sibling of dc1ccea568

.github/workflows/ci-build.yaml

@@ -362,7 +362,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        k3s-version: [v1.29.1, v1.28.6, v1.27.10, v1.26.13, v1.25.16]
+        k3s-version: [v1.28.2, v1.27.6, v1.26.9, v1.25.14]
     needs: 
       - build-go
     env:

CODEOWNERS

@@ -2,10 +2,9 @@
 ** @argoproj/argocd-approvers
 
 # Docs
-/docs/**     @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/USERS.md    @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/README.md   @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/mkdocs.yml  @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/docs/**    @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/USERS.md   @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/mkdocs.yml @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
 
 # CI
 /.github/**       @argoproj/argocd-approvers @argoproj/argocd-approvers-ci

Dockerfile

@@ -51,7 +51,7 @@ RUN groupadd -g $ARGOCD_USER_ID argocd && \
     apt-get update && \
     apt-get dist-upgrade -y && \
     apt-get install -y \
-    git git-lfs tini gpg tzdata connect-proxy && \
+    git git-lfs tini gpg tzdata && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 

Makefile

@@ -175,21 +175,29 @@ endif
 .PHONY: all
 all: cli image
 
+# We have some legacy requirements for being checked out within $GOPATH.
+# The ensure-gopath target can be used as dependency to ensure we are running
+# within these boundaries.
+.PHONY: ensure-gopath
+ensure-gopath:
+ifneq ("$(PWD)","$(LEGACY_PATH)")
+	@echo "Due to legacy requirements for codegen, repository needs to be checked out within \$$GOPATH"
+	@echo "Location of this repo should be '$(LEGACY_PATH)' but is '$(PWD)'"
+	@exit 1
+endif
+
 .PHONY: gogen
-gogen:
+gogen: ensure-gopath
 	export GO111MODULE=off
 	go generate ./util/argo/...
 
 .PHONY: protogen
-protogen: mod-vendor-local protogen-fast
-
-.PHONY: protogen-fast
-protogen-fast:
+protogen: ensure-gopath mod-vendor-local
 	export GO111MODULE=off
 	./hack/generate-proto.sh
 
 .PHONY: openapigen
-openapigen:
+openapigen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-openapi.sh
 
@@ -204,22 +212,19 @@ notification-docs:
 
 
 .PHONY: clientgen
-clientgen:
+clientgen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-codegen.sh
 
 .PHONY: clidocsgen
-clidocsgen:
+clidocsgen: ensure-gopath
 	go run tools/cmd-docs/main.go
 
 
 .PHONY: codegen-local
-codegen-local: mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
+codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
 	rm -rf vendor/
 
-.PHONY: codegen-local-fast
-codegen-local-fast: gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
-
 .PHONY: codegen
 codegen: test-tools-image
 	$(call run-in-test-client,make codegen-local)

README.md

@@ -13,7 +13,6 @@
 **Social:**
 [![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
 [![Slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
-[![LinkedIn](https://img.shields.io/badge/LinkedIn-argoproj-blue.svg?logo=linkedin)](https://www.linkedin.com/company/argoproj/)
 
 # Argo CD - Declarative Continuous Delivery for Kubernetes
 
@@ -86,5 +85,4 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA)
 1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y)
 1. [How to create Argo CD Applications Automatically using ApplicationSet? "Automation of GitOps"](https://amralaayassen.medium.com/how-to-create-argocd-applications-automatically-using-applicationset-automation-of-the-gitops-59455eaf4f72)
-1. [Progressive Delivery with Service Mesh – Argo Rollouts with Istio](https://www.cncf.io/blog/2022/12/16/progressive-delivery-with-service-mesh-argo-rollouts-with-istio/)
 

USERS.md

@@ -40,7 +40,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Boozt](https://www.booztgroup.com/)
 1. [Boticario](https://www.boticario.com.br/)
 1. [Bulder Bank](https://bulderbank.no)
-1. [CAM](https://cam-inc.co.jp)
 1. [Camptocamp](https://camptocamp.com)
 1. [Candis](https://www.candis.io)
 1. [Capital One](https://www.capitalone.com)
@@ -129,7 +128,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [IBM](https://www.ibm.com/)
 1. [Ibotta](https://home.ibotta.com)
 1. [IITS-Consulting](https://iits-consulting.de)
-1. [IllumiDesk](https://www.illumidesk.com)
 1. [imaware](https://imaware.health)
 1. [Indeed](https://indeed.com)
 1. [Index Exchange](https://www.indexexchange.com/)
@@ -220,7 +218,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Pigment](https://www.gopigment.com/)
 1. [Pipefy](https://www.pipefy.com/)
 1. [Pismo](https://pismo.io/)
-1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/)
 1. [Platform9 Systems](https://platform9.com/)
 1. [Polarpoint.io](https://polarpoint.io)
 1. [PostFinance](https://github.com/postfinance)

VERSION

@@ -1 +1 @@
-2.9.0
+2.10.0-rc4

assets/swagger.json

@@ -5664,10 +5664,6 @@
           "type": "string",
           "title": "ClusterName contains AWS cluster name"
         },
-        "profile": {
-          "description": "Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.",
-          "type": "string"
-        },
         "roleARN": {
           "description": "RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.",
           "type": "string"
@@ -8503,9 +8499,6 @@
           "format": "int64",
           "title": "ID is an auto incrementing identifier of the RevisionHistory"
         },
-        "initiatedBy": {
-          "$ref": "#/definitions/v1alpha1OperationInitiator"
-        },
         "revision": {
           "type": "string",
           "title": "Revision holds the revision the sync was performed against"

cmd/argocd-application-controller/commands/argocd_application_controller.go

@@ -6,12 +6,11 @@ import (
 	"math"
 	"time"
 
+	"github.com/argoproj/argo-cd/v2/pkg/ratelimiter"
 	"github.com/argoproj/pkg/stats"
 	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	kubeerrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
 
@@ -21,7 +20,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/controller/sharding"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
-	"github.com/argoproj/argo-cd/v2/pkg/ratelimiter"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate"
@@ -33,6 +31,8 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/settings"
 	"github.com/argoproj/argo-cd/v2/util/tls"
 	"github.com/argoproj/argo-cd/v2/util/trace"
+	kubeerrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -230,10 +230,8 @@ func NewCommand() *cobra.Command {
 	command.Flags().Float64Var(&workqueueRateLimit.BackoffFactor, "wq-backoff-factor", env.ParseFloat64FromEnv("WORKQUEUE_BACKOFF_FACTOR", 1.5, 0, math.MaxFloat64), "Set Workqueue Per Item Rate Limiter Backoff Factor, default is 1.5")
 	command.Flags().BoolVar(&enableDynamicClusterDistribution, "dynamic-cluster-distribution-enabled", env.ParseBoolFromEnv(common.EnvEnableDynamicClusterDistribution, false), "Enables dynamic cluster distribution.")
 	command.Flags().BoolVar(&serverSideDiff, "server-side-diff-enabled", env.ParseBoolFromEnv(common.EnvServerSideDiff, false), "Feature flag to enable ServerSide diff. Default (\"false\")")
-	cacheSource = appstatecache.AddCacheFlagsToCmd(&command, cacheutil.Options{
-		OnClientCreated: func(client *redis.Client) {
-			redisClient = client
-		},
+	cacheSource = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
+		redisClient = client
 	})
 	return &command
 }

cmd/argocd-k8s-auth/commands/aws.go

@@ -37,14 +37,13 @@ func newAWSCommand() *cobra.Command {
 	var (
 		clusterName string
 		roleARN     string
-		profile     string
 	)
 	var command = &cobra.Command{
 		Use: "aws",
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 
-			presignedURLString, err := getSignedRequestWithRetry(ctx, time.Minute, 5*time.Second, clusterName, roleARN, profile, getSignedRequest)
+			presignedURLString, err := getSignedRequestWithRetry(ctx, time.Minute, 5*time.Second, clusterName, roleARN, getSignedRequest)
 			errors.CheckError(err)
 			token := v1Prefix + base64.RawURLEncoding.EncodeToString([]byte(presignedURLString))
 			// Set token expiration to 1 minute before the presigned URL expires for some cushion
@@ -54,17 +53,16 @@ func newAWSCommand() *cobra.Command {
 	}
 	command.Flags().StringVar(&clusterName, "cluster-name", "", "AWS Cluster name")
 	command.Flags().StringVar(&roleARN, "role-arn", "", "AWS Role ARN")
-	command.Flags().StringVar(&profile, "profile", "", "AWS Profile")
 	return command
 }
 
-type getSignedRequestFunc func(clusterName, roleARN string, profile string) (string, error)
+type getSignedRequestFunc func(clusterName, roleARN string) (string, error)
 
-func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Duration, clusterName, roleARN string, profile string, fn getSignedRequestFunc) (string, error) {
+func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Duration, clusterName, roleARN string, fn getSignedRequestFunc) (string, error) {
 	ctx, cancel := context.WithTimeout(ctx, timeout)
 	defer cancel()
 	for {
-		signed, err := fn(clusterName, roleARN, profile)
+		signed, err := fn(clusterName, roleARN)
 		if err == nil {
 			return signed, nil
 		}
@@ -76,10 +74,8 @@ func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Durat
 	}
 }
 
-func getSignedRequest(clusterName, roleARN string, profile string) (string, error) {
-	sess, err := session.NewSessionWithOptions(session.Options{
-		Profile: profile,
-	})
+func getSignedRequest(clusterName, roleARN string) (string, error) {
+	sess, err := session.NewSession()
 	if err != nil {
 		return "", fmt.Errorf("error creating new AWS session: %s", err)
 	}

cmd/argocd-k8s-auth/commands/aws_test.go

@@ -22,7 +22,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) {
 		}
 
 		// when
-		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock)
+		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", mock.getSignedRequestMock)
 
 		// then
 		assert.NoError(t, err)
@@ -41,7 +41,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) {
 		}
 
 		// when
-		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock)
+		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", mock.getSignedRequestMock)
 
 		// then
 		assert.NoError(t, err)
@@ -57,7 +57,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) {
 		}
 
 		// when
-		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock)
+		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", mock.getSignedRequestMock)
 
 		// then
 		assert.Error(t, err)
@@ -70,7 +70,7 @@ type signedRequestMock struct {
 	returnFunc            func(m *signedRequestMock) (string, error)
 }
 
-func (m *signedRequestMock) getSignedRequestMock(clusterName, roleARN string, profile string) (string, error) {
+func (m *signedRequestMock) getSignedRequestMock(clusterName, roleARN string) (string, error) {
 	m.getSignedRequestCalls++
 	return m.returnFunc(m)
 }

cmd/argocd-repo-server/commands/argocd_repo_server.go

@@ -210,10 +210,8 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted")
 	command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
-	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, cacheutil.Options{
-		OnClientCreated: func(client *redis.Client) {
-			redisClient = client
-		},
+	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
+		redisClient = client
 	})
 	return &command
 }

cmd/argocd-server/commands/argocd_server.go

@@ -19,10 +19,8 @@ import (
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache"
 	"github.com/argoproj/argo-cd/v2/server"
 	servercache "github.com/argoproj/argo-cd/v2/server/cache"
-	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/dex"
 	"github.com/argoproj/argo-cd/v2/util/env"
@@ -68,7 +66,6 @@ func NewCommand() *cobra.Command {
 		enableGZip               bool
 		tlsConfigCustomizerSrc   func() (tls.ConfigCustomizer, error)
 		cacheSrc                 func() (*servercache.Cache, error)
-		repoServerCacheSrc       func() (*reposervercache.Cache, error)
 		frameOptions             string
 		contentSecurityPolicy    string
 		repoServerPlaintext      bool
@@ -110,8 +107,6 @@ func NewCommand() *cobra.Command {
 			errors.CheckError(err)
 			cache, err := cacheSrc()
 			errors.CheckError(err)
-			repoServerCache, err := repoServerCacheSrc()
-			errors.CheckError(err)
 
 			kubeclientset := kubernetes.NewForConfigOrDie(config)
 
