sibling of 0c6644bf8e

.github/workflows/ci-build.yaml

@@ -360,7 +360,6 @@ jobs:
     name: Run end-to-end tests
     runs-on: ubuntu-22.04
     strategy:
-      fail-fast: false
       matrix:
         k3s-version: [v1.28.2, v1.27.6, v1.26.9, v1.25.14]
     needs: 

CODEOWNERS

@@ -2,8 +2,7 @@
 ** @argoproj/argocd-approvers
 
 # Docs
-/docs/**  @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/USERS.md @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/docs/** @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
 
 # CI
 /.github/**       @argoproj/argocd-approvers @argoproj/argocd-approvers-ci

CONTRIBUTING.md

@@ -1 +0,0 @@
-Please refer to [the Contribution Guide](https://argo-cd.readthedocs.io/en/latest/developer-guide/code-contributions/)

Makefile

@@ -49,7 +49,7 @@ ARGOCD_E2E_DEX_PORT?=5556
 ARGOCD_E2E_YARN_HOST?=localhost
 ARGOCD_E2E_DISABLE_AUTH?=
 
-ARGOCD_E2E_TEST_TIMEOUT?=60m
+ARGOCD_E2E_TEST_TIMEOUT?=45m
 
 ARGOCD_IN_CI?=false
 ARGOCD_TEST_E2E?=true
@@ -386,9 +386,9 @@ test: test-tools-image
 .PHONY: test-local
 test-local:
 	if test "$(TEST_MODULE)" = ""; then \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -coverprofile=coverage.out; \
+		./hack/test.sh -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
 	else \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -coverprofile=coverage.out "$(TEST_MODULE)"; \
+		./hack/test.sh -coverprofile=coverage.out "$(TEST_MODULE)"; \
 	fi
 
 .PHONY: test-race
@@ -400,9 +400,9 @@ test-race: test-tools-image
 .PHONY: test-race-local
 test-race-local:
 	if test "$(TEST_MODULE)" = ""; then \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -race -coverprofile=coverage.out; \
+		./hack/test.sh -race -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
 	else \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -race -coverprofile=coverage.out; \
+		./hack/test.sh -race -coverprofile=coverage.out "$(TEST_MODULE)"; \
 	fi
 
 # Run the E2E test suite. E2E test servers (see start-e2e target) must be
@@ -416,7 +416,7 @@ test-e2e:
 test-e2e-local: cli-local
 	# NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system
 	export GO111MODULE=off
-	DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v
+	ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v ./test/e2e
 
 # Spawns a shell in the test server container for debugging purposes
 debug-test-server: test-tools-image
@@ -557,7 +557,6 @@ install-tools-local: install-test-tools-local install-codegen-tools-local instal
 install-test-tools-local:
 	./hack/install.sh kustomize
 	./hack/install.sh helm-linux
-	./hack/install.sh gotestsum
 
 # Installs all tools required for running codegen (Linux packages)
 .PHONY: install-codegen-tools-local

USERS.md

@@ -169,7 +169,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Meican](https://meican.com/)
 1. [Meilleurs Agents](https://www.meilleursagents.com/)
 1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/)
-1. [Mercedes-Benz.io](https://www.mercedes-benz.io/)
 1. [Metanet](http://www.metanet.co.kr/en/)
 1. [MindSpore](https://mindspore.cn)
 1. [Mirantis](https://mirantis.com/)
@@ -244,7 +243,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Sap Labs](http://sap.com)
 1. [Sauce Labs](https://saucelabs.com/)
 1. [Schwarz IT](https://jobs.schwarz/it-mission)
-1. [SCRM Lidl International Hub](https://scrm.lidl)
 1. [SEEK](https://seek.com.au)
 1. [SI Analytics](https://si-analytics.ai)
 1. [Skit](https://skit.ai/)

VERSION

@@ -1 +1 @@
-2.9.0
+2.9.0-rc2

applicationset/controllers/applicationset_controller.go

@@ -695,16 +695,8 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context,
 			continue
 		}
 		r.updateCache(ctx, found, appLog)
-
-		if action != controllerutil.OperationResultNone {
-			// Don't pollute etcd with "unchanged Application" events
-			r.Recorder.Eventf(&applicationSet, corev1.EventTypeNormal, fmt.Sprint(action), "%s Application %q", action, generatedApp.Name)
-			appLog.Logf(log.InfoLevel, "%s Application", action)
-		} else {
-			// "unchanged Application" can be inferred by Reconcile Complete with no action being listed
-			// Or enable debug logging
-			appLog.Logf(log.DebugLevel, "%s Application", action)
-		}
+		r.Recorder.Eventf(&applicationSet, corev1.EventTypeNormal, fmt.Sprint(action), "%s Application %q", action, generatedApp.Name)
+		appLog.Logf(log.InfoLevel, "%s Application", action)
 	}
 	return firstError
 }

applicationset/controllers/requeue_after_test.go

@@ -60,9 +60,9 @@ func TestRequeueAfter(t *testing.T) {
 		"List":                    generators.NewListGenerator(),
 		"Clusters":                generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"),
 		"Git":                     generators.NewGitGenerator(mockServer),
-		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, "", []string{""}, true),
+		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, "", []string{""}),
 		"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"),
-		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, "", []string{""}, true),
+		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, "", []string{""}),
 	}
 
 	nestedGenerators := map[string]generators.Generator{

applicationset/generators/git.go

@@ -148,9 +148,6 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []
 			return nil, fmt.Errorf("unable to parse file: %v", err)
 		}
 		objectsFound = append(objectsFound, singleObj)
-	} else if len(objectsFound) == 0 {
-		// If file is valid but empty, add a default empty item
-		objectsFound = append(objectsFound, map[string]interface{}{})
 	}
 
 	res := []map[string]interface{}{}

applicationset/generators/git_test.go

@@ -4,173 +4,119 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
+
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
 
 func Test_generateParamsFromGitFile(t *testing.T) {
-	defaultContent := []byte(`
+	values := map[string]string{}
+	params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(`
 foo:
   bar: baz
-`)
-	type args struct {
-		filePath          string
-		fileContent       []byte
-		values            map[string]string
-		useGoTemplate     bool
-		goTemplateOptions []string
-		pathParamPrefix   string
+`), values, false, nil, "")
+	if err != nil {
+		t.Fatal(err)
 	}
-	tests := []struct {
-		name    string
-		args    args
-		want    []map[string]interface{}
-		wantErr bool
-	}{
+	assert.Equal(t, []map[string]interface{}{
 		{
-			name: "empty file returns path parameters",
-			args: args{
-				filePath:      "path/dir/file_name.yaml",
-				fileContent:   []byte(""),
-				values:        map[string]string{},
-				useGoTemplate: false,
-			},
-			want: []map[string]interface{}{
-				{
-					"path":                    "path/dir",
-					"path.basename":           "dir",
-					"path.filename":           "file_name.yaml",
-					"path.basenameNormalized": "dir",
-					"path.filenameNormalized": "file-name.yaml",
-					"path[0]":                 "path",
-					"path[1]":                 "dir",
-				},
-			},
-		},
-		{
-			name: "invalid json/yaml file returns error",
-			args: args{
-				filePath:      "path/dir/file_name.yaml",
-				fileContent:   []byte("this is not json or yaml"),
-				values:        map[string]string{},
-				useGoTemplate: false,
-			},
-			wantErr: true,
-		},
-		{
-			name: "file parameters are added to params",
-			args: args{
-				filePath:      "path/dir/file_name.yaml",
-				fileContent:   defaultContent,
-				values:        map[string]string{},
-				useGoTemplate: false,
-			},
-			want: []map[string]interface{}{
-				{
-					"foo.bar":                 "baz",
-					"path":                    "path/dir",
-					"path.basename":           "dir",
-					"path.filename":           "file_name.yaml",
-					"path.basenameNormalized": "dir",
-					"path.filenameNormalized": "file-name.yaml",
-					"path[0]":                 "path",
-					"path[1]":                 "dir",
-				},
-			},
-		},
-		{
-			name: "path parameter are prefixed",
-			args: args{
-				filePath:        "path/dir/file_name.yaml",
-				fileContent:     defaultContent,
-				values:          map[string]string{},
-				useGoTemplate:   false,
-				pathParamPrefix: "myRepo",
-			},
-			want: []map[string]interface{}{
-				{
-					"foo.bar":                        "baz",
-					"myRepo.path":                    "path/dir",
-					"myRepo.path.basename":           "dir",
-					"myRepo.path.filename":           "file_name.yaml",
-					"myRepo.path.basenameNormalized": "dir",
-					"myRepo.path.filenameNormalized": "file-name.yaml",
-					"myRepo.path[0]":                 "path",
-					"myRepo.path[1]":                 "dir",
-				},
-			},
-		},
-		{
-			name: "file parameters are added to params with go template",
-			args: args{
-				filePath:      "path/dir/file_name.yaml",
-				fileContent:   defaultContent,
-				values:        map[string]string{},
-				useGoTemplate: true,
-			},
-			want: []map[string]interface{}{
-				{
-					"foo": map[string]interface{}{
-						"bar": "baz",
-					},
-					"path": map[string]interface{}{
-						"path":               "path/dir",
-						"basename":           "dir",
-						"filename":           "file_name.yaml",
-						"basenameNormalized": "dir",
-						"filenameNormalized": "file-name.yaml",
-						"segments": []string{
-							"path",
-							"dir",
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "path parameter are prefixed with go template",
-			args: args{
-				filePath:        "path/dir/file_name.yaml",
-				fileContent:     defaultContent,
-				values:          map[string]string{},
-				useGoTemplate:   true,
-				pathParamPrefix: "myRepo",
-			},
-			want: []map[string]interface{}{
-				{
-					"foo": map[string]interface{}{
-						"bar": "baz",
-					},
-					"myRepo": map[string]interface{}{
-						"path": map[string]interface{}{
-							"path":               "path/dir",
-							"basename":           "dir",
-							"filename":           "file_name.yaml",
-							"basenameNormalized": "dir",
-							"filenameNormalized": "file-name.yaml",
-							"segments": []string{
-								"path",
-								"dir",
-							},
-						},
-					},
-				},
-			},
+			"foo.bar":                 "baz",
+			"path":                    "path/dir",
+			"path.basename":           "dir",
+			"path.filename":           "file_name.yaml",
+			"path.basenameNormalized": "dir",
+			"path.filenameNormalized": "file-name.yaml",
+			"path[0]":                 "path",
+			"path[1]":                 "dir",
 		},
+	}, params)
+}
+
+func Test_generatePrefixedParamsFromGitFile(t *testing.T) {
+	values := map[string]string{}
+	params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(`
+foo:
+  bar: baz
+`), values, false, nil, "myRepo")
+	if err != nil {
+		t.Fatal(err)
 	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			params, err := (*GitGenerator)(nil).generateParamsFromGitFile(tt.args.filePath, tt.args.fileContent, tt.args.values, tt.args.useGoTemplate, tt.args.goTemplateOptions, tt.args.pathParamPrefix)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("GitGenerator.generateParamsFromGitFile() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			assert.Equal(t, tt.want, params)
-		})
+	assert.Equal(t, []map[string]interface{}{
+		{
+			"foo.bar":                        "baz",
+			"myRepo.path":                    "path/dir",
+			"myRepo.path.basename":           "dir",
+			"myRepo.path.filename":           "file_name.yaml",
+			"myRepo.path.basenameNormalized": "dir",
+			"myRepo.path.filenameNormalized": "file-name.yaml",
+			"myRepo.path[0]":                 "path",
+			"myRepo.path[1]":                 "dir",
+		},
+	}, params)
+}
+
+func Test_generateParamsFromGitFileGoTemplate(t *testing.T) {
+	values := map[string]string{}
+	params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(`
+foo:
+  bar: baz
+`), values, true, nil, "")
+	if err != nil {
+		t.Fatal(err)
 	}
+	assert.Equal(t, []map[string]interface{}{
+		{
+			"foo": map[string]interface{}{
+				"bar": "baz",
+			},
+			"path": map[string]interface{}{
+				"path":               "path/dir",
+				"basename":           "dir",
+				"filename":           "file_name.yaml",
+				"basenameNormalized": "dir",
+				"filenameNormalized": "file-name.yaml",
+				"segments": []string{
+					"path",
+					"dir",
+				},
+			},
+		},
+	}, params)
+}
+
+func Test_generatePrefixedParamsFromGitFileGoTemplate(t *testing.T) {
+	values := map[string]string{}
+	params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(`
+foo:
+  bar: baz
+`), values, true, nil, "myRepo")
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Equal(t, []map[string]interface{}{
+		{
+			"foo": map[string]interface{}{
+				"bar": "baz",
+			},
+			"myRepo": map[string]interface{}{
+				"path": map[string]interface{}{
+					"path":               "path/dir",
+					"basename":           "dir",
+					"filename":           "file_name.yaml",
+					"basenameNormalized": "dir",
+					"filenameNormalized": "file-name.yaml",
+					"segments": []string{
+						"path",
+						"dir",
+					},
+				},
+			},
+		},
+	}, params)
 }
 
 func TestGitGenerateParamsFromDirectories(t *testing.T) {

applicationset/generators/pull_request.go

@@ -27,16 +27,14 @@ type PullRequestGenerator struct {
 	auth                      SCMAuthProviders
 	scmRootCAPath             string
 	allowedSCMProviders       []string
-	enableSCMProviders        bool
 }
 
