Compare commits

...

131 Commits

Author SHA1 Message Date
1102
74b8bfac72 fix: Ensure RevisionMetadataPanel refreshes on revision change (#19580)
Signed-off-by: nueavv <nuguni@kakao.com>
2024-08-20 11:50:12 -04:00
Kunho Lee
7a1dfc2307 feat(hydrator): handle sourceHydrator fields from webhook (#19397)
* feat(hydrator): handle sourceHydrator fields from webhook

Signed-off-by: daengdaengLee <gunho1020@gmail.com>

* fix: use GetDrySource instead of GetHydratorDrySource

Signed-off-by: daengdaengLee <gunho1020@gmail.com>

* test: test if the hydration is properly triggered in the webhook when SourceHydrator is configured

Signed-off-by: daengdaengLee <gunho1020@gmail.com>

---------

Signed-off-by: daengdaengLee <gunho1020@gmail.com>
2024-08-19 10:13:17 -04:00
Michael Crenshaw
89c22c2f95 Merge branch 'commit-server' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-14 15:10:23 -04:00
Michael Crenshaw
cb2feec273 feat(hydrator): add commit-server component
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Omer Azmon <omer_azmon@intuit.com>
Co-authored-by: daengdaengLee <gunho1020@gmail.com>
Co-authored-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>
Co-authored-by: thisishwan2 <feel000617@gmail.com>
Co-authored-by: mirageoasis <kimhw0820@naver.com>
Co-authored-by: Robin Lieb <robin.j.lieb@gmail.com>
Co-authored-by: miiiinju1 <gms07073@ynu.ac.kr>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

go mod tidy

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

one test file for both implementations

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

simplify

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

fix test for linux

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

fix git client mock

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

fix git client mock

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

address comments

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

unit tests

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

lint

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-14 12:30:45 -04:00
Michael Crenshaw
73371f981a hacky but functional creds UI support
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-14 12:29:56 -04:00
Michael Crenshaw
79829eca98 feat(hydrator): add sourceHydrator types
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Omer Azmon <omer_azmon@intuit.com>
Co-authored-by: daengdaengLee <gunho1020@gmail.com>
Co-authored-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>
Co-authored-by: thisishwan2 <feel000617@gmail.com>
Co-authored-by: mirageoasis <kimhw0820@naver.com>
Co-authored-by: Robin Lieb <robin.j.lieb@gmail.com>
Co-authored-by: miiiinju1 <gms07073@ynu.ac.kr>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-12 17:08:02 -04:00
Michael Crenshaw
77029cbdc9 partial creds add UI
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-12 16:02:22 -04:00
Michael Crenshaw
b8601fe940 more logs
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-12 13:24:50 -04:00
Michael Crenshaw
dc675de3dd test error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-12 12:44:31 -04:00
Michael Crenshaw
ac27d50d31 simplify
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-12 12:38:38 -04:00
Kevin
6045ea243a feat: Refactor writeManifests function for simplification and better error handling (#19447)
Signed-off-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>
2024-08-12 12:23:51 -04:00
Michael Crenshaw
0789d44429 simplify, more tests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-11 20:56:41 -04:00
Michael Crenshaw
e41b4851b0 lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-11 17:07:23 -04:00
Michael Crenshaw
01cd32916c ui improvements
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-11 16:57:54 -04:00
Michael Crenshaw
1e233c1949 fix enum, ui fixes
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-11 16:36:51 -04:00
Michael Crenshaw
4911a41e00 tidy
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-11 16:17:24 -04:00
Michael Crenshaw
f4a368cd44 ui improvements; new queue for app hydration; lots of bug fixes
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-11 16:09:04 -04:00
Michael Crenshaw
257c419550 revert unnecessary changes
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-10 20:44:51 -04:00
Michael Crenshaw
f541a8e9d5 remove previewer code; will wait for another PR
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-10 20:23:10 -04:00
Michael Crenshaw
4507984205 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-10 20:19:58 -04:00
Michael Crenshaw
95021e1984 more logging, don't always re-hydrate
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-10 19:01:43 -04:00
Michael Crenshaw
053d0f98f3 test adding a second app
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-10 17:03:53 -04:00
Michael Crenshaw
38ddab3c78 handle changes to sourceHydrator field
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-10 16:28:09 -04:00
Kim Minju
91e63d75f8 test: add Unit Tests for SecureMkdirAll Function (#19471)
* Add test for SecureMkdirAll with existing directory

- Verify that SecureMkdirAll correctly handles the case where the directory already exists.
- Ensure that the same path is returned when creating an existing directory.

Signed-off-by: miiiinju1 <gms07073@ynu.ac.kr>

* Add test for SecureMkdirAll with file path

- Ensure SecureMkdirAll returns an error when a file path is provided instead of a directory.
- Check that the error message indicates a failure to create a directory.

Signed-off-by: miiiinju1 <gms07073@ynu.ac.kr>

* Add test for SecureMkdirAll with dot-dot path

- Test SecureMkdirAll with a path containing  to ensure it doesn't traverse outside the root directory.
- Verify that the resulting path is as expected and does not use relative paths that escape the root directory.

Signed-off-by: miiiinju1 <gms07073@ynu.ac.kr>

---------

Signed-off-by: miiiinju1 <gms07073@ynu.ac.kr>
2024-08-10 13:19:32 -04:00
Michael Crenshaw
9ea972556b test failed sync with hydrateTo
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-09 15:22:52 -04:00
Michael Crenshaw
e227d71abf better filenames
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-09 14:53:10 -04:00
Michael Crenshaw
d82f140300 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-09 14:06:51 -04:00
Michael Crenshaw
b0693a642c Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-09 10:18:50 -04:00
Robin Lieb
8727b17067 feat(hydrator): add metrics on getting git creds user info (#19427)
* feat(hydrator): add metrics on getting git creds user info

Signed-off-by: Robin Lieb <robin.j.lieb@gmail.com>

* feat: move credential helper to private function

---------

Signed-off-by: Robin Lieb <robin.j.lieb@gmail.com>
2024-08-08 16:13:05 -04:00
Michael Crenshaw
06d499deb0 remove unused fields
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-08 12:02:25 -04:00
Michael Crenshaw
17cd8b756e Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 16:41:48 -04:00
Michael Crenshaw
768bc92d26 fix import
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 16:39:37 -04:00
Michael Crenshaw
8802205257 remove unused service
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 16:39:06 -04:00
Michael Crenshaw
6b8a00342d remove duplicate implementation of secure dir creation logic
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 14:54:28 -04:00
Michael Crenshaw
012887a246 fix test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 13:24:14 -04:00
mirageoasis
d83ceab37c test: add unit test for util.go makeSecureTempDir function (#19369)
* test: added test for util.go