@@ -196,7 +191,6 @@ func NewCommand() *cobra.Command {
 				EnableGZip:            enableGZip,
 				TLSConfigCustomizer:   tlsConfigCustomizer,
 				Cache:                 cache,
-				RepoServerCache:       repoServerCache,
 				XFrameOptions:         frameOptions,
 				ContentSecurityPolicy: contentSecurityPolicy,
 				RedisClient:           redisClient,
@@ -269,11 +263,8 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces where application resources can be managed in")
 	command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command)
-	cacheSrc = servercache.AddCacheFlagsToCmd(command, cacheutil.Options{
-		OnClientCreated: func(client *redis.Client) {
-			redisClient = client
-		},
+	cacheSrc = servercache.AddCacheFlagsToCmd(command, func(client *redis.Client) {
+		redisClient = client
 	})
-	repoServerCacheSrc = reposervercache.AddCacheFlagsToCmd(command, cacheutil.Options{FlagPrefix: "repo-server-"})
 	return command
 }

cmd/argocd/commands/admin/cluster.go

@@ -26,6 +26,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/controller/sharding"
 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/util/argo"
 	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
@@ -71,7 +72,7 @@ argocd admin cluster namespaces my-cluster `,
 }
 
 type ClusterWithInfo struct {
-	v1alpha1.Cluster
+	argoappv1.Cluster
 	// Shard holds controller shard number that handles the cluster
 	Shard int
 	// Namespaces holds list of namespaces managed by Argo CD in the cluster
@@ -625,16 +626,15 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 			errors.CheckError(err)
 			kubeClientset := fake.NewSimpleClientset()
 
-			var awsAuthConf *v1alpha1.AWSAuthConfig
-			var execProviderConf *v1alpha1.ExecProviderConfig
+			var awsAuthConf *argoappv1.AWSAuthConfig
+			var execProviderConf *argoappv1.ExecProviderConfig
 			if clusterOpts.AwsClusterName != "" {
-				awsAuthConf = &v1alpha1.AWSAuthConfig{
+				awsAuthConf = &argoappv1.AWSAuthConfig{
 					ClusterName: clusterOpts.AwsClusterName,
 					RoleARN:     clusterOpts.AwsRoleArn,
-					Profile:     clusterOpts.AwsProfile,
 				}
 			} else if clusterOpts.ExecProviderCommand != "" {
-				execProviderConf = &v1alpha1.ExecProviderConfig{
+				execProviderConf = &argoappv1.ExecProviderConfig{
 					Command:     clusterOpts.ExecProviderCommand,
 					Args:        clusterOpts.ExecProviderArgs,
 					Env:         clusterOpts.ExecProviderEnv,
@@ -658,7 +658,7 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 
 			clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, clusterOpts.ClusterResources, conf, bearerToken, awsAuthConf, execProviderConf, labelsMap, annotationsMap)
 			if clusterOpts.InClusterEndpoint() {
-				clst.Server = v1alpha1.KubernetesInternalAPIServerAddr
+				clst.Server = argoappv1.KubernetesInternalAPIServerAddr
 			}
 			if clusterOpts.ClusterEndpoint == string(cmdutil.KubePublicEndpoint) {
 				// Ignore `kube-public` cluster endpoints, since this command is intended to run without invoking any network connections.

cmd/argocd/commands/app.go

@@ -1624,7 +1624,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 				list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: pointer.String(selector)})
 				errors.CheckError(err)
 				for _, i := range list.Items {
-					appNames = append(appNames, i.QualifiedName())
+					appNames = append(appNames, i.Name)
 				}
 			}
 			for _, appName := range appNames {
@@ -1995,7 +1995,7 @@ func getAppNamesBySelector(ctx context.Context, appIf application.ApplicationSer
 			return []string{}, fmt.Errorf("no apps match selector %v", selector)
 		}
 		for _, i := range list.Items {
-			appNames = append(appNames, i.QualifiedName())
+			appNames = append(appNames, i.Name)
 		}
 	}
 	return appNames, nil

cmd/argocd/commands/cluster.go

@@ -111,7 +111,6 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				awsAuthConf = &argoappv1.AWSAuthConfig{
 					ClusterName: clusterOpts.AwsClusterName,
 					RoleARN:     clusterOpts.AwsRoleArn,
-					Profile:     clusterOpts.AwsProfile,
 				}
 			} else if clusterOpts.ExecProviderCommand != "" {
 				execProviderConf = &argoappv1.ExecProviderConfig{

cmd/argocd/commands/headless/headless.go

@@ -78,12 +78,6 @@ func (c *forwardCacheClient) Set(item *cache.Item) error {
 	})
 }
 
-func (c *forwardCacheClient) Rename(oldKey string, newKey string, expiration time.Duration) error {
-	return c.doLazy(func(client cache.CacheClient) error {
-		return client.Rename(oldKey, newKey, expiration)
-	})
-}
-
 func (c *forwardCacheClient) Get(key string, obj interface{}) error {
 	return c.doLazy(func(client cache.CacheClient) error {
 		return client.Get(key, obj)

cmd/argocd/commands/repo.go

@@ -64,12 +64,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
   # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
   argocd repo add ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa
 
-  # Add a Git repository via SSH using socks5 proxy with no proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://your.proxy.server.ip:1080
-
-  # Add a Git repository via SSH using socks5 proxy with proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://username:password@your.proxy.server.ip:1080
-
   # Add a private Git repository via HTTPS using username/password and TLS client certificates:
   argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key
 

cmd/util/cluster.go

@@ -144,7 +144,6 @@ type ClusterOptions struct {
 	Upsert                  bool
 	ServiceAccount          string
 	AwsRoleArn              string
-	AwsProfile              string
 	AwsClusterName          string
 	SystemNamespace         string
 	Namespaces              []string
@@ -170,7 +169,6 @@ func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) {
 	command.Flags().BoolVar(&opts.InCluster, "in-cluster", false, "Indicates Argo CD resides inside this cluster and should connect using the internal k8s hostname (kubernetes.default.svc)")
 	command.Flags().StringVar(&opts.AwsClusterName, "aws-cluster-name", "", "AWS Cluster name if set then aws cli eks token command will be used to access cluster")
 	command.Flags().StringVar(&opts.AwsRoleArn, "aws-role-arn", "", "Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain.")
-	command.Flags().StringVar(&opts.AwsProfile, "aws-profile", "", "Optional AWS profile. If set then AWS IAM Authenticator uses this profile to perform cluster operations instead of the default AWS credential provider chain.")
 	command.Flags().StringArrayVar(&opts.Namespaces, "namespace", nil, "List of namespaces which are allowed to manage")
 	command.Flags().BoolVar(&opts.ClusterResources, "cluster-resources", false, "Indicates if cluster level resources should be managed. The setting is used only if list of managed namespaces is not empty.")
 	command.Flags().StringVar(&opts.Name, "name", "", "Overwrite the cluster name")

controller/appcontroller.go

@@ -48,6 +48,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/controller/sharding"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 	appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argov1alpha "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions/application/v1alpha1"
 	applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1"
@@ -1033,7 +1034,7 @@ func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Applica
 	return objsMap, nil
 }
 
-func (ctrl *ApplicationController) isValidDestination(app *appv1.Application) (bool, *appv1.Cluster) {
+func (ctrl *ApplicationController) isValidDestination(app *appv1.Application) (bool, *argov1alpha.Cluster) {
 	// Validate the cluster using the Application destination's `name` field, if applicable,
 	// and set the Server field, if needed.
 	if err := argo.ValidateDestination(context.Background(), &app.Spec.Destination, ctrl.db); err != nil {
@@ -2206,4 +2207,4 @@ func (ctrl *ApplicationController) toAppQualifiedName(appName, appNamespace stri
 	return fmt.Sprintf("%s/%s", appNamespace, appName)
 }
 
-type ClusterFilterFunction func(c *appv1.Cluster, distributionFunction sharding.DistributionFunction) bool
+type ClusterFilterFunction func(c *argov1alpha.Cluster, distributionFunction sharding.DistributionFunction) bool

controller/state.go

@@ -880,16 +880,7 @@ func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sou
 	return true
 }
 
-func (m *appStateManager) persistRevisionHistory(
-	app *v1alpha1.Application,
-	revision string,
-	source v1alpha1.ApplicationSource,
-	revisions []string,
-	sources []v1alpha1.ApplicationSource,
-	hasMultipleSources bool,
-	startedAt metav1.Time,
-	initiatedBy v1alpha1.OperationInitiator,
-) error {
+func (m *appStateManager) persistRevisionHistory(app *v1alpha1.Application, revision string, source v1alpha1.ApplicationSource, revisions []string, sources []v1alpha1.ApplicationSource, hasMultipleSources bool, startedAt metav1.Time) error {
 	var nextID int64
 	if len(app.Status.History) > 0 {
 		nextID = app.Status.History.LastRevisionHistory().ID + 1
@@ -902,7 +893,6 @@ func (m *appStateManager) persistRevisionHistory(
 			ID:              nextID,
 			Sources:         sources,
 			Revisions:       revisions,
-			InitiatedBy:     initiatedBy,
 		})
 	} else {
 		app.Status.History = append(app.Status.History, v1alpha1.RevisionHistory{
@@ -911,7 +901,6 @@ func (m *appStateManager) persistRevisionHistory(
 			DeployStartedAt: &startedAt,
 			ID:              nextID,
 			Source:          source,
-			InitiatedBy:     initiatedBy,
 		})
 	}
 

controller/state_test.go

@@ -23,7 +23,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/test"
@@ -839,7 +838,7 @@ func Test_appStateManager_persistRevisionHistory(t *testing.T) {
 		app.Spec.RevisionHistoryLimit = &i
 	}
 	addHistory := func() {
-		err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1.Time{}, v1alpha1.OperationInitiator{})
+		err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1.Time{})
 		assert.NoError(t, err)
 	}
 	addHistory()
@@ -875,7 +874,7 @@ func Test_appStateManager_persistRevisionHistory(t *testing.T) {
 	assert.Len(t, app.Status.History, 9)
 
 	metav1NowTime := metav1.NewTime(time.Now())
-	err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1NowTime, v1alpha1.OperationInitiator{})
+	err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1NowTime)
 	assert.NoError(t, err)
 	assert.Equal(t, app.Status.History.LastRevisionHistory().DeployStartedAt, &metav1NowTime)
 }

controller/sync.go

@@ -391,7 +391,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	logEntry.WithField("duration", time.Since(start)).Info("sync/terminate complete")
 
 	if !syncOp.DryRun && len(syncOp.Resources) == 0 && state.Phase.Successful() {
-		err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, app.Spec.HasMultipleSources(), state.StartedAt, state.Operation.InitiatedBy)
+		err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, app.Spec.HasMultipleSources(), state.StartedAt)
 		if err != nil {
 			state.Phase = common.OperationError
 			state.Message = fmt.Sprintf("failed to record sync to history: %v", err)

docs/cli_installation.md

@@ -37,17 +37,6 @@ sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
 rm argocd-linux-amd64
 ```
 
-#### Download latest stable version
-
-You can download the latest stable release by executing below steps:
-
-```bash
-VERSION=$(curl -L -s https://raw.githubusercontent.com/argoproj/argo-cd/stable/VERSION)
-curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/v$VERSION/argocd-linux-amd64
-sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
-rm argocd-linux-amd64
-```
-
 You should now be able to run `argocd` commands.
 
 

docs/developer-guide/architecture/components.md

@@ -71,7 +71,7 @@ and the CLI functionalities.
 ### Application Controller
 
 The Application Controller is responsible for reconciling the
-Application resource in Kubernetes synchronizing the desired
+Application resource in Kubernetes syncronizing the desired
 application state (provided in Git) with the live state (in
 Kubernetes). The Application Controller is also responsible for
 reconciling the Project resource.

docs/developer-guide/contributors-quickstart.md

@@ -9,8 +9,6 @@ and the [toolchain guide](toolchain-guide.md).
 
 ### Install Go
 
-<https://go.dev/doc/install/>
-
 Install version 1.18 or newer (Verify version by running `go version`)
 
 ### Clone the Argo CD repo
@@ -25,29 +23,16 @@ git clone https://github.com/argoproj/argo-cd.git
 
 <https://docs.docker.com/engine/install/>
 
-### Install or Upgrade a Tool for Running Local Clusters (e.g. kind or minikube)
-
-#### Installation guide for kind:
+### Install or Upgrade `kind` (Optional - Should work with any local cluster)
 
 <https://kind.sigs.k8s.io/docs/user/quick-start/>
 
-#### Installation guide for minikube:
-
-<https://minikube.sigs.k8s.io/docs/start/>
-
 ### Start Your Local Cluster
 
-For example, if you are using kind:
 ```shell
 kind create cluster
 ```
 
-Or, if you are using minikube:
-
-```shell
-minikube start
-```
-
 ### Install Argo CD
 
 ```shell

docs/getting_started.md

@@ -22,8 +22,12 @@ This will create a new namespace, `argocd`, where Argo CD services and applicati
     The installation manifests include `ClusterRoleBinding` resources that reference `argocd` namespace. If you are installing Argo CD into a different
     namespace then make sure to update the namespace reference.
 