-func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string, allowedScmProviders []string, enableSCMProviders bool) Generator {
+func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string, allowedScmProviders []string) Generator {
 	g := &PullRequestGenerator{
 		client:              client,
 		auth:                auth,
 		scmRootCAPath:       scmRootCAPath,
 		allowedSCMProviders: allowedScmProviders,
-		enableSCMProviders:  enableSCMProviders,
 	}
 	g.selectServiceProviderFunc = g.selectServiceProvider
 	return g
@@ -68,7 +66,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	ctx := context.Background()
 	svc, err := g.selectServiceProviderFunc(ctx, appSetGenerator.PullRequest, applicationSetInfo)
 	if err != nil {
-		return nil, fmt.Errorf("failed to select pull request service provider: %w", err)
+		return nil, fmt.Errorf("failed to select pull request service provider: %v", err)
 	}
 
 	pulls, err := pullrequest.ListPullRequests(ctx, svc, appSetGenerator.PullRequest.Filters)
@@ -123,18 +121,17 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 
 // selectServiceProvider selects the provider to get pull requests from the configuration
 func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, generatorConfig *argoprojiov1alpha1.PullRequestGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
-	if !g.enableSCMProviders {
-		return nil, ErrSCMProvidersDisabled
-	}
-	if err := ScmProviderAllowed(applicationSetInfo, generatorConfig, g.allowedSCMProviders); err != nil {
-		return nil, fmt.Errorf("scm provider not allowed: %w", err)
-	}
-
 	if generatorConfig.Github != nil {
+		if !ScmProviderAllowed(applicationSetInfo, generatorConfig.Github.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", generatorConfig.Github.API)
+		}
 		return g.github(ctx, generatorConfig.Github, applicationSetInfo)
 	}
 	if generatorConfig.GitLab != nil {
 		providerConfig := generatorConfig.GitLab
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.API)
+		}
 		token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %v", err)
@@ -143,6 +140,9 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 	}
 	if generatorConfig.Gitea != nil {
 		providerConfig := generatorConfig.Gitea
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", generatorConfig.Gitea.API)
+		}
 		token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %v", err)
@@ -151,6 +151,9 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 	}
 	if generatorConfig.BitbucketServer != nil {
 		providerConfig := generatorConfig.BitbucketServer
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.API)
+		}
 		if providerConfig.BasicAuth != nil {
 			password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
 			if err != nil {

applicationset/generators/pull_request_test.go

@@ -278,7 +278,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 	cases := []struct {
 		name           string
 		providerConfig *argoprojiov1alpha1.PullRequestGenerator
-		expectedError  error
+		expectedError  string
 	}{
 		{
 			name: "Error Github",
@@ -287,7 +287,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error Gitlab",
@@ -296,7 +296,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error Gitea",
@@ -305,7 +305,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error Bitbucket",
@@ -314,7 +314,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "failed to select pull request service provider: scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 	}
 
@@ -330,7 +330,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 				"gitea.myorg.com",
 				"bitbucket.myorg.com",
 				"azuredevops.myorg.com",
-			}, true)
+			})
 
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -346,29 +346,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 			_, err := pullRequestGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo)
 
 			assert.Error(t, err, "Must return an error")
-			assert.ErrorAs(t, err, testCaseCopy.expectedError)
+			assert.Equal(t, testCaseCopy.expectedError, err.Error())
 		})
 	}
 }
-
-func TestSCMProviderDisabled_PRGenerator(t *testing.T) {
-	generator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{}, false)
-
-	applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "set",
-		},
-		Spec: argoprojiov1alpha1.ApplicationSetSpec{
-			Generators: []argoprojiov1alpha1.ApplicationSetGenerator{{
-				PullRequest: &argoprojiov1alpha1.PullRequestGenerator{
-					Github: &argoprojiov1alpha1.PullRequestGeneratorGithub{
-						API: "https://myservice.mynamespace.svc.cluster.local",
-					},
-				},
-			}},
-		},
-	}
-
-	_, err := generator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo)
-	assert.ErrorIs(t, err, ErrSCMProvidersDisabled)
-}

applicationset/generators/scm_provider.go

@@ -2,7 +2,6 @@ package generators
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -32,26 +31,24 @@ type SCMProviderGenerator struct {
 	SCMAuthProviders
 	scmRootCAPath       string
 	allowedSCMProviders []string
-	enableSCMProviders  bool
 }
 
 type SCMAuthProviders struct {
 	GitHubApps github_app_auth.Credentials
 }
 
-func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool) Generator {
+func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string, allowedSCMProviders []string) Generator {
 	return &SCMProviderGenerator{
 		client:              client,
 		SCMAuthProviders:    providers,
 		scmRootCAPath:       scmRootCAPath,
 		allowedSCMProviders: allowedSCMProviders,
-		enableSCMProviders:  enableSCMProviders,
 	}
 }
 
 // Testing generator
 func NewTestSCMProviderGenerator(overrideProvider scm_provider.SCMProviderService) Generator {
-	return &SCMProviderGenerator{overrideProvider: overrideProvider, enableSCMProviders: true}
+	return &SCMProviderGenerator{overrideProvider: overrideProvider}
 }
 
 func (g *SCMProviderGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration {
@@ -68,34 +65,14 @@ func (g *SCMProviderGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.A
 	return &appSetGenerator.SCMProvider.Template
 }
 
-var ErrSCMProvidersDisabled = errors.New("scm providers are disabled")
-
-type ErrDisallowedSCMProvider struct {
-	Provider string
-	Allowed  []string
-}
-
-func NewErrDisallowedSCMProvider(provider string, allowed []string) ErrDisallowedSCMProvider {
-	return ErrDisallowedSCMProvider{
-		Provider: provider,
-		Allowed:  allowed,
-	}
-}
-
-func (e ErrDisallowedSCMProvider) Error() string {
-	return fmt.Sprintf("scm provider %q not allowed, must use one of the following: %s", e.Provider, strings.Join(e.Allowed, ", "))
-}
-
-func ScmProviderAllowed(applicationSetInfo *argoprojiov1alpha1.ApplicationSet, generator SCMGeneratorWithCustomApiUrl, allowedScmProviders []string) error {
-	url := generator.CustomApiUrl()
-
+func ScmProviderAllowed(applicationSetInfo *argoprojiov1alpha1.ApplicationSet, url string, allowedScmProviders []string) bool {
 	if url == "" || len(allowedScmProviders) == 0 {
-		return nil
+		return true
 	}
 
 	for _, allowedScmProvider := range allowedScmProviders {
 		if url == allowedScmProvider {
-			return nil
+			return true
 		}
 	}
 
@@ -103,9 +80,9 @@ func ScmProviderAllowed(applicationSetInfo *argoprojiov1alpha1.ApplicationSet, g
 		common.SecurityField: common.SecurityMedium,
 		"applicationset":     applicationSetInfo.Name,
 		"appSetNamespace":    applicationSetInfo.Namespace,
-	}).Debugf("attempted to use disallowed SCM %q, must use one of the following: %s", url, strings.Join(allowedScmProviders, ", "))
+	}).Debugf("attempted to use disallowed SCM %q", url)
 
-	return NewErrDisallowedSCMProvider(url, allowedScmProviders)
+	return false
 }
 
 func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) {
@@ -117,28 +94,26 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		return nil, EmptyAppSetGeneratorError
 	}
 
-	if !g.enableSCMProviders {
-		return nil, ErrSCMProvidersDisabled
-	}
+	ctx := context.Background()
 
 	// Create the SCM provider helper.
 	providerConfig := appSetGenerator.SCMProvider
-
-	if err := ScmProviderAllowed(applicationSetInfo, providerConfig, g.allowedSCMProviders); err != nil {
-		return nil, fmt.Errorf("scm provider not allowed: %w", err)
-	}
-
-	ctx := context.Background()
 	var provider scm_provider.SCMProviderService
 	if g.overrideProvider != nil {
 		provider = g.overrideProvider
 	} else if providerConfig.Github != nil {
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.Github.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.Github.API)
+		}
 		var err error
 		provider, err = g.githubProvider(ctx, providerConfig.Github, applicationSetInfo)
 		if err != nil {
 			return nil, fmt.Errorf("scm provider: %w", err)
 		}
 	} else if providerConfig.Gitlab != nil {
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.Gitlab.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.Gitlab.API)
+		}
 		token, err := g.getSecretRef(ctx, providerConfig.Gitlab.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitlab token: %v", err)
@@ -148,6 +123,9 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			return nil, fmt.Errorf("error initializing Gitlab service: %v", err)
 		}
 	} else if providerConfig.Gitea != nil {
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.Gitea.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.Gitea.API)
+		}
 		token, err := g.getSecretRef(ctx, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitea token: %v", err)
@@ -158,6 +136,9 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		}
 	} else if providerConfig.BitbucketServer != nil {
 		providerConfig := providerConfig.BitbucketServer
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.API)
+		}
 		var scmError error
 		if providerConfig.BasicAuth != nil {
 			password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
@@ -172,6 +153,9 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			return nil, fmt.Errorf("error initializing Bitbucket Server service: %v", scmError)
 		}
 	} else if providerConfig.AzureDevOps != nil {
+		if !ScmProviderAllowed(applicationSetInfo, providerConfig.AzureDevOps.API, g.allowedSCMProviders) {
+			return nil, fmt.Errorf("scm provider not allowed: %s", providerConfig.AzureDevOps.API)
+		}
 		token, err := g.getSecretRef(ctx, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Azure Devops access token: %v", err)

applicationset/generators/scm_provider_test.go

@@ -174,7 +174,7 @@ func TestSCMProviderGenerateParams(t *testing.T) {
 			mockProvider := &scm_provider.MockProvider{
 				Repos: testCaseCopy.repos,
 			}
-			scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, enableSCMProviders: true}
+			scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider}
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
@@ -205,7 +205,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 	cases := []struct {
 		name           string
 		providerConfig *argoprojiov1alpha1.SCMProviderGenerator
-		expectedError  error
+		expectedError  string
 	}{
 		{
 			name: "Error Github",
@@ -214,7 +214,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error Gitlab",
@@ -223,7 +223,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error Gitea",
@@ -232,7 +232,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error Bitbucket",
@@ -241,7 +241,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 		{
 			name: "Error AzureDevops",
@@ -250,7 +250,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
-			expectedError: &ErrDisallowedSCMProvider{},
+			expectedError: "scm provider not allowed: https://myservice.mynamespace.svc.cluster.local",
 		},
 	}
 
@@ -260,16 +260,13 @@ func TestAllowedSCMProvider(t *testing.T) {
 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			t.Parallel()
 
-			scmGenerator := &SCMProviderGenerator{
-				allowedSCMProviders: []string{
-					"github.myorg.com",
-					"gitlab.myorg.com",
-					"gitea.myorg.com",
-					"bitbucket.myorg.com",
-					"azuredevops.myorg.com",
-				},
-				enableSCMProviders: true,
-			}
+			scmGenerator := &SCMProviderGenerator{allowedSCMProviders: []string{
+				"github.myorg.com",
+				"gitlab.myorg.com",
+				"gitea.myorg.com",
+				"bitbucket.myorg.com",
+				"azuredevops.myorg.com",
+			}}
 
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -285,29 +282,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 			_, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo)
 
 			assert.Error(t, err, "Must return an error")
-			assert.ErrorAs(t, err, testCaseCopy.expectedError)
+			assert.Equal(t, testCaseCopy.expectedError, err.Error())
 		})
 	}
 }
-
-func TestSCMProviderDisabled_SCMGenerator(t *testing.T) {
-	generator := &SCMProviderGenerator{enableSCMProviders: false}
-
-	applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "set",
-		},
-		Spec: argoprojiov1alpha1.ApplicationSetSpec{
-			Generators: []argoprojiov1alpha1.ApplicationSetGenerator{{
-				SCMProvider: &argoprojiov1alpha1.SCMProviderGenerator{
-					Github: &argoprojiov1alpha1.SCMProviderGeneratorGithub{
-						API: "https://myservice.mynamespace.svc.cluster.local",
-					},
-				},
-			}},
-		},
-	}
-
-	_, err := generator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo)
-	assert.ErrorIs(t, err, ErrSCMProvidersDisabled)
-}

applicationset/generators/scm_utils.go

@@ -1,5 +0,0 @@
-package generators
-
-type SCMGeneratorWithCustomApiUrl interface {
-	CustomApiUrl() string
-}

applicationset/utils/template_functions.go

@@ -1,71 +0,0 @@
-package utils
-
-import (
-	"regexp"
-	"strings"
-
-	"sigs.k8s.io/yaml"
-)
-
-// SanitizeName sanitizes the name in accordance with the below rules
-// 1. contain no more than 253 characters
-// 2. contain only lowercase alphanumeric characters, '-' or '.'
-// 3. start and end with an alphanumeric character
-func SanitizeName(name string) string {
-	invalidDNSNameChars := regexp.MustCompile("[^-a-z0-9.]")
-	maxDNSNameLength := 253
-
-	name = strings.ToLower(name)
-	name = invalidDNSNameChars.ReplaceAllString(name, "-")
-	if len(name) > maxDNSNameLength {
-		name = name[:maxDNSNameLength]
-	}
-
-	return strings.Trim(name, "-.")
-}
-
-// This has been copied from helm and may be removed as soon as it is retrofited in sprig
-// toYAML takes an interface, marshals it to yaml, and returns a string. It will
-// always return a string, even on marshal error (empty string).
-//
-// This is designed to be called from a template.
-func toYAML(v interface{}) (string, error) {
-	data, err := yaml.Marshal(v)
-	if err != nil {
-		// Swallow errors inside of a template.
-		return "", err
-	}
-	return strings.TrimSuffix(string(data), "\n"), nil
-}
-
-// This has been copied from helm and may be removed as soon as it is retrofited in sprig
-// fromYAML converts a YAML document into a map[string]interface{}.
-//
-// This is not a general-purpose YAML parser, and will not parse all valid
-// YAML documents. Additionally, because its intended use is within templates
-// it tolerates errors. It will insert the returned error message string into
-// m["Error"] in the returned map.
-func fromYAML(str string) (map[string]interface{}, error) {
-	m := map[string]interface{}{}
-
-	if err := yaml.Unmarshal([]byte(str), &m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-// This has been copied from helm and may be removed as soon as it is retrofited in sprig
-// fromYAMLArray converts a YAML array into a []interface{}.
-//
-// This is not a general-purpose YAML parser, and will not parse all valid
-// YAML documents. Additionally, because its intended use is within templates
-// it tolerates errors. It will insert the returned error message string as
-// the first and only item in the returned array.
-func fromYAMLArray(str string) ([]interface{}, error) {
-	a := []interface{}{}
-
-	if err := yaml.Unmarshal([]byte(str), &a); err != nil {
-		return nil, err
-	}
-	return a, nil
-}

applicationset/utils/utils.go

@@ -32,9 +32,6 @@ func init() {
 	delete(sprigFuncMap, "expandenv")
 	delete(sprigFuncMap, "getHostByName")
 	sprigFuncMap["normalize"] = SanitizeName
-	sprigFuncMap["toYaml"] = toYAML
-	sprigFuncMap["fromYaml"] = fromYAML
-	sprigFuncMap["fromYamlArray"] = fromYAMLArray
 }
 
 type Renderer interface {
@@ -434,6 +431,23 @@ func NormalizeBitbucketBasePath(basePath string) string {
 	return basePath
 }
 
+// SanitizeName sanitizes the name in accordance with the below rules
+// 1. contain no more than 253 characters
+// 2. contain only lowercase alphanumeric characters, '-' or '.'
+// 3. start and end with an alphanumeric character
+func SanitizeName(name string) string {
+	invalidDNSNameChars := regexp.MustCompile("[^-a-z0-9.]")
+	maxDNSNameLength := 253
+
+	name = strings.ToLower(name)
+	name = invalidDNSNameChars.ReplaceAllString(name, "-")
+	if len(name) > maxDNSNameLength {
+		name = name[:maxDNSNameLength]
+	}
+
+	return strings.Trim(name, "-.")
+}
+
 func getTlsConfigWithCACert(scmRootCAPath string) *tls.Config {
 
 	tlsConfig := &tls.Config{}

applicationset/utils/utils_test.go

@@ -555,64 +555,6 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) {
 			templateOptions: []string{"missingkey=error"},
 			errorMessage:    `failed to execute go template --> {{.doesnotexist}} <--: template: :1:6: executing "" at <.doesnotexist>: map has no entry for key "doesnotexist"`,
 		},
-		{
-			name:        "toYaml",
-			fieldVal:    `{{ toYaml . | indent 2 }}`,
-			expectedVal: "  foo:\n    bar:\n      bool: true\n      number: 2\n      str: Hello world",
-			params: map[string]interface{}{
-				"foo": map[string]interface{}{
-					"bar": map[string]interface{}{
-						"bool":   true,
-						"number": 2,
-						"str":    "Hello world",
-					},
-				},
-			},
-		},
-		{
-			name:         "toYaml Error",
-			fieldVal:     `{{ toYaml . | indent 2 }}`,
-			expectedVal:  "  foo:\n    bar:\n      bool: true\n      number: 2\n      str: Hello world",
-			errorMessage: "failed to execute go template {{ toYaml . | indent 2 }}: template: :1:3: executing \"\" at <toYaml .>: error calling toYaml: error marshaling into JSON: json: unsupported type: func(*string)",
-			params: map[string]interface{}{
-				"foo": func(test *string) {
-				},
-			},
-		},
-		{
-			name:        "fromYaml",
-			fieldVal:    `{{ get (fromYaml .value) "hello" }}`,
-			expectedVal: "world",
-			params: map[string]interface{}{
-				"value": "hello: world",
-			},
-		},
-		{
-			name:         "fromYaml error",
-			fieldVal:     `{{ get (fromYaml .value) "hello" }}`,
-			expectedVal:  "world",
-			errorMessage: "failed to execute go template {{ get (fromYaml .value) \"hello\" }}: template: :1:8: executing \"\" at <fromYaml .value>: error calling fromYaml: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}",
-			params: map[string]interface{}{
-				"value": "non\n compliant\n yaml",
-			},
-		},
-		{
-			name:        "fromYamlArray",
-			fieldVal:    `{{ fromYamlArray .value | last }}`,
-			expectedVal: "bonjour tout le monde",
-			params: map[string]interface{}{
-				"value": "- hello world\n- bonjour tout le monde",
-			},
-		},
-		{
-			name:         "fromYamlArray error",
-			fieldVal:     `{{ fromYamlArray .value | last }}`,
-			expectedVal:  "bonjour tout le monde",
-			errorMessage: "failed to execute go template {{ fromYamlArray .value | last }}: template: :1:3: executing \"\" at <fromYamlArray .value>: error calling fromYamlArray: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type []interface {}",
-			params: map[string]interface{}{
-				"value": "non\n compliant\n yaml",
-			},
-		},
 	}
 
 	for _, test := range tests {

cmd/argocd-applicationset-controller/commands/applicationset_controller.go

@@ -65,7 +65,6 @@ func NewCommand() *cobra.Command {
 		allowedScmProviders          []string
 		globalPreservedAnnotations   []string
 		globalPreservedLabels        []string
-		enableScmProviders           bool
 	)
 	scheme := runtime.NewScheme()
 	_ = clientgoscheme.AddToScheme(scheme)
@@ -108,8 +107,8 @@ func NewCommand() *cobra.Command {
 			// If the applicationset-namespaces contains only one namespace it corresponds to the current namespace
 			if len(applicationSetNamespaces) == 1 {
 				watchedNamespace = (applicationSetNamespaces)[0]
-			} else if enableScmProviders && len(allowedScmProviders) == 0 {
-				log.Error("When enabling applicationset in any namespace using applicationset-namespaces, you must either set --enable-scm-providers=false or specify --allowed-scm-providers")
+			} else if len(allowedScmProviders) == 0 {
+				log.Error("When enabling applicationset in any namespace using applicationset-namespaces, allowed-scm-providers is required")
 				os.Exit(1)
 			}
 
@@ -163,9 +162,9 @@ func NewCommand() *cobra.Command {
 				"List":                    generators.NewListGenerator(),
 				"Clusters":                generators.NewClusterGenerator(mgr.GetClient(), ctx, k8sClient, namespace),
 				"Git":                     generators.NewGitGenerator(argoCDService),
-				"SCMProvider":             generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders),
+				"SCMProvider":             generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders),
 				"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace),
-				"PullRequest":             generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders),
+				"PullRequest":             generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders),
 				"Plugin":                  generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace),
 			}
 
@@ -248,8 +247,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&debugLog, "debug", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG", false), "Print debug logs. Takes precedence over loglevel")
 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
 	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
-	command.Flags().StringSliceVar(&allowedScmProviders, "allowed-scm-providers", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS", []string{}, ","), "The list of allowed custom SCM provider API URLs. This restriction does not apply to SCM or PR generators which do not accept a custom API URL. (Default: Empty = all)")
-	command.Flags().BoolVar(&enableScmProviders, "enable-scm-providers", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS", true), "Enable retrieving information from SCM providers, used by the SCM and PR generators (Default: true)")
+	command.Flags().StringSliceVar(&allowedScmProviders, "allowed-scm-providers", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS", []string{}, ","), "The list of allowed scm providers. (Default: Empty = all)")
 	command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode")
 	command.Flags().BoolVar(&enableProgressiveSyncs, "enable-progressive-syncs", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS", false), "Enable use of the experimental progressive syncs feature.")
 	command.Flags().BoolVar(&enableNewGitFileGlobbing, "enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.")

cmd/argocd/commands/account.go

@@ -26,26 +26,12 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/io"
 	"github.com/argoproj/argo-cd/v2/util/localconfig"
 	sessionutil "github.com/argoproj/argo-cd/v2/util/session"
-	"github.com/argoproj/argo-cd/v2/util/templates"
 )
 
 func NewAccountCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var command = &cobra.Command{
 		Use:   "account",
 		Short: "Manage account settings",
-		Example: templates.Examples(`
-			# List accounts
-			argocd account list
-
-			# Update the current user's password
-			argocd account update-password
-
-			# Can I sync any app?
-			argocd account can-i sync applications '*'
-
-			# Get User information
-			argocd account get-user-info
-		`),
 		Run: func(c *cobra.Command, args []string) {
 			c.HelpFunc()(c, args)
 			os.Exit(1)
@@ -157,13 +143,6 @@ func NewAccountGetUserInfoCommand(clientOpts *argocdclient.ClientOptions) *cobra
 	var command = &cobra.Command{
 		Use:   "get-user-info",
 		Short: "Get user info",
-		Example: templates.Examples(`
-			# Get User information for the currently logged-in user (see 'argocd login')
-			argocd account get-user-info
-
-			# Get User information in yaml format
-			argocd account get-user-info -o yaml
-		`),
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 

cmd/argocd/commands/admin/dashboard.go

@@ -28,7 +28,7 @@ func NewDashboardCommand() *cobra.Command {
 
 			compression, err := cache.CompressionTypeFromString(compressionStr)
 			errors.CheckError(err)
-			errors.CheckError(headless.MaybeStartLocalServer(ctx, &argocdclient.ClientOptions{Core: true}, initialize.RetrieveContextIfChanged(cmd.Flag("context")), &port, &address, compression))
+			errors.CheckError(headless.StartLocalServer(ctx, &argocdclient.ClientOptions{Core: true}, initialize.RetrieveContextIfChanged(cmd.Flag("context")), &port, &address, compression))
 			println(fmt.Sprintf("Argo CD UI is available at http://%s:%d", address, port))
 			<-ctx.Done()
 		},

cmd/argocd/commands/app_actions.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/argoproj/argo-cd/v2/util/templates"
 	"os"
 	"strconv"
 	"text/tabwriter"
@@ -34,22 +33,11 @@ type DisplayedAction struct {
 	Disabled bool
 }
 
