flags().StringVarP(&fileURL, "file", "f", "", "Filename or URL to Kubernetes manifests for the project")
-	command.Flags().StringVar(&outputFormat, "o", "yaml", "Output format (yaml|json)")
+	command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml")
 	err := command.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{"json", "yaml", "yml"})
 	if err != nil {
 		log.Fatal(err)
@@ -106,3 +131,229 @@ func NewGenProjectConfigCommand() *cobra.Command {
 	cmdutil.AddProjFlags(command, &opts)
 	return command
 }
+
+func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command {
+	var (
+		clusterOpts  cmdutil.ClusterOptions
+		bearerToken  string
+		outputFormat string
+	)
+	var command = &cobra.Command{
+		Use:   "cluster CONTEXT",
+		Short: "Generate declarative config for a cluster",
+		Run: func(c *cobra.Command, args []string) {
+			var configAccess clientcmd.ConfigAccess = pathOpts
+			if len(args) == 0 {
+				log.Error("Choose a context name from:")
+				cmdutil.PrintKubeContexts(configAccess)
+				os.Exit(1)
+			}
+			cfgAccess, err := configAccess.GetStartingConfig()
+			errors.CheckError(err)
+			contextName := args[0]
+			clstContext := cfgAccess.Contexts[contextName]
+			if clstContext == nil {
+				log.Fatalf("Context %s does not exist in kubeconfig", contextName)
+			}
+
+			overrides := clientcmd.ConfigOverrides{
+				Context: *clstContext,
+			}
+			clientConfig := clientcmd.NewDefaultClientConfig(*cfgAccess, &overrides)
+			conf, err := clientConfig.ClientConfig()
+			errors.CheckError(err)
+			kubeClientset := fake.NewSimpleClientset()
+
+			var awsAuthConf *argoappv1.AWSAuthConfig
+			var execProviderConf *argoappv1.ExecProviderConfig
+			if clusterOpts.AwsClusterName != "" {
+				awsAuthConf = &argoappv1.AWSAuthConfig{
+					ClusterName: clusterOpts.AwsClusterName,
+					RoleARN:     clusterOpts.AwsRoleArn,
+				}
+			} else if clusterOpts.ExecProviderCommand != "" {
+				execProviderConf = &argoappv1.ExecProviderConfig{
+					Command:     clusterOpts.ExecProviderCommand,
+					Args:        clusterOpts.ExecProviderArgs,
+					Env:         clusterOpts.ExecProviderEnv,
+					APIVersion:  clusterOpts.ExecProviderAPIVersion,
+					InstallHint: clusterOpts.ExecProviderInstallHint,
+				}
+			} else if bearerToken == "" {
+				bearerToken = "bearer-token"
+			}
+			if clusterOpts.Name != "" {
+				contextName = clusterOpts.Name
+			}
+			clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, conf, bearerToken, awsAuthConf, execProviderConf)
+			if clusterOpts.InCluster {
+				clst.Server = common.KubernetesInternalAPIServerAddr
+			}
+			if clusterOpts.Shard >= 0 {
+				clst.Shard = &clusterOpts.Shard
+			}
+
+			settingsMgr := settings.NewSettingsManager(context.Background(), kubeClientset, ArgoCDNamespace)
+			argoDB := db.NewDB(ArgoCDNamespace, settingsMgr, kubeClientset)
+
+			_, err = argoDB.CreateCluster(context.Background(), clst)
+			errors.CheckError(err)
+
+			secName, err := db.ServerToSecretName(clst.Server)
+			errors.CheckError(err)
+
+			secret, err := kubeClientset.CoreV1().Secrets(ArgoCDNamespace).Get(context.Background(), secName, v1.GetOptions{})
+			errors.CheckError(err)
+
+			cmdutil.ConvertSecretData(secret)
+			var printResources []interface{}
+			printResources = append(printResources, secret)
+			errors.CheckError(cmdutil.PrintResources(printResources, outputFormat))
+		},
+	}
+	command.PersistentFlags().StringVar(&pathOpts.LoadingRules.ExplicitPath, pathOpts.ExplicitFileFlag, pathOpts.LoadingRules.ExplicitPath, "use a particular kubeconfig file")
+	command.Flags().StringVar(&bearerToken, "bearer-token", "", "Authentication token that should be used to access K8S API server")
+	command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml")
+	cmdutil.AddClusterFlags(command, &clusterOpts)
+	return command
+}
+
+func NewGenRepoConfigCommand() *cobra.Command {
+	var (
+		repoOpts     cmdutil.RepoOptions
+		outputFormat string
+	)
+
+	// For better readability and easier formatting
+	var repoAddExamples = `  
+  # Add a Git repository via SSH using a private key for authentication, ignoring the server's host key:
+  argocd-util config repo git@git.example.com:repos/repo --insecure-ignore-host-key --ssh-private-key-path ~/id_rsa
+
+  # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
+  argocd-util config repo ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa
+
+  # Add a private Git repository via HTTPS using username/password and TLS client certificates:
+  argocd-util config repo https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key
+
+  # Add a private Git repository via HTTPS using username/password without verifying the server's TLS certificate
+  argocd-util config repo https://git.example.com/repos/repo --username git --password secret --insecure-skip-server-verification
+
+  # Add a public Helm repository named 'stable' via HTTPS
+  argocd-util config repo https://kubernetes-charts.storage.googleapis.com --type helm --name stable  
+
+  # Add a private Helm repository named 'stable' via HTTPS
+  argocd-util config repo https://kubernetes-charts.storage.googleapis.com --type helm --name stable --username test --password test
+
+  # Add a private Helm OCI-based repository named 'stable' via HTTPS
+  argocd-util config repo helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type helm --name stable --enable-oci --username test --password test
+`
+
+	var command = &cobra.Command{
+		Use:     "repo REPOURL",
+		Short:   "Generate declarative config for a repo",
+		Example: repoAddExamples,
+		Run: func(c *cobra.Command, args []string) {
+			if len(args) != 1 {
+				c.HelpFunc()(c, args)
+				os.Exit(1)
+			}
+
+			// Repository URL
+			repoOpts.Repo.Repo = args[0]
+
+			// Specifying ssh-private-key-path is only valid for SSH repositories
+			if repoOpts.SshPrivateKeyPath != "" {
+				if ok, _ := git.IsSSHURL(repoOpts.Repo.Repo); ok {
+					keyData, err := ioutil.ReadFile(repoOpts.SshPrivateKeyPath)
+					if err != nil {
+						log.Fatal(err)
+					}
+					repoOpts.Repo.SSHPrivateKey = string(keyData)
+				} else {
+					err := fmt.Errorf("--ssh-private-key-path is only supported for SSH repositories.")
+					errors.CheckError(err)
+				}
+			}
+
+			// tls-client-cert-path and tls-client-cert-key-key-path must always be
+			// specified together
+			if (repoOpts.TlsClientCertPath != "" && repoOpts.TlsClientCertKeyPath == "") || (repoOpts.TlsClientCertPath == "" && repoOpts.TlsClientCertKeyPath != "") {
+				err := fmt.Errorf("--tls-client-cert-path and --tls-client-cert-key-path must be specified together")
+				errors.CheckError(err)
+			}
+
+			// Specifying tls-client-cert-path is only valid for HTTPS repositories
+			if repoOpts.TlsClientCertPath != "" {
+				if git.IsHTTPSURL(repoOpts.Repo.Repo) {
+					tlsCertData, err := ioutil.ReadFile(repoOpts.TlsClientCertPath)
+					errors.CheckError(err)
+					tlsCertKey, err := ioutil.ReadFile(repoOpts.TlsClientCertKeyPath)
+					errors.CheckError(err)
+					repoOpts.Repo.TLSClientCertData = string(tlsCertData)
+					repoOpts.Repo.TLSClientCertKey = string(tlsCertKey)
+				} else {
+					err := fmt.Errorf("--tls-client-cert-path is only supported for HTTPS repositories")
+					errors.CheckError(err)
+				}
+			}
+
+			// Set repository connection properties only when creating repository, not
+			// when creating repository credentials.
+			// InsecureIgnoreHostKey is deprecated and only here for backwards compat
+			repoOpts.Repo.InsecureIgnoreHostKey = repoOpts.InsecureIgnoreHostKey
+			repoOpts.Repo.Insecure = repoOpts.InsecureSkipServerVerification
+			repoOpts.Repo.EnableLFS = repoOpts.EnableLfs
+			repoOpts.Repo.EnableOCI = repoOpts.EnableOci
+
+			if repoOpts.Repo.Type == "helm" && repoOpts.Repo.Name == "" {
+				errors.CheckError(fmt.Errorf("must specify --name for repos of type 'helm'"))
+			}
+
+			// If the user set a username, but didn't supply password via --password,
+			// then we prompt for it
+			if repoOpts.Repo.Username != "" && repoOpts.Repo.Password == "" {
+				repoOpts.Repo.Password = cli.PromptPassword(repoOpts.Repo.Password)
+			}
+
+			argoCDCM := &apiv1.ConfigMap{
+				TypeMeta: v1.TypeMeta{
+					Kind:       "ConfigMap",
+					APIVersion: "v1",
+				},
+				ObjectMeta: v1.ObjectMeta{
+					Name:      common.ArgoCDConfigMapName,
+					Namespace: ArgoCDNamespace,
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+			}
+			kubeClientset := fake.NewSimpleClientset(argoCDCM)
+			settingsMgr := settings.NewSettingsManager(context.Background(), kubeClientset, ArgoCDNamespace)
+			argoDB := db.NewDB(ArgoCDNamespace, settingsMgr, kubeClientset)
+
+			var printResources []interface{}
+			_, err := argoDB.CreateRepository(context.Background(), &repoOpts.Repo)
+			errors.CheckError(err)
+
+			secret, err := kubeClientset.CoreV1().Secrets(ArgoCDNamespace).Get(context.Background(), db.RepoURLToSecretName(repoSecretPrefix, repoOpts.Repo.Repo), v1.GetOptions{})
+			if err != nil {
+				if !apierr.IsNotFound(err) {
+					errors.CheckError(err)
+				}
+			} else {
+				cmdutil.ConvertSecretData(secret)
+				printResources = append(printResources, secret)
+			}
+
+			cm, err := kubeClientset.CoreV1().ConfigMaps(ArgoCDNamespace).Get(context.Background(), common.ArgoCDConfigMapName, v1.GetOptions{})
+			errors.CheckError(err)
+
+			printResources = append(printResources, cm)
+			errors.CheckError(cmdutil.PrintResources(printResources, outputFormat))
+		},
+	}
+	command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml")
+	cmdutil.AddRepoFlags(command, &repoOpts)
+	return command
+}