Signed-off-by: mirageoasis <kimhw0820@naver.com>

* refactor: fixed to require statement

Signed-off-by: mirageoasis <kimhw0820@naver.com>

* style tweaks

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: mirageoasis <kimhw0820@naver.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 12:17:21 -04:00
Michael Crenshaw
fcd240b704 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-06 11:58:43 -04:00
Michael Crenshaw
fa2338016b fix build error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-04 22:00:26 -04:00
Michael Crenshaw
2819ef942f fix build error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-04 21:50:36 -04:00
Kunho Lee
9d29353961 test: add unit test for util.git.Client.CommitAndPush (#19354)
Signed-off-by: daengdaengLee <gunho1020@gmail.com>
2024-08-04 18:00:41 -04:00
thisishwan2
c7cf4bb9e2 feat: use MkdirAll by OS(#19301) (#19323)
* feat: add mkdir provider interface and Implementation for os

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* fix: Using MkdirAll Functions by OS

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* fix: Modifying implementations for linux and non-linux

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* remove: unused interface

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* fix: remove struct & use SecureMkdirAll func

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* fix: use SecureMkdirAll func

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* feat: add unit test SecureMkdirAll func

Signed-off-by: thisishwan2 <feel000617@gmail.com>

* tweaks

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: thisishwan2 <feel000617@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-04 17:57:37 -04:00
Michael Crenshaw
14b19dae7a rename endpoints to allow more clarity when more are added
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-01 15:29:41 -04:00
Michael Crenshaw
fbcdc65308 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-08-01 13:25:15 -04:00
Michael Crenshaw
7cc04b830e Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-31 13:53:55 -04:00
Kevin
1bb5763bd7 test: Add unit tests for WriteForPaths function (#19311)
* test: Add unit tests for WriteForPaths function

Signed-off-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>

* test: refactor unit tests for WriteForPaths function

Signed-off-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>

---------

Signed-off-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>
2024-07-31 13:40:14 -04:00
Michael Crenshaw
2d8824482c Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 17:10:45 -04:00
Michael Crenshaw
c49ffae139 housekeeping
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 14:53:12 -04:00
Kevin
2315f8ae44 test: Add unit tests for HydratorHelper methods (#19308)
* test: Add unit tests for HydratorHelper methods

Signed-off-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>

* lint

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Juwon Hwang (Kevin) <juwon8891@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 14:15:51 -04:00
Michael Crenshaw
9221cdd780 simplify commit API, more docstrings
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 14:07:57 -04:00
Michael Crenshaw
652541c065 lint, refactor
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 12:56:28 -04:00
Michael Crenshaw
e781a08d86 graceful shutdown of commit server
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 11:19:36 -04:00
Michael Crenshaw
519fadc538 make directory for commit server output
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 10:39:24 -04:00
Michael Crenshaw
62ff4093e8 record e2e coverage
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-30 09:35:40 -04:00
Michael Crenshaw
31b46348d9 fix test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-29 21:05:04 -04:00
Michael Crenshaw
e9385c8949 codegen
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-29 21:04:59 -04:00
Michael Crenshaw
d516fd82e1 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-29 20:46:45 -04:00
Michael Crenshaw
40b7280953 lint, fix old function calls
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-29 20:45:33 -04:00
Michael Crenshaw
3b7bbcefdf wait feature for CLI, more debug lines in commit server, e2e test works
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-29 20:42:03 -04:00
Kunho Lee
f7fece9ad2 test: add unit test for util.git.Client.RemoveContents (#19288)
Signed-off-by: daengdaengLee <gunho1020@gmail.com>
2024-07-29 10:09:05 -04:00
Michael Crenshaw
4d0969aa28 lint and codegen
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-27 18:54:15 -04:00
Michael Crenshaw
64c1d4d4af Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-27 18:21:59 -04:00
Kunho Lee
9554f57690 test: add unit test for util.git.Client.CheckoutOrNew (#19274)
Signed-off-by: daengdaengLee <gunho1020@gmail.com>
2024-07-27 18:20:27 -04:00
Michael Crenshaw
73b953ddb9 add app create CLI support and stub out an e2e test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-27 18:15:56 -04:00
Michael Crenshaw
4a39e608b1 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-26 16:51:08 -04:00
Michael Crenshaw
8e6fd8ff46 more cleanup
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-26 16:50:25 -04:00
Michael Crenshaw
51bd8b11c3 clean up commit.go
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-26 15:10:52 -04:00
Michael Crenshaw
0c8242f7e4 more metrics, plus docs
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-25 17:04:30 -04:00
Michael Crenshaw
d69a78f63f add more git metrics
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-25 17:00:00 -04:00
Michael Crenshaw
11daa4e153 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-25 16:35:42 -04:00
Michael Crenshaw
6acd67e26b add metrics server
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-24 13:14:30 -04:00
Kunho Lee
449fa4e29f test: add unit test for util.git.Client.CheckoutOrOrphan (#19191)
* test: add unit test for util.git.Client.CheckoutOrOrphan