-var (
-	appActionExample = templates.Examples(`
-	# List all the available actions for an application
-	argocd app actions list APPNAME
-
-	# Run an available action for an application
-	argocd app actions run APPNAME ACTION --kind KIND [--resource-name RESOURCE] [--namespace NAMESPACE] [--group GROUP]
-	`)
-)
-
 // NewApplicationResourceActionsCommand returns a new instance of an `argocd app actions` command
 func NewApplicationResourceActionsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var command = &cobra.Command{
-		Use:     "actions",
-		Short:   "Manage Resource actions",
-		Example: appActionExample,
+		Use:   "actions",
+		Short: "Manage Resource actions",
 		Run: func(c *cobra.Command, args []string) {
 			c.HelpFunc()(c, args)
 			os.Exit(1)
@@ -70,10 +58,6 @@ func NewApplicationResourceActionsListCommand(clientOpts *argocdclient.ClientOpt
 	var command = &cobra.Command{
 		Use:   "list APPNAME",
 		Short: "Lists available actions on a resource",
-		Example: templates.Examples(`
-	# List all the available actions for an application
-	argocd app actions list APPNAME
-	`),
 	}
 	command.Run = func(c *cobra.Command, args []string) {
 		ctx := c.Context()
@@ -152,10 +136,6 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti
 	var command = &cobra.Command{
 		Use:   "run APPNAME ACTION",
 		Short: "Runs an available action on resource(s)",
-		Example: templates.Examples(`
-	# Run an available action for an application
-	argocd app actions run APPNAME ACTION --kind KIND [--resource-name RESOURCE] [--namespace NAMESPACE] [--group GROUP]
-	`),
 	}
 
 	command.Flags().StringVar(&resourceName, "resource-name", "", "Name of resource")

cmd/argocd/commands/applicationset.go

@@ -67,10 +67,6 @@ func NewApplicationSetGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.
 	var command = &cobra.Command{
 		Use:   "get APPSETNAME",
 		Short: "Get ApplicationSet details",
-		Example: templates.Examples(`
-	# Get ApplicationSets
-	argocd appset get APPSETNAME
-		`),
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 

cmd/argocd/commands/completion.go

@@ -211,13 +211,6 @@ compdef _argocd argocd
 Optionally, also add the following, in case you are getting errors involving compdef & compinit such as command not found: compdef:
 autoload -Uz compinit
 compinit 
-`,
-		Example: `# For bash
-$ source <(argocd completion bash)
-
-# For zsh
-$ argocd completion zsh > _argocd
-$ source _argocd
 `,
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(args) != 1 {

cmd/argocd/commands/context.go

@@ -22,14 +22,6 @@ func NewContextCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		Use:     "context [CONTEXT]",
 		Aliases: []string{"ctx"},
 		Short:   "Switch between contexts",
-		Example: `# List Argo CD Contexts
-argocd context
-
-# Switch Argo CD context
-argocd context cd.argoproj.io
-
-# Delete Argo CD context
-argocd context cd.argoproj.io --delete`,
 		Run: func(c *cobra.Command, args []string) {
 
 			localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath)

cmd/argocd/commands/headless/headless.go

@@ -142,23 +142,16 @@ func testAPI(ctx context.Context, clientOpts *apiclient.ClientOptions) error {
 	}
 	defer io.Close(closer)
 	_, err = versionClient.Version(ctx, &empty.Empty{})
-	if err != nil {
-		return fmt.Errorf("failed to get version: %w", err)
-	}
-	return nil
+	return fmt.Errorf("failed to get version: %w", err)
 }
 
-// MaybeStartLocalServer allows executing command in a headless mode. If we're in core mode, starts the Argo CD API
-// server on the fly and changes provided client options to use started API server port.
-//
-// If the clientOpts enables core mode, but the local config does not have core mode enabled, this function will
-// not start the local server.
-func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, ctxStr string, port *int, address *string, compression cache.RedisCompressionType) error {
+// StartLocalServer allows executing command in a headless mode: on the fly starts Argo CD API server and
+// changes provided client options to use started API server port
+func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, ctxStr string, port *int, address *string, compression cache.RedisCompressionType) error {
 	flags := pflag.NewFlagSet("tmp", pflag.ContinueOnError)
 	clientConfig := cli.AddKubectlFlagsToSet(flags)
 	startInProcessAPI := clientOpts.Core
 	if !startInProcessAPI {
-		// Core mode is enabled on client options. Check the local config to see if we should start the API server.
 		localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath)
 		if err != nil {
 			return fmt.Errorf("error reading local config: %w", err)
@@ -168,11 +161,9 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti
 			if err != nil {
 				return fmt.Errorf("error resolving context: %w", err)
 			}
-			// There was a local config file, so determine whether core mode is enabled per the config file.
 			startInProcessAPI = configCtx.Server.Core
 		}
 	}
-	// If we're in core mode, start the API server on the fly.
 	if !startInProcessAPI {
 		return nil
 	}
@@ -252,10 +243,7 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti
 		}
 		time.Sleep(time.Second)
 	}
-	if err != nil {
-		return fmt.Errorf("all retries failed: %w", err)
-	}
-	return nil
+	return fmt.Errorf("all retries failed: %w", err)
 }
 
 // NewClientOrDie creates a new API client from a set of config options, or fails fatally if the new client creation fails.
@@ -263,9 +251,7 @@ func NewClientOrDie(opts *apiclient.ClientOptions, c *cobra.Command) apiclient.C
 	ctx := c.Context()
 
 	ctxStr := initialize.RetrieveContextIfChanged(c.Flag("context"))
-	// If we're in core mode, start the API server on the fly and configure the client `opts` to use it.
-	// If we're not in core mode, this function call will do nothing.
-	err := MaybeStartLocalServer(ctx, opts, ctxStr, nil, nil, cache.RedisCompressionNone)
+	err := StartLocalServer(ctx, opts, ctxStr, nil, nil, cache.RedisCompressionNone)
 	if err != nil {
 		log.Fatal(err)
 	}

cmd/argocd/commands/logout.go

@@ -18,10 +18,6 @@ func NewLogoutCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comma
 		Use:   "logout CONTEXT",
 		Short: "Log out from Argo CD",
 		Long:  "Log out from Argo CD",
-		Example: `# To log out of argocd
-$ argocd logout
-# This can be helpful for security reasons or when you want to switch between different Argo CD contexts or accounts.
-`,
 		Run: func(c *cobra.Command, args []string) {
 			if len(args) == 0 {
 				c.HelpFunc()(c, args)

cmd/argocd/commands/relogin.go

@@ -24,10 +24,9 @@ func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comm
 		ssoPort  int
 	)
 	var command = &cobra.Command{
-		Use:     "relogin",
-		Short:   "Refresh an expired authenticate token",
-		Long:    "Refresh an expired authenticate token",
-		Example: "argocd relogin --password YOUR_PASSWORD",
+		Use:   "relogin",
+		Short: "Refresh an expired authenticate token",
+		Long:  "Refresh an expired authenticate token",
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 

cmd/argocd/commands/repocreds.go

@@ -17,7 +17,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/errors"
 	"github.com/argoproj/argo-cd/v2/util/git"
 	"github.com/argoproj/argo-cd/v2/util/io"
-	"github.com/argoproj/argo-cd/v2/util/templates"
 )
 
 // NewRepoCredsCommand returns a new instance of an `argocd repocreds` command
@@ -25,16 +24,6 @@ func NewRepoCredsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 	var command = &cobra.Command{
 		Use:   "repocreds",
 		Short: "Manage repository connection parameters",
-		Example: templates.Examples(`
-			# Add credentials with user/pass authentication to use for all repositories under the specified URL
-			argocd repocreds add URL --username USERNAME --password PASSWORD
-
-			# List all the configured repository credentials
-			argocd repocreds list
-
-			# Remove credentials for the repositories with speficied URL
-			argocd repocreds rm URL
-		`),
 		Run: func(c *cobra.Command, args []string) {
 			c.HelpFunc()(c, args)
 			os.Exit(1)
@@ -195,10 +184,6 @@ func NewRepoCredsRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	var command = &cobra.Command{
 		Use:   "rm CREDSURL",
 		Short: "Remove repository credentials",
-		Example: templates.Examples(`
-			# Remove credentials for the repositories with URL https://git.example.com/repos
-			argocd repocreds rm https://git.example.com/repos/
-		`),
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 
@@ -246,13 +231,6 @@ func NewRepoCredsListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm
 	var command = &cobra.Command{
 		Use:   "list",
 		Short: "List configured repository credentials",
-		Example: templates.Examples(`
-			# List all the configured repository credentials
-			argocd repocreds list
-
-			# List all the configured repository credentials in json format
-			argocd repocreds list -o json
-		`),
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 

docs/developer-guide/ci.md

@@ -66,7 +66,7 @@ make builder-image IMAGE_NAMESPACE=argoproj IMAGE_TAG=v1.0.0
 ## Public CD
 
 Every commit to master is built and published to `ghcr.io/argoproj/argo-cd/argocd:<version>-<short-sha>`. The list of images is available at
-[https://github.com/argoproj/argo-cd/packages](https://github.com/argoproj/argo-cd/packages).
+https://github.com/argoproj/argo-cd/packages.
 
 !!! note
     GitHub docker registry [requires](https://github.community/t5/GitHub-Actions/docker-pull-from-public-GitHub-Package-Registry-fail-with-quot/m-p/32888#M1294) authentication to read

docs/operator-manual/app-any-namespace.md

@@ -20,7 +20,7 @@ Some manual steps will need to be performed by the Argo CD administrator in orde
 
 ### Cluster-scoped Argo CD installation
 
-This feature can only be enabled and used when your Argo CD is installed as a cluster-wide instance, so it has permissions to list and manipulate resources on a cluster scope. It will not work with an Argo CD installed in namespace-scoped mode.
+This feature can only be enabled and used when your Argo CD is installed as a cluster-wide instance, so it has permissions to list and manipulate resources on a cluster scope. It will *not* work with an Argo CD installed in namespace-scoped mode.
 
 ### Switch resource tracking method
 

docs/operator-manual/applicationset/Add-self-signed-TLS-Certs.md

@@ -0,0 +1,9 @@
+# Add support for self-signed TLS / Certificates for Gitlab SCM/PR Provider
+
+## Implementation details
+
+### Overview
+
+In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the application-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers
+
+This can be achieved conveniently by setting `applicationsetcontroller.scm.root.ca.path` in the argocd-cmd-params-cm ConfigMap. Be sure to restart the ApplicationSet controller after setting this value.

docs/operator-manual/applicationset/Appset-Any-Namespace.md

@@ -53,6 +53,7 @@ spec:
 
 Therefore administrator must restrict the urls of the allowed SCM Providers (example: `https://git.mydomain.com/,https://gitlab.mydomain.com/`) by setting the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS` to argocd-cmd-params-cm `applicationsetcontroller.allowed.scm.providers`. If another url is used, it will be rejected by the applicationset controller.
 
+
 For example:
 ```yaml
 apiVersion: v1
@@ -63,14 +64,7 @@ data:
   applicationsetcontroller.allowed.scm.providers: https://git.mydomain.com/,https://gitlab.mydomain.com/
 ```
 
-!!! note
-    Please note url used in the `api` field of the `ApplicationSet` must match the url declared by the Administrator including the protocol
-
-!!! warning
-    The allow-list only applies to SCM providers for which the user may configure a custom `api`. Where an SCM or PR
-    generator does not accept a custom API URL, the provider is implicitly allowed.
-
-If you do not intend to allow users to use the SCM or PR generators, you can disable them entirely by setting the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_ALLOW_SCM_PROVIDERS` to argocd-cmd-params-cm `applicationsetcontroller.allow.scm.providers` to `false`.
+> Please note url used in the `api` field of the `ApplicationSet` must match the url declared by the Administrator including the protocol
 
 ### Overview
 

docs/operator-manual/applicationset/Generators-Pull-Request.md

@@ -105,7 +105,7 @@ spec:
 * `pullRequestState`: PullRequestState is an additional MRs filter to get only those with a certain state. Default: "" (all states)
 * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates.
 
-As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Generators-SCM-Provider.md#self-signed-tls-certificates).
+As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Add-self-signed-TLS-Certs.md).
 
 ## Gitea
 

docs/operator-manual/applicationset/Generators-SCM-Provider.md

@@ -111,18 +111,12 @@ spec:
 * `tokenRef`: A `Secret` name and key containing the GitLab access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories.
 * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates.
 
+As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Add-self-signed-TLS-Certs.md).
+
 For label filtering, the repository tags are used.
 
 Available clone protocols are `ssh` and `https`.
 
-### Self-signed TLS Certificates
-
-As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab.
-
-In order for a self-signed TLS certificate be used by an ApplicationSet's SCM / PR Gitlab Generator, the certificate needs to be mounted on the applicationset-controller. The path of the mounted certificate must be explicitly set using the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH` or alternatively using parameter `--scm-root-ca-path`. The applicationset controller will read the mounted certificate to create the Gitlab client for SCM/PR Providers
-
-This can be achieved conveniently by setting `applicationsetcontroller.scm.root.ca.path` in the argocd-cmd-params-cm ConfigMap. Be sure to restart the ApplicationSet controller after setting this value.
-
 ## Gitea
 
 The Gitea mode uses the Gitea API to scan organizations in your instance

docs/operator-manual/applicationset/GoTemplate.md

@@ -174,18 +174,6 @@ It is also possible to use Sprig functions to construct the path variables manua
 | `{{path.filenameNormalized}}` | `{{.path.filenameNormalized}}` | `{{normalize .path.filename}}` |
 | `{{path[N]}}` | `-` | `{{index .path.segments N}}` |
 
-## Available template functions
-
-ApplicationSet controller provides:
-
-- all [sprig](http://masterminds.github.io/sprig/) Go templates function except `env`, `expandenv` and `getHostByName`
-- `normalize`: sanitizes the input so that it complies with the following rules:
-  1. contains no more than 253 characters
-  2. contains only lowercase alphanumeric characters, '-' or '.'
-  3. starts and ends with an alphanumeric character
-- `toYaml` / `fromYaml` / `fromYamlArray` helm like functions
-
-
 ## Examples
 
 ### Basic Go template usage

docs/operator-manual/argocd-cmd-params-cm.yaml

@@ -184,8 +184,6 @@ data:
   # sending secrets from `tokenRef`s to disallowed `api` domains.
   # The url used in the scm generator must exactly match one in the list
   applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/"
-  # To disable SCM providers entirely (i.e. disable the SCM and PR generators), set this to "false". Default is "true".
-  applicationsetcontroller.enable.scm.providers: "false"
 
   ## Argo CD Notifications Controller Properties
   # Set the logging level. One of: debug|info|warn|error (default "info")

docs/operator-manual/notifications/index.md

@@ -1,4 +1,4 @@
-# Notifications Overview
+# Overview
 
 Argo CD Notifications continuously monitors Argo CD applications and provides a flexible way to notify
 users about important changes in the application state. Using a flexible mechanism of
@@ -10,38 +10,38 @@ So you can just use them instead of reinventing new ones.
 
 * Install Triggers and Templates from the catalog
 
-    ```bash
-    kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml
-    ```
+```
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml
+```
 
 * Add Email username and password token to `argocd-notifications-secret` secret
 
-    ```bash
-    EMAIL_USER=<your-username>
-    PASSWORD=<your-password>
-    
-    kubectl apply -n argocd -f - << EOF
-    apiVersion: v1
-    kind: Secret
-    metadata:
-      name: argocd-notifications-secret
-    stringData:
-      email-username: $EMAIL_USER
-      email-password: $PASSWORD
-    type: Opaque
-    EOF
-    ```
+```bash
+EMAIL_USER=<your-username>
+ PASSWORD=<your-password>
+
+kubectl apply -n argocd -f - << EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-notifications-secret
+stringData:
+  email-username: $EMAIL_USER
+  email-password: $PASSWORD
+type: Opaque
+EOF
+```
 
 * Register Email notification service
 
-    ```bash
-    kubectl patch cm argocd-notifications-cm -n argocd --type merge -p '{"data": {"service.email.gmail": "{ username: $email-username, password: $email-password, host: smtp.gmail.com, port: 465, from: $email-username }" }}'
-    ```
+```bash
+kubectl patch cm argocd-notifications-cm -n argocd --type merge -p '{"data": {"service.email.gmail": "{ username: $email-username, password: $email-password, host: smtp.gmail.com, port: 465, from: $email-username }" }}'
+```
 
 * Subscribe to notifications by adding the `notifications.argoproj.io/subscribe.on-sync-succeeded.slack` annotation to the Argo CD application or project:
 
-    ```bash
-    kubectl patch app <my-app> -n argocd -p '{"metadata": {"annotations": {"notifications.argoproj.io/subscribe.on-sync-succeeded.slack":"<my-channel>"}}}' --type merge
-    ```
+```bash
+kubectl patch app <my-app> -n argocd -p '{"metadata": {"annotations": {"notifications.argoproj.io/subscribe.on-sync-succeeded.slack":"<my-channel>"}}}' --type merge
+```
 
 Try syncing an application to get notified when the sync is completed.

docs/operator-manual/notifications/monitoring.md

@@ -3,7 +3,7 @@
 The Argo CD Notification controller serves Prometheus metrics on port 9001.
 
 !!! note
-    The metrics port can be changed using the `--metrics-port` flag in `argocd-notifications-controller` deployment.
+    Metrics port might be changed using the `--metrics-port` flag in `argocd-notifications-controller` deployment.
 
 ## Metrics 
 The following metrics are available:
@@ -15,7 +15,7 @@ The following metrics are available:
 
 * `template` - notification template name 
 * `notifier` - notification service name
-* `succeeded` - flag that indicates if notification was successfully sent or failed
+* `succeeded` - flag that indicates if notification was successfully sent or failed.
 
 ### `argocd_notifications_trigger_eval_total`
   
@@ -23,8 +23,8 @@ The following metrics are available:
  Labels:
 
 * `name` - trigger name 
-* `triggered` - flag that indicates if trigger condition returned true of false
+* `triggered` - flag that indicates if trigger condition returned true of false.
 
-## Examples
+# Examples:
 
-* Grafana Dashboard: [grafana-dashboard.json](grafana-dashboard.json)
+* Grafana Dashboard: [grafana-dashboard.json](grafana-dashboard.json)

docs/operator-manual/notifications/subscriptions.md

@@ -9,13 +9,13 @@ metadata:
     notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my-channel1;my-channel2
 ```
 
-The annotation key consists of following parts:
+Annotation key consists of following parts:
 
 * `on-sync-succeeded` - trigger name
 * `slack` - notification service name
 * `my-channel1;my-channel2` - a semicolon separated list of recipients
 
-You can create subscriptions for all applications of an Argo CD project by adding the same annotation to the AppProject resource:
+You can create subscriptions for all applications of the Argo CD project by adding the same annotation to AppProject CRD:
 
 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -27,7 +27,7 @@ metadata:
 
 ## Default Subscriptions
 
-The subscriptions might be configured globally in the `argocd-notifications-cm` ConfigMap using the `subscriptions` field. The default subscriptions
+The subscriptions might be configured globally in the `argocd-notifications-cm` ConfigMap using `subscriptions` field. The default subscriptions
 are applied to all applications. The trigger and applications might be configured using the
 `triggers` and `selector` fields:
 
@@ -53,7 +53,7 @@ data:
       - on-sync-status-unknown
 ```
 
-If you want to use webhook in subscriptions, you need to store the custom webhook name in the subscription's `recipients` field.
+If you want to use webhook in subscriptions, you need to store the custom name to recipients.
 
 ```yaml
 apiVersion: v1

docs/operator-manual/notifications/templates.md

@@ -1,5 +1,5 @@
-The notification template is used to generate the notification content and is configured in the `argocd-notifications-cm` ConfigMap. The template is leveraging
-the [html/template](https://golang.org/pkg/html/template/) golang package and allows customization of the notification message.
+The notification template is used to generate the notification content and configured in `argocd-notifications-cm` ConfigMap. The template is leveraging
+[html/template](https://golang.org/pkg/html/template/) golang package and allow to customize notification message.
 Templates are meant to be reusable and can be referenced by multiple triggers.
 
 The following template is used to notify the user about application sync status.
@@ -19,9 +19,9 @@ data:
 Each template has access to the following fields:
 
 - `app` holds the application object.
-- `context` is a user-defined string map and might include any string keys and values.
-- `serviceType` holds the notification service type name (such as "slack" or "email). The field can be used to conditionally
-render service-specific fields.
+- `context` is user defined string map and might include any string keys and values.
+- `serviceType` holds the notification service type name. The field can be used to conditionally
+render service specific fields.
 - `recipient` holds the recipient name.
 
 ## Defining user-defined `context`
@@ -51,30 +51,30 @@ See corresponding service [documentation](services/overview.md) for more informa
 
 ## Change the timezone
 
-You can change the timezone to show in notifications as follows.
+You can change the timezone to show it as follows.
 
 1. Call time functions.
 
-    ```
-    {{ (call .time.Parse .app.status.operationState.startedAt).Local.Format "2006-01-02T15:04:05Z07:00" }}
-    ```
+```
+{{ (call .time.Parse .app.status.operationState.startedAt).Local.Format "2006-01-02T15:04:05Z07:00" }}
+```
 
-2. Set the `TZ` environment variable on the argocd-notifications-controller container.
+2. Set environment to container.
 
-    ```yaml
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      name: argocd-notifications-controller
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-notifications-controller
+spec:
+(snip)
     spec:
-      template:
-        spec:
-          containers:
-          - name: argocd-notifications-controller
-            env:
-            - name: TZ
-              value: Asia/Tokyo
-    ```
+      containers:
+      - name: argocd-notifications-controller
+        env:
+        - name: TZ
+          value: Asia/Tokyo
+```
 
 ## Functions
 

docs/operator-manual/notifications/triggers.md

@@ -3,7 +3,7 @@ and notification templates reference. The condition is a predicate expression th
 should be sent. The trigger condition evaluation is powered by [antonmedv/expr](https://github.com/antonmedv/expr).
 The condition language syntax is described at [Language-Definition.md](https://github.com/antonmedv/expr/blob/master/docs/Language-Definition.md).
 
-The trigger is configured in the `argocd-notifications-cm` ConfigMap. For example the following trigger sends a notification
+The trigger is configured in `argocd-notifications-cm` ConfigMap. For example the following trigger sends a notification
 when application sync status changes to `Unknown` using the `app-sync-status` template:
 
 ```yaml
@@ -17,9 +17,9 @@ data:
       send: [app-sync-status, github-commit-status] # template names
 ```
 
-Each condition might use several templates. Typically, each template is responsible for generating a service-specific notification part.
-In the example above, the `app-sync-status` template "knows" how to create email and Slack notification, and `github-commit-status` knows how to
-generate the payload for GitHub webhook.
+Each condition might use several templates. Typically each template is responsible for generating a service-specific notification part.
+In the example above `app-sync-status` template "knows" how to create email and slack notification and `github-commit-status` knows how to
+generate payload for Github webhook.
 
 ## Conditions Bundles
 

docs/operator-manual/notifications/troubleshooting-errors.md

@@ -36,6 +36,6 @@ You need to check your argocd-notifications controller version. For instance, th
 
 ## Failed to notify recipient
 
-### notification service 'xxxx' is not supported
+### notification service 'xxxx' is not supported"
 
 You have not defined `xxxx` in `argocd-notifications-cm` or to fail to parse settings.

docs/operator-manual/notifications/troubleshooting.md

@@ -1,30 +1,32 @@
-`argocd admin notifications` is a CLI command group that helps to configure the controller
-settings and troubleshoot issues. Full command details are available in the [command reference](../../user-guide/commands/argocd_admin_notifications.md).
+## Troubleshooting
+
+The `argocd admin notifications` is a CLI command group that helps to configure the controller
+settings and troubleshoot issues.
 
 ## Global flags
-The following global flags are available for all sub-commands:
+Following global flags are available for all sub-commands:
 
-* `--config-map` - path to the file containing `argocd-notifications-cm` ConfigMap. If not specified
+* `config-map` - path to the file containing `argocd-notifications-cm` ConfigMap. If not specified
 then the command loads `argocd-notification-cm` ConfigMap using the local Kubernetes config file.
-* `--secret` - path to the file containing `argocd-notifications-secret` ConfigMap. If not
+* `secret` - path to the file containing `argocd-notifications-secret` ConfigMap. If not
 specified then the command loads `argocd-notification-secret` Secret using the local Kubernetes config file.
-Additionally, you can specify `:empty` to use empty secret with no notification service settings. 
+Additionally, you can specify `:empty` value to use empty secret with no notification service settings. 
 
 **Examples:**
 
-* Get a list of triggers configured in the local config map:
+* Get list of triggers configured in the local config map:
 
-    ```bash
-    argocd admin notifications trigger get \
-      --config-map ./argocd admin notifications-cm.yaml --secret :empty
-    ```
+```bash
+argocd admin notifications trigger get \
+  --config-map ./argocd admin notifications-cm.yaml --secret :empty
+```
 
 * Trigger notification using in-cluster config map and secret:
 
-    ```bash
-    argocd admin notifications template notify \
-      app-sync-succeeded guestbook --recipient slack:argocd admin notifications
-    ```
+```bash
+argocd admin notifications template notify \
+  app-sync-succeeded guestbook --recipient slack:argocd admin notifications
+```
 
 ## Kustomize
 
@@ -42,17 +44,17 @@ kustomize build ./argocd-notifications | \
 
 ### On your laptop
 
-You can download the `argocd` CLI from the GitHub [release](https://github.com/argoproj/argo-cd/releases)
+You can download the `argocd` CLI from the github [release](https://github.com/argoproj/argo-cd/releases)
 attachments.
 
-The binary is available in the `quay.io/argoproj/argocd` image. Use the `docker run` and volume mount
+The binary is available in `argoproj/argo-cd` image. Use the `docker run` and volume mount
 to execute binary on any platform. 
 
 **Example:**
 
 ```bash
 docker run --rm -it -w /src -v $(pwd):/src \
-  quay.io/argoproj/argocd:<version> \
+  argoproj/argo-cd:<version> \
   /app/argocd admin notifications trigger get \
   --config-map ./argocd-notifications-cm.yaml --secret :empty
 ```
@@ -70,12 +72,7 @@ kubectl exec -it argocd-notifications-controller-<pod-hash> \
 
 ## Commands
 
-The following commands may help debug issues with notifications:
-
-* [`argocd admin notifications template get`](../../user-guide/commands/argocd_admin_notifications_template_get.md)
-* [`argocd admin notifications template notify`](../../user-guide/commands/argocd_admin_notifications_template_notify.md)
-* [`argocd admin notifications trigger get`](../../user-guide/commands/argocd_admin_notifications_trigger_get.md)
-* [`argocd admin notifications trigger run`](../../user-guide/commands/argocd_admin_notifications_trigger_run.md)
+{!docs/operator-manual/notifications/troubleshooting-commands.md!}
 
 ## Errors
 

docs/operator-manual/tested-kubernetes-versions.md

@@ -1,6 +1,5 @@
 | Argo CD version | Kubernetes versions |
 |-----------------|---------------------|
+| 2.9 | v1.27, v1.26, v1.25, v1.24 |
+| 2.8 | v1.27, v1.26, v1.25, v1.24 |
 | 2.7 | v1.26, v1.25, v1.24, v1.23 |
-| 2.6 | v1.24, v1.23, v1.22 |
-| 2.5 | v1.24, v1.23, v1.22 |
-

docs/operator-manual/user-management/zitadel.md

@@ -1,210 +0,0 @@
-# Zitadel
-Please also consult the [Zitadel Documentation](https://zitadel.com/docs).
-## Integrating Zitadel and ArgoCD
-These instructions will take you through the entire process of getting your ArgoCD application authenticating and authorizing with Zitadel. You will create an application within Zitadel and configure ArgoCD to use Zitadel for authentication using roles set in Zitadel to determine privileges in ArgoCD.
-
-The following steps are required to integrate ArgoCD with Zitadel:
-1. Create a new project and a new application in Zitadel
-2. Configure the application in Zitadel
-3. Set up roles in Zitadel
-4. Set up an action in Zitadel
-5. Configure ArgoCD configmaps
-6. Test the setup
-
-The following values will be used in this example:
-- Zitadel FQDN: `auth.example.com`
-- Zitadel Project: `argocd-project`
-- Zitadel Application: `argocd-application`
-- Zitadel Action: `groupsClaim`
-- ArgoCD FQDN: `argocd.example.com`
-- ArgoCD Administrator Role: `argocd_administrators`
-- ArgoCD User Role: `argocd_users`
-
-You may choose different values in your setup; these are used to keep the guide consistent.
-
-## Setting up your project and application in Zitadel
-First, we will create a new project within Zitadel. Go to **Projects** and select **Create New Project**.  
-You should now see the following screen.  
-
-![Zitadel Project](../../assets/zitadel-project.png "Zitadel Project")
-
-Check the following options:
-- Assert Roles on Authentication
-- Check authorization on Authentication
-
-![Zitadel Project Settings](../../assets/zitadel-project-settings.png "Zitadel Project Settings")
-
-### Roles
-
-Go to **Roles** and click **New**. Create the following two roles. Use the specified values below for both fields **Key** and **Group**.
-- `argocd_administrators`
-- `argocd_users`
-
-Your roles should now look like this:
-
-![Zitadel Project Roles](../../assets/zitadel-project-roles.png "Zitadel Project Roles")
-
-### Authorizations
-
-Next, go to **Authorizations** and assign your user the role `argocd_administrators`.
-Click **New**, enter the name of your user and click **Continue**. Select the role `argocd_administrators` and click **Save**.
-
-Your authorizations should now look like this:
-
-![Zitadel Project Authorizations](../../assets/zitadel-project-authorizations.png "Zitadel Project Authorizations")
-
-### Creating an application
-
-Go to **General** and create a new application. Name the application `argocd-application`.
-
-For type of the application, select **WEB** and click continue.
-
-![Zitadel Application Setup Step 1](../../assets/zitadel-application-1.png "Zitadel Application Setup Step 1")
-
-Select **CODE** and continue.
-
-![Zitadel Application Setup Step 2](../../assets/zitadel-application-2.png "Zitadel Application Setup Step 2")
-
-Next, we will set up the redirect and post-logout URIs. Set the following values:
-- Redirect URI: `https://argocd.example.com/auth/callback`
-- Post Logout URI: `https://argocd.example.com`
-
-The post logout URI is optional. In the example setup users will be taken back to the ArgoCD login page after logging out.
-
-![Zitadel Application Setup Step 3](../../assets/zitadel-application-3.png "Zitadel Application Setup Step 3")
-
-Verify your configuration on the next screen and click **Create** to create the application.
-
-![Zitadel Application Setup Step 4](../../assets/zitadel-application-4.png "Zitadel Application Setup Step 4")
-
-After clicking **Create** you will be shown the `ClientId` and the `ClientSecret` for your application. Make sure to copy the ClientSecret as you will not be able to retrieve it after closing this window.  
-For our example, the following values are used:
-- ClientId: `227060711795262483@argocd-project`
-- ClientSecret: `UGvTjXVFAQ8EkMv2x4GbPcrEwrJGWZ0sR2KbwHRNfYxeLsDurCiVEpa5bkgW0pl0`
-
-![Zitadel Application Secrets](../../assets/zitadel-application-secrets.png "Zitadel Application Secrets")
-
-Once you have saved the ClientSecret in a safe place, click **Close** to complete creating the application.
-
-Go to **Token Settings** and enable the following options:  
-- User roles inside ID Token
-- User Info inside ID Token
-
-![Zitadel Application Settings](../../assets/zitadel-application-settings.png "Zitadel Application Settings")
-
-## Setting up an action in Zitadel
-
-To include the role of the user in the token issued by Zitadel, we will need to set up a Zitadel Action. The authorization in ArgoCD will be determined by the role contained within the auth token.  
-Go to **Actions**, click **New** and choose `groupsClaim` as the name of your action.
-
-Paste the following code into the action:
-
-```javascript
-/**
- * sets the roles an additional claim in the token with roles as value an project as key
- *
- * The role claims of the token look like the following:
- *
- * // added by the code below
- * "groups": ["{roleName}", "{roleName}", ...],
- *
- * Flow: Complement token, Triggers: Pre Userinfo creation, Pre access token creation
- *
- * @param ctx
- * @param api
- */
-function groupsClaim(ctx, api) {
-  if (ctx.v1.user.grants === undefined || ctx.v1.user.grants.count == 0) {
-    return;
-  }
-
-  let grants = [];
-  ctx.v1.user.grants.grants.forEach((claim) => {
-    claim.roles.forEach((role) => {
-      grants.push(role);
-    });
-  });
-
-  api.v1.claims.setClaim("groups", grants);
-}
-```
-
-Check **Allowed To Fail** and click **Add** to add your action.  
-
-*Note: If **Allowed To Fail** is not checked and a user does not have a role assigned, it may be possible that the user is no longer able to log in to Zitadel as the login flow fails when the action fails.*
-
-Next, add your action to the **Complement Token** flow. Select the **Complement Token** flow from the dropdown and click **Add trigger**.  
-Add your action to both triggers **Pre Userinfo creation** and **Pre access token creation**.
-
-Your Actions page should now look like the following screenshot:
-
-![Zitadel Actions](../../assets/zitadel-actions.png "Zitadel Actions")
-
-
-## Configuring the ArgoCD configmaps
-
-Next, we will configure two ArgoCD configmaps:
-- [argocd-cm.yaml](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml)
-- [argocd-rbac-cm.yaml](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml)
-
-Configure your configmaps as follows while making sure to replace the relevant values such as `url`, `issuer`, `clientID`, `clientSecret` and `logoutURL` with ones matching your setup.
-
-### argocd-cm.yaml
-```yaml
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-cm
-  namespace: argocd
-  labels:
-    app.kubernetes.io/part-of: argocd
-data:
-  admin.enabled: "false"
-  url: https://argocd.example.com
-  oidc.config: |
-    name: Zitadel
-    issuer: https://auth.example.com
-    clientID: 227060711795262483@argocd-project
-    clientSecret: UGvTjXVFAQ8EkMv2x4GbPcrEwrJGWZ0sR2KbwHRNfYxeLsDurCiVEpa5bkgW0pl0
-    requestedScopes:
-      - openid
-      - profile
-      - email
-      - groups
-    logoutURL: https://auth.example.com/oidc/v1/end_session
-```
-
-### argocd-rbac-cm.yaml
-```yaml
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-rbac-cm
-  namespace: argocd
-  labels:
-    app.kubernetes.io/part-of: argocd
-data:
-  scopes: '[groups]'
-  policy.csv: |
-    g, argocd_administrators, role:admin
-    g, argocd_users, role:readonly
-  policy.default: ''
-```
-
-The roles specified under `policy.csv` must match the roles configured in Zitadel.  
-The Zitadel role `argocd_administrators` will be assigned the ArgoCD role `admin` granting admin access to ArgoCD.  
-The Zitadel role `argocd_users` will be assigned the ArgoCD role `readonly` granting read-only access to ArgoCD.
-
-Deploy your ArgoCD configmaps. ArgoCD and Zitadel should now be set up correctly to allow users to log in to ArgoCD using Zitadel.
-
-## Testing the setup
-
-Go to your ArgoCD instance. You should now see the **LOG IN WITH ZITADEL** button above the usual username/password login.
-
-![Zitadel ArgoCD Login](../../assets/zitadel-argocd-login.png "Zitadel ArgoCD Login")
-
-After logging in with your Zitadel user go to **User Info**. If everything is set up correctly you should now see the group `argocd_administrators` as shown below.
-
-![Zitadel ArgoCD User Info](../../assets/zitadel-argocd-user-info.png "Zitadel ArgoCD User Info")

docs/requirements.txt

@@ -3,5 +3,4 @@ mkdocs-material==7.1.8
 markdown_include==0.6.0
 pygments==2.15.0
 jinja2==3.0.3
-markdown==3.3.7
-pymdown-extensions==10.2.1
+markdown==3.3.7

docs/user-guide/commands/argocd_account.md

@@ -8,22 +8,6 @@ Manage account settings
 argocd account [flags]
 ```
 
-### Examples
-
-```
-  # List accounts
-  argocd account list
-  
-  # Update the current user's password
-  argocd account update-password
-  
-  # Can I sync any app?
-  argocd account can-i sync applications '*'
-  
-  # Get User information
-  argocd account get-user-info
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_account_get-user-info.md

@@ -8,16 +8,6 @@ Get user info
 argocd account get-user-info [flags]
 ```
 
-### Examples
-
-```
-  # Get User information for the currently logged-in user (see 'argocd login')
-  argocd account get-user-info
-  
-  # Get User information in yaml format
-  argocd account get-user-info -o yaml
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_app_actions.md

@@ -8,16 +8,6 @@ Manage Resource actions
 argocd app actions [flags]
 ```
 
-### Examples
-
-```
-  # List all the available actions for an application
-  argocd app actions list APPNAME
-  
-  # Run an available action for an application
-  argocd app actions run APPNAME ACTION --kind KIND [--resource-name RESOURCE] [--namespace NAMESPACE] [--group GROUP]
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_app_actions_list.md

@@ -8,13 +8,6 @@ Lists available actions on a resource
 argocd app actions list APPNAME [flags]
 ```
 
-### Examples
-
-```
-  # List all the available actions for an application
-  argocd app actions list APPNAME
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_app_actions_run.md

@@ -8,13 +8,6 @@ Runs an available action on resource(s)
 argocd app actions run APPNAME ACTION [flags]
 ```
 
-### Examples
-
-```
-  # Run an available action for an application
-  argocd app actions run APPNAME ACTION --kind KIND [--resource-name RESOURCE] [--namespace NAMESPACE] [--group GROUP]
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_appset_get.md

@@ -8,13 +8,6 @@ Get ApplicationSet details
 argocd appset get APPSETNAME [flags]
 ```
 
-### Examples
-
-```
-  # Get ApplicationSets
-  argocd appset get APPSETNAME
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_completion.md

@@ -26,18 +26,6 @@ compinit
 argocd completion SHELL [flags]
 ```
 
-### Examples
-
-```
-# For bash
-$ source <(argocd completion bash)
-
-# For zsh
-$ argocd completion zsh > _argocd
-$ source _argocd
-
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_context.md

@@ -8,19 +8,6 @@ Switch between contexts
 argocd context [CONTEXT] [flags]
 ```
 
-### Examples
-
-```
-# List Argo CD Contexts
-argocd context
-
-# Switch Argo CD context
-argocd context cd.argoproj.io
-
-# Delete Argo CD context
-argocd context cd.argoproj.io --delete
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_logout.md

@@ -12,15 +12,6 @@ Log out from Argo CD
 argocd logout CONTEXT [flags]
 ```
 
-### Examples
-
-```
-# To log out of argocd
-$ argocd logout
-# This can be helpful for security reasons or when you want to switch between different Argo CD contexts or accounts.
-
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_relogin.md

@@ -12,12 +12,6 @@ Refresh an expired authenticate token
 argocd relogin [flags]
 ```
 
-### Examples
-
-```
-argocd relogin --password YOUR_PASSWORD
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_repocreds.md

@@ -8,19 +8,6 @@ Manage repository connection parameters
 argocd repocreds [flags]
 ```
 
-### Examples
-
-```
-  # Add credentials with user/pass authentication to use for all repositories under the specified URL
-  argocd repocreds add URL --username USERNAME --password PASSWORD
-  
-  # List all the configured repository credentials
-  argocd repocreds list
-  
-  # Remove credentials for the repositories with speficied URL
-  argocd repocreds rm URL
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_repocreds_list.md

@@ -8,16 +8,6 @@ List configured repository credentials
 argocd repocreds list [flags]
 ```
 
-### Examples
-
-```
-  # List all the configured repository credentials
-  argocd repocreds list
-  
-  # List all the configured repository credentials in json format
-  argocd repocreds list -o json
-```
-
 ### Options
 
 ```

docs/user-guide/commands/argocd_repocreds_rm.md

@@ -8,13 +8,6 @@ Remove repository credentials
 argocd repocreds rm CREDSURL [flags]
 ```
 
-### Examples
-
-```
-  # Remove credentials for the repositories with URL https://git.example.com/repos
-  argocd repocreds rm https://git.example.com/repos/
-```
-
 ### Options
 
 ```

docs/user-guide/helm.md

@@ -168,7 +168,7 @@ Argo CD supports many (most?) Helm hooks by mapping the Helm annotations onto Ar
 Unsupported hooks are ignored. In Argo CD, hooks are created by using `kubectl apply`, rather than `kubectl create`. This means that if the hook is named and already exists, it will not change unless you have annotated it with `before-hook-creation`.
 
 !!! warning "Helm hooks + ArgoCD hooks"
-    If you define any Argo CD hooks, _all_ Helm hooks will be ignored.   
+    If you define some Argo CD hooks in addition to the Helm ones, the Helm hooks will be ignored.   
 
 !!! warning "'install' vs 'upgrade' vs 'sync'"
     Argo CD cannot know if it is running a first-time "install" or an "upgrade" - every operation is a "sync'. This means that, by default, apps that have `pre-install` and `pre-upgrade` will have those hooks run at the same time.

docs/user-guide/projects.md

@@ -3,8 +3,8 @@
 Projects provide a logical grouping of applications, which is useful when Argo CD is used by multiple
 teams. Projects provide the following features:
 
-* restrict what may be deployed (trusted Git source repositories)
-* restrict where apps may be deployed to (destination clusters and namespaces)
+* restrict *what* may be deployed (trusted Git source repositories)
+* restrict *where* apps may be deployed to (destination clusters and namespaces)
 * restrict what kinds of objects may or may not be deployed (e.g. RBAC, CRDs, DaemonSets, NetworkPolicy etc...)
 * defining project roles to provide application RBAC (bound to OIDC groups and/or JWT tokens)
 