cmd/argocd/commands/cluster.go

@@ -3,18 +3,16 @@ package commands
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
-	"sort"
 	"strings"
 	"text/tabwriter"
 
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 
+	cmdutil "github.com/argoproj/argo-cd/cmd/util"
 	"github.com/argoproj/argo-cd/common"
 	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
 	clusterpkg "github.com/argoproj/argo-cd/pkg/apiclient/cluster"
@@ -58,20 +56,7 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc
 // NewClusterAddCommand returns a new instance of an `argocd cluster add` command
 func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command {
 	var (
-		inCluster               bool
-		upsert                  bool
-		serviceAccount          string
-		awsRoleArn              string
-		awsClusterName          string
-		systemNamespace         string
-		namespaces              []string
-		name                    string
-		shard                   int64
-		execProviderCommand     string
-		execProviderArgs        []string
-		execProviderEnv         map[string]string
-		execProviderAPIVersion  string
-		execProviderInstallHint string
+		clusterOpts cmdutil.ClusterOptions
 	)
 	var command = &cobra.Command{
 		Use:   "add CONTEXT",
@@ -80,7 +65,7 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 			var configAccess clientcmd.ConfigAccess = pathOpts
 			if len(args) == 0 {
 				log.Error("Choose a context name from:")
-				printKubeContexts(configAccess)
+				cmdutil.PrintKubeContexts(configAccess)
 				os.Exit(1)
 			}
 			config, err := configAccess.GetStartingConfig()
@@ -101,45 +86,45 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 			managerBearerToken := ""
 			var awsAuthConf *argoappv1.AWSAuthConfig
 			var execProviderConf *argoappv1.ExecProviderConfig
-			if awsClusterName != "" {
+			if clusterOpts.AwsClusterName != "" {
 				awsAuthConf = &argoappv1.AWSAuthConfig{
-					ClusterName: awsClusterName,
-					RoleARN:     awsRoleArn,
+					ClusterName: clusterOpts.AwsClusterName,
+					RoleARN:     clusterOpts.AwsRoleArn,
 				}
-			} else if execProviderCommand != "" {
+			} else if clusterOpts.ExecProviderCommand != "" {
 				execProviderConf = &argoappv1.ExecProviderConfig{
-					Command:     execProviderCommand,
-					Args:        execProviderArgs,
-					Env:         execProviderEnv,
-					APIVersion:  execProviderAPIVersion,
-					InstallHint: execProviderInstallHint,
+					Command:     clusterOpts.ExecProviderCommand,
+					Args:        clusterOpts.ExecProviderArgs,
+					Env:         clusterOpts.ExecProviderEnv,
+					APIVersion:  clusterOpts.ExecProviderAPIVersion,
+					InstallHint: clusterOpts.ExecProviderInstallHint,
 				}
 			} else {
 				// Install RBAC resources for managing the cluster
 				clientset, err := kubernetes.NewForConfig(conf)
 				errors.CheckError(err)
-				if serviceAccount != "" {
-					managerBearerToken, err = clusterauth.GetServiceAccountBearerToken(clientset, systemNamespace, serviceAccount)
+				if clusterOpts.ServiceAccount != "" {
+					managerBearerToken, err = clusterauth.GetServiceAccountBearerToken(clientset, clusterOpts.SystemNamespace, clusterOpts.ServiceAccount)
 				} else {
-					managerBearerToken, err = clusterauth.InstallClusterManagerRBAC(clientset, systemNamespace, namespaces)
+					managerBearerToken, err = clusterauth.InstallClusterManagerRBAC(clientset, clusterOpts.SystemNamespace, clusterOpts.Namespaces)
 				}
 				errors.CheckError(err)
 			}
 			conn, clusterIf := argocdclient.NewClientOrDie(clientOpts).NewClusterClientOrDie()
 			defer io.Close(conn)
-			if name != "" {
-				contextName = name
+			if clusterOpts.Name != "" {
+				contextName = clusterOpts.Name
 			}
-			clst := newCluster(contextName, namespaces, conf, managerBearerToken, awsAuthConf, execProviderConf)
-			if inCluster {
+			clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, conf, managerBearerToken, awsAuthConf, execProviderConf)
+			if clusterOpts.InCluster {
 				clst.Server = common.KubernetesInternalAPIServerAddr
 			}
-			if shard >= 0 {
-				clst.Shard = &shard
+			if clusterOpts.Shard >= 0 {
+				clst.Shard = &clusterOpts.Shard
 			}
 			clstCreateReq := clusterpkg.ClusterCreateRequest{
 				Cluster: clst,
-				Upsert:  upsert,
+				Upsert:  clusterOpts.Upsert,
 			}
 			_, err = clusterIf.Create(context.Background(), &clstCreateReq)
 			errors.CheckError(err)
@@ -147,107 +132,13 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 		},
 	}
 	command.PersistentFlags().StringVar(&pathOpts.LoadingRules.ExplicitPath, pathOpts.ExplicitFileFlag, pathOpts.LoadingRules.ExplicitPath, "use a particular kubeconfig file")
-	command.Flags().BoolVar(&inCluster, "in-cluster", false, "Indicates Argo CD resides inside this cluster and should connect using the internal k8s hostname (kubernetes.default.svc)")
-	command.Flags().BoolVar(&upsert, "upsert", false, "Override an existing cluster with the same name even if the spec differs")
-	command.Flags().StringVar(&serviceAccount, "service-account", "", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default \"%s\" SA will be created", clusterauth.ArgoCDManagerServiceAccount))