Signed-off-by: daengdaengLee <gunho1020@gmail.com>

* test,fix: set author before do git actions

Signed-off-by: daengdaengLee <gunho1020@gmail.com>

---------

Signed-off-by: daengdaengLee <gunho1020@gmail.com>
2024-07-24 11:38:22 -04:00
Michael Crenshaw
e79aa171fa Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-23 12:18:24 -04:00
Michael Crenshaw
40028b4078 fix nil reference error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-23 11:39:40 -04:00
Michael Crenshaw
2cdb25ad4c support kustomize commands
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-23 11:22:24 -04:00
Michael Crenshaw
6f3ddda2d7 lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-23 10:29:01 -04:00
Michael Crenshaw
4b0eeb6a18 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-23 10:26:33 -04:00
Michael Crenshaw
cf90d8ce50 clean up generated swagger doc
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 16:12:06 -04:00
Michael Crenshaw
a9ba5cd3a1 better package name
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 16:00:16 -04:00
Michael Crenshaw
3910aa088a better package name
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 15:59:38 -04:00
Michael Crenshaw
f8f7baf467 fix incorrect socket path
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 15:58:39 -04:00
Michael Crenshaw
28bae8fe4d centralize user info code
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 15:57:13 -04:00
Michael Crenshaw
4eaeee320d remove accidental file
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 14:40:18 -04:00
Michael Crenshaw
a2501be80a Merge branch 'hydrator' of https://github.com/argoproj/argo-cd into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 14:34:57 -04:00
Michael Crenshaw
1edba58774 use mockery.yaml
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 14:33:37 -04:00
Kunho Lee
c3efa44a58 test: add unit test for util.git.Client.SetAuthor (#19128)
Signed-off-by: daengdaengLee <gunho1020@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 13:59:39 -04:00
Michael Crenshaw
e8c505fe3c update mocks, basic path redaction, fix tests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-22 12:57:34 -04:00
Michael Crenshaw
6b9c743b42 added basic dupe destination detection; still buggy
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-19 17:24:31 -04:00
Michael Crenshaw
282702e571 use different socket paths to avoid collisions during local development
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-19 17:02:08 -04:00
Michael Crenshaw
51122b913d simplify hydrate queue processor - only process for the requested source branch
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-19 16:35:22 -04:00
Michael Crenshaw
8c1983de60 fix field names, readability
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-19 16:15:59 -04:00
Michael Crenshaw
a4422a4745 Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-19 13:49:10 -04:00
Michael Crenshaw
bbe8b0cc2e Merge remote-tracking branch 'origin/master' into hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-15 16:10:44 -04:00
Michael Crenshaw
34a00bdc10 don't expose unnecessary public function
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-15 15:54:58 -04:00
Michael Crenshaw
c5961c9f5c lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-08 15:58:22 -04:00
Michael Crenshaw
8046ec330f fix retry, use main git client
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-08 15:47:21 -04:00
Michael Crenshaw
36b74225fc Merge remote-tracking branch 'origin/master' into previewer
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-07-05 15:53:46 -04:00
Michael Crenshaw
1dfd0eb9ff fix UI error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-14 10:10:31 -04:00
Michael Crenshaw
d27d8c0bae lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-11 22:24:45 -04:00
Michael Crenshaw
bbd83207ca lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-11 22:14:24 -04:00
Michael Crenshaw
f4a12e8cdc lint ui
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-11 22:07:20 -04:00
Michael Crenshaw
a677d43c1b Merge remote-tracking branch 'origin/master' into previewer
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-11 22:02:53 -04:00
Michael Crenshaw
02b7258c68 more docs, some abstraction of functions
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-11 21:29:45 -04:00
Michael Crenshaw
e0fc424011 commit service as standalone deployment
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-10 21:43:05 -04:00
Michael Crenshaw
26c4235361 remove temp dir
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-10 16:27:44 -04:00
Michael Crenshaw
e784875825 Merge remote-tracking branch 'origin/master' into previewer
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-06 13:18:08 -04:00
Michael Crenshaw
ffcbb8068a Merge remote-tracking branch 'origin/master' into previewer
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-06 10:28:18 -04:00
Michael Crenshaw
d28b53f43d fix diff order and update bot name
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-06-03 14:29:10 -04:00
Michael Crenshaw
bc11a49e25 add merge action
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-29 13:23:19 -04:00
Michael Crenshaw
e598333528 use shared auth, better error handling
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-29 13:23:02 -04:00
Michael Crenshaw
f1c58bb7db finish previewer PoC
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-28 16:14:19 -04:00
Michael Crenshaw
68c968047c Merge remote-tracking branch 'crenshaw-dev/manifest-hydrator' into previewer
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-24 16:36:42 -04:00
Omer Azmon
b277580aff add sleep to main loop 2024-05-24 10:16:37 -07:00
Omer Azmon
044375a797 add previewer POC untested 2024-05-23 19:47:49 -07:00
Alexandre Gaudreault
62d4894d51 fix: for helm namespace (#23)
* feat: manifest hydrator

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* it's monitoring both branches now

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* push works w/ my personal creds

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* write metadata, readme, and commands

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* handle missing branches, missing manifest files, and no-op changes

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* don't set release name or namespace to values from the app CR

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* more determinism

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* handle new branches

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* show hydration progress

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* use workqueue

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* use securejoin, use log contexts, clean up temp dirs

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* use app auth for github only

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>

* it works

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>

* retry failed operations

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>

* fix

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>

* codegen

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>

* it just works

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>

---------

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-23 15:42:20 -04:00
Michael Crenshaw
74d4e980f9 use securejoin, use log contexts, clean up temp dirs
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:08:31 -04:00
Michael Crenshaw
9dc94b08a6 use workqueue
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:08:31 -04:00
Michael Crenshaw
29d8937de6 show hydration progress
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:08:28 -04:00
Michael Crenshaw
0caa4d3d33 handle new branches
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:05:24 -04:00
Michael Crenshaw
207f0aba5d more determinism
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:05:21 -04:00
Michael Crenshaw
8257311db2 don't set release name or namespace to values from the app CR
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:02:33 -04:00
Michael Crenshaw
9944e2a8d1 handle missing branches, missing manifest files, and no-op changes
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:02:33 -04:00
Michael Crenshaw
87d2f3f263 write metadata, readme, and commands
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 20:02:28 -04:00
Michael Crenshaw
55f3fa8b53 push works w/ my personal creds
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 19:59:30 -04:00
Michael Crenshaw
ccf18147b2 it's monitoring both branches now
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 19:59:27 -04:00
Michael Crenshaw
a1e8e1f17d feat: manifest hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-05-21 19:55:05 -04:00
Argo CD Hydrator
f816ada864 hydrate 6241416c8ef1a94d3c80f38fa2f1f865608886f7
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-04-24 11:09:24 -04:00
Argo CD Hydrator
ebb71a0018 hydrate f0cc9868393be8abf156adb963f66b9ec8417f37
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-04-24 10:56:51 -04:00
Argo CD Hydrator
8bd52a7b74 hydrate 665d6fd139b3bcf2df0ff4b464f2fe42597f2455
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-04-24 10:54:59 -04:00
Argo CD Hydrator
2d43a8331f hydrate
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-04-24 10:54:56 -04:00
Michael Crenshaw
dd7952e389 it's monitoring both branches now
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-04-23 17:02:39 -04:00
Michael Crenshaw
037d098d7c feat: manifest hydrator
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2024-04-22 10:47:52 -04:00
119 changed files with 14835 additions and 1129 deletions

View File

@@ -365,11 +365,11 @@ jobs:
path: test-results
- name: combine-go-coverage
# We generate coverage reports for all Argo CD components, but only the applicationset-controller,
# app-controller, and repo-server report contain coverage data. The other components currently don't shut down
# gracefully, so no coverage data is produced. Once those components are fixed, we can add references to their
# coverage output directories.
# app-controller, repo-server, and commit-server report contain coverage data. The other components currently
# don't shut down gracefully, so no coverage data is produced. Once those components are fixed, we can add
# references to their coverage output directories.
run: |
go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller -o test-results/full-coverage.out
go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
- name: Upload code coverage information to codecov.io
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
with:

View File

@@ -26,6 +26,13 @@ packages:
github.com/argoproj/argo-cd/v2/applicationset/utils:
interfaces:
Renderer:
github.com/argoproj/argo-cd/v2/commitserver/commit:
interfaces:
RepoClientFactory:
github.com/argoproj/argo-cd/v2/commitserver/apiclient:
interfaces:
CommitServiceClient:
Clientset:
github.com/argoproj/argo-cd/v2/controller/cache:
interfaces:
LiveStateCache:

View File

@@ -472,6 +472,7 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local
mkdir -p /tmp/coverage/repo-server
mkdir -p /tmp/coverage/applicationset-controller
mkdir -p /tmp/coverage/notification
mkdir -p /tmp/coverage/commit-server
# set paths for locally managed ssh known hosts and tls certs data
ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \
ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \

View File

@@ -1,9 +1,11 @@
controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1 FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}"
controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1 FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --commit-server localhost:${ARGOCD_E2E_COMMITSERVER_PORT:-8086} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}"
api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} docker.io/library/redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
git-server: test/fixture/testrepos/start-git.sh
helm-registry: test/fixture/testrepos/start-helm-registry.sh