-!!! tip
-    If you are not interested in UI, SSO, and multi-cluster features, then you can install only the [core](operator-manual/core/#installing) Argo CD components.
+If you are not interested in UI, SSO, multi-cluster features then you can install [core](operator-manual/installation.md#core) Argo CD components only:
+
+```bash
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml
+```
 
 This default installation will have a self-signed certificate and cannot be accessed without a bit of extra work.
 Do one of:

docs/operator-manual/application.yaml

@@ -119,7 +119,7 @@ spec:
         extVars:
         - name: foo
           value: bar
-          # You can use "code" to determine if the value is either string (false, the default) or Jsonnet code (if code is true).
+          # You can use "code to determine if the value is either string (false, the default) or Jsonnet code (if code is true).
         - code: true
           name: baz
           value: "true"

docs/operator-manual/applicationset/GoTemplate.md

@@ -12,7 +12,7 @@ An additional `normalize` function makes any string parameter usable as a valid
 with hyphens and truncating at 253 characters. This is useful when making parameters safe for things like Application
 names.
 
-Another `slugify` function has been added which, by default, sanitizes and smart truncates (it doesn't cut a word into 2). This function accepts a couple of arguments:
+Another function has `slugify` function has been added which, by default, sanitizes and smart truncate (means doesn't cut a word into 2). This function accepts a couple of arguments:
 - The first argument (if provided) is an integer specifying the maximum length of the slug.
 - The second argument (if provided) is a boolean indicating whether smart truncation is enabled.
 - The last argument (if provided) is the input name that needs to be slugified.
@@ -206,8 +206,6 @@ ApplicationSet controller provides:
   1. contains no more than 253 characters
   2. contains only lowercase alphanumeric characters, '-' or '.'
   3. starts and ends with an alphanumeric character
-
-- `slugify`: sanitizes like `normalize` and smart truncates (it doesn't cut a word into 2) like described in the [introduction](#introduction) section.
 - `toYaml` / `fromYaml` / `fromYamlArray` helm like functions
 
 

docs/operator-manual/argocd-cm.yaml

@@ -308,10 +308,8 @@ data:
   # have either a permanent banner or a regular closeable banner, and NOT both. eg. A user can't dismiss a
   # notification message (closeable) banner, to then immediately see a permanent banner.
   # ui.bannerpermanent: "true"
-  # An option to specify the position of the banner, either the top or bottom of the page, or both. The valid values 
-  # are: "top", "bottom" and "both".  The default (if the option is not provided), is "top". If "both" is specified, then 
-  # the content appears both at the top and the bottom of the page. Uncomment the following line to make the banner appear 
-  # at the bottom of the page. Change the value as needed.
+  # An option to specify the position of the banner, either the top or bottom of the page. The default is at the top.
+  # Uncomment to make the banner appear at the bottom of the page. Any value other than "bottom" will make the banner appear at the top.
   # ui.bannerposition: "bottom"
 
   # Application reconciliation timeout is the max amount of time required to discover if a new manifests version got

docs/operator-manual/declarative-setup.md

@@ -549,7 +549,6 @@ bearerToken: string
 awsAuthConfig:
     clusterName: string
     roleARN: string
-    profile: string
 # Configure external command to supply client credentials
 # See https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
 execProviderConfig:

docs/operator-manual/notifications/services/opsgenie.md

@@ -12,8 +12,8 @@ To be able to send notifications with argocd-notifications you have to create an
 8. Give your integration a name, copy the "API key" and safe it somewhere for later
 9. Make sure the checkboxes for "Create and Update Access" and "enable" are selected, disable the other checkboxes to remove unnecessary permissions
 10. Click "Safe Integration" at the bottom
-11. Check your browser for the correct server apiURL. If it is "app.opsgenie.com" then use the US/international api url `api.opsgenie.com` in the next step, otherwise use `api.eu.opsgenie.com` (European API). 
-12. You are finished with configuring opsgenie. Now you need to configure argocd-notifications. Use the apiUrl, the team name and the apiKey to configure the Opsgenie integration in the `argocd-notifications-secret` secret. 
+11. Check your browser for the correct server apiURL. If it is "app.opsgenie.com" then use the us/international api url `api.opsgenie.com` in the next step, otherwise use `api.eu.opsgenie.com` (european api). 
+12. You are finished with configuring opsgenie. Now you need to configure argocd-notifications. Use the apiUrl, the team name and the apiKey to configure the opsgenie integration in the `argocd-notifications-secret` secret. 
 
 ```yaml
 apiVersion: v1

docs/operator-manual/notifications/services/pagerduty.md

@@ -1,17 +1,17 @@
-# PagerDuty
+# Pagerduty
 
 ## Parameters
 
-The PagerDuty notification service is used to create PagerDuty incidents and requires specifying the following settings:
+The Pagerduty notification service is used to create pagerduty incidents and requires specifying the following settings:
 
-* `pagerdutyToken` - the PagerDuty auth token
+* `pagerdutyToken` - the pagerduty auth token
 * `from` - email address of a valid user associated with the account making the request.
 * `serviceID` - The ID of the resource.
 
 
 ## Example
 
-The following snippet contains sample PagerDuty service configuration:
+The following snippet contains sample Pagerduty service configuration:
 
 ```yaml
 apiVersion: v1
@@ -35,7 +35,7 @@ data:
 
 ## Template
 
-[Notification templates](../templates.md) support specifying subject for PagerDuty notifications:
+[Notification templates](../templates.md) support specifying subject for pagerduty notifications:
 
 ```yaml
 apiVersion: v1
@@ -62,5 +62,5 @@ apiVersion: argoproj.io/v1alpha1
 kind: Rollout
 metadata:
   annotations:
-    notifications.argoproj.io/subscribe.on-rollout-aborted.pagerduty: "<serviceID for PagerDuty>"
+    notifications.argoproj.io/subscribe.on-rollout-aborted.pagerduty: "<serviceID for Pagerduty>"
 ```

docs/operator-manual/notifications/services/pagerduty_v2.md

@@ -74,5 +74,5 @@ apiVersion: argoproj.io/v1alpha1
 kind: Rollout
 metadata:
   annotations:
-    notifications.argoproj.io/subscribe.on-rollout-aborted.pagerdutyv2: "<serviceID for PagerDuty>"
+    notifications.argoproj.io/subscribe.on-rollout-aborted.pagerdutyv2: "<serviceID for Pagerduty>"
 ```

docs/operator-manual/notifications/triggers.md

@@ -1,7 +1,7 @@
 The trigger defines the condition when the notification should be sent. The definition includes name, condition
 and notification templates reference. The condition is a predicate expression that returns true if the notification
 should be sent. The trigger condition evaluation is powered by [antonmedv/expr](https://github.com/antonmedv/expr).
-The condition language syntax is described at [language-definition.md](https://github.com/antonmedv/expr/blob/master/docs/language-definition.md).
+The condition language syntax is described at [Language-Definition.md](https://github.com/antonmedv/expr/blob/master/docs/Language-Definition.md).
 
 The trigger is configured in the `argocd-notifications-cm` ConfigMap. For example the following trigger sends a notification
 when application sync status changes to `Unknown` using the `app-sync-status` template:

docs/operator-manual/server-commands/argocd-server.md

@@ -25,87 +25,74 @@ argocd-server [flags]
 ### Options
 
 ```
-      --address string                                  Listen on given address (default "0.0.0.0")
-      --api-content-types string                        Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty. (default "application/json")
-      --app-state-cache-expiration duration             Cache expiration for app state (default 1h0m0s)
-      --application-namespaces strings                  List of additional namespaces where application resources can be managed in
-      --as string                                       Username to impersonate for the operation
-      --as-group stringArray                            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                                   UID to impersonate for the operation
-      --basehref string                                 Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
-      --certificate-authority string                    Path to a cert file for the certificate authority
-      --client-certificate string                       Path to a client certificate file for TLS
-      --client-key string                               Path to a client key file for TLS
-      --cluster string                                  The name of the kubeconfig cluster to use
-      --connection-status-cache-expiration duration     Cache expiration for cluster/repo connection status (default 1h0m0s)
-      --content-security-policy value                   Set Content-Security-Policy header in HTTP responses to value. To disable, set to "". (default "frame-ancestors 'self';")
-      --context string                                  The name of the kubeconfig context to use
-      --default-cache-expiration duration               Cache expiration default (default 24h0m0s)
-      --dex-server string                               Dex server address (default "argocd-dex-server:5556")
-      --dex-server-plaintext                            Use a plaintext client (non-TLS) to connect to dex server
-      --dex-server-strict-tls                           Perform strict validation of TLS certificates when connecting to dex server
-      --disable-auth                                    Disable client authentication
-      --disable-compression                             If true, opt-out of response compression for all requests to the server
-      --enable-gzip                                     Enable GZIP compression (default true)
-      --enable-proxy-extension                          Enable Proxy Extension feature
-      --gloglevel int                                   Set the glog logging level
-  -h, --help                                            help for argocd-server
-      --insecure                                        Run server without TLS
-      --insecure-skip-tls-verify                        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-      --kubeconfig string                               Path to a kube config. Only required if out-of-cluster
-      --logformat string                                Set the logging format. One of: text|json (default "text")
-      --login-attempts-expiration duration              Cache expiration for failed login attempts (default 24h0m0s)
-      --loglevel string                                 Set the logging level. One of: debug|info|warn|error (default "info")
-      --metrics-address string                          Listen for metrics on given address (default "0.0.0.0")
-      --metrics-port int                                Start metrics on given port (default 8083)
-  -n, --namespace string                                If present, the namespace scope for this CLI request
-      --oidc-cache-expiration duration                  Cache expiration for OIDC state (default 3m0s)
-      --otlp-address string                             OpenTelemetry collector address to send traces to
-      --otlp-attrs strings                              List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value)
-      --otlp-headers stringToString                     List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2) (default [])
-      --otlp-insecure                                   OpenTelemetry collector insecure mode (default true)
-      --password string                                 Password for basic authentication to the API server
-      --port int                                        Listen on given port (default 8080)
-      --proxy-url string                                If provided, this URL will be used to connect via proxy
-      --redis string                                    Redis server hostname and port (e.g. argocd-redis:6379). 
-      --redis-ca-certificate string                     Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.
-      --redis-client-certificate string                 Path to Redis client certificate (e.g. /etc/certs/redis/client.crt).
-      --redis-client-key string                         Path to Redis client key (e.g. /etc/certs/redis/client.crt).
-      --redis-compress string                           Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip")
-      --redis-insecure-skip-tls-verify                  Skip Redis server certificate validation.
-      --redis-use-tls                                   Use TLS when connecting to Redis. 
-      --redisdb int                                     Redis database.
-      --repo-cache-expiration duration                  Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s)
-      --repo-server string                              Repo server address (default "argocd-repo-server:8081")
-      --repo-server-default-cache-expiration duration   Cache expiration default (default 24h0m0s)
-      --repo-server-plaintext                           Use a plaintext client (non-TLS) to connect to repository server
-      --repo-server-redis string                        Redis server hostname and port (e.g. argocd-redis:6379). 
-      --repo-server-redis-ca-certificate string         Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.
-      --repo-server-redis-client-certificate string     Path to Redis client certificate (e.g. /etc/certs/redis/client.crt).
-      --repo-server-redis-client-key string             Path to Redis client key (e.g. /etc/certs/redis/client.crt).
-      --repo-server-redis-compress string               Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip")
-      --repo-server-redis-insecure-skip-tls-verify      Skip Redis server certificate validation.
-      --repo-server-redis-use-tls                       Use TLS when connecting to Redis. 
-      --repo-server-redisdb int                         Redis database.
-      --repo-server-sentinel stringArray                Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
-      --repo-server-sentinelmaster string               Redis sentinel master group name. (default "master")
-      --repo-server-strict-tls                          Perform strict validation of TLS certificates when connecting to repo server
-      --repo-server-timeout-seconds int                 Repo server RPC call timeout seconds. (default 60)
-      --request-timeout string                          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --revision-cache-expiration duration              Cache expiration for cached revision (default 3m0s)
-      --rootpath string                                 Used if Argo CD is running behind reverse proxy under subpath different from /
-      --sentinel stringArray                            Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
-      --sentinelmaster string                           Redis sentinel master group name. (default "master")
-      --server string                                   The address and port of the Kubernetes API server
-      --staticassets string                             Directory path that contains additional static assets (default "/shared/app")
-      --tls-server-name string                          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --tlsciphers string                               The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
-      --tlsmaxversion string                            The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
-      --tlsminversion string                            The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
-      --token string                                    Bearer token for authentication to the API server
-      --user string                                     The name of the kubeconfig user to use
-      --username string                                 Username for basic authentication to the API server
-      --x-frame-options value                           Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
+      --address string                                Listen on given address (default "0.0.0.0")
+      --api-content-types string                      Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty. (default "application/json")
+      --app-state-cache-expiration duration           Cache expiration for app state (default 1h0m0s)
+      --application-namespaces strings                List of additional namespaces where application resources can be managed in
+      --as string                                     Username to impersonate for the operation
+      --as-group stringArray                          Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --as-uid string                                 UID to impersonate for the operation
+      --basehref string                               Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
+      --certificate-authority string                  Path to a cert file for the certificate authority
+      --client-certificate string                     Path to a client certificate file for TLS
+      --client-key string                             Path to a client key file for TLS
+      --cluster string                                The name of the kubeconfig cluster to use
+      --connection-status-cache-expiration duration   Cache expiration for cluster/repo connection status (default 1h0m0s)
+      --content-security-policy value                 Set Content-Security-Policy header in HTTP responses to value. To disable, set to "". (default "frame-ancestors 'self';")
+      --context string                                The name of the kubeconfig context to use
+      --default-cache-expiration duration             Cache expiration default (default 24h0m0s)
+      --dex-server string                             Dex server address (default "argocd-dex-server:5556")
+      --dex-server-plaintext                          Use a plaintext client (non-TLS) to connect to dex server
+      --dex-server-strict-tls                         Perform strict validation of TLS certificates when connecting to dex server
+      --disable-auth                                  Disable client authentication
+      --disable-compression                           If true, opt-out of response compression for all requests to the server
+      --enable-gzip                                   Enable GZIP compression (default true)
+      --enable-proxy-extension                        Enable Proxy Extension feature
+      --gloglevel int                                 Set the glog logging level
+  -h, --help                                          help for argocd-server
+      --insecure                                      Run server without TLS
+      --insecure-skip-tls-verify                      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kubeconfig string                             Path to a kube config. Only required if out-of-cluster
+      --logformat string                              Set the logging format. One of: text|json (default "text")
+      --login-attempts-expiration duration            Cache expiration for failed login attempts (default 24h0m0s)
+      --loglevel string                               Set the logging level. One of: debug|info|warn|error (default "info")
+      --metrics-address string                        Listen for metrics on given address (default "0.0.0.0")
+      --metrics-port int                              Start metrics on given port (default 8083)
+  -n, --namespace string                              If present, the namespace scope for this CLI request
+      --oidc-cache-expiration duration                Cache expiration for OIDC state (default 3m0s)
+      --otlp-address string                           OpenTelemetry collector address to send traces to
+      --otlp-attrs strings                            List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value)
+      --otlp-headers stringToString                   List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2) (default [])
+      --otlp-insecure                                 OpenTelemetry collector insecure mode (default true)
+      --password string                               Password for basic authentication to the API server
+      --port int                                      Listen on given port (default 8080)
+      --proxy-url string                              If provided, this URL will be used to connect via proxy
+      --redis string                                  Redis server hostname and port (e.g. argocd-redis:6379). 
+      --redis-ca-certificate string                   Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.
+      --redis-client-certificate string               Path to Redis client certificate (e.g. /etc/certs/redis/client.crt).
+      --redis-client-key string                       Path to Redis client key (e.g. /etc/certs/redis/client.crt).
+      --redis-compress string                         Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip")
+      --redis-insecure-skip-tls-verify                Skip Redis server certificate validation.
+      --redis-use-tls                                 Use TLS when connecting to Redis. 
+      --redisdb int                                   Redis database.
+      --repo-server string                            Repo server address (default "argocd-repo-server:8081")
+      --repo-server-plaintext                         Use a plaintext client (non-TLS) to connect to repository server
+      --repo-server-strict-tls                        Perform strict validation of TLS certificates when connecting to repo server
+      --repo-server-timeout-seconds int               Repo server RPC call timeout seconds. (default 60)
+      --request-timeout string                        The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --rootpath string                               Used if Argo CD is running behind reverse proxy under subpath different from /
+      --sentinel stringArray                          Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
+      --sentinelmaster string                         Redis sentinel master group name. (default "master")
+      --server string                                 The address and port of the Kubernetes API server
+      --staticassets string                           Directory path that contains additional static assets (default "/shared/app")
+      --tls-server-name string                        If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
+      --tlsciphers string                             The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
+      --tlsmaxversion string                          The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
+      --tlsminversion string                          The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
+      --token string                                  Bearer token for authentication to the API server
+      --user string                                   The name of the kubeconfig user to use
+      --username string                               Username for basic authentication to the API server
+      --x-frame-options value                         Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
 ```
 
 ### SEE ALSO

docs/operator-manual/signed-release-assets.md

@@ -92,7 +92,7 @@ The attestation payload contains a non-forgeable provenance which is base64 enco
 ```bash
 slsa-verifier verify-image "$IMAGE" \
     --source-uri github.com/argoproj/argo-cd \
-    --source-tag v2.7.0 \
+    --source-tag v2.7.0
     --print-provenance | jq
 ```
 

docs/operator-manual/tested-kubernetes-versions.md

@@ -1,6 +1,5 @@
 | Argo CD version | Kubernetes versions |
 |-----------------|---------------------|
-| 2.7 | v1.26, v1.25, v1.24, v1.23 |
-| 2.6 | v1.24, v1.23, v1.22 |
-| 2.5 | v1.24, v1.23, v1.22 |
-
+| 2.10 | v1.28, v1.27, v1.26, v1.25 |
+| 2.9 | v1.28, v1.27, v1.26, v1.25 |
+| 2.8 | v1.27, v1.26, v1.25, v1.24 |

docs/operator-manual/upgrading/2.10-2.11.md

@@ -1,5 +0,0 @@
-# v2.10 to 2.11
-
-## initiatedBy added in Application CRD
-
-In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD.

docs/operator-manual/user-management/microsoft.md

@@ -1,16 +1,13 @@
 # Microsoft
 
-!!! note ""
-    Entra ID was formerly known as Azure AD.
+* [Azure AD SAML Enterprise App Auth using Dex](#azure-ad-saml-enterprise-app-auth-using-dex)
+* [Azure AD App Registration Auth using OIDC](#azure-ad-app-registration-auth-using-oidc)
+* [Azure AD App Registration Auth using Dex](#azure-ad-app-registration-auth-using-dex)
 
-* [Entra ID SAML Enterprise App Auth using Dex](#entra-id-saml-enterprise-app-auth-using-dex)
-* [Entra ID App Registration Auth using OIDC](#entra-id-app-registration-auth-using-oidc)
-* [Entra ID App Registration Auth using Dex](#entra-id-app-registration-auth-using-dex)
+## Azure AD SAML Enterprise App Auth using Dex
+### Configure a new Azure AD Enterprise App
 
-## Entra ID SAML Enterprise App Auth using Dex
-### Configure a new Entra ID Enterprise App
-
-1. From the `Microsoft Entra ID` > `Enterprise applications` menu, choose `+ New application`
+1. From the `Azure Active Directory` > `Enterprise applications` menu, choose `+ New application`
 2. Select `Non-gallery application`
 3. Enter a `Name` for the application (e.g. `Argo CD`), then choose `Add`
 4. Once the application is created, open it from the `Enterprise applications` menu.
@@ -34,9 +31,9 @@
       - *Keep a copy of the encoded output to be used in the next section.*
 9. From the `Single sign-on` menu, copy the `Login URL` parameter, to be used in the next section.
 
-### Configure Argo to use the new Entra ID Enterprise App
+### Configure Argo to use the new Azure AD Enterprise App
 
-1. Edit `argocd-cm` and add the following `dex.config` to the data section, replacing the `caData`, `my-argo-cd-url` and `my-login-url` your values from the Entra ID App:
+1. Edit `argocd-cm` and add the following `dex.config` to the data section, replacing the `caData`, `my-argo-cd-url` and `my-login-url` your values from the Azure AD App:
 
             data:
               url: https://my-argo-cd-url
@@ -59,7 +56,7 @@
                     groupsAttr: Group
 
 2. Edit `argocd-rbac-cm` to configure permissions, similar to example below.
-      - Use Entra ID `Group IDs` for assigning roles.
+      - Use Azure AD `Group IDs` for assigning roles.
       - See [RBAC Configurations](../rbac.md) for more detailed scenarios.
 
             # example policy
@@ -73,11 +70,11 @@
                p, role:org-admin, repositories, delete, *, allow
                g, "84ce98d1-e359-4f3b-85af-985b458de3c6", role:org-admin # (azure group assigned to role)
 
-## Entra ID App Registration Auth using OIDC
-### Configure a new Entra ID App registration
-#### Add a new Entra ID App registration
+## Azure AD App Registration Auth using OIDC
+### Configure a new Azure AD App registration
+#### Add a new Azure AD App registration
 
-1. From the `Microsoft Entra ID` > `App registrations` menu, choose `+ New registration`
+1. From the `Azure Active Directory` > `App registrations` menu, choose `+ New registration`
 2. Enter a `Name` for the application (e.g. `Argo CD`).
 3. Specify who can use the application (e.g. `Accounts in this organizational directory only`).
 4. Enter Redirect URI (optional) as follows (replacing `my-argo-cd-url` with your Argo URL), then choose `Add`.
@@ -95,29 +92,29 @@
       - **Redirect URI:** `http://localhost:8085/auth/callback`
       ![Azure App registration's Authentication](../../assets/azure-app-registration-authentication.png "Azure App registration's Authentication")
 
-#### Add credentials a new Entra ID App registration
+#### Add credentials a new Azure AD App registration
 
 1. From the `Certificates & secrets` menu, choose `+ New client secret`
 2. Enter a `Name` for the secret (e.g. `ArgoCD-SSO`).
       - Make sure to copy and save generated value. This is a value for the `client_secret`.
       ![Azure App registration's Secret](../../assets/azure-app-registration-secret.png "Azure App registration's Secret")
 
-#### Setup permissions for Entra ID Application
+#### Setup permissions for Azure AD Application
 
 1. From the `API permissions` menu, choose `+ Add a permission`
 2. Find `User.Read` permission (under `Microsoft Graph`) and grant it to the created application:
-   ![Entra ID API permissions](../../assets/azure-api-permissions.png "Entra ID API permissions")
+   ![Azure AD API permissions](../../assets/azure-api-permissions.png "Azure AD API permissions")
 3. From the `Token Configuration` menu, choose `+ Add groups claim`
-   ![Entra ID token configuration](../../assets/azure-token-configuration.png "Entra ID token configuration")
+   ![Azure AD token configuration](../../assets/azure-token-configuration.png "Azure AD token configuration")
 
-### Associate an Entra ID group to your Entra ID App registration
+### Associate an Azure AD group to your Azure AD App registration
 
-1. From the `Microsoft Entra ID` > `Enterprise applications` menu, search the App that you created (e.g. `Argo CD`).
-      - An Enterprise application with the same name of the Entra ID App registration is created when you add a new Entra ID App registration.
+1. From the `Azure Active Directory` > `Enterprise applications` menu, search the App that you created (e.g. `Argo CD`).
+      - An Enterprise application with the same name of the Azure AD App registration is created when you add a new Azure AD App registration.
 2. From the `Users and groups` menu of the app, add any users or groups requiring access to the service.
    ![Azure Enterprise SAML Users](../../assets/azure-enterprise-users.png "Azure Enterprise SAML Users")
 
-### Configure Argo to use the new Entra ID App registration
+### Configure Argo to use the new Azure AD App registration
 
 1. Edit `argocd-cm` and configure the `data.oidc.config` and `data.url` section:
 
@@ -176,7 +173,7 @@
 
    Refer to [operator-manual/argocd-rbac-cm.yaml](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml) for all of the available variables.
 
-## Entra ID App Registration Auth using Dex
+## Azure AD App Registration Auth using Dex
 
 Configure a new AD App Registration, as above.
 Then, add the `dex.config` to `argocd-cm`:
@@ -203,9 +200,9 @@ data:
 
 1. Open a new browser tab and enter your ArgoCD URI: https://`<my-argo-cd-url>`
    ![Azure SSO Web Log In](../../assets/azure-sso-web-log-in-via-azure.png "Azure SSO Web Log In")
-3. Click `LOGIN VIA AZURE` button to log in with your Microsoft Entra ID account. You’ll see the ArgoCD applications screen.
+3. Click `LOGIN VIA AZURE` button to log in with your Azure Active Directory account. You’ll see the ArgoCD applications screen.
    ![Azure SSO Web Application](../../assets/azure-sso-web-application.png "Azure SSO Web Application")
-4. Navigate to User Info and verify Group ID. Groups will have your group’s Object ID that you added in the `Setup permissions for Entra ID Application` step.
+4. Navigate to User Info and verify Group ID. Groups will have your group’s Object ID that you added in the `Setup permissions for Azure AD Application` step.
    ![Azure SSO Web User Info](../../assets/azure-sso-web-user-info.png "Azure SSO Web User Info")
 
 ### Log in to ArgoCD using CLI

docs/user-guide/commands/argocd_admin_cluster_generate-spec.md

@@ -13,7 +13,6 @@ argocd admin cluster generate-spec CONTEXT [flags]
 ```
       --annotation stringArray             Set metadata annotations (e.g. --annotation key=value)
       --aws-cluster-name string            AWS Cluster name if set then aws cli eks token command will be used to access cluster
-      --aws-profile string                 Optional AWS profile. If set then AWS IAM Authenticator uses this profile to perform cluster operations instead of the default AWS credential provider chain.
       --aws-role-arn string                Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain.
       --bearer-token string                Authentication token that should be used to access K8S API server
       --cluster-endpoint string            Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'.