-	command.Flags().StringVar(&awsClusterName, "aws-cluster-name", "", "AWS Cluster name if set then aws cli eks token command will be used to access cluster")
-	command.Flags().StringVar(&awsRoleArn, "aws-role-arn", "", "Optional AWS role arn. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.")
-	command.Flags().StringVar(&systemNamespace, "system-namespace", common.DefaultSystemNamespace, "Use different system namespace")
-	command.Flags().StringArrayVar(&namespaces, "namespace", nil, "List of namespaces which are allowed to manage")
-	command.Flags().StringVar(&name, "name", "", "Overwrite the cluster name")
-	command.Flags().Int64Var(&shard, "shard", -1, "Cluster shard number; inferred from hostname if not set")
-	command.Flags().StringVar(&execProviderCommand, "exec-command", "", "Command to run to provide client credentials to the cluster. You may need to build a custom ArgoCD image to ensure the command is available at runtime.")
-	command.Flags().StringArrayVar(&execProviderArgs, "exec-command-args", nil, "Arguments to supply to the --exec-command command")
-	command.Flags().StringToStringVar(&execProviderEnv, "exec-command-env", nil, "Environment vars to set when running the --exec-command command")
-	command.Flags().StringVar(&execProviderAPIVersion, "exec-command-api-version", "", "Preferred input version of the ExecInfo for the --exec-command")
-	command.Flags().StringVar(&execProviderInstallHint, "exec-command-install-hint", "", "Text shown to the user when the --exec-command executable doesn't seem to be present")
+	command.Flags().BoolVar(&clusterOpts.Upsert, "upsert", false, "Override an existing cluster with the same name even if the spec differs")
+	command.Flags().StringVar(&clusterOpts.ServiceAccount, "service-account", "", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default \"%s\" SA will be created", clusterauth.ArgoCDManagerServiceAccount))
+	command.Flags().StringVar(&clusterOpts.SystemNamespace, "system-namespace", common.DefaultSystemNamespace, "Use different system namespace")
+	cmdutil.AddClusterFlags(command, &clusterOpts)
 	return command
 }
 
-func printKubeContexts(ca clientcmd.ConfigAccess) {
-	config, err := ca.GetStartingConfig()
-	errors.CheckError(err)
-	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-	defer func() { _ = w.Flush() }()
-	columnNames := []string{"CURRENT", "NAME", "CLUSTER", "SERVER"}
-	_, err = fmt.Fprintf(w, "%s\n", strings.Join(columnNames, "\t"))
-	errors.CheckError(err)
-
-	// sort names so output is deterministic
-	contextNames := make([]string, 0)
-	for name := range config.Contexts {
-		contextNames = append(contextNames, name)
-	}
-	sort.Strings(contextNames)
-
-	if config.Clusters == nil {
-		return
-	}
-
-	for _, name := range contextNames {
-		// ignore malformed kube config entries
-		context := config.Contexts[name]
-		if context == nil {
-			continue
-		}
-		cluster := config.Clusters[context.Cluster]
-		if cluster == nil {
-			continue
-		}
-		prefix := " "
-		if config.CurrentContext == name {
-			prefix = "*"
-		}
-		_, err := fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", prefix, name, context.Cluster, cluster.Server)
-		errors.CheckError(err)
-	}
-}
-
-func newCluster(name string, namespaces []string, conf *rest.Config, managerBearerToken string, awsAuthConf *argoappv1.AWSAuthConfig, execProviderConf *argoappv1.ExecProviderConfig) *argoappv1.Cluster {
-	tlsClientConfig := argoappv1.TLSClientConfig{
-		Insecure:   conf.TLSClientConfig.Insecure,
-		ServerName: conf.TLSClientConfig.ServerName,
-		CAData:     conf.TLSClientConfig.CAData,
-		CertData:   conf.TLSClientConfig.CertData,
-		KeyData:    conf.TLSClientConfig.KeyData,
-	}
-	if len(conf.TLSClientConfig.CAData) == 0 && conf.TLSClientConfig.CAFile != "" {
-		data, err := ioutil.ReadFile(conf.TLSClientConfig.CAFile)
-		errors.CheckError(err)
-		tlsClientConfig.CAData = data
-	}
-	if len(conf.TLSClientConfig.CertData) == 0 && conf.TLSClientConfig.CertFile != "" {
-		data, err := ioutil.ReadFile(conf.TLSClientConfig.CertFile)
-		errors.CheckError(err)
-		tlsClientConfig.CertData = data
-	}
-	if len(conf.TLSClientConfig.KeyData) == 0 && conf.TLSClientConfig.KeyFile != "" {
-		data, err := ioutil.ReadFile(conf.TLSClientConfig.KeyFile)
-		errors.CheckError(err)
-		tlsClientConfig.KeyData = data
-	}
-
-	clst := argoappv1.Cluster{
-		Server:     conf.Host,
-		Name:       name,
-		Namespaces: namespaces,
-		Config: argoappv1.ClusterConfig{
-			TLSClientConfig:    tlsClientConfig,
-			AWSAuthConfig:      awsAuthConf,
-			ExecProviderConfig: execProviderConf,
-		},
-	}
-
-	// Bearer token will preferentially be used for auth if present,
-	// Even in presence of key/cert credentials
-	// So set bearer token only if the key/cert data is absent
-	if len(tlsClientConfig.CertData) == 0 || len(tlsClientConfig.KeyData) == 0 {
-		clst.Config.BearerToken = managerBearerToken
-	}
-
-	return &clst
-}
-
 // NewClusterGetCommand returns a new instance of an `argocd cluster get` command
 func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (

cmd/argocd/commands/cluster_test.go

@@ -1,12 +1,9 @@
 package commands
 
 import (
-	"strings"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/rest"
 