165
assets/swagger.json generated
View File

@@ -3290,6 +3290,12 @@
"description": "App project for query.",
"name": "appProject",
"in": "query"
},
{
"type": "string",
"description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
"name": "type",
"in": "query"
}
],
"responses": {
@@ -3334,6 +3340,12 @@
"description": "Whether to operate on credential set instead of repository.",
"name": "credsOnly",
"in": "query"
},
{
"type": "boolean",
"description": "Write determines whether the credential will be stored as a read credential or a write credential.",
"name": "write",
"in": "query"
}
],
"responses": {
@@ -3374,6 +3386,12 @@
"schema": {
"$ref": "#/definitions/v1alpha1Repository"
}
},
{
"type": "boolean",
"description": "Write determines whether the credential to be updated is a read credential or a write credential.",
"name": "write",
"in": "query"
}
],
"responses": {
@@ -3418,6 +3436,12 @@
"description": "App project for query.",
"name": "appProject",
"in": "query"
},
{
"type": "string",
"description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
"name": "type",
"in": "query"
}
],
"responses": {
@@ -3460,6 +3484,12 @@
"description": "App project for query.",
"name": "appProject",
"in": "query"
},
{
"type": "string",
"description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
"name": "type",
"in": "query"
}
],
"responses": {
@@ -3550,6 +3580,12 @@
"description": "App project for query.",
"name": "appProject",
"in": "query"
},
{
"type": "string",
"description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
"name": "type",
"in": "query"
}
],
"responses": {
@@ -3593,6 +3629,12 @@
"description": "App project for query.",
"name": "appProject",
"in": "query"
},
{
"type": "string",
"description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
"name": "type",
"in": "query"
}
],
"responses": {
@@ -6747,6 +6789,9 @@
"source": {
"$ref": "#/definitions/v1alpha1ApplicationSource"
},
"sourceHydrator": {
"$ref": "#/definitions/v1alpha1SourceHydrator"
},
"sources": {
"type": "array",
"title": "Sources is a reference to the location of the application's manifests or chart",
@@ -6804,6 +6849,9 @@
"$ref": "#/definitions/v1alpha1ResourceStatus"
}
},
"sourceHydrator": {
"$ref": "#/definitions/v1alpha1SourceHydratorStatus"
},
"sourceType": {
"type": "string",
"title": "SourceType specifies the type of this application"
@@ -7214,6 +7262,24 @@
}
}
},
"v1alpha1DrySource": {
"description": "DrySource specifies a location for dry \"don't repeat yourself\" manifest source information.",
"type": "object",
"properties": {
"path": {
"type": "string",
"title": "Path is a directory path within the Git repository where the manifests are located"
},
"repoURL": {
"type": "string",
"title": "RepoURL is the URL to the git repository that contains the application manifests"
},
"targetRevision": {
"type": "string",
"title": "TargetRevision defines the revision of the source to hydrate"
}
}
},
"v1alpha1DuckTypeGenerator": {
"description": "DuckType defines a generator to match against clusters registered with ArgoCD.",
"type": "object",
@@ -7465,6 +7531,47 @@
}
}
},
"v1alpha1HydrateOperation": {
"type": "object",
"title": "HydrateOperation contains information about the most recent hydrate operation",
"properties": {
"drySHA": {
"type": "string",
"title": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation"
},
"finishedAt": {
"$ref": "#/definitions/v1Time"
},
"hydratedSHA": {
"type": "string",
"title": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation"
},
"message": {
"type": "string",
"title": "Message contains a message describing the current status of the hydrate operation"
},
"phase": {
"type": "string",
"title": "Phase indicates the status of the hydrate operation"
},
"sourceHydrator": {
"$ref": "#/definitions/v1alpha1SourceHydrator"
},
"startedAt": {
"$ref": "#/definitions/v1Time"
}
}
},
"v1alpha1HydrateTo": {
"description": "HydrateTo specifies a location to which hydrated manifests should be pushed as a \"staging area\" before being moved to\nthe SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.",
"type": "object",
"properties": {
"targetBranch": {
"type": "string",
"title": "TargetBranch is the branch to which hydrated manifests should be committed"
}
}
},
"v1alpha1Info": {
"type": "object",
"properties": {
@@ -9101,6 +9208,50 @@
}
}
},
"v1alpha1SourceHydrator": {
"description": "SourceHydrator specifies a dry \"don't repeat yourself\" source for manifests, a sync source from which to sync\nhydrated manifests, and an optional hydrateTo location to act as a \"staging\" aread for hydrated manifests.",
"type": "object",
"properties": {
"drySource": {
"$ref": "#/definitions/v1alpha1DrySource"
},
"hydrateTo": {
"$ref": "#/definitions/v1alpha1HydrateTo"
},
"syncSource": {
"$ref": "#/definitions/v1alpha1SyncSource"
}
}
},
"v1alpha1SourceHydratorStatus": {
"type": "object",
"title": "SourceHydratorStatus contains information about the current state of source hydration",
"properties": {
"currentOperation": {
"$ref": "#/definitions/v1alpha1HydrateOperation"
},
"lastSuccessfulOperation": {
"$ref": "#/definitions/v1alpha1SuccessfulHydrateOperation"
}
}
},
"v1alpha1SuccessfulHydrateOperation": {
"type": "object",
"title": "SuccessfulHydrateOperation contains information about the most recent successful hydrate operation",
"properties": {
"drySHA": {
"type": "string",
"title": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation"
},
"hydratedSHA": {
"type": "string",
"title": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation"
},
"sourceHydrator": {
"$ref": "#/definitions/v1alpha1SourceHydrator"
}
}
},
"v1alpha1SyncOperation": {
"description": "SyncOperation contains details about a sync operation.",
"type": "object",
@@ -9255,6 +9406,20 @@
}
}
},
"v1alpha1SyncSource": {
"description": "SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the\nassociated DrySource config in the SourceHydrator.",
"type": "object",
"properties": {
"path": {
"description": "Path is a directory path within the git repository where hydrated manifests should be committed to and synced\nfrom. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.",
"type": "string"
},
"targetBranch": {
"type": "string",
"title": "TargetBranch is the branch to which hydrated manifests should be committed"
}
}
},
"v1alpha1SyncStatus": {
"type": "object",
"title": "SyncStatus contains information about the currently observed live and desired states of an application",