@@ -346,4 +346,4 @@ spec:
 ```
 
 With this set, the application above would no longer be allowed to be synced to any cluster other than the ones which 
-are a part of the same project.    
+are a part of the same project.    

hack/gen-docs/main.go

@@ -25,7 +25,7 @@ func generateNotificationsDocs() {
 		log.Fatal(err)
 	}
 	if files != nil {
-		if e := updateMkDocsNav("Operator Manual", "Notifications", "Notification Services", files); e != nil {
+		if e := updateMkDocsNav("Operator Manual", "Notification", "Notification Services", files); e != nil {
 			log.Fatal(e)
 		}
 	}
@@ -49,9 +49,6 @@ func updateMkDocsNav(parent string, child string, subchild string, files []strin
 	}
 	rootnavitemmap := rootitem.(map[interface{}]interface{})
 	childnav, _ := findNavItem(rootnavitemmap[parent].([]interface{}), child)
-	if childnav == nil {
-		return fmt.Errorf("Can't find '%s' chile item under '%s' parent item in mkdoc.yml", child, parent)
-	}
 
 	childnavmap := childnav.(map[interface{}]interface{})
 	childnavitems := childnavmap[child].([]interface{})

hack/installers/install-gotestsum.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-set -eux -o pipefail
-
-# Code from: https://github.com/argoproj/argo-rollouts/blob/f650a1fd0ba7beb2125e1598410515edd572776f/hack/installers/install-dev-tools.sh
-
-PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/../..; pwd)
-DIST_PATH="${PROJECT_ROOT}/dist"
-PATH="${DIST_PATH}:${PATH}"
-
-mkdir -p ${DIST_PATH}
-
-gotestsum_version=1.11.0
-
-OS=$(go env GOOS)
-ARCH=$(go env GOARCH)
-
-export TARGET_FILE=gotestsum_${gotestsum_version}_${OS}_${ARCH}.tar.gz
-temp_path="/tmp/${TARGET_FILE}"
-url=https://github.com/gotestyourself/gotestsum/releases/download/v${gotestsum_version}/gotestsum_${gotestsum_version}_${OS}_${ARCH}.tar.gz
-[ -e ${temp_path} ] || curl -sLf --retry 3 -o ${temp_path} ${url}
-
-mkdir -p /tmp/gotestsum-${gotestsum_version}
-tar -xvzf ${temp_path} -C /tmp/gotestsum-${gotestsum_version}
-cp /tmp/gotestsum-${gotestsum_version}/gotestsum ${DIST_PATH}/gotestsum
-chmod +x ${DIST_PATH}/gotestsum
-gotestsum --version

hack/test.sh

@@ -15,4 +15,12 @@ fi
 
 mkdir -p $TEST_RESULTS
 
-GODEBUG="tarinsecurepath=0,zipinsecurepath=0" ${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=$TEST_RESULTS/junit.xml --format=testname --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- $TEST_FLAGS $*
+report() {
+	set -eux -o pipefail
+
+	go-junit-report < $TEST_RESULTS/test.out > $TEST_RESULTS/junit.xml
+}
+
+trap 'report' EXIT
+
+GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go test $TEST_FLAGS -failfast $* 2>&1 | tee $TEST_RESULTS/test.out

manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml

@@ -151,12 +151,6 @@ spec:
                   name: argocd-cmd-params-cm
                   key: applicationsetcontroller.allowed.scm.providers
                   optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.enable.scm.providers
-                  optional: true
           volumeMounts:
             - mountPath: /app/config/ssh
               name: ssh-known-hosts

manifests/base/kustomization.yaml

@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.9.0-rc2
 resources:
 - ./application-controller
 - ./dex

manifests/core-install.yaml

@@ -20742,13 +20742,7 @@ spec:
               key: applicationsetcontroller.allowed.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-          valueFrom:
-            configMapKeyRef:
-              key: applicationsetcontroller.enable.scm.providers
-              name: argocd-cmd-params-cm
-              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -21048,7 +21042,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -21100,7 +21094,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -21319,7 +21313,7 @@ spec:
               key: controller.kubectl.parallelism.limit
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/core-install/kustomization.yaml

@@ -12,4 +12,4 @@ resources:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.9.0-rc2

manifests/ha/base/kustomization.yaml

@@ -12,7 +12,7 @@ patches:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.9.0-rc2
 resources:
 - ../../base/application-controller
 - ../../base/applicationset-controller

manifests/ha/base/redis-ha/chart/upstream.yaml

@@ -1094,13 +1094,7 @@ spec:
         args:
         - /readonly/haproxy_init.sh
         securityContext: 
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
+          null
         volumeMounts:
         - name: config-volume
           mountPath: /readonly
@@ -1112,13 +1106,7 @@ spec:
         image: haproxy:2.6.14-alpine
         imagePullPolicy: IfNotPresent
         securityContext: 
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
+          null
         livenessProbe:
           httpGet:
             path: /healthz
@@ -1216,14 +1204,7 @@ spec:
         args:
         - /readonly-config/init.sh
         securityContext: 
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault        
+          null        
         env:
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
@@ -1248,14 +1229,7 @@ spec:
         args:
         - /data/conf/redis.conf
         securityContext: 
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault
+          null
         livenessProbe:
           initialDelaySeconds: 30
           periodSeconds: 15
@@ -1305,14 +1279,7 @@ spec:
         args:
           - /data/conf/sentinel.conf
         securityContext: 
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault
+          null
         livenessProbe:
           initialDelaySeconds: 30
           periodSeconds: 15
@@ -1356,14 +1323,7 @@ spec:
         args:
           - /readonly-config/fix-split-brain.sh
         securityContext: 
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault        
+          null        
         env:
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6

manifests/ha/install.yaml

@@ -21998,13 +21998,7 @@ spec:
               key: applicationsetcontroller.allowed.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-          valueFrom:
-            configMapKeyRef:
-              key: applicationsetcontroller.enable.scm.providers
-              name: argocd-cmd-params-cm
-              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -22127,7 +22121,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -22197,7 +22191,7 @@ spec:
               key: notificationscontroller.log.level
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -22528,7 +22522,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -22580,7 +22574,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -22869,7 +22863,7 @@ spec:
               key: server.enable.proxy.extension
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -23115,7 +23109,7 @@ spec:
               key: controller.kubectl.parallelism.limit
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/ha/namespace-install.yaml

@@ -1654,13 +1654,7 @@ spec:
               key: applicationsetcontroller.allowed.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-          valueFrom:
-            configMapKeyRef:
-              key: applicationsetcontroller.enable.scm.providers
-              name: argocd-cmd-params-cm
-              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -1783,7 +1777,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -1853,7 +1847,7 @@ spec:
               key: notificationscontroller.log.level
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -2184,7 +2178,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -2236,7 +2230,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -2525,7 +2519,7 @@ spec:
               key: server.enable.proxy.extension
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -2771,7 +2765,7 @@ spec:
               key: controller.kubectl.parallelism.limit
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/install.yaml

@@ -21093,13 +21093,7 @@ spec:
               key: applicationsetcontroller.allowed.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-          valueFrom:
-            configMapKeyRef:
-              key: applicationsetcontroller.enable.scm.providers
-              name: argocd-cmd-params-cm
-              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -21222,7 +21216,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -21292,7 +21286,7 @@ spec:
               key: notificationscontroller.log.level
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -21574,7 +21568,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -21626,7 +21620,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -21913,7 +21907,7 @@ spec:
               key: server.enable.proxy.extension
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -22159,7 +22153,7 @@ spec:
               key: controller.kubectl.parallelism.limit
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/namespace-install.yaml

@@ -749,13 +749,7 @@ spec:
               key: applicationsetcontroller.allowed.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-          valueFrom:
-            configMapKeyRef:
-              key: applicationsetcontroller.enable.scm.providers
-              name: argocd-cmd-params-cm
-              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -878,7 +872,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -948,7 +942,7 @@ spec:
               key: notificationscontroller.log.level
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -1230,7 +1224,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -1282,7 +1276,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -1569,7 +1563,7 @@ spec:
               key: server.enable.proxy.extension
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -1815,7 +1809,7 @@ spec:
               key: controller.kubectl.parallelism.limit
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.9.0-rc2
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

mkdocs.yml

@@ -13,7 +13,6 @@ markdown_extensions:
 - admonition
 - toc:
     permalink: true
-- pymdownx.superfences
 nav:
 - Overview: index.md
 - understand_the_basics.md
@@ -27,9 +26,6 @@ nav:
   - operator-manual/declarative-setup.md
   - operator-manual/app-any-namespace.md
   - operator-manual/ingress.md
-  - High Availability:
-    - Overview: operator-manual/high_availability.md
-    - Dynamic Cluster Distribution: operator-manual/dynamic-cluster-distribution.md
   - User Management:
     - operator-manual/user-management/index.md
     - operator-manual/user-management/auth0.md
@@ -39,7 +35,6 @@ nav:
     - operator-manual/user-management/keycloak.md
     - operator-manual/user-management/openunison.md
     - operator-manual/user-management/google.md
-    - operator-manual/user-management/zitadel.md
     - operator-manual/rbac.md
   - Security:
     - Overview: operator-manual/security.md
@@ -49,6 +44,7 @@ nav:
   - operator-manual/cluster-bootstrapping.md
   - operator-manual/secret-management.md
   - operator-manual/disaster_recovery.md
+  - operator-manual/high_availability.md
   - operator-manual/reconcile.md
   - operator-manual/webhook.md
   - operator-manual/health.md
@@ -60,7 +56,7 @@ nav:
   - operator-manual/web_based_terminal.md
   - operator-manual/config-management-plugins.md
   - operator-manual/deep_links.md
-  - Notifications:
+  - Notification:
     - Overview: operator-manual/notifications/index.md
     - operator-manual/notifications/triggers.md
     - operator-manual/notifications/templates.md

pkg/apis/application/v1alpha1/applicationset_types.go

@@ -229,7 +229,7 @@ type ApplicationSetTerminalGenerator struct {
 	SCMProvider             *SCMProviderGenerator `json:"scmProvider,omitempty" protobuf:"bytes,4,name=scmProvider"`
 	ClusterDecisionResource *DuckTypeGenerator    `json:"clusterDecisionResource,omitempty" protobuf:"bytes,5,name=clusterDecisionResource"`
 	PullRequest             *PullRequestGenerator `json:"pullRequest,omitempty" protobuf:"bytes,6,name=pullRequest"`
-	Plugin                  *PluginGenerator      `json:"plugin,omitempty" protobuf:"bytes,7,name=plugin"`
+	Plugin                  *PluginGenerator      `json:"plugin,omitempty" protobuf:"bytes,7,name=pullRequest"`
 
 	// Selector allows to post-filter all generator.
 	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,8,name=selector"`
@@ -432,22 +432,6 @@ type SCMProviderGenerator struct {
 	// Values contains key/value pairs which are passed directly as parameters to the template
 	Values        map[string]string                  `json:"values,omitempty" protobuf:"bytes,11,name=values"`
 	AWSCodeCommit *SCMProviderGeneratorAWSCodeCommit `json:"awsCodeCommit,omitempty" protobuf:"bytes,12,opt,name=awsCodeCommit"`
-	// If you add a new SCM provider, update CustomApiUrl below.
-}
-
-func (g *SCMProviderGenerator) CustomApiUrl() string {
-	if g.Github != nil {
-		return g.Github.API
-	} else if g.Gitlab != nil {
-		return g.Gitlab.API
-	} else if g.Gitea != nil {
-		return g.Gitea.API
-	} else if g.BitbucketServer != nil {
-		return g.BitbucketServer.API
-	} else if g.AzureDevOps != nil {
-		return g.AzureDevOps.API
-	}
-	return ""
 }
 
 // SCMProviderGeneratorGitea defines a connection info specific to Gitea.
@@ -590,29 +574,6 @@ type PullRequestGenerator struct {
 	Bitbucket           *PullRequestGeneratorBitbucket `json:"bitbucket,omitempty" protobuf:"bytes,8,opt,name=bitbucket"`
 	// Additional provider to use and config for it.
 	AzureDevOps *PullRequestGeneratorAzureDevOps `json:"azuredevops,omitempty" protobuf:"bytes,9,opt,name=azuredevops"`
-	// If you add a new SCM provider, update CustomApiUrl below.
-}
-
-func (p *PullRequestGenerator) CustomApiUrl() string {
-	if p.Github != nil {
-		return p.Github.API
-	}
-	if p.GitLab != nil {
-		return p.GitLab.API
-	}
-	if p.Gitea != nil {
-		return p.Gitea.API
-	}
-	if p.BitbucketServer != nil {
-		return p.BitbucketServer.API
-	}
-	if p.Bitbucket != nil {
-		return p.Bitbucket.API
-	}
-	if p.AzureDevOps != nil {
-		return p.AzureDevOps.API
-	}
-	return ""
 }
 
 // PullRequestGeneratorGitea defines connection info specific to Gitea.

test/e2e/applicationset_test.go

@@ -1706,7 +1706,7 @@ func TestSCMProviderGeneratorSCMProviderNotAllowed(t *testing.T) {
 			// app should be listed
 			output, err := fixture.RunCli("appset", "get", "scm-provider-generator-scm-provider-not-allowed")
 			assert.NoError(t, err)
-			assert.Contains(t, output, "scm provider not allowed")
+			assert.Contains(t, output, "scm provider not allowed: http://myservice.mynamespace.svc.cluster.local")
 		})
 }
 
@@ -2113,7 +2113,7 @@ func TestPullRequestGeneratorNotAllowedSCMProvider(t *testing.T) {
 			// app should be listed
 			output, err := fixture.RunCli("appset", "get", "pull-request-generator-not-allowed-scm")
 			assert.NoError(t, err)
-			assert.Contains(t, output, "scm provider not allowed")
+			assert.Contains(t, output, "failed to select pull request service provider: scm provider not allowed: http://myservice.mynamespace.svc.cluster.local")
 		})
 }
 

test/e2e/fixture/account/actions.go

@@ -41,7 +41,7 @@ func (a *Actions) DoNotIgnoreErrors() *Actions {
 func (a *Actions) prepareSetPasswordArgs(account string) []string {
 	a.context.t.Helper()
 	return []string{
-		"account", "update-password", "--account", account, "--current-password", fixture.AdminPassword, "--new-password", fixture.DefaultTestUserPassword,
+		"account", "update-password", "--account", account, "--current-password", fixture.AdminPassword, "--new-password", fixture.DefaultTestUserPassword, "--plaintext",
 	}
 }
 

test/e2e/fixture/fixture.go

@@ -685,7 +685,7 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) {
 	// set-up tmp repo, must have unique name
 	FailOnErr(Run("", "cp", "-Rf", opt.testdata, repoDirectory()))
 	FailOnErr(Run(repoDirectory(), "chmod", "777", "."))
-	FailOnErr(Run(repoDirectory(), "git", "init", "-b", "master"))
+	FailOnErr(Run(repoDirectory(), "git", "init"))
 	FailOnErr(Run(repoDirectory(), "git", "add", "."))
 	FailOnErr(Run(repoDirectory(), "git", "commit", "-q", "-m", "initial commit"))
 
@@ -873,10 +873,13 @@ func Declarative(filename string, values interface{}) (string, error) {
 }
 
 func CreateSubmoduleRepos(repoType string) {
+	oldEnv := os.Getenv("GIT_ALLOW_PROTOCOL")
+	CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", "file"))
+
 	// set-up submodule repo
 	FailOnErr(Run("", "cp", "-Rf", "testdata/git-submodule/", submoduleDirectory()))
 	FailOnErr(Run(submoduleDirectory(), "chmod", "777", "."))
-	FailOnErr(Run(submoduleDirectory(), "git", "init", "-b", "master"))
+	FailOnErr(Run(submoduleDirectory(), "git", "init"))
 	FailOnErr(Run(submoduleDirectory(), "git", "add", "."))
 	FailOnErr(Run(submoduleDirectory(), "git", "commit", "-q", "-m", "initial commit"))
 
@@ -888,20 +891,9 @@ func CreateSubmoduleRepos(repoType string) {
 	// set-up submodule parent repo
 	FailOnErr(Run("", "mkdir", submoduleParentDirectory()))
 	FailOnErr(Run(submoduleParentDirectory(), "chmod", "777", "."))
-	FailOnErr(Run(submoduleParentDirectory(), "git", "init", "-b", "master"))
+	FailOnErr(Run(submoduleParentDirectory(), "git", "init"))
 	FailOnErr(Run(submoduleParentDirectory(), "git", "add", "."))
-	if IsRemote() {
-		FailOnErr(Run(submoduleParentDirectory(), "git", "submodule", "add", "-b", "master", os.Getenv("ARGOCD_E2E_GIT_SERVICE_SUBMODULE"), "submodule/test"))
-	} else {
-		oldAllowProtocol, isAllowProtocolSet := os.LookupEnv("GIT_ALLOW_PROTOCOL")
-		CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", "file"))
-		FailOnErr(Run(submoduleParentDirectory(), "git", "submodule", "add", "-b", "master", "../submodule.git", "submodule/test"))
-		if isAllowProtocolSet {
-			CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", oldAllowProtocol))
-		} else {
-			CheckError(os.Unsetenv("GIT_ALLOW_PROTOCOL"))
-		}
-	}
+	FailOnErr(Run(submoduleParentDirectory(), "git", "submodule", "add", "-b", "master", "../submodule.git", "submodule/test"))
 	if repoType == "ssh" {
 		FailOnErr(Run(submoduleParentDirectory(), "git", "config", "--file=.gitmodules", "submodule.submodule/test.url", RepoURL(RepoURLTypeSSHSubmodule)))
 	} else if repoType == "https" {
@@ -914,6 +906,8 @@ func CreateSubmoduleRepos(repoType string) {
 		FailOnErr(Run(submoduleParentDirectory(), "git", "remote", "add", "origin", os.Getenv("ARGOCD_E2E_GIT_SERVICE_SUBMODULE_PARENT")))
 		FailOnErr(Run(submoduleParentDirectory(), "git", "push", "origin", "master", "-f"))
 	}
+
+	CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", oldEnv))
 }
 
 func RemoveSubmodule() {

test/e2e/fixture/http.go

@@ -2,7 +2,6 @@ package fixture
 
 import (
 	"bytes"
-	"crypto/tls"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -28,14 +27,7 @@ func DoHttpRequest(method string, path string, data ...byte) (*http.Response, er
 		return nil, err
 	}
 	req.AddCookie(&http.Cookie{Name: common.AuthCookieName, Value: token})
-
-	httpClient := &http.Client{
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: IsRemote()},
-		},
-	}
-
-	return httpClient.Do(req)
+	return http.DefaultClient.Do(req)
 }
 
 // DoHttpJsonRequest executes a http request against the Argo CD API server and unmarshals the response body as JSON

ui-test/yarn.lock

@@ -1222,9 +1222,9 @@ selenium-webdriver@^4.0.0-alpha.7:
     ws "^7.3.1"
 
 semver@^5.3.0:
-  version "5.7.2"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8"
-  integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==
+  version "5.7.1"
+  resolved "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz"
+  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
 
 serialize-javascript@5.0.1:
   version "5.0.1"