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 )
@@ -32,55 +29,3 @@ func Test_printClusterTable(t *testing.T) {
 		},
 	})
 }
-
-func Test_newCluster(t *testing.T) {
-	clusterWithData := newCluster("test-cluster", []string{"test-namespace"}, &rest.Config{
-		TLSClientConfig: rest.TLSClientConfig{
-			Insecure:   false,
-			ServerName: "test-endpoint.example.com",
-			CAData:     []byte("test-ca-data"),
-			CertData:   []byte("test-cert-data"),
-			KeyData:    []byte("test-key-data"),
-		},
-		Host: "test-endpoint.example.com",
-	},
-		"test-bearer-token",
-		&v1alpha1.AWSAuthConfig{},
-		&v1alpha1.ExecProviderConfig{})
-
-	assert.Equal(t, "test-cert-data", string(clusterWithData.Config.CertData))
-	assert.Equal(t, "test-key-data", string(clusterWithData.Config.KeyData))
-	assert.Equal(t, "", clusterWithData.Config.BearerToken)
-
-	clusterWithFiles := newCluster("test-cluster", []string{"test-namespace"}, &rest.Config{
-		TLSClientConfig: rest.TLSClientConfig{
-			Insecure:   false,
-			ServerName: "test-endpoint.example.com",
-			CAData:     []byte("test-ca-data"),
-			CertFile:   "./testdata/test.cert.pem",
-			KeyFile:    "./testdata/test.key.pem",
-		},
-		Host: "test-endpoint.example.com",
-	},
-		"test-bearer-token",
-		&v1alpha1.AWSAuthConfig{},
-		&v1alpha1.ExecProviderConfig{})
-
-	assert.True(t, strings.Contains(string(clusterWithFiles.Config.CertData), "test-cert-data"))
-	assert.True(t, strings.Contains(string(clusterWithFiles.Config.KeyData), "test-key-data"))
-	assert.Equal(t, "", clusterWithFiles.Config.BearerToken)
-
-	clusterWithBearerToken := newCluster("test-cluster", []string{"test-namespace"}, &rest.Config{
-		TLSClientConfig: rest.TLSClientConfig{
-			Insecure:   false,
-			ServerName: "test-endpoint.example.com",
-			CAData:     []byte("test-ca-data"),
-		},
-		Host: "test-endpoint.example.com",
-	},
-		"test-bearer-token",
-		&v1alpha1.AWSAuthConfig{},
-		&v1alpha1.ExecProviderConfig{})
-
-	assert.Equal(t, "test-bearer-token", clusterWithBearerToken.Config.BearerToken)
-}

cmd/argocd/commands/repo.go

@@ -10,7 +10,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
-	"github.com/argoproj/argo-cd/common"
+	cmdutil "github.com/argoproj/argo-cd/cmd/util"
 	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
 	repositorypkg "github.com/argoproj/argo-cd/pkg/apiclient/repository"
 	appsv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
@@ -41,15 +41,7 @@ func NewRepoCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 // NewRepoAddCommand returns a new instance of an `argocd repo add` command
 func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
-		repo                           appsv1.Repository
-		upsert                         bool
-		sshPrivateKeyPath              string
-		insecureIgnoreHostKey          bool
-		insecureSkipServerVerification bool
-		tlsClientCertPath              string
-		tlsClientCertKeyPath           string
-		enableLfs                      bool
-		enableOci                      bool
+		repoOpts cmdutil.RepoOptions
 	)
 
 	// For better readability and easier formatting
@@ -86,16 +78,16 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			}
 
 			// Repository URL
-			repo.Repo = args[0]
+			repoOpts.Repo.Repo = args[0]
 
 			// Specifying ssh-private-key-path is only valid for SSH repositories
-			if sshPrivateKeyPath != "" {
-				if ok, _ := git.IsSSHURL(repo.Repo); ok {
-					keyData, err := ioutil.ReadFile(sshPrivateKeyPath)
+			if repoOpts.SshPrivateKeyPath != "" {
+				if ok, _ := git.IsSSHURL(repoOpts.Repo.Repo); ok {
+					keyData, err := ioutil.ReadFile(repoOpts.SshPrivateKeyPath)
 					if err != nil {
 						log.Fatal(err)
 					}
-					repo.SSHPrivateKey = string(keyData)
+					repoOpts.Repo.SSHPrivateKey = string(keyData)
 				} else {
 					err := fmt.Errorf("--ssh-private-key-path is only supported for SSH repositories.")
 					errors.CheckError(err)
@@ -104,20 +96,20 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 
 			// tls-client-cert-path and tls-client-cert-key-key-path must always be
 			// specified together
-			if (tlsClientCertPath != "" && tlsClientCertKeyPath == "") || (tlsClientCertPath == "" && tlsClientCertKeyPath != "") {
+			if (repoOpts.TlsClientCertPath != "" && repoOpts.TlsClientCertKeyPath == "") || (repoOpts.TlsClientCertPath == "" && repoOpts.TlsClientCertKeyPath != "") {
 				err := fmt.Errorf("--tls-client-cert-path and --tls-client-cert-key-path must be specified together")
 				errors.CheckError(err)
 			}
 
 			// Specifying tls-client-cert-path is only valid for HTTPS repositories
-			if tlsClientCertPath != "" {
-				if git.IsHTTPSURL(repo.Repo) {
-					tlsCertData, err := ioutil.ReadFile(tlsClientCertPath)
+			if repoOpts.TlsClientCertPath != "" {
+				if git.IsHTTPSURL(repoOpts.Repo.Repo) {
+					tlsCertData, err := ioutil.ReadFile(repoOpts.TlsClientCertPath)
 					errors.CheckError(err)
-					tlsCertKey, err := ioutil.ReadFile(tlsClientCertKeyPath)
+					tlsCertKey, err := ioutil.ReadFile(repoOpts.TlsClientCertKeyPath)
 					errors.CheckError(err)
-					repo.TLSClientCertData = string(tlsCertData)
-					repo.TLSClientCertKey = string(tlsCertKey)
+					repoOpts.Repo.TLSClientCertData = string(tlsCertData)
+					repoOpts.Repo.TLSClientCertKey = string(tlsCertKey)
 				} else {
 					err := fmt.Errorf("--tls-client-cert-path is only supported for HTTPS repositories")
 					errors.CheckError(err)
@@ -127,12 +119,12 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			// Set repository connection properties only when creating repository, not
 			// when creating repository credentials.
 			// InsecureIgnoreHostKey is deprecated and only here for backwards compat
-			repo.InsecureIgnoreHostKey = insecureIgnoreHostKey
-			repo.Insecure = insecureSkipServerVerification
-			repo.EnableLFS = enableLfs
-			repo.EnableOCI = enableOci
+			repoOpts.Repo.InsecureIgnoreHostKey = repoOpts.InsecureIgnoreHostKey
+			repoOpts.Repo.Insecure = repoOpts.InsecureSkipServerVerification
+			repoOpts.Repo.EnableLFS = repoOpts.EnableLfs
+			repoOpts.Repo.EnableOCI = repoOpts.EnableOci
 