View File

@@ -17,6 +17,7 @@ import (
"k8s.io/client-go/tools/clientcmd"
cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
commitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient"
"github.com/argoproj/argo-cd/v2/common"
"github.com/argoproj/argo-cd/v2/controller"
"github.com/argoproj/argo-cd/v2/controller/sharding"
@@ -55,6 +56,7 @@ func NewCommand() *cobra.Command {
repoErrorGracePeriod int64
repoServerAddress string
repoServerTimeoutSeconds int
commitServerAddress string
selfHealTimeoutSeconds int
statusProcessors int
operationProcessors int
@@ -139,6 +141,8 @@ func NewCommand() *cobra.Command {
repoClientset := apiclient.NewRepoServerClientset(repoServerAddress, repoServerTimeoutSeconds, tlsConfig)
commitClientset := commitclient.NewCommitServerClientset(commitServerAddress)
cache, err := cacheSource()
errors.CheckError(err)
cache.Cache.SetClient(cacheutil.NewTwoLevelClient(cache.Cache.GetClient(), 10*time.Minute))
@@ -157,6 +161,7 @@ func NewCommand() *cobra.Command {
kubeClient,
appClient,
repoClientset,
commitClientset,
cache,
kubectl,
resyncDuration,
@@ -217,6 +222,7 @@ func NewCommand() *cobra.Command {
command.Flags().Int64Var(&repoErrorGracePeriod, "repo-error-grace-period-seconds", int64(env.ParseDurationFromEnv("ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS", defaultAppResyncPeriod*time.Second, 0, math.MaxInt64).Seconds()), "Grace period in seconds for ignoring consecutive errors while communicating with repo server.")
command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address.")
command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.")
command.Flags().StringVar(&commitServerAddress, "commit-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER", common.DefaultCommitServerAddr), "Commit server address.")
command.Flags().IntVar(&statusProcessors, "status-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS", 20, 0, math.MaxInt32), "Number of application status processors")
command.Flags().IntVar(&operationProcessors, "operation-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS", 10, 0, math.MaxInt32), "Number of application operation processors")
command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")

View File

@@ -0,0 +1,91 @@
package commands
import (
"fmt"
"net"
"net/http"
"os"
"os/signal"
"sync"
"syscall"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
"github.com/argoproj/argo-cd/v2/commitserver"
"github.com/argoproj/argo-cd/v2/commitserver/metrics"
"github.com/argoproj/argo-cd/v2/common"
"github.com/argoproj/argo-cd/v2/reposerver/askpass"
"github.com/argoproj/argo-cd/v2/util/cli"
"github.com/argoproj/argo-cd/v2/util/env"
"github.com/argoproj/argo-cd/v2/util/errors"
)
// NewCommand returns a new instance of an argocd-commit-server command
func NewCommand() *cobra.Command {
var (
listenHost string
listenPort int
metricsPort int
metricsHost string
)
command := &cobra.Command{
Use: "argocd-commit-server",
Short: "Run Argo CD Commit Server",
Long: "Argo CD Commit Server is an internal service which commits and pushes hydrated manifests to git. This command runs Commit Server in the foreground.",
RunE: func(cmd *cobra.Command, args []string) error {
vers := common.GetVersion()
vers.LogStartupInfo(
"Argo CD Commit Server",
map[string]any{
"port": listenPort,
},
)
cli.SetLogFormat(cmdutil.LogFormat)
cli.SetLogLevel(cmdutil.LogLevel)
metricsServer := metrics.NewMetricsServer()
http.Handle("/metrics", metricsServer.GetHandler())
go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }()
askPassServer := askpass.NewServer(askpass.CommitServerSocketPath)
go func() { errors.CheckError(askPassServer.Run()) }()
server := commitserver.NewServer(askPassServer, metricsServer)
grpc := server.CreateGRPC()
listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", listenHost, listenPort))
errors.CheckError(err)
// Graceful shutdown code adapted from here: https://gist.github.com/embano1/e0bf49d24f1cdd07cffad93097c04f0a
sigCh := make(chan os.Signal, 1)
signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
wg := sync.WaitGroup{}
wg.Add(1)
go func() {
s := <-sigCh
log.Printf("got signal %v, attempting graceful shutdown", s)
grpc.GracefulStop()
wg.Done()
}()
log.Println("starting grpc server")
err = grpc.Serve(listener)
errors.CheckError(err)
wg.Wait()
log.Println("clean shutdown")
return nil
},
}
command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS", common.DefaultAddressCommitServer), "Listen on given address for incoming connections")
command.Flags().IntVar(&listenPort, "port", common.DefaultPortCommitServer, "Listen on given port for incoming connections")
command.Flags().StringVar(&metricsHost, "metrics-address", env.StringFromEnv("ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS", common.DefaultAddressCommitServerMetrics), "Listen on given address for metrics")
command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortCommitServerMetrics, "Start metrics server on given port")
return command
}

View File

@@ -108,6 +108,7 @@ type watchOpts struct {
suspended bool
degraded bool
delete bool
hydrated bool
}
// NewApplicationCreateCommand returns a new instance of an `argocd app create` command
@@ -1762,6 +1763,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
command.Flags().BoolVar(&watch.suspended, "suspended", false, "Wait for suspended")
command.Flags().BoolVar(&watch.degraded, "degraded", false, "Wait for degraded")
command.Flags().BoolVar(&watch.delete, "delete", false, "Wait for delete")
command.Flags().BoolVar(&watch.hydrated, "hydrated", false, "Wait for hydration operations")
command.Flags().StringVarP(&selector, "selector", "l", "", "Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.")
command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator))
command.Flags().BoolVar(&watch.operation, "operation", false, "Wait for pending operations")
@@ -2298,7 +2300,7 @@ func groupResourceStates(app *argoappv1.Application, selectedResources []*argoap
}
// check if resource health, sync and operation statuses matches watch options
func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string, operationStatus *argoappv1.Operation) bool {
func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string, operationStatus *argoappv1.Operation, hydrationFinished bool) bool {
if watch.delete {
return false
}
@@ -2328,7 +2330,8 @@ func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string
synced := !watch.sync || syncStatus == string(argoappv1.SyncStatusCodeSynced)
operational := !watch.operation || operationStatus == nil
return synced && healthCheckPassed && operational
hydration := !watch.hydrated || (watch.hydrated && hydrationFinished)
return synced && healthCheckPassed && operational && hydration
}
// resourceParentChild gets the latest state of the app and the latest state of the app's resource tree and then
@@ -2492,13 +2495,15 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
}
}
hydrationFinished := app.Status.SourceHydrator.CurrentOperation != nil && app.Status.SourceHydrator.CurrentOperation.Phase == argoappv1.HydrateOperationPhaseHydrated && app.Status.SourceHydrator.CurrentOperation.SourceHydrator.DeepEquals(app.Status.SourceHydrator.LastSuccessfulOperation.SourceHydrator) && app.Status.SourceHydrator.CurrentOperation.DrySHA == app.Status.SourceHydrator.LastSuccessfulOperation.DrySHA
var selectedResourcesAreReady bool
// If selected resources are included, wait only on those resources, otherwise wait on the application as a whole.
if len(selectedResources) > 0 {
selectedResourcesAreReady = true
for _, state := range getResourceStates(app, selectedResources) {
resourceIsReady := checkResourceStatus(watch, state.Health, state.Status, appEvent.Application.Operation)
resourceIsReady := checkResourceStatus(watch, state.Health, state.Status, appEvent.Application.Operation, hydrationFinished)
if !resourceIsReady {
selectedResourcesAreReady = false
break
@@ -2506,7 +2511,7 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
}
} else {
// Wait on the application as a whole
selectedResourcesAreReady = checkResourceStatus(watch, string(app.Status.Health.Status), string(app.Status.Sync.Status), appEvent.Application.Operation)
selectedResourcesAreReady = checkResourceStatus(watch, string(app.Status.Health.Status), string(app.Status.Sync.Status), appEvent.Application.Operation, hydrationFinished)
}
if selectedResourcesAreReady && (!operationInProgress || !watch.operation) {

View File

@@ -1700,7 +1700,7 @@ func TestCheckResourceStatus(t *testing.T) {
suspended: true,
health: true,
degraded: true,
}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Degraded, Suspended and health status failed", func(t *testing.T) {
@@ -1708,57 +1708,57 @@ func TestCheckResourceStatus(t *testing.T) {
suspended: true,
health: true,
degraded: true,
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.False(t, res)
})
t.Run("Suspended and health status passed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{
suspended: true,
health: true,
}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Suspended and health status failed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{
suspended: true,
health: true,
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.False(t, res)
})
t.Run("Suspended passed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{
suspended: true,
health: false,
}, string(health.HealthStatusSuspended), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusSuspended), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Suspended failed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{
suspended: true,
health: false,
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.False(t, res)
})
t.Run("Health passed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{
suspended: false,
health: true,
}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Health failed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{
suspended: false,
health: true,
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.False(t, res)
})
t.Run("Synced passed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Synced failed", func(t *testing.T) {
res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeOutOfSync), &v1alpha1.Operation{})
res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeOutOfSync), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Degraded passed", func(t *testing.T) {
@@ -1766,7 +1766,7 @@ func TestCheckResourceStatus(t *testing.T) {
suspended: false,
health: false,
degraded: true,
}, string(health.HealthStatusDegraded), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusDegraded), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.True(t, res)
})
t.Run("Degraded failed", func(t *testing.T) {
@@ -1774,7 +1774,7 @@ func TestCheckResourceStatus(t *testing.T) {
suspended: false,
health: false,
degraded: true,
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
assert.False(t, res)
})
}

View File

@@ -9,6 +9,7 @@ import (
appcontroller "github.com/argoproj/argo-cd/v2/cmd/argocd-application-controller/commands"
applicationset "github.com/argoproj/argo-cd/v2/cmd/argocd-applicationset-controller/commands"
cmpserver "github.com/argoproj/argo-cd/v2/cmd/argocd-cmp-server/commands"
commitserver "github.com/argoproj/argo-cd/v2/cmd/argocd-commit-server/commands"
dex "github.com/argoproj/argo-cd/v2/cmd/argocd-dex/commands"
gitaskpass "github.com/argoproj/argo-cd/v2/cmd/argocd-git-ask-pass/commands"
k8sauth "github.com/argoproj/argo-cd/v2/cmd/argocd-k8s-auth/commands"
@@ -40,6 +41,8 @@ func main() {
command = reposerver.NewCommand()
case "argocd-cmp-server":
command = cmpserver.NewCommand()
case "argocd-commit-server":
command = commitserver.NewCommand()
case "argocd-dex":
command = dex.NewCommand()
case "argocd-notifications":

View File

@@ -86,6 +86,12 @@ type AppOptions struct {
retryBackoffMaxDuration time.Duration
retryBackoffFactor int64
ref string
drySourceRepo string
drySourceRevision string
drySourcePath string
syncSourceBranch string
syncSourcePath string
hydrateToBranch string
}
func AddAppFlags(command *cobra.Command, opts *AppOptions) {
@@ -94,6 +100,12 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
command.Flags().StringVar(&opts.chart, "helm-chart", "", "Helm Chart name")
command.Flags().StringVar(&opts.env, "env", "", "Application environment to monitor")
command.Flags().StringVar(&opts.revision, "revision", "", "The tracking source branch, tag, commit or Helm chart version the application will sync to")
command.Flags().StringVar(&opts.drySourceRepo, "dry-source-repo", "", "Repository URL of the app dry source")
command.Flags().StringVar(&opts.drySourceRevision, "dry-source-revision", "", "Revision of the app dry source")
command.Flags().StringVar(&opts.drySourcePath, "dry-source-path", "", "Path in repository to the app directory for the dry source")
command.Flags().StringVar(&opts.syncSourceBranch, "sync-source-branch", "", "The branch from which the app will sync")
command.Flags().StringVar(&opts.syncSourcePath, "sync-source-path", "", "The path in the repository from which the app will sync")
command.Flags().StringVar(&opts.hydrateToBranch, "hydrate-to-branch", "", "The branch to hydrate the app to")
command.Flags().IntVar(&opts.revisionHistoryLimit, "revision-history-limit", argoappv1.RevisionHistoryLimit, "How many items to keep in revision history")
command.Flags().StringVar(&opts.destServer, "dest-server", "", "K8s cluster URL (e.g. https://kubernetes.default.svc)")
command.Flags().StringVar(&opts.destName, "dest-name", "", "K8s cluster Name (e.g. minikube)")
@@ -154,21 +166,28 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap
if flags == nil {
return visited
}
source := spec.GetSourcePtrByPosition(sourcePosition)
if source == nil {
source = &argoappv1.ApplicationSource{}
}
source, visited = ConstructSource(source, *appOpts, flags)
if spec.HasMultipleSources() {
if sourcePosition == 0 {
spec.Sources[sourcePosition] = *source
} else if sourcePosition > 0 {
spec.Sources[sourcePosition-1] = *source
} else {
spec.Sources = append(spec.Sources, *source)
}
var h *argoappv1.SourceHydrator
h, hasHydratorFlag := constructSourceHydrator(spec.SourceHydrator, *appOpts, flags)
if hasHydratorFlag {
spec.SourceHydrator = h
} else {
spec.Source = source
source := spec.GetSourcePtrByPosition(sourcePosition)
if source == nil {
source = &argoappv1.ApplicationSource{}
}
source, visited = ConstructSource(source, *appOpts, flags)
if spec.HasMultipleSources() {
if sourcePosition == 0 {
spec.Sources[sourcePosition] = *source
} else if sourcePosition > 0 {
spec.Sources[sourcePosition-1] = *source
} else {
spec.Sources = append(spec.Sources, *source)
}
} else {
spec.Source = source
}
}
flags.Visit(func(f *pflag.Flag) {
visited++
@@ -563,9 +582,7 @@ func constructAppsBaseOnName(appName string, labels, annotations, args []string,
Name: appName,
Namespace: appNs,
},
Spec: argoappv1.ApplicationSpec{
Source: &argoappv1.ApplicationSource{},
},
Spec: argoappv1.ApplicationSpec{},
}
SetAppSpecOptions(flags, &app.Spec, &appOpts, 0)
SetParameterOverrides(app, appOpts.Parameters, 0)
@@ -733,6 +750,47 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl
return source, visited
}
// constructSourceHydrator constructs a source hydrator from the command line flags. It returns the modified source
// hydrator and a boolean indicating if any hydrator flags were set. We return instead of just modifying the source
// hydrator in place because the given hydrator `h` might be nil. In that case, we need to create a new source hydrator
// and return it.
func constructSourceHydrator(h *argoappv1.SourceHydrator, appOpts AppOptions, flags *pflag.FlagSet) (*argoappv1.SourceHydrator, bool) {
hasHydratorFlag := false
ensureNotNil := func(notEmpty bool) {
hasHydratorFlag = true
if notEmpty && h == nil {
h = &argoappv1.SourceHydrator{}
}
}
flags.Visit(func(f *pflag.Flag) {
switch f.Name {
case "dry-source-repo":
ensureNotNil(appOpts.drySourceRepo != "")
h.DrySource.RepoURL = appOpts.drySourceRepo
case "dry-source-path":
ensureNotNil(appOpts.drySourcePath != "")
h.DrySource.Path = appOpts.drySourcePath
case "dry-source-revision":
ensureNotNil(appOpts.drySourceRevision != "")
h.DrySource.TargetRevision = appOpts.drySourceRevision
case "sync-source-branch":
ensureNotNil(appOpts.syncSourceBranch != "")
h.SyncSource.TargetBranch = appOpts.syncSourceBranch
case "sync-source-path":
ensureNotNil(appOpts.syncSourcePath != "")
h.SyncSource.Path = appOpts.syncSourcePath
case "hydrate-to-branch":
ensureNotNil(appOpts.hydrateToBranch != "")
if appOpts.hydrateToBranch == "" {
h.HydrateTo = nil
} else {
h.HydrateTo = &argoappv1.HydrateTo{TargetBranch: appOpts.hydrateToBranch}
}
}
})
return h, hasHydratorFlag
}
func mergeLabels(app *argoappv1.Application, labels []string) {
mapLabels, err := label.Parse(labels)
errors.CheckError(err)

View File

@@ -284,6 +284,28 @@ func Test_setAppSpecOptions(t *testing.T) {
require.NoError(t, f.SetFlag("helm-api-versions", "v2"))
assert.Equal(t, []string{"v1", "v2"}, f.spec.Source.Helm.APIVersions)
})
t.Run("source hydrator", func(t *testing.T) {
require.NoError(t, f.SetFlag("dry-source-repo", "https://github.com/argoproj/argocd-example-apps"))
assert.Equal(t, "https://github.com/argoproj/argocd-example-apps", f.spec.SourceHydrator.DrySource.RepoURL)
require.NoError(t, f.SetFlag("dry-source-path", "apps"))
assert.Equal(t, "apps", f.spec.SourceHydrator.DrySource.Path)
require.NoError(t, f.SetFlag("dry-source-revision", "HEAD"))
assert.Equal(t, "HEAD", f.spec.SourceHydrator.DrySource.TargetRevision)
require.NoError(t, f.SetFlag("sync-source-branch", "env/test"))
assert.Equal(t, "env/test", f.spec.SourceHydrator.SyncSource.TargetBranch)
require.NoError(t, f.SetFlag("sync-source-path", "apps"))
assert.Equal(t, "apps", f.spec.SourceHydrator.SyncSource.Path)
require.NoError(t, f.SetFlag("hydrate-to-branch", "env/test-next"))
assert.Equal(t, "env/test-next", f.spec.SourceHydrator.HydrateTo.TargetBranch)
require.NoError(t, f.SetFlag("hydrate-to-branch", ""))
assert.Nil(t, f.spec.SourceHydrator.HydrateTo)
})
}
func newMultiSourceAppOptionsFixture() *appOptionsFixture {

View File

@@ -0,0 +1,47 @@
package apiclient
import (
"fmt"
log "github.com/sirupsen/logrus"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
"github.com/argoproj/argo-cd/v2/util/io"
)
// Clientset represents commit server api clients
type Clientset interface {
NewCommitServerClient() (io.Closer, CommitServiceClient, error)
}
type clientSet struct {
address string
}
// NewCommitServerClient creates new instance of commit server client
func (c *clientSet) NewCommitServerClient() (io.Closer, CommitServiceClient, error) {
conn, err := NewConnection(c.address)
if err != nil {
return nil, nil, fmt.Errorf("failed to open a new connection to commit server: %w", err)
}
return conn, NewCommitServiceClient(conn), nil
}
// NewConnection creates new connection to commit server
func NewConnection(address string) (*grpc.ClientConn, error) {
var opts []grpc.DialOption
opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
conn, err := grpc.Dial(address, opts...)
if err != nil {
log.Errorf("Unable to connect to commit service with address %s", address)
return nil, err
}
return conn, nil
}
// NewCommitServerClientset creates new instance of commit server Clientset
func NewCommitServerClientset(address string) Clientset {
return &clientSet{address: address}
}

1382
commitserver/apiclient/commit.pb.go generated Normal file

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,68 @@
// Code generated by mockery v2.43.2. DO NOT EDIT.
package mocks
import (
apiclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient"
io "github.com/argoproj/argo-cd/v2/util/io"
mock "github.com/stretchr/testify/mock"
)
// Clientset is an autogenerated mock type for the Clientset type
type Clientset struct {
mock.Mock
}
// NewCommitServerClient provides a mock function with given fields:
func (_m *Clientset) NewCommitServerClient() (io.Closer, apiclient.CommitServiceClient, error) {
ret := _m.Called()
if len(ret) == 0 {
panic("no return value specified for NewCommitServerClient")
}
var r0 io.Closer
var r1 apiclient.CommitServiceClient
var r2 error
if rf, ok := ret.Get(0).(func() (io.Closer, apiclient.CommitServiceClient, error)); ok {
return rf()
}
if rf, ok := ret.Get(0).(func() io.Closer); ok {
r0 = rf()
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(io.Closer)
}
}
if rf, ok := ret.Get(1).(func() apiclient.CommitServiceClient); ok {
r1 = rf()
} else {
if ret.Get(1) != nil {
r1 = ret.Get(1).(apiclient.CommitServiceClient)
}
}
if rf, ok := ret.Get(2).(func() error); ok {
r2 = rf()
} else {
r2 = ret.Error(2)
}
return r0, r1, r2
}
// NewClientset creates a new instance of Clientset. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewClientset(t interface {
mock.TestingT
Cleanup(func())
}) *Clientset {
mock := &Clientset{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}

View File

@@ -0,0 +1,69 @@
// Code generated by mockery v2.43.2. DO NOT EDIT.
package mocks
import (
context "context"
apiclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient"
grpc "google.golang.org/grpc"
mock "github.com/stretchr/testify/mock"
)
// CommitServiceClient is an autogenerated mock type for the CommitServiceClient type
type CommitServiceClient struct {
mock.Mock
}
// CommitHydratedManifests provides a mock function with given fields: ctx, in, opts
func (_m *CommitServiceClient) CommitHydratedManifests(ctx context.Context, in *apiclient.CommitHydratedManifestsRequest, opts ...grpc.CallOption) (*apiclient.CommitHydratedManifestsResponse, error) {
_va := make([]interface{}, len(opts))
for _i := range opts {
_va[_i] = opts[_i]
}
var _ca []interface{}
_ca = append(_ca, ctx, in)
_ca = append(_ca, _va...)
ret := _m.Called(_ca...)
if len(ret) == 0 {
panic("no return value specified for CommitHydratedManifests")
}
var r0 *apiclient.CommitHydratedManifestsResponse
var r1 error
if rf, ok := ret.Get(0).(func(context.Context, *apiclient.CommitHydratedManifestsRequest, ...grpc.CallOption) (*apiclient.CommitHydratedManifestsResponse, error)); ok {
return rf(ctx, in, opts...)
}
if rf, ok := ret.Get(0).(func(context.Context, *apiclient.CommitHydratedManifestsRequest, ...grpc.CallOption) *apiclient.CommitHydratedManifestsResponse); ok {
r0 = rf(ctx, in, opts...)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(*apiclient.CommitHydratedManifestsResponse)
}
}
if rf, ok := ret.Get(1).(func(context.Context, *apiclient.CommitHydratedManifestsRequest, ...grpc.CallOption) error); ok {
r1 = rf(ctx, in, opts...)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// NewCommitServiceClient creates a new instance of CommitServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewCommitServiceClient(t interface {
mock.TestingT
Cleanup(func())
}) *CommitServiceClient {
mock := &CommitServiceClient{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}

View File

@@ -0,0 +1,218 @@
package commit
import (
"context"
"fmt"
"os"
"time"
log "github.com/sirupsen/logrus"
"github.com/argoproj/argo-cd/v2/commitserver/apiclient"
"github.com/argoproj/argo-cd/v2/commitserver/metrics"
"github.com/argoproj/argo-cd/v2/util/git"
"github.com/argoproj/argo-cd/v2/util/io/files"
)
// Service is the service that handles commit requests.
type Service struct {
gitCredsStore git.CredsStore
metricsServer *metrics.Server
repoClientFactory RepoClientFactory
}
// NewService returns a new instance of the commit service.
func NewService(gitCredsStore git.CredsStore, metricsServer *metrics.Server) *Service {
return &Service{
gitCredsStore: gitCredsStore,
metricsServer: metricsServer,
repoClientFactory: NewRepoClientFactory(gitCredsStore, metricsServer),
}
}
// CommitHydratedManifests handles a commit request. It clones the repository, checks out the sync branch, checks out
// the target branch, clears the repository contents, writes the manifests to the repository, commits the changes, and
// pushes the changes. It returns the hydrated revision SHA and an error if one occurred.
func (s *Service) CommitHydratedManifests(ctx context.Context, r *apiclient.CommitHydratedManifestsRequest) (*apiclient.CommitHydratedManifestsResponse, error) {
// This method is intentionally short. It's a wrapper around handleCommitRequest that adds metrics and logging.
// Keep logic here minimal and put most of the logic in handleCommitRequest.
startTime := time.Now()
// We validate for a nil repo in handleCommitRequest, but we need to check for a nil repo here to get the repo URL
// for metrics.
var repoURL string
if r.Repo != nil {
repoURL = r.Repo.Repo
}
s.metricsServer.IncPendingCommitRequest(repoURL)
defer s.metricsServer.DecPendingCommitRequest(repoURL)
logCtx := log.WithFields(log.Fields{"branch": r.TargetBranch, "drySHA": r.DrySha})
out, sha, err := s.handleCommitRequest(ctx, logCtx, r)
if err != nil {
logCtx.WithError(err).WithField("output", out).Error("failed to handle commit request")
s.metricsServer.IncCommitRequest(repoURL, metrics.CommitResponseTypeFailure)
s.metricsServer.ObserveCommitRequestDuration(repoURL, metrics.CommitResponseTypeFailure, time.Since(startTime))
// No need to wrap this error, sufficient context is build in handleCommitRequest.
return &apiclient.CommitHydratedManifestsResponse{}, err
}
logCtx.Info("Successfully handled commit request")
s.metricsServer.IncCommitRequest(repoURL, metrics.CommitResponseTypeSuccess)
s.metricsServer.ObserveCommitRequestDuration(repoURL, metrics.CommitResponseTypeSuccess, time.Since(startTime))
return &apiclient.CommitHydratedManifestsResponse{
HydratedSha: sha,
}, nil
}
// handleCommitRequest handles the commit request. It clones the repository, checks out the sync branch, checks out the
// target branch, clears the repository contents, writes the manifests to the repository, commits the changes, and pushes
// the changes. It returns the output of the git commands and an error if one occurred.
func (s *Service) handleCommitRequest(ctx context.Context, logCtx *log.Entry, r *apiclient.CommitHydratedManifestsRequest) (string, string, error) {
if r.Repo == nil {
return "", "", fmt.Errorf("repo is required")
}
if r.Repo.Repo == "" {
return "", "", fmt.Errorf("repo URL is required")
}
if r.TargetBranch == "" {
return "", "", fmt.Errorf("target branch is required")
}
if r.SyncBranch == "" {
return "", "", fmt.Errorf("sync branch is required")
}
logCtx = logCtx.WithField("repo", r.Repo.Repo)
logCtx.Debug("Initiating git client")
gitClient, dirPath, cleanup, err := s.initGitClient(ctx, logCtx, r)
if err != nil {
return "", "", fmt.Errorf("failed to init git client: %w", err)
}
defer cleanup()
logCtx.Debugf("Checking out sync branch %s", r.SyncBranch)
var out string
out, err = gitClient.CheckoutOrOrphan(r.SyncBranch, false)
if err != nil {
return out, "", fmt.Errorf("failed to checkout sync branch: %w", err)
}
logCtx.Debugf("Checking out target branch %s", r.TargetBranch)
out, err = gitClient.CheckoutOrNew(r.TargetBranch, r.SyncBranch, false)
if err != nil {
return out, "", fmt.Errorf("failed to checkout target branch: %w", err)
}
logCtx.Debug("Clearing repo contents")
out, err = gitClient.RemoveContents()
if err != nil {
return out, "", fmt.Errorf("failed to clear repo: %w", err)
}
logCtx.Debug("Writing manifests")
err = WriteForPaths(dirPath, r.Repo.Repo, r.DrySha, r.Paths)
if err != nil {
return "", "", fmt.Errorf("failed to write manifests: %w", err)
}
logCtx.Debug("Committing and pushing changes")
out, err = gitClient.CommitAndPush(r.TargetBranch, r.CommitMessage)
if err != nil {
return out, "", fmt.Errorf("failed to commit and push: %w", err)
}
logCtx.Debug("Getting commit SHA")
sha, err := gitClient.CommitSHA()
if err != nil {
return "", "", fmt.Errorf("failed to get commit SHA: %w", err)
}
return "", sha, nil
}
// initGitClient initializes a git client for the given repository and returns the client, the path to the directory where
// the repository is cloned, a cleanup function that should be called when the directory is no longer needed, and an error
// if one occurred.
func (s *Service) initGitClient(ctx context.Context, logCtx *log.Entry, r *apiclient.CommitHydratedManifestsRequest) (git.Client, string, func(), error) {
dirPath, err := files.CreateTempDir("/tmp/_commit-service")
if err != nil {
return nil, "", nil, fmt.Errorf("failed to create temp dir: %w", err)
}
// Call cleanupOrLog in this function if an error occurs to ensure the temp dir is cleaned up.
cleanupOrLog := func() {
err := os.RemoveAll(dirPath)
if err != nil {
logCtx.WithError(err).Error("failed to cleanup temp dir")
}
}
gitClient, err := s.repoClientFactory.NewClient(r.Repo, dirPath)
if err != nil {
cleanupOