Update manifests to v1.3.0-rc2

* Done

* Pre-commit

* Added test

* Pre-commit

* Goimports

VERSION

@@ -1 +1 @@
-1.3.0
+1.3.0-rc2

cmd/argocd-util/main.go

@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"regexp"
 	"syscall"
 
 	"github.com/ghodss/yaml"
@@ -108,7 +109,7 @@ func NewRunDexCommand() *cobra.Command {
 				} else {
 					err = ioutil.WriteFile("/tmp/dex.yaml", dexCfgBytes, 0644)
 					errors.CheckError(err)
-					log.Info(string(dexCfgBytes))
+					log.Info(redactor(string(dexCfgBytes)))
 					cmd = exec.Command("dex", "serve", "/tmp/dex.yaml")
 					cmd.Stdout = os.Stdout
 					cmd.Stderr = os.Stderr
@@ -532,6 +533,11 @@ func NewClusterConfig() *cobra.Command {
 	return command
 }
 
+func redactor(dirtyString string) string {
+	dirtyString = regexp.MustCompile("(clientSecret: )[^ \n]*").ReplaceAllString(dirtyString, "$1********")
+	return regexp.MustCompile("(secret: )[^ \n]*").ReplaceAllString(dirtyString, "$1********")
+}
+
 func main() {
 	if err := NewCommand().Execute(); err != nil {
 		fmt.Println(err)

cmd/argocd-util/main_test.go

@@ -0,0 +1,73 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var textToRedact = `
+- config:
+    clientID: aabbccddeeff00112233
+    clientSecret: $dex.github.clientSecret
+    orgs:
+    - name: your-github-org
+    redirectURI: https://argocd.example.com/api/dex/callback
+  id: github
+  name: GitHub
+  type: github
+grpc:
+  addr: 0.0.0.0:5557
+issuer: https://argocd.example.com/api/dex
+oauth2:
+  skipApprovalScreen: true
+staticClients:
+- id: argo-cd
+  name: Argo CD
+  redirectURIs:
+  - https://argocd.example.com/auth/callback
+  secret: Dis9M-GA11oTwZVQQWdDklPQw-sWXZkWJFyyEhMs
+- id: argo-cd-cli
+  name: Argo CD CLI
+  public: true
+  redirectURIs:
+  - http://localhost
+storage:
+  type: memory
+web:
+  http: 0.0.0.0:5556`
+
+var expectedRedaction = `
+- config:
+    clientID: aabbccddeeff00112233
+    clientSecret: ********
+    orgs:
+    - name: your-github-org
+    redirectURI: https://argocd.example.com/api/dex/callback
+  id: github
+  name: GitHub
+  type: github
+grpc:
+  addr: 0.0.0.0:5557
+issuer: https://argocd.example.com/api/dex
+oauth2:
+  skipApprovalScreen: true
+staticClients:
+- id: argo-cd
+  name: Argo CD
+  redirectURIs:
+  - https://argocd.example.com/auth/callback
+  secret: ********
+- id: argo-cd-cli
+  name: Argo CD CLI
+  public: true
+  redirectURIs:
+  - http://localhost
+storage:
+  type: memory
+web:
+  http: 0.0.0.0:5556`
+
+func TestSecretsRedactor(t *testing.T) {
+	assert.Equal(t, expectedRedaction, redactor(textToRedact))
+}

controller/appcontroller.go

@@ -850,23 +850,22 @@ func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application,
 	compareWith := CompareWithLatest
 	refreshType := appv1.RefreshTypeNormal
 	expired := app.Status.ReconciledAt == nil || app.Status.ReconciledAt.Add(statusRefreshTimeout).Before(time.Now().UTC())
-	if requestedType, ok := app.IsRefreshRequested(); ok || expired {
-		if ok {
-			refreshType = requestedType
-			reason = fmt.Sprintf("%s refresh requested", refreshType)
-		} else if expired {
-			reason = fmt.Sprintf("comparison expired. reconciledAt: %v, expiry: %v", app.Status.ReconciledAt, statusRefreshTimeout)
-		}
-	} else if requested, level := ctrl.isRefreshRequested(app.Name); requested {
-		compareWith = level
-		reason = fmt.Sprintf("controller refresh requested")
-	} else if app.Status.Sync.Status == appv1.SyncStatusCodeUnknown && expired {
-		reason = "comparison status unknown"
+
+	if requestedType, ok := app.IsRefreshRequested(); ok {
+		// user requested app refresh.
+		refreshType = requestedType
+		reason = fmt.Sprintf("%s refresh requested", refreshType)
+	} else if expired {
+		reason = fmt.Sprintf("comparison expired. reconciledAt: %v, expiry: %v", app.Status.ReconciledAt, statusRefreshTimeout)
 	} else if !app.Spec.Source.Equals(app.Status.Sync.ComparedTo.Source) {
 		reason = "spec.source differs"
 	} else if !app.Spec.Destination.Equals(app.Status.Sync.ComparedTo.Destination) {
 		reason = "spec.destination differs"
+	} else if requested, level := ctrl.isRefreshRequested(app.Name); requested {
+		compareWith = level
+		reason = fmt.Sprintf("controller refresh requested")
 	}
+
 	if reason != "" {
 		logCtx.Infof("Refreshing app status (%s), level (%d)", reason, compareWith)
 		return true, refreshType, compareWith

controller/appcontroller_test.go

@@ -597,6 +597,24 @@ func TestNeedRefreshAppStatus(t *testing.T) {
 		assert.Equal(t, argoappv1.RefreshTypeHard, refreshType)
 		assert.Equal(t, CompareWithLatest, compareWith)
 	}
+
+	{
+		app := app.DeepCopy()
+		// ensure that CompareWithLatest level is used if application source has changed
+		ctrl.requestAppRefresh(app.Name, ComparisonWithNothing)
+		// sample app source change
+		app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{
+			Parameters: []argoappv1.HelmParameter{{
+				Name:  "foo",
+				Value: "bar",
+			}},
+		}
+
+		needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour)
+		assert.True(t, needRefresh)
+		assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
+		assert.Equal(t, CompareWithLatest, compareWith)
+	}
 }
 
 func TestRefreshAppConditions(t *testing.T) {

manifests/base/kustomization.yaml

@@ -12,7 +12,7 @@ bases:
 images:
 - name: argoproj/argocd
   newName: argoproj/argocd
-  newTag: latest
+  newTag: v1.3.0-rc2
 - name: argoproj/argocd-ui
   newName: argoproj/argocd-ui
-  newTag: latest
+  newTag: v1.3.0-rc2

manifests/ha/base/kustomization.yaml

@@ -18,7 +18,7 @@ bases:
 images:
 - name: argoproj/argocd
   newName: argoproj/argocd
-  newTag: latest
+  newTag: v1.3.0-rc2
 - name: argoproj/argocd-ui
   newName: argoproj/argocd-ui
-  newTag: latest
+  newTag: v1.3.0-rc2

manifests/ha/install.yaml

@@ -2978,7 +2978,7 @@ spec:
         - argocd-redis-ha-announce-2:26379
         - --sentinelmaster
         - argocd
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -3032,7 +3032,7 @@ spec:
         - cp
         - /usr/local/bin/argocd-util
         - /shared
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -3088,7 +3088,7 @@ spec:
         - argocd-redis-ha-announce-2:26379
         - --sentinelmaster
         - argocd
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           initialDelaySeconds: 5
@@ -3162,7 +3162,7 @@ spec:
         - argocd-redis-ha-announce-2:26379
         - --sentinelmaster
         - argocd
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/ha/namespace-install.yaml

@@ -2893,7 +2893,7 @@ spec:
         - argocd-redis-ha-announce-2:26379
         - --sentinelmaster
         - argocd
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -2947,7 +2947,7 @@ spec:
         - cp
         - /usr/local/bin/argocd-util
         - /shared
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -3003,7 +3003,7 @@ spec:
         - argocd-redis-ha-announce-2:26379
         - --sentinelmaster
         - argocd
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           initialDelaySeconds: 5
@@ -3077,7 +3077,7 @@ spec:
         - argocd-redis-ha-announce-2:26379
         - --sentinelmaster
         - argocd
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/install.yaml

@@ -2742,7 +2742,7 @@ spec:
         - "20"
         - --operation-processors
         - "10"
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -2796,7 +2796,7 @@ spec:
         - cp
         - /usr/local/bin/argocd-util
         - /shared
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -2860,7 +2860,7 @@ spec:
         - argocd-repo-server
         - --redis
         - argocd-redis:6379
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           initialDelaySeconds: 5
@@ -2911,7 +2911,7 @@ spec:
         - argocd-server
         - --staticassets
         - /shared/app
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/namespace-install.yaml

@@ -2657,7 +2657,7 @@ spec:
         - "20"
         - --operation-processors
         - "10"
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -2711,7 +2711,7 @@ spec:
         - cp
         - /usr/local/bin/argocd-util
         - /shared
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -2775,7 +2775,7 @@ spec:
         - argocd-repo-server
         - --redis
         - argocd-redis:6379
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           initialDelaySeconds: 5
@@ -2826,7 +2826,7 @@ spec:
         - argocd-server
         - --staticassets
         - /shared/app
-        image: argoproj/argocd:latest
+        image: argoproj/argocd:v1.3.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

server/server.go

@@ -478,7 +478,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server {
 // TranslateGrpcCookieHeader conditionally sets a cookie on the response.
 func (a *ArgoCDServer) translateGrpcCookieHeader(ctx context.Context, w http.ResponseWriter, resp golang_proto.Message) error {
 	if sessionResp, ok := resp.(*sessionpkg.SessionResponse); ok {
-		flags := []string{"path=/"}
+		flags := []string{"path=/", "SameSite=lax", "httpOnly"}
 		if !a.Insecure {
 			flags = append(flags, "Secure")
 		}

util/health/health.go

@@ -65,7 +65,7 @@ func ignoreLiveObjectHealth(liveObj *unstructured.Unstructured, resHealth appv1.
 			return true
 		}
 		gvk := liveObj.GroupVersionKind()
-		if gvk.Group == "argoproj.io" && gvk.Kind == "Application" && resHealth.Status == appv1.HealthStatusMissing {
+		if gvk.Group == "argoproj.io" && gvk.Kind == "Application" && (resHealth.Status == appv1.HealthStatusMissing || resHealth.Status == appv1.HealthStatusUnknown) {
 			// Covers the app-of-apps corner case where child app is deployed but that app itself
 			// has a status of 'Missing', which we don't want to cause the parent's health status
 			// to also be Missing

util/health/health_test.go

@@ -115,6 +115,7 @@ func TestAppOfAppsHealth(t *testing.T) {
 	}
 
 	missingApp, missingStatus := newAppLiveObj("foo", appv1.HealthStatusMissing)
+	unknownApp, unknownStatus := newAppLiveObj("fooz", appv1.HealthStatusUnknown)
 	healthyApp, healthyStatus := newAppLiveObj("bar", appv1.HealthStatusHealthy)
 	degradedApp, degradedStatus := newAppLiveObj("baz", appv1.HealthStatusDegraded)
 
@@ -127,6 +128,15 @@ func TestAppOfAppsHealth(t *testing.T) {
 		assert.Equal(t, appv1.HealthStatusHealthy, healthStatus.Status)
 	}
 
+	// verify unknown child app does not affect app health
+	{
+		unknownAndHealthyStatuses := []appv1.ResourceStatus{unknownStatus, healthyStatus}
+		unknownAndHealthyLiveObjects := []*unstructured.Unstructured{unknownApp, healthyApp}
+		healthStatus, err := SetApplicationHealth(unknownAndHealthyStatuses, unknownAndHealthyLiveObjects, nil, noFilter)
+		assert.NoError(t, err)
+		assert.Equal(t, appv1.HealthStatusHealthy, healthStatus.Status)
+	}
+
 	// verify degraded does affect
 	{
 		degradedAndHealthyStatuses := []appv1.ResourceStatus{degradedStatus, healthyStatus}

util/helm/helm.go

@@ -10,9 +10,8 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/ghodss/yaml"
-
 	argoexec "github.com/argoproj/pkg/exec"
+	"github.com/ghodss/yaml"
 
 	"github.com/argoproj/argo-cd/util/config"
 )
@@ -138,12 +137,17 @@ func (h *helm) GetParameters(valuesFiles []string) (map[string]string, error) {
 	return output, nil
 }
 
-func flatVals(input map[string]interface{}, output map[string]string, prefixes ...string) {
-	for key, val := range input {
-		if subMap, ok := val.(map[string]interface{}); ok {
-			flatVals(subMap, output, append(prefixes, fmt.Sprintf("%v", key))...)
-		} else {
-			output[strings.Join(append(prefixes, fmt.Sprintf("%v", key)), ".")] = fmt.Sprintf("%v", val)
+func flatVals(input interface{}, output map[string]string, prefixes ...string) {
+	switch i := input.(type) {
+	case map[string]interface{}:
+		for k, v := range i {
+			flatVals(v, output, append(prefixes, k)...)
 		}
+	case []interface{}:
+		for j, v := range i {
+			flatVals(v, output, append(prefixes[0:len(prefixes)-1], fmt.Sprintf("%s[%v]", prefixes[len(prefixes)-1], j))...)
+		}
+	default:
+		output[strings.Join(prefixes, ".")] = fmt.Sprintf("%v", i)
 	}
 }

util/helm/helm_test.go

@@ -164,3 +164,27 @@ func TestVersion(t *testing.T) {
 	re := regexp.MustCompile(SemverRegexValidation)
 	assert.True(t, re.MatchString(ver))
 }
+
+func Test_flatVals(t *testing.T) {
+	t.Run("Map", func(t *testing.T) {
+		output := map[string]string{}
+
+		flatVals(map[string]interface{}{"foo": map[string]interface{}{"bar": "baz"}}, output)
+
+		assert.Equal(t, map[string]string{"foo.bar": "baz"}, output)
+	})
+	t.Run("Array", func(t *testing.T) {
+		output := map[string]string{}
+
+		flatVals(map[string]interface{}{"foo": []interface{}{"bar"}}, output)
+
+		assert.Equal(t, map[string]string{"foo[0]": "bar"}, output)
+	})
+	t.Run("Val", func(t *testing.T) {
+		output := map[string]string{}
+
+		flatVals(map[string]interface{}{"foo": 1}, output)
+
+		assert.Equal(t, map[string]string{"foo": "1"}, output)
+	})
+}