-			if repo.Type == "helm" && repo.Name == "" {
+			if repoOpts.Repo.Type == "helm" && repoOpts.Repo.Name == "" {
 				errors.CheckError(fmt.Errorf("Must specify --name for repos of type 'helm'"))
 			}
 
@@ -141,8 +133,8 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 
 			// If the user set a username, but didn't supply password via --password,
 			// then we prompt for it
-			if repo.Username != "" && repo.Password == "" {
-				repo.Password = cli.PromptPassword(repo.Password)
+			if repoOpts.Repo.Username != "" && repoOpts.Repo.Password == "" {
+				repoOpts.Repo.Password = cli.PromptPassword(repoOpts.Repo.Password)
 			}
 
 			// We let the server check access to the repository before adding it. If
@@ -153,23 +145,23 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			// are high that we do not have the given URL pointing to a valid Git
 			// repo anyway.
 			repoAccessReq := repositorypkg.RepoAccessQuery{
-				Repo:              repo.Repo,
-				Type:              repo.Type,
-				Name:              repo.Name,
-				Username:          repo.Username,
-				Password:          repo.Password,
-				SshPrivateKey:     repo.SSHPrivateKey,
-				TlsClientCertData: repo.TLSClientCertData,
-				TlsClientCertKey:  repo.TLSClientCertKey,
-				Insecure:          repo.IsInsecure(),
-				EnableOci:         repo.EnableOCI,
+				Repo:              repoOpts.Repo.Repo,
+				Type:              repoOpts.Repo.Type,
+				Name:              repoOpts.Repo.Name,
+				Username:          repoOpts.Repo.Username,
+				Password:          repoOpts.Repo.Password,
+				SshPrivateKey:     repoOpts.Repo.SSHPrivateKey,
+				TlsClientCertData: repoOpts.Repo.TLSClientCertData,
+				TlsClientCertKey:  repoOpts.Repo.TLSClientCertKey,
+				Insecure:          repoOpts.Repo.IsInsecure(),
+				EnableOci:         repoOpts.Repo.EnableOCI,
 			}
 			_, err := repoIf.ValidateAccess(context.Background(), &repoAccessReq)
 			errors.CheckError(err)
 
 			repoCreateReq := repositorypkg.RepoCreateRequest{
-				Repo:   &repo,
-				Upsert: upsert,
+				Repo:   &repoOpts.Repo,
+				Upsert: repoOpts.Upsert,
 			}
 
 			createdRepo, err := repoIf.Create(context.Background(), &repoCreateReq)
@@ -177,18 +169,8 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			fmt.Printf("Repository '%s' added\n", createdRepo.Repo)
 		},
 	}
-	command.Flags().StringVar(&repo.Type, "type", common.DefaultRepoType, "type of the repository, \"git\" or \"helm\"")
-	command.Flags().StringVar(&repo.Name, "name", "", "name of the repository, mandatory for repositories of type helm")
-	command.Flags().StringVar(&repo.Username, "username", "", "username to the repository")
-	command.Flags().StringVar(&repo.Password, "password", "", "password to the repository")
-	command.Flags().StringVar(&sshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)")
-	command.Flags().StringVar(&tlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)")
-	command.Flags().StringVar(&tlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)")
-	command.Flags().BoolVar(&insecureIgnoreHostKey, "insecure-ignore-host-key", false, "disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead)")
-	command.Flags().BoolVar(&insecureSkipServerVerification, "insecure-skip-server-verification", false, "disables server certificate and host key checks")
-	command.Flags().BoolVar(&enableLfs, "enable-lfs", false, "enable git-lfs (Large File Support) on this repository")
-	command.Flags().BoolVar(&enableOci, "enable-oci", false, "enable helm-oci (Helm OCI-Based Repository)")
-	command.Flags().BoolVar(&upsert, "upsert", false, "Override an existing repository with the same name even if the spec differs")
+	command.Flags().BoolVar(&repoOpts.Upsert, "upsert", false, "Override an existing repository with the same name even if the spec differs")
+	cmdutil.AddRepoFlags(command, &repoOpts)
 	return command
 }
 