docs/user-guide/commands/argocd_cluster_add.md

@@ -13,7 +13,6 @@ argocd cluster add CONTEXT [flags]
 ```
       --annotation stringArray             Set metadata annotations (e.g. --annotation key=value)
       --aws-cluster-name string            AWS Cluster name if set then aws cli eks token command will be used to access cluster
-      --aws-profile string                 Optional AWS profile. If set then AWS IAM Authenticator uses this profile to perform cluster operations instead of the default AWS credential provider chain.
       --aws-role-arn string                Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain.
       --cluster-endpoint string            Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'.
       --cluster-resources                  Indicates if cluster level resources should be managed. The setting is used only if list of managed namespaces is not empty.

docs/user-guide/commands/argocd_repo_add.md

@@ -17,12 +17,6 @@ argocd repo add REPOURL [flags]
   # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
   argocd repo add ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa
 
-  # Add a Git repository via SSH using socks5 proxy with no proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://your.proxy.server.ip:1080
-
-  # Add a Git repository via SSH using socks5 proxy with proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://username:password@your.proxy.server.ip:1080
-
   # Add a private Git repository via HTTPS using username/password and TLS client certificates:
   argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key
 

docs/user-guide/helm.md

@@ -25,23 +25,6 @@ spec:
     namespace: kubeseal
 ```
 
-Another example using a public OCI helm chart:
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: nginx
-spec:
-  project: default
-  source:
-    chart: nginx
-    repoURL: registry-1.docker.io/bitnamicharts  # note: the oci:// syntax is not included.
-    targetRevision: 15.9.0
-  destination:
-    name: "in-cluster"
-    namespace: nginx
-```
-
 !!! note "When using multiple ways to provide values"
     Order of precedence is `parameters > valuesObject > values > valueFiles > helm repository values.yaml` (see [Here](./helm.md#helm-value-precedence) for a more detailed example)
 

docs/user-guide/kustomize.md

@@ -162,9 +162,6 @@ data:
     kustomize.buildOptions: --load-restrictor LoadRestrictionsNone
     kustomize.buildOptions.v4.4.0: --output /tmp
 ```
-
-After modifying `kustomize.buildOptions`, you may need to restart ArgoCD for the changes to take effect.
-
 ## Custom Kustomize versions
 
 Argo CD supports using multiple Kustomize versions simultaneously and specifies required version per application.

docs/user-guide/resource_hooks.md

@@ -63,7 +63,6 @@ metadata:
     argocd.argoproj.io/hook: PostSync
     argocd.argoproj.io/hook-delete-policy: HookSucceeded
 ```
-Multiple hook delete policies can be specified as a comma separated list.
 
 The following policies define when the hook will be deleted.
 