cmd/util/cluster.go

@@ -0,0 +1,132 @@
+package util
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"sort"
+	"strings"
+	"text/tabwriter"
+
+	"github.com/spf13/cobra"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+
+	argoappv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/util/errors"
+)
+
+func PrintKubeContexts(ca clientcmd.ConfigAccess) {
+	config, err := ca.GetStartingConfig()
+	errors.CheckError(err)
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+	defer func() { _ = w.Flush() }()
+	columnNames := []string{"CURRENT", "NAME", "CLUSTER", "SERVER"}
+	_, err = fmt.Fprintf(w, "%s\n", strings.Join(columnNames, "\t"))
+	errors.CheckError(err)
+
+	// sort names so output is deterministic
+	contextNames := make([]string, 0)
+	for name := range config.Contexts {
+		contextNames = append(contextNames, name)
+	}
+	sort.Strings(contextNames)
+
+	if config.Clusters == nil {
+		return
+	}
+
+	for _, name := range contextNames {
+		// ignore malformed kube config entries
+		context := config.Contexts[name]
+		if context == nil {
+			continue
+		}
+		cluster := config.Clusters[context.Cluster]
+		if cluster == nil {
+			continue
+		}
+		prefix := " "
+		if config.CurrentContext == name {
+			prefix = "*"
+		}
+		_, err := fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", prefix, name, context.Cluster, cluster.Server)
+		errors.CheckError(err)
+	}
+}
+
+func NewCluster(name string, namespaces []string, conf *rest.Config, managerBearerToken string, awsAuthConf *argoappv1.AWSAuthConfig, execProviderConf *argoappv1.ExecProviderConfig) *argoappv1.Cluster {
+	tlsClientConfig := argoappv1.TLSClientConfig{
+		Insecure:   conf.TLSClientConfig.Insecure,
+		ServerName: conf.TLSClientConfig.ServerName,
+		CAData:     conf.TLSClientConfig.CAData,
+		CertData:   conf.TLSClientConfig.CertData,
+		KeyData:    conf.TLSClientConfig.KeyData,
+	}
+	if len(conf.TLSClientConfig.CAData) == 0 && conf.TLSClientConfig.CAFile != "" {
+		data, err := ioutil.ReadFile(conf.TLSClientConfig.CAFile)
+		errors.CheckError(err)
+		tlsClientConfig.CAData = data
+	}
+	if len(conf.TLSClientConfig.CertData) == 0 && conf.TLSClientConfig.CertFile != "" {
+		data, err := ioutil.ReadFile(conf.TLSClientConfig.CertFile)
+		errors.CheckError(err)
+		tlsClientConfig.CertData = data
+	}
+	if len(conf.TLSClientConfig.KeyData) == 0 && conf.TLSClientConfig.KeyFile != "" {
+		data, err := ioutil.ReadFile(conf.TLSClientConfig.KeyFile)
+		errors.CheckError(err)
+		tlsClientConfig.KeyData = data
+	}
+
+	clst := argoappv1.Cluster{
+		Server:     conf.Host,
+		Name:       name,
+		Namespaces: namespaces,
+		Config: argoappv1.ClusterConfig{
+			TLSClientConfig:    tlsClientConfig,
+			AWSAuthConfig:      awsAuthConf,
+			ExecProviderConfig: execProviderConf,
+		},
+	}
+
+	// Bearer token will preferentially be used for auth if present,
+	// Even in presence of key/cert credentials
+	// So set bearer token only if the key/cert data is absent
+	if len(tlsClientConfig.CertData) == 0 || len(tlsClientConfig.KeyData) == 0 {
+		clst.Config.BearerToken = managerBearerToken
+	}
+
+	return &clst
+}
+
+type ClusterOptions struct {
+	InCluster               bool
+	Upsert                  bool
+	ServiceAccount          string
+	AwsRoleArn              string
+	AwsClusterName          string
+	SystemNamespace         string
+	Namespaces              []string
+	Name                    string
+	Shard                   int64
+	ExecProviderCommand     string
+	ExecProviderArgs        []string
+	ExecProviderEnv         map[string]string
+	ExecProviderAPIVersion  string
+	ExecProviderInstallHint string
+}
+
+func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) {
+	command.Flags().BoolVar(&opts.InCluster, "in-cluster", false, "Indicates Argo CD resides inside this cluster and should connect using the internal k8s hostname (kubernetes.default.svc)")
+	command.Flags().StringVar(&opts.AwsClusterName, "aws-cluster-name", "", "AWS Cluster name if set then aws cli eks token command will be used to access cluster")
+	command.Flags().StringVar(&opts.AwsRoleArn, "aws-role-arn", "", "Optional AWS role arn. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.")
+	command.Flags().StringArrayVar(&opts.Namespaces, "namespace", nil, "List of namespaces which are allowed to manage")
+	command.Flags().StringVar(&opts.Name, "name", "", "Overwrite the cluster name")
+	command.Flags().Int64Var(&opts.Shard, "shard", -1, "Cluster shard number; inferred from hostname if not set")
+	command.Flags().StringVar(&opts.ExecProviderCommand, "exec-command", "", "Command to run to provide client credentials to the cluster. You may need to build a custom ArgoCD image to ensure the command is available at runtime.")
+	command.Flags().StringArrayVar(&opts.ExecProviderArgs, "exec-command-args", nil, "Arguments to supply to the --exec-command command")
+	command.Flags().StringToStringVar(&opts.ExecProviderEnv, "exec-command-env", nil, "Environment vars to set when running the --exec-command command")
+	command.Flags().StringVar(&opts.ExecProviderAPIVersion, "exec-command-api-version", "", "Preferred input version of the ExecInfo for the --exec-command")
+	command.Flags().StringVar(&opts.ExecProviderInstallHint, "exec-command-install-hint", "", "Text shown to the user when the --exec-command executable doesn't seem to be present")
+}

cmd/util/cluster_test.go

@@ -0,0 +1,63 @@
+package util
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"k8s.io/client-go/rest"
+
+	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
+)
+
+func Test_newCluster(t *testing.T) {
+	clusterWithData := NewCluster("test-cluster", []string{"test-namespace"}, &rest.Config{
+		TLSClientConfig: rest.TLSClientConfig{
+			Insecure:   false,
+			ServerName: "test-endpoint.example.com",
+			CAData:     []byte("test-ca-data"),
+			CertData:   []byte("test-cert-data"),
+			KeyData:    []byte("test-key-data"),
+		},
+		Host: "test-endpoint.example.com",
+	},
+		"test-bearer-token",
+		&v1alpha1.AWSAuthConfig{},
+		&v1alpha1.ExecProviderConfig{})
+
+	assert.Equal(t, "test-cert-data", string(clusterWithData.Config.CertData))
+	assert.Equal(t, "test-key-data", string(clusterWithData.Config.KeyData))
+	assert.Equal(t, "", clusterWithData.Config.BearerToken)
+
+	clusterWithFiles := NewCluster("test-cluster", []string{"test-namespace"}, &rest.Config{
+		TLSClientConfig: rest.TLSClientConfig{
+			Insecure:   false,
+			ServerName: "test-endpoint.example.com",
+			CAData:     []byte("test-ca-data"),
+			CertFile:   "./testdata/test.cert.pem",
+			KeyFile:    "./testdata/test.key.pem",
+		},
+		Host: "test-endpoint.example.com",
+	},
+		"test-bearer-token",
+		&v1alpha1.AWSAuthConfig{},
+		&v1alpha1.ExecProviderConfig{})
+
+	assert.True(t, strings.Contains(string(clusterWithFiles.Config.CertData), "test-cert-data"))
+	assert.True(t, strings.Contains(string(clusterWithFiles.Config.KeyData), "test-key-data"))
+	assert.Equal(t, "", clusterWithFiles.Config.BearerToken)
+
+	clusterWithBearerToken := NewCluster("test-cluster", []string{"test-namespace"}, &rest.Config{
+		TLSClientConfig: rest.TLSClientConfig{
+			Insecure:   false,
+			ServerName: "test-endpoint.example.com",
+			CAData:     []byte("test-ca-data"),
+		},
+		Host: "test-endpoint.example.com",
+	},
+		"test-bearer-token",
+		&v1alpha1.AWSAuthConfig{},
+		&v1alpha1.ExecProviderConfig{})
+
+	assert.Equal(t, "test-bearer-token", clusterWithBearerToken.Config.BearerToken)
+}

cmd/util/common.go

@@ -5,25 +5,31 @@ import (
 	"fmt"
 
 	"github.com/ghodss/yaml"
+	v1 "k8s.io/api/core/v1"
+
+	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 )
 
 // PrintResource prints a single resource in YAML or JSON format to stdout according to the output format
-func PrintResource(resource interface{}, output string) error {
-	filteredResource, err := omitFields(resource)
-	if err != nil {
-		return err
+func PrintResources(resources []interface{}, output string) error {
+	for i, resource := range resources {
+		filteredResource, err := omitFields(resource)
+		if err != nil {
+			return err
+		}
+		resources[i] = filteredResource
 	}
 
 	switch output {
 	case "json":
-		jsonBytes, err := json.MarshalIndent(filteredResource, "", "  ")
+		jsonBytes, err := json.MarshalIndent(resources, "", "  ")
 		if err != nil {
 			return err
 		}
 
 		fmt.Println(string(jsonBytes))
 	case "yaml":
-		yamlBytes, err := yaml.Marshal(filteredResource)
+		yamlBytes, err := yaml.Marshal(resources)
 		if err != nil {
 			return err
 		}
@@ -34,6 +40,7 @@ func PrintResource(resource interface{}, output string) error {
 	return nil
 }
 
+// omit fields such as status, creationTimestamp and metadata.namespace in k8s objects
 func omitFields(resource interface{}) (interface{}, error) {
 	jsonBytes, err := json.Marshal(resource)
 	if err != nil {
@@ -55,3 +62,14 @@ func omitFields(resource interface{}) (interface{}, error) {
 	}
 	return toMap, nil
 }
+
+// ConvertSecretData converts kubernetes secret's data to stringData
+func ConvertSecretData(secret *v1.Secret) {
+	secret.Kind = kube.SecretKind
+	secret.APIVersion = "v1"
+	secret.StringData = map[string]string{}
+	for k, v := range secret.Data {
+		secret.StringData[k] = string(v)
+	}
+	secret.Data = map[string][]byte{}
+}

cmd/util/repo.go

@@ -0,0 +1,34 @@
+package util
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/argoproj/argo-cd/common"
+	appsv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
+)
+
+type RepoOptions struct {
+	Repo                           appsv1.Repository
+	Upsert                         bool
+	SshPrivateKeyPath              string
+	InsecureIgnoreHostKey          bool
+	InsecureSkipServerVerification bool
+	TlsClientCertPath              string
+	TlsClientCertKeyPath           string
+	EnableLfs                      bool
+	EnableOci                      bool
+}
+
+func AddRepoFlags(command *cobra.Command, opts *RepoOptions) {
+	command.Flags().StringVar(&opts.Repo.Type, "type", common.DefaultRepoType, "type of the repository, \"git\" or \"helm\"")
+	command.Flags().StringVar(&opts.Repo.Name, "name", "", "name of the repository, mandatory for repositories of type helm")
+	command.Flags().StringVar(&opts.Repo.Username, "username", "", "username to the repository")
+	command.Flags().StringVar(&opts.Repo.Password, "password", "", "password to the repository")
+	command.Flags().StringVar(&opts.SshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)")
+	command.Flags().StringVar(&opts.TlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)")
+	command.Flags().StringVar(&opts.TlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)")
+	command.Flags().BoolVar(&opts.InsecureIgnoreHostKey, "insecure-ignore-host-key", false, "disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead)")
+	command.Flags().BoolVar(&opts.InsecureSkipServerVerification, "insecure-skip-server-verification", false, "disables server certificate and host key checks")
+	command.Flags().BoolVar(&opts.EnableLfs, "enable-lfs", false, "enable git-lfs (Large File Support) on this repository")
+	command.Flags().BoolVar(&opts.EnableOci, "enable-oci", false, "enable helm-oci (Helm OCI-Based Repository)")
+}

docs/operator-manual/server-commands/argocd-util_config.md

@@ -20,5 +20,7 @@ argocd-util config [flags]
 
 * [argocd-util](argocd-util.md)	 - argocd-util tools used by Argo CD
 * [argocd-util config app](argocd-util_config_app.md)	 - Generate declarative config for an application
+* [argocd-util config cluster](argocd-util_config_cluster.md)	 - Generate declarative config for a cluster
 * [argocd-util config proj](argocd-util_config_proj.md)	 - Generate declarative config for a project
+* [argocd-util config repo](argocd-util_config_repo.md)	 - Generate declarative config for a repo
 

docs/operator-manual/server-commands/argocd-util_config_app.md

@@ -66,7 +66,7 @@ argocd-util config app APPNAME [flags]
       --name string                               A name for the app, ignored if a file is set (DEPRECATED)
       --nameprefix string                         Kustomize nameprefix
       --namesuffix string                         Kustomize namesuffix
-      --o string                                  Output format (yaml|json) (default "yaml")
+  -o, --output string                             Output format. One of: json|yaml (default "yaml")
   -p, --parameter stringArray                     set a parameter override (e.g. -p guestbook=image=example/guestbook:latest)
       --path string                               Path in repository to the app directory, ignored if a file is set
       --plugin-env stringArray                    Additional plugin envs

docs/operator-manual/server-commands/argocd-util_config_cluster.md

@@ -0,0 +1,36 @@
+## argocd-util config cluster
+
+Generate declarative config for a cluster
+
+### Synopsis
+
+Generate declarative config for a cluster
+
+```
+argocd-util config cluster CONTEXT [flags]
+```
+
+### Options
+
+```
+      --aws-cluster-name string            AWS Cluster name if set then aws cli eks token command will be used to access cluster
+      --aws-role-arn string                Optional AWS role arn. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
+      --bearer-token string                Authentication token that should be used to access K8S API server
+      --exec-command string                Command to run to provide client credentials to the cluster. You may need to build a custom ArgoCD image to ensure the command is available at runtime.
+      --exec-command-api-version string    Preferred input version of the ExecInfo for the --exec-command
+      --exec-command-args stringArray      Arguments to supply to the --exec-command command
+      --exec-command-env stringToString    Environment vars to set when running the --exec-command command (default [])
+      --exec-command-install-hint string   Text shown to the user when the --exec-command executable doesn't seem to be present
+  -h, --help                               help for cluster
+      --in-cluster                         Indicates Argo CD resides inside this cluster and should connect using the internal k8s hostname (kubernetes.default.svc)
+      --kubeconfig string                  use a particular kubeconfig file
+      --name string                        Overwrite the cluster name
+      --namespace stringArray              List of namespaces which are allowed to manage
+  -o, --output string                      Output format. One of: json|yaml (default "yaml")
+      --shard int                          Cluster shard number; inferred from hostname if not set (default -1)
+```
+
+### SEE ALSO
+
+* [argocd-util config](argocd-util_config.md)	 - Generate declarative configuration files
+

docs/operator-manual/server-commands/argocd-util_config_proj.md

@@ -17,9 +17,9 @@ argocd-util config proj PROJECT [flags]
   -d, --dest stringArray          Permitted destination server and namespace (e.g. https://192.168.99.100:8443,default)
   -f, --file string               Filename or URL to Kubernetes manifests for the project
   -h, --help                      help for proj
-      --o string                  Output format (yaml|json) (default "yaml")
       --orphaned-resources        Enables orphaned resources monitoring
       --orphaned-resources-warn   Specifies if applications should be a warning condition when orphaned resources detected
+  -o, --output string             Output format. One of: json|yaml (default "yaml")
       --signature-keys strings    GnuPG public key IDs for commit signature verification
   -s, --src stringArray           Permitted source repository URL
 ```

docs/operator-manual/server-commands/argocd-util_config_repo.md

@@ -0,0 +1,61 @@
+## argocd-util config repo
+
+Generate declarative config for a repo
+
+### Synopsis
+
+Generate declarative config for a repo
+
+```
+argocd-util config repo REPOURL [flags]
+```
+
+### Examples
+
+```
+  
+  # Add a Git repository via SSH using a private key for authentication, ignoring the server's host key:
+  argocd-util config repo git@git.example.com:repos/repo --insecure-ignore-host-key --ssh-private-key-path ~/id_rsa
+
+  # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
+  argocd-util config repo ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa
+
+  # Add a private Git repository via HTTPS using username/password and TLS client certificates:
+  argocd-util config repo https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key
+
+  # Add a private Git repository via HTTPS using username/password without verifying the server's TLS certificate
+  argocd-util config repo https://git.example.com/repos/repo --username git --password secret --insecure-skip-server-verification
+
+  # Add a public Helm repository named 'stable' via HTTPS
+  argocd-util config repo https://kubernetes-charts.storage.googleapis.com --type helm --name stable  
+
+  # Add a private Helm repository named 'stable' via HTTPS
+  argocd-util config repo https://kubernetes-charts.storage.googleapis.com --type helm --name stable --username test --password test
+
+  # Add a private Helm OCI-based repository named 'stable' via HTTPS
+  argocd-util config repo helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type helm --name stable --enable-oci --username test --password test
+
+```
+
+### Options
+
+```
+      --enable-lfs                          enable git-lfs (Large File Support) on this repository
+      --enable-oci                          enable helm-oci (Helm OCI-Based Repository)
+  -h, --help                                help for repo
+      --insecure-ignore-host-key            disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead)
+      --insecure-skip-server-verification   disables server certificate and host key checks
+      --name string                         name of the repository, mandatory for repositories of type helm
+  -o, --output string                       Output format. One of: json|yaml (default "yaml")
+      --password string                     password to the repository
+      --ssh-private-key-path string         path to the private ssh key (e.g. ~/.ssh/id_rsa)
+      --tls-client-cert-key-path string     path to the TLS client cert's key path (must be PEM format)
+      --tls-client-cert-path string         path to the TLS client cert (must be PEM format)
+      --type string                         type of the repository, "git" or "helm" (default "git")
+      --username string                     username to the repository
+```
+
+### SEE ALSO
+
+* [argocd-util config](argocd-util_config.md)	 - Generate declarative configuration files
+

util/db/cluster.go

@@ -101,7 +101,7 @@ func (db *db) ListClusters(ctx context.Context) (*appv1.ClusterList, error) {
 
 // CreateCluster creates a cluster
 func (db *db) CreateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Cluster, error) {
-	secName, err := serverToSecretName(c.Server)
+	secName, err := ServerToSecretName(c.Server)
 	if err != nil {
 		return nil, err
 	}
@@ -268,7 +268,7 @@ func (db *db) DeleteCluster(ctx context.Context, server string) error {
 
 // serverToSecretName hashes server address to the secret name using a formula.
 // Part of the server address is incorporated for debugging purposes
-func serverToSecretName(server string) (string, error) {
+func ServerToSecretName(server string) (string, error) {
 	serverURL, err := url.ParseRequestURI(server)
 	if err != nil {
 		return "", err

util/db/cluster_test.go

@@ -20,7 +20,7 @@ const (
 )
 
 func Test_serverToSecretName(t *testing.T) {
-	name, err := serverToSecretName("http://foo")
+	name, err := ServerToSecretName("http://foo")
 	assert.NoError(t, err)
 	assert.Equal(t, "cluster-foo-752281925", name)
 }

util/db/db_test.go

@@ -60,7 +60,7 @@ func TestCreateRepository(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, "https://github.com/argoproj/argocd-example-apps", repo.Repo)
 
-	secret, err := clientset.CoreV1().Secrets(testNamespace).Get(context.Background(), repoURLToSecretName(repoSecretPrefix, repo.Repo), metav1.GetOptions{})
+	secret, err := clientset.CoreV1().Secrets(testNamespace).Get(context.Background(), RepoURLToSecretName(repoSecretPrefix, repo.Repo), metav1.GetOptions{})
 	assert.Nil(t, err)
 
 	assert.Equal(t, common.AnnotationValueManagedByArgoCD, secret.Annotations[common.AnnotationKeyManagedBy])
@@ -81,7 +81,7 @@ func TestCreateRepoCredentials(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, "https://github.com/argoproj/", creds.URL)
 
-	secret, err := clientset.CoreV1().Secrets(testNamespace).Get(context.Background(), repoURLToSecretName(credSecretPrefix, creds.URL), metav1.GetOptions{})
+	secret, err := clientset.CoreV1().Secrets(testNamespace).Get(context.Background(), RepoURLToSecretName(credSecretPrefix, creds.URL), metav1.GetOptions{})
 	assert.Nil(t, err)
 
 	assert.Equal(t, common.AnnotationValueManagedByArgoCD, secret.Annotations[common.AnnotationKeyManagedBy])

util/db/repository.go

@@ -394,7 +394,7 @@ func (db *db) updateRepositorySecrets(repoInfo *settings.Repository, r *appsv1.R
 func setSecretData(prefix string, url string, secretsData map[string]map[string][]byte, secretKey *apiv1.SecretKeySelector, value string, defaultKeyName string) *apiv1.SecretKeySelector {
 	if secretKey == nil && value != "" {
 		secretKey = &apiv1.SecretKeySelector{
-			LocalObjectReference: apiv1.LocalObjectReference{Name: repoURLToSecretName(prefix, url)},
+			LocalObjectReference: apiv1.LocalObjectReference{Name: RepoURLToSecretName(prefix, url)},
 			Key:                  defaultKeyName,
 		}
 	}
@@ -491,11 +491,11 @@ func getRepositoryCredentialIndex(repoCredentials []settings.RepositoryCredentia
 	return idx
 }
 
-// repoURLToSecretName hashes repo URL to a secret name using a formula. This is used when
+// RepoURLToSecretName hashes repo URL to a secret name using a formula. This is used when
 // repositories are _imperatively_ created and need its credentials to be stored in a secret.
 // NOTE: this formula should not be considered stable and may change in future releases.
 // Do NOT rely on this formula as a means of secret lookup, only secret creation.
-func repoURLToSecretName(prefix string, repo string) string {
+func RepoURLToSecretName(prefix string, repo string) string {
 	h := fnv.New32a()
 	_, _ = h.Write([]byte(repo))
 	return fmt.Sprintf("%s-%v", prefix, h.Sum32())

util/db/repository_test.go

@@ -17,7 +17,7 @@ func TestRepoURLToSecretName(t *testing.T) {
 	}
 
 	for k, v := range tables {
-		if sn := repoURLToSecretName(repoSecretPrefix, k); sn != v {
+		if sn := RepoURLToSecretName(repoSecretPrefix, k); sn != v {
 			t.Errorf("Expected secret name %q for repo %q; instead, got %q", v, k, sn)
 		}
 	}
@@ -32,7 +32,7 @@ func Test_CredsURLToSecretName(t *testing.T) {
 	}
 
 	for k, v := range tables {
-		if sn := repoURLToSecretName(credSecretPrefix, k); sn != v {
+		if sn := RepoURLToSecretName(credSecretPrefix, k); sn != v {
 			t.Errorf("Expected secret name %q for repo %q; instead, got %q", v, k, sn)
 		}
 	}