docs/user-guide/sync-options.md

@@ -270,7 +270,7 @@ spec:
     - RespectIgnoreDifferences=true
 ```
 
-The example above shows how an Argo CD Application can be configured so it will ignore the `spec.replicas` field from the desired state (git) during the sync stage. This is achieved by calculating and pre-patching the desired state before applying it in the cluster. Note that the `RespectIgnoreDifferences` sync option is only effective when the resource is already created in the cluster. If the Application is being created and no live state exists, the desired state is applied as-is.
+The example above shows how an Argo CD Application can be configured so it will ignore the `spec.replicas` field from the desired state (git) during the sync stage. This is achieve by calculating and pre-patching the desired state before applying it in the cluster. Note that the `RespectIgnoreDifferences` sync option is only effective when the resource is already created in the cluster. If the Application is being created and no live state exists, the desired state is applied as-is.
 
 ## Create Namespace
 

docs/user-guide/sync-waves.md

@@ -37,7 +37,7 @@ Hooks and resources are assigned to wave zero by default. The wave can be negati
 When Argo CD starts a sync, it orders the resources in the following precedence:
 
 * The phase
-* The wave they are in (lower values first for creation & updation and higher values first for deletion)
+* The wave they are in (lower values first)
 * By kind (e.g. [namespaces first and then other Kubernetes resources, followed by custom resources](https://github.com/argoproj/gitops-engine/blob/bc9ce5764fa306f58cf59199a94f6c968c775a2d/pkg/sync/sync_tasks.go#L27-L66))
 * By name 
 
@@ -49,8 +49,6 @@ It repeats this process until all phases and waves are in-sync and healthy.
 
 Because an application can have resources that are unhealthy in the first wave, it may be that the app can never get to healthy.
 
-During pruning of resources, resources from higher waves are processed first before moving to lower waves. If, for any reason, a resource isn't removed/pruned in a wave, the resources in next waves won't be processed. This is to ensure proper resource cleanup between waves.
-
 Note that there's currently a delay between each sync wave in order give other controllers a chance to react to the spec change
 that we just applied. This also prevent Argo CD from assessing resource health too quickly (against the stale object), causing
 hooks to fire prematurely. The current delay between each sync wave is 2 seconds and can be configured via environment

go.mod

@@ -13,10 +13,10 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d
 	github.com/alicebob/miniredis/v2 v2.30.4
 	github.com/antonmedv/expr v1.15.2
-	github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757
-	github.com/argoproj/notifications-engine v0.4.1-0.20240126143042-84b9f7913604
+	github.com/argoproj/gitops-engine v0.7.1-0.20240122213038-792124280fcc
+	github.com/argoproj/notifications-engine v0.4.1-0.20231027194313-a8d185ecc0a9
 	github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1
-	github.com/aws/aws-sdk-go v1.50.8
+	github.com/aws/aws-sdk-go v1.44.317
 	github.com/bmatcuk/doublestar/v4 v4.6.0
 	github.com/bombsimon/logrusr/v2 v2.0.1
 	github.com/bradleyfalzon/ghinstallation/v2 v2.6.0
@@ -25,7 +25,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/dustin/go-humanize v1.0.1
-	github.com/evanphx/json-patch v5.9.0+incompatible
+	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e
 	github.com/go-git/go-git/v5 v5.11.0
@@ -81,7 +81,7 @@ require (
 	go.opentelemetry.io/otel v1.21.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
 	go.opentelemetry.io/otel/sdk v1.21.0
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.16.0
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
 	golang.org/x/oauth2 v0.11.0
 	golang.org/x/sync v0.3.0
@@ -114,20 +114,19 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.25.12 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.18.8 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.8 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sqs v1.20.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect

go.sum

@@ -694,10 +694,10 @@ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb
 github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU=
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
-github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757 h1:5fKAhTQcTBom0vin56cz/UTPx2GMuvdb+lJRAUOPbHA=
-github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757/go.mod h1:gWE8uROi7hIkWGNAVM+8FWkMfo0vZ03SLx/aFw/DBzg=
-github.com/argoproj/notifications-engine v0.4.1-0.20240126143042-84b9f7913604 h1:pMfBao6Vm1Ax0xGIp9BWEia2nKkccHwV0dTEdrsFOpo=
-github.com/argoproj/notifications-engine v0.4.1-0.20240126143042-84b9f7913604/go.mod h1:TsyusmXQWIL0ST7YMRG/ered7WlWDmbmnPpXnS2LJmM=
+github.com/argoproj/gitops-engine v0.7.1-0.20240122213038-792124280fcc h1:Fv94Mi2WvtvPkEH5WoWC3iy/VoQRLeSsE0hyg0n2UkY=
+github.com/argoproj/gitops-engine v0.7.1-0.20240122213038-792124280fcc/go.mod h1:gWE8uROi7hIkWGNAVM+8FWkMfo0vZ03SLx/aFw/DBzg=
+github.com/argoproj/notifications-engine v0.4.1-0.20231027194313-a8d185ecc0a9 h1:1lt0VXzmLK7Vv0kaeal3S6/JIfzPyBORkUWXhiqF3l0=
+github.com/argoproj/notifications-engine v0.4.1-0.20231027194313-a8d185ecc0a9/go.mod h1:E/vv4+by868m0mmflaRfGBmKBtAupoF+mmyfekP8QCk=
 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo=
 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1/go.mod h1:CZHlkyAD1/+FbEn6cB2DQTj48IoLGvEYsWEvtzP3238=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
@@ -713,37 +713,35 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
 github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go v1.50.8 h1:gY0WoOW+/Wz6XmYSgDH9ge3wnAevYDSQWPxxJvqAkP4=
-github.com/aws/aws-sdk-go v1.50.8/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.44.317 h1:+8XWrLmGMwPPXSRSLPzhgcGnzJ2mYkgkrcB9C/GnSOU=
+github.com/aws/aws-sdk-go v1.44.317/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
-github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
-github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.25.12 h1:mF4cMuNh/2G+d19nWnm1vJ/ak0qK6SbqF0KtSX9pxu0=
-github.com/aws/aws-sdk-go-v2/config v1.25.12/go.mod h1:lOvvqtZP9p29GIjOTuA/76HiVk0c/s8qRcFRq2+E2uc=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
-github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7 h1:tRNrFDGRm81e6nTX5Q4CFblea99eAfm0dxXazGpLceU=
-github.com/aws/aws-sdk-go-v2/service/sqs v1.29.7/go.mod h1:8GWUDux5Z2h6z2efAtr54RdHXtLm8sq7Rg85ZNY/CZM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
-github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
-github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
+github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.8 h1:lDpy0WM8AHsywOnVrOHaSMfpaiV2igOw8D7svkFkXVA=
+github.com/aws/aws-sdk-go-v2/config v1.18.8/go.mod h1:5XCmmyutmzzgkpk/6NYTjeWb6lgo9N170m1j6pQkIBs=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.8 h1:vTrwTvv5qAwjWIGhZDSBH/oQHuIQjGmD232k01FUh6A=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.8/go.mod h1:lVa4OHbvgjVot4gmh1uouF1ubgexSCN92P6CJQpT0t8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 h1:KeTxcGdNnQudb46oOl4d90f2I33DF/c6q3RnZAmvQdQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28/go.mod h1:yRZVr/iT0AqyHeep00SZ4YfBAKojXz08w3XMBscdi0c=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.20.0 h1:tQoMg8i4nFAB70cJ4wiAYEiZRYo2P6uDmU2D6ys/igo=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.20.0/go.mod h1:jQhN5f4p3PALMNlUtfb/0wGIFlV7vGtJlPDVfxfNfPY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 h1:/2gzjhQowRLarkkBOGPXSRnb8sQ2RVsjdG1C/UliK/c=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.0/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 h1:Jfly6mRxk2ZOSlbCvZfKNS7TukSx1mIzhSsqZ/IGSZI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 h1:kOO++CYo50RcTFISESluhWEi5Prhg+gaSs4whWabiZU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.0/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
+github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
+github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -877,8 +875,8 @@ github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBF
 github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
-github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
@@ -1815,8 +1813,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=

hack/generate-proto.sh

@@ -10,13 +10,9 @@ set -o nounset
 set -o pipefail
 
 # shellcheck disable=SC2128
-PROJECT_ROOT=$(
-    cd "$(dirname "${BASH_SOURCE}")"/..
-    pwd
-)
+PROJECT_ROOT=$(cd "$(dirname "${BASH_SOURCE}")"/..; pwd)
 PATH="${PROJECT_ROOT}/dist:${PATH}"
 GOPATH=$(go env GOPATH)
-GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"
 
 # output tool versions
 go version
@@ -45,7 +41,6 @@ APIMACHINERY_PKGS=(
 
 export GO111MODULE=on
 [ -e ./v2 ] || ln -s . v2
-[ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
 
 # protoc_include is the include directory containing the .proto files distributed with protoc binary
 if [ -d /dist/protoc-include ]; then
@@ -58,17 +53,10 @@ fi
 
 go-to-protobuf \
     --go-header-file="${PROJECT_ROOT}"/hack/custom-boilerplate.go.txt \
-    --packages="$(
-        IFS=,
-        echo "${PACKAGES[*]}"
-    )" \
-    --apimachinery-packages="$(
-        IFS=,
-        echo "${APIMACHINERY_PKGS[*]}"
-    )" \
-    --proto-import="${PROJECT_ROOT}"/vendor \
-    --proto-import="${protoc_include}" \
-    --output-base="${GOPATH}/src/"
+    --packages="$(IFS=, ; echo "${PACKAGES[*]}")" \
+    --apimachinery-packages="$(IFS=, ; echo "${APIMACHINERY_PKGS[*]}")" \
+    --proto-import=./vendor \
+    --proto-import="${protoc_include}"
 
 # Either protoc-gen-go, protoc-gen-gofast, or protoc-gen-gogofast can be used to build
 # server/*/<service>.pb.go from .proto files. golang/protobuf and gogo/protobuf can be used
@@ -98,11 +86,9 @@ for i in ${PROTO_FILES}; do
         --${GOPROTOBINARY}_out=plugins=grpc:"$GOPATH"/src \
         --grpc-gateway_out=logtostderr=true:"$GOPATH"/src \
         --swagger_out=logtostderr=true:. \
-        "$i"
+        $i
 done
-
-[ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
-[ -L ./v2 ] && rm -rf v2
+[ -e ./v2 ] && rm -rf v2
 
 # collect_swagger gathers swagger files into a subdirectory
 collect_swagger() {
@@ -111,7 +97,7 @@ collect_swagger() {
     PRIMARY_SWAGGER=$(mktemp)
     COMBINED_SWAGGER=$(mktemp)
 
-    cat <<EOF >"${PRIMARY_SWAGGER}"
+    cat <<EOF > "${PRIMARY_SWAGGER}"
 {
   "swagger": "2.0",
   "info": {
@@ -125,7 +111,7 @@ EOF
 
     rm -f "${SWAGGER_OUT}"
 
-    find "${SWAGGER_ROOT}" -name '*.swagger.json' -exec swagger mixin --ignore-conflicts "${PRIMARY_SWAGGER}" '{}' \+ >"${COMBINED_SWAGGER}"
+    find "${SWAGGER_ROOT}" -name '*.swagger.json' -exec swagger mixin --ignore-conflicts "${PRIMARY_SWAGGER}" '{}' \+ > "${COMBINED_SWAGGER}"
     jq -r 'del(.definitions[].properties[]? | select(."$ref"!=null and .description!=null).description) | del(.definitions[].properties[]? | select(."$ref"!=null and .title!=null).title) |
       # The "array" and "map" fields have custom unmarshaling. Modify the swagger to reflect this.
       .definitions.v1alpha1ApplicationSourcePluginParameter.properties.array = {"description":"Array is the value of an array type parameter.","type":"array","items":{"type":"string"}} |
@@ -134,10 +120,10 @@ EOF
       del(.definitions.v1alpha1OptionalMap) |
       # Output for int64 is incorrect, because it is based on proto definitions, where int64 is a string. In our JSON API, we expect int64 to be an integer. https://github.com/grpc-ecosystem/grpc-gateway/issues/219
       (.definitions[]?.properties[]? | select(.type == "string" and .format == "int64")) |= (.type = "integer")
-    ' "${COMBINED_SWAGGER}" |
-        jq '.definitions.v1Time.type = "string" | .definitions.v1Time.format = "date-time" | del(.definitions.v1Time.properties)' |
-        jq '.definitions.v1alpha1ResourceNode.allOf = [{"$ref": "#/definitions/v1alpha1ResourceRef"}] | del(.definitions.v1alpha1ResourceNode.properties.resourceRef) ' \
-            >"${SWAGGER_OUT}"
+    ' "${COMBINED_SWAGGER}" | \
+    jq '.definitions.v1Time.type = "string" | .definitions.v1Time.format = "date-time" | del(.definitions.v1Time.properties)' | \
+    jq '.definitions.v1alpha1ResourceNode.allOf = [{"$ref": "#/definitions/v1alpha1ResourceRef"}] | del(.definitions.v1alpha1ResourceNode.properties.resourceRef) ' \
+    > "${SWAGGER_OUT}"
 
     /bin/rm "${PRIMARY_SWAGGER}" "${COMBINED_SWAGGER}"
 }
@@ -153,3 +139,4 @@ clean_swagger server
 clean_swagger reposerver
 clean_swagger controller
 clean_swagger cmpserver
+

hack/update-codegen.sh

@@ -19,31 +19,21 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-PROJECT_ROOT=$(
-  cd $(dirname ${BASH_SOURCE})/..
-  pwd
-)
+PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd)
 PATH="${PROJECT_ROOT}/dist:${PATH}"
-GOPATH=$(go env GOPATH)
-GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"
 
 TARGET_SCRIPT=/tmp/generate-groups.sh
 
 # codegen utilities are installed outside of generate-groups.sh so remove the `go install` step in the script.
-sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/generate-groups.sh >${TARGET_SCRIPT}
+sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/generate-groups.sh > ${TARGET_SCRIPT}
 
 # generate-groups.sh assumes codegen utilities are installed to GOBIN, but we just ensure the CLIs
 # are in the path and invoke them without assumption of their location
 sed -i.bak -e 's#${gobin}/##g' ${TARGET_SCRIPT}
 
 [ -e ./v2 ] || ln -s . v2
-[ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
-
 bash -x ${TARGET_SCRIPT} "deepcopy,client,informer,lister" \
   github.com/argoproj/argo-cd/v2/pkg/client github.com/argoproj/argo-cd/v2/pkg/apis \
   "application:v1alpha1" \
-  --go-header-file "${PROJECT_ROOT}/hack/custom-boilerplate.go.txt" \
-  --output-base "${GOPATH}/src"
-
-[ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
-[ -L ./v2 ] && rm -rf v2
+  --go-header-file ${PROJECT_ROOT}/hack/custom-boilerplate.go.txt
+[ -e ./v2 ] && rm -rf v2

hack/update-openapi.sh

@@ -5,30 +5,20 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-PROJECT_ROOT=$(
-  cd $(dirname "$0")/..
-  pwd
-)
+PROJECT_ROOT=$(cd $(dirname "$0")/.. ; pwd)
 PATH="${PROJECT_ROOT}/dist:${PATH}"
-GOPATH=$(go env GOPATH)
-GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"
-
 VERSION="v1alpha1"
-
+ 
 [ -e ./v2 ] || ln -s . v2
-[ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
-
 openapi-gen \
   --go-header-file ${PROJECT_ROOT}/hack/custom-boilerplate.go.txt \
   --input-dirs github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \
   --output-package github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \
   --report-filename pkg/apis/api-rules/violation_exceptions.list \
-  --output-base "${GOPATH}/src" \
   $@
-
-[ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
-[ -L ./v2 ] && rm -rf v2
+[ -e ./v2 ] && rm -rf v2
 
 export GO111MODULE=on
-go build -o ./dist/gen-crd-spec "${PROJECT_ROOT}/hack/gen-crd-spec"
+go build -o ./dist/gen-crd-spec ${PROJECT_ROOT}/hack/gen-crd-spec
 ./dist/gen-crd-spec
+

manifests/base/application-controller-deployment/argocd-application-controller-service.yaml

@@ -14,7 +14,7 @@ spec:
     targetPort: 8082
   - name: metrics
     protocol: TCP
-    port: 8082
-    targetPort: 8082
+    port: 8084
+    targetPort: 8084
   selector:
     app.kubernetes.io/name: argocd-application-controller

manifests/base/application-controller-deployment/argocd-application-controller-statefulset.yaml

@@ -1,15 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: argocd-application-controller
-spec:
-  replicas: 0
-  template:
-    spec:
-      containers:
-      - name: argocd-application-controller
-        args:
-        - /usr/local/bin/argocd-application-controller
-        env:
-        - name: ARGOCD_CONTROLLER_REPLICAS
-          value: "0"

manifests/base/application-controller-deployment/kustomization.yaml

@@ -2,8 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- ../application-controller-roles
 - argocd-application-controller-service.yaml
-- argocd-application-controller-statefulset.yaml
 - argocd-application-controller-deployment.yaml
-

manifests/base/application-controller-roles/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-- argocd-application-controller-sa.yaml
-- argocd-application-controller-role.yaml
-- argocd-application-controller-rolebinding.yaml

manifests/base/application-controller/kustomization.yaml

@@ -2,7 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- ../application-controller-roles
+- argocd-application-controller-sa.yaml
+- argocd-application-controller-role.yaml
+- argocd-application-controller-rolebinding.yaml
 - argocd-application-controller-statefulset.yaml
 - argocd-metrics.yaml
 - argocd-application-controller-network-policy.yaml

manifests/base/kustomization.yaml

@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.10.0-rc4
 resources:
 - ./application-controller
 - ./dex

manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml

@@ -1,88 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-    app.kubernetes.io/component: applicationset-controller
-  name: argocd-applicationset-controller
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch

manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrolebinding.yaml

@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-    app.kubernetes.io/component: applicationset-controller
-  name: argocd-applicationset-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-applicationset-controller
-subjects:
-- kind: ServiceAccount
-  name: argocd-applicationset-controller
-  namespace: argocd

manifests/cluster-rbac/applicationset-controller/kustomization.yaml

@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-- argocd-applicationset-controller-clusterrole.yaml
-- argocd-applicationset-controller-clusterrolebinding.yaml

manifests/cluster-rbac/kustomization.yaml

@@ -3,5 +3,4 @@ kind: Kustomization
 
 resources:
 - ./application-controller
-- ./applicationset-controller
 - ./server

manifests/core-install.yaml

@@ -1726,19 +1726,6 @@ spec:
                       description: ID is an auto incrementing identifier of the RevisionHistory
                       format: int64
                       type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                     revision:
                       description: Revision holds the revision the sync was performed
                         against
@@ -21039,7 +21026,7 @@ spec:
               key: applicationsetcontroller.enable.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -21363,7 +21350,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -21415,7 +21402,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -21676,7 +21663,7 @@ spec:
               key: controller.diff.server.side
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/core-install/kustomization.yaml

@@ -12,4 +12,4 @@ resources:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.10.0-rc4

manifests/crds/application-crd.yaml

@@ -1725,19 +1725,6 @@ spec:
                       description: ID is an auto incrementing identifier of the RevisionHistory
                       format: int64
                       type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                     revision:
                       description: Revision holds the revision the sync was performed
                         against

manifests/ha/base/controller-deployment/kustomization.yaml

@@ -1,17 +1,20 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+
 patches:
-- path: argocd-application-controller-statefulset.yaml
 - path: argocd-repo-server-deployment.yaml
 - path: argocd-server-deployment.yaml
+- path: argocd-application-controller-statefulset.yaml
 - path: argocd-cmd-params-cm.yaml
 
+
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
   newTag: latest
 resources:
+- ../../../base/application-controller
 - ../../../base/application-controller-deployment
 - ../../../base/applicationset-controller
 - ../../../base/dex

manifests/ha/base/kustomization.yaml

@@ -12,7 +12,7 @@ patches:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.10.0-rc4
 resources:
 - ../../base/application-controller
 - ../../base/applicationset-controller

manifests/ha/install.yaml

@@ -1726,19 +1726,6 @@ spec:
                       description: ID is an auto incrementing identifier of the RevisionHistory
                       format: int64
                       type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                     revision:
                       description: Revision holds the revision the sync was performed
                         against
@@ -20868,95 +20855,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   labels:
     app.kubernetes.io/component: server
@@ -21138,23 +21036,6 @@ subjects:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-applicationset-controller
-subjects:
-- kind: ServiceAccount
-  name: argocd-applicationset-controller
-  namespace: argocd
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
 metadata:
   labels:
     app.kubernetes.io/component: server
@@ -22402,7 +22283,7 @@ spec:
               key: applicationsetcontroller.enable.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -22525,7 +22406,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -22607,7 +22488,7 @@ spec:
               key: notificationscontroller.selfservice.enabled
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -22962,7 +22843,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -23014,7 +22895,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -23333,7 +23214,7 @@ spec:
               key: server.api.content.types
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -23621,7 +23502,7 @@ spec:
               key: controller.diff.server.side
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/ha/namespace-install.yaml

@@ -1668,7 +1668,7 @@ spec:
               key: applicationsetcontroller.enable.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -1791,7 +1791,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -1873,7 +1873,7 @@ spec:
               key: notificationscontroller.selfservice.enabled
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -2228,7 +2228,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -2280,7 +2280,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -2599,7 +2599,7 @@ spec:
               key: server.api.content.types
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -2887,7 +2887,7 @@ spec:
               key: controller.diff.server.side
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/install.yaml

@@ -1726,19 +1726,6 @@ spec:
                       description: ID is an auto incrementing identifier of the RevisionHistory
                       format: int64
                       type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                     revision:
                       description: Revision holds the revision the sync was performed
                         against
@@ -20827,95 +20814,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   labels:
     app.kubernetes.io/component: server
@@ -21065,23 +20963,6 @@ subjects:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-applicationset-controller
-subjects:
-- kind: ServiceAccount
-  name: argocd-applicationset-controller
-  namespace: argocd
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
 metadata:
   labels:
     app.kubernetes.io/component: server
@@ -21497,7 +21378,7 @@ spec:
               key: applicationsetcontroller.enable.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -21620,7 +21501,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -21702,7 +21583,7 @@ spec:
               key: notificationscontroller.selfservice.enabled
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -22008,7 +21889,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -22060,7 +21941,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -22377,7 +22258,7 @@ spec:
               key: server.api.content.types
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -22665,7 +22546,7 @@ spec:
               key: controller.diff.server.side
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

manifests/namespace-install.yaml

@@ -763,7 +763,7 @@ spec:
               key: applicationsetcontroller.enable.scm.providers
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-applicationset-controller
         ports:
@@ -886,7 +886,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: copyutil
         securityContext:
@@ -968,7 +968,7 @@ spec:
               key: notificationscontroller.selfservice.enabled
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           tcpSocket:
@@ -1274,7 +1274,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -1326,7 +1326,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         name: copyutil
         securityContext:
           allowPrivilegeEscalation: false
@@ -1643,7 +1643,7 @@ spec:
               key: server.api.content.types
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -1931,7 +1931,7 @@ spec:
               key: controller.diff.server.side
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc4
         imagePullPolicy: Always
         name: argocd-application-controller
         ports:

mkdocs.yml

@@ -128,7 +128,6 @@ nav:
     - operator-manual/server-commands/additional-configuration-method.md
   - Upgrading:
     - operator-manual/upgrading/overview.md
-    - operator-manual/upgrading/2.10-2.11.md
     - operator-manual/upgrading/2.9-2.10.md
     - operator-manual/upgrading/2.8-2.9.md
     - operator-manual/upgrading/2.7-2.8.md

pkg/apis/application/v1alpha1/generated.proto

@@ -22,9 +22,6 @@ message AWSAuthConfig {
 
   // RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
   optional string roleARN = 2;
-
-  // Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
-  optional string profile = 3;
 }
 
 // AppProject provides a logical grouping of applications, providing controls for:
@@ -1898,9 +1895,6 @@ message RevisionHistory {
 
   // Revisions holds the revision of each source in sources field the sync was performed against
   repeated string revisions = 9;
-
-  // InitiatedBy contains information about who initiated the operations
-  optional OperationInitiator initiatedBy = 10;
 }
 
 // RevisionMetadata contains metadata for a specific revision in a Git repository

pkg/apis/application/v1alpha1/openapi_generated.go

@@ -191,13 +191,6 @@ func schema_pkg_apis_application_v1alpha1_AWSAuthConfig(ref common.ReferenceCall
 							Format:      "",
 						},
 					},
-					"profile": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.",
-							Type:        []string{"string"},
-							Format:      "",
-						},
-					},
 				},
 			},
 		},
@@ -6669,19 +6662,12 @@ func schema_pkg_apis_application_v1alpha1_RevisionHistory(ref common.ReferenceCa
 							},
 						},
 					},
-					"initiatedBy": {
-						SchemaProps: spec.SchemaProps{
-							Description: "InitiatedBy contains information about who initiated the operations",
-							Default:     map[string]interface{}{},
-							Ref:         ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationInitiator"),
-						},
-					},
 				},
 				Required: []string{"deployedAt", "id"},
 			},
 		},
 		Dependencies: []string{
-			"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationInitiator", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
+			"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
 	}
 }
 

pkg/apis/application/v1alpha1/repository_types.go

@@ -196,7 +196,7 @@ func (repo *Repository) GetGitCreds(store git.CredsStore) git.Creds {
 		return git.NewHTTPSCreds(repo.Username, repo.Password, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store, repo.ForceHttpBasicAuth)
 	}
 	if repo.SSHPrivateKey != "" {
-		return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), store, repo.Proxy)
+		return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), store)
 	}
 	if repo.GithubAppPrivateKey != "" && repo.GithubAppId != 0 && repo.GithubAppInstallationId != 0 {
 		return git.NewGitHubAppCreds(repo.GithubAppId, repo.GithubAppInstallationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.Repo, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store)

pkg/apis/application/v1alpha1/types.go

@@ -1401,8 +1401,6 @@ type RevisionHistory struct {
 	Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,8,opt,name=sources"`
 	// Revisions holds the revision of each source in sources field the sync was performed against
 	Revisions []string `json:"revisions,omitempty" protobuf:"bytes,9,opt,name=revisions"`
-	// InitiatedBy contains information about who initiated the operations
-	InitiatedBy OperationInitiator `json:"initiatedBy,omitempty" protobuf:"bytes,10,opt,name=initiatedBy"`
 }
 
 // ApplicationWatchEvent contains information about application change.
@@ -1856,9 +1854,6 @@ type AWSAuthConfig struct {
 
 	// RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
 	RoleARN string `json:"roleARN,omitempty" protobuf:"bytes,2,opt,name=roleARN"`
-
-	// Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
-	Profile string `json:"profile,omitempty" protobuf:"bytes,3,opt,name=profile"`
 }
 
 // ExecProviderConfig is config used to call an external command to perform cluster authentication
@@ -2990,9 +2985,6 @@ func (c *Cluster) RawRestConfig() *rest.Config {
 			if c.Config.AWSAuthConfig.RoleARN != "" {
 				args = append(args, "--role-arn", c.Config.AWSAuthConfig.RoleARN)
 			}
-			if c.Config.AWSAuthConfig.Profile != "" {
-				args = append(args, "--profile", c.Config.AWSAuthConfig.Profile)
-			}
 			config = &rest.Config{
 				Host:            c.Server,
 				TLSClientConfig: tlsClientConfig,

pkg/apis/application/v1alpha1/zz_generated.deepcopy.go

@@ -3689,7 +3689,6 @@ func (in *RevisionHistory) DeepCopyInto(out *RevisionHistory) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	out.InitiatedBy = in.InitiatedBy
 	return
 }
 

reposerver/cache/cache.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/argoproj/gitops-engine/pkg/utils/text"
 	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
@@ -43,7 +44,7 @@ func NewCache(cache *cacheutil.Cache, repoCacheExpiration time.Duration, revisio
 	return &Cache{cache, repoCacheExpiration, revisionCacheExpiration}
 }
 
-func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...cacheutil.Options) func() (*Cache, error) {
+func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...func(client *redis.Client)) func() (*Cache, error) {
 	var repoCacheExpiration time.Duration
 	var revisionCacheExpiration time.Duration
 
@@ -224,12 +225,6 @@ func LogDebugManifestCacheKeyFields(message string, reason string, revision stri
 	}
 }
 
-func (c *Cache) SetNewRevisionManifests(newRevision string, revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, refSourceCommitSHAs ResolvedRevisions) error {
-	oldKey := manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs)
-	newKey := manifestCacheKey(newRevision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs)
-	return c.cache.RenameItem(oldKey, newKey, c.repoCacheExpiration)
-}
-
 func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions) error {
 	err := c.cache.GetItem(manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs), res)
 

reposerver/metrics/githandlers_test.go

@@ -1,122 +0,0 @@
-package metrics
-
-import (
-	"os"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"golang.org/x/sync/semaphore"
-)
-
-func TestMain(m *testing.M) {
-	os.Exit(m.Run())
-}
-
-func TestEdgeCasesAndErrorHandling(t *testing.T) {
-	tests := []struct {
-		name     string
-		setup    func()
-		teardown func()
-		testFunc func(t *testing.T)
-	}{
-		{
-			name: "lsRemoteParallelismLimitSemaphore is nil",
-			testFunc: func(t *testing.T) {
-				lsRemoteParallelismLimitSemaphore = nil
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil and Acquire returns error",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.setup != nil {
-				tt.setup()
-			}
-			if tt.teardown != nil {
-				defer tt.teardown()
-			}
-			tt.testFunc(t)
-		})
-	}
-}
-
-func TestSemaphoreFunctionality(t *testing.T) {
-	os.Setenv("ARGOCD_GIT_LSREMOTE_PARALLELISM_LIMIT", "1")
-
-	tests := []struct {
-		name     string
-		setup    func()
-		teardown func()
-		testFunc func(t *testing.T)
-	}{
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil and Acquire returns error",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.setup != nil {
-				tt.setup()
-			}
-			if tt.teardown != nil {
-				defer tt.teardown()
-			}
-			tt.testFunc(t)
-		})
-	}
-}

resource_customizations/cloudfront.aws.crossplane.io/Distribution/health.lua

@@ -1,42 +0,0 @@
-local hs = {}
-if obj.status ~= nil then
-  if obj.status.conditions ~= nil then
-    local ready = false
-    local synced = false
-    local suspended = false
-
-    for i, condition in ipairs(obj.status.conditions) do
-
-      if condition.type == "Ready" then
-        ready = condition.status == "True"
-        ready_message = condition.reason
-      elseif condition.type == "Synced" then
-        synced = condition.status == "True"
-        if condition.reason == "ReconcileError" then
-          synced_message = condition.message
-        elseif condition.reason == "ReconcilePaused" then
-          suspended = true
-          suspended_message = condition.reason
-        end
-      end
-    end
-    if ready and synced then
-      hs.status = "Healthy"
-      hs.message = ready_message
-    elseif synced == false and suspended == true then
-      hs.status = "Suspended"
-      hs.message = suspended_message
-    elseif ready == false and synced == true and suspended == false then
-      hs.status = "Progressing"
-      hs.message = "Waiting for distribution to be available"
-    else
-      hs.status = "Degraded"
-      hs.message = synced_message
-    end
-    return hs
-  end
-end
-
-hs.status = "Progressing"
-hs.message = "Waiting for distribution to be created"
-return hs

resource_customizations/cloudfront.aws.crossplane.io/Distribution/health_test.yaml

@@ -1,37 +0,0 @@
-tests:
-- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be available
-  inputPath: testdata/progressing_creating.yaml
-- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be available
-  inputPath: testdata/progressing_noavailable.yaml
-- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be available
-  inputPath: testdata/progressing.yaml
-- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be created
-  inputPath: testdata/progressing_noStatus.yaml
-- healthStatus:
-    status: Degraded
-    message: >
-      update failed: cannot update Distribution in AWS: InvalidParameter: 2
-      validation error(s) found.
-
-      - missing required field,
-      UpdateDistributionInput.DistributionConfig.Origins.Items[0].DomainName.
-
-      - missing required field,
-      UpdateDistributionInput.DistributionConfig.Origins.Items[0].Id.
-  inputPath: testdata/degraded_reconcileError.yaml
-- healthStatus:
-    status: Suspended
-    message: ReconcilePaused
-  inputPath: testdata/suspended.yaml
-- healthStatus:
-    status: Healthy
-    message: Available
-  inputPath: testdata/healthy.yaml

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/degraded_reconcileError.yaml

@@ -1,96 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: '2024-01-17T07:26:02Z'
-  generation: 2
-  name: crossplane.io
-  resourceVersion: '261942288'
-  uid: 4b50c88b-165c-4176-be8e-aa28fdec0a94
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - HEAD
-            - GET
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ''
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ''
-        enabled: false
-        includeCookies: false
-        prefix: ''
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: '2024-01-17T07:26:02Z'
-      message: >
-        update failed: cannot update Distribution in AWS: InvalidParameter: 2
-        validation error(s) found.
-
-        - missing required field,
-        UpdateDistributionInput.DistributionConfig.Origins.Items[0].DomainName.
-
-        - missing required field,
-        UpdateDistributionInput.DistributionConfig.Origins.Items[0].Id.
-      reason: ReconcileError
-      status: 'False'
-      type: Synced
-    - lastTransitionTime: '2024-01-17T07:26:03Z'
-      reason: Available
-      status: 'True'
-      type: Ready

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/healthy.yaml

@@ -1,92 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: "2023-09-07T01:01:16Z"
-  generation: 121
-  name: crossplane.io
-  resourceVersion: "254225966"
-  uid: 531d989c-a3d2-4ab4-841d-ab380cce0bdb
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - HEAD
-            - GET
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ''
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ''
-        enabled: false
-        includeCookies: false
-        prefix: ''
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: "2024-01-11T06:23:18Z"
-      reason: ReconcileSuccess
-      status: "True"
-      type: Synced
-    - lastTransitionTime: "2024-01-10T03:23:02Z"
-      reason: Available
-      status: "True"
-      type: Ready

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing.yaml

@@ -1,92 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: '2023-06-16T04:42:04Z'
-  generation: 37
-  name: crossplane.io
-  resourceVersion: '254326453'
-  uid: fd357670-b762-4285-ae83-00859c40dd6b
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: '2024-01-11T08:11:27Z'
-      reason: Unavailable
-      status: 'False'
-      type: Ready
-    - lastTransitionTime: '2024-01-11T08:11:02Z'
-      reason: ReconcileSuccess
-      status: 'True'
-      type: Synced

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_creating.yaml

@@ -1,92 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: "2023-09-07T01:01:16Z"
-  generation: 121
-  name: crossplane.io
-  resourceVersion: "254225966"
-  uid: 531d989c-a3d2-4ab4-841d-ab380cce0bdb
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: "2023-11-16T04:44:27Z"
-      reason: Creating
-      status: "False"
-      type: Ready
-    - lastTransitionTime: "2023-11-16T04:44:25Z"
-      reason: ReconcileSuccess
-      status: "True"
-      type: Synced

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_noStatus.yaml

@@ -1,82 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: "2023-09-07T01:01:16Z"
-  generation: 121
-  name: crossplane.io
-  resourceVersion: "254225966"
-  uid: 531d989c-a3d2-4ab4-841d-ab380cce0bdb
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_noavailable.yaml

@@ -1,88 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  generation: 1
-  name: crossplane.io
-  resourceVersion: "261937039"
-  uid: a52c105f-b0e1-4027-aa19-7e93f269f2a6
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  atProvider: {}
-  conditions:
-    - lastTransitionTime: "2024-01-17T07:20:35Z"
-      reason: ReconcileSuccess
-      status: "True"
-      type: Synced

resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/suspended.yaml

@@ -1,94 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  annotations:
-    crossplane.io/paused: "true"
-  creationTimestamp: "2023-06-16T04:42:04Z"
-  generation: 34
-  name: crossplane.io
-  resourceVersion: "254259056"
-  uid: fd357670-b762-4285-ae83-00859c40dd6b
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: "2023-10-16T07:40:47Z"
-      reason: Available
-      status: "True"
-      type: Ready
-    - lastTransitionTime: "2024-01-11T06:59:47Z"
-      reason: ReconcilePaused
-      status: "False"
-      type: Synced

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/health_test.yaml

@@ -1,25 +0,0 @@
-tests:
-- healthStatus:
-    status: Progressing
-    message: Waiting for resourcrecordset to be available
-  inputPath: testdata/progressing_creating.yaml
-- healthStatus:
-    status: Progressing
-    message: Waiting for resourcrecordset to be created
-  inputPath: testdata/progressing_noStatus.yaml
-- healthStatus:
-    status: Degraded
-    message: >-
-      create failed: failed to create the ResourceRecordSet resource:
-      InvalidChangeBatch: [RRSet of type CNAME with DNS name
-      www.crossplane.io. is not permitted as it conflicts with other
-      records with the same DNS name in zone crossplane.io.]
-  inputPath: testdata/degraded_reconcileError.yaml
-- healthStatus:
-    status: Suspended
-    message: ReconcilePaused
-  inputPath: testdata/suspended_reconcilePaused.yaml
-- healthStatus:
-    status: Healthy
-    message: Available
-  inputPath: testdata/healthy.yaml

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/heatlh.lua

@@ -1,41 +0,0 @@
-local hs = {}
-if obj.status ~= nil then
-  if obj.status.conditions ~= nil then
-    local ready = false
-    local synced = false
-    local suspended = false
-    for i, condition in ipairs(obj.status.conditions) do
-
-      if condition.type == "Ready" then
-        ready = condition.status == "True"
-        ready_message = condition.reason
-      elseif condition.type == "Synced" then
-        synced = condition.status == "True"
-        if condition.reason == "ReconcileError" then
-          synced_message = condition.message
-        elseif condition.reason == "ReconcilePaused" then
-          suspended = true
-          suspended_message = condition.reason
-        end
-      end
-    end
-    if ready and synced then
-      hs.status = "Healthy"
-      hs.message = ready_message
-    elseif synced == false and suspended == true then
-      hs.status = "Suspended"
-      hs.message = suspended_message
-    elseif ready == false and synced == true and suspended == false then
-      hs.status = "Progressing"
-      hs.message = "Waiting for resourcrecordset to be available"
-    else
-      hs.status = "Degraded"
-      hs.message = synced_message
-    end
-    return hs
-  end
-end
-
-hs.status = "Progressing"
-hs.message = "Waiting for resourcrecordset to be created"
-return hs

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/degraded_reconcileError.yaml

@@ -1,35 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: '2024-01-11T03:48:32Z'
-  generation: 1
-  name: www-domain
-  resourceVersion: '187731157'
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: c9c85395-0830-4549-b255-e9e426663547
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    resourceRecords:
-      - value: www.crossplane.io
-    setIdentifier: www
-    ttl: 60
-    type: CNAME
-    weight: 0
-    zoneId: ABCDEFGAB07CD
-status:
-  conditions:
-    - lastTransitionTime: '2024-01-11T03:48:57Z'
-      message: >-
-        create failed: failed to create the ResourceRecordSet resource:
-        InvalidChangeBatch: [RRSet of type CNAME with DNS name
-        www.crossplane.io. is not permitted as it conflicts with other
-        records with the same DNS name in zone crossplane.io.]
-      reason: ReconcileError
-      status: 'False'
-      type: Synced
-    - lastTransitionTime: '2024-01-11T03:48:34Z'
-      reason: Creating
-      status: 'False'
-      type: Ready

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/healthy.yaml

@@ -1,29 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: "2023-11-16T04:44:19Z"
-  generation: 4
-  name: www-domain
-  resourceVersion: "140397563"
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: 11f0d48d-134f-471b-9340-b6d45d953fcb
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    zoneId: A1B2C3D4
-    type: A
-    aliasTarget:
-      dnsName: abcdefg.cloudfront.net.
-      evaluateTargetHealth: false
-      hostedZoneId: AZBZCZDEFG
-status:
-  conditions:
-  - lastTransitionTime: "2023-11-16T04:44:27Z"
-    reason: Available
-    status: "True"
-    type: Ready
-  - lastTransitionTime: "2023-11-16T04:44:25Z"
-    reason: ReconcileSuccess
-    status: "True"
-    type: Synced

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/progressing_creating.yaml

@@ -1,29 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: "2023-11-16T04:44:19Z"
-  generation: 4
-  name: www-domain
-  resourceVersion: "140397563"
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: 11f0d48d-134f-471b-9340-b6d45d953fcb
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    zoneId: A1B2C3D4
-    type: A
-    aliasTarget:
-      dnsName: abcdefg.cloudfront.net.
-      evaluateTargetHealth: false
-      hostedZoneId: AZBZCZDEFG
-status:
-  conditions:
-  - lastTransitionTime: "2023-11-16T04:44:27Z"
-    reason: Creating
-    status: "False"
-    type: Ready
-  - lastTransitionTime: "2023-11-16T04:44:25Z"
-    reason: ReconcileSuccess
-    status: "True"
-    type: Synced

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/progressing_noStatus.yaml

@@ -1,19 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: "2023-11-16T04:44:19Z"
-  generation: 4
-  name: www-domain
-  resourceVersion: "140397563"
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: 11f0d48d-134f-471b-9340-b6d45d953fcb
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    zoneId: A1B2C3D4
-    type: A
-    aliasTarget:
-      dnsName: abcdefg.cloudfront.net.
-      evaluateTargetHealth: false
-      hostedZoneId: AZBZCZDEFG

resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/suspended_reconcilePaused.yaml

@@ -1,27 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  annotations:
-    crossplane.io/paused: "true"
-  creationTimestamp: "2024-01-11T04:16:15Z"
-  generation: 1
-  name: www-domain
-  resourceVersion: "187746011"
-  uid: 5517b419-5052-43d9-941e-c32f60d8c7e5
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    resourceRecords:
-      - value: www.crossplane.io
-    setIdentifier: www
-    ttl: 60
-    type: CNAME
-    weight: 0
-    zoneId: ABCDEFGAB07CD
-status:
-  conditions:
-    - lastTransitionTime: "2024-01-11T04:16:16Z"
-      reason: ReconcilePaused
-      status: "False"
-      type: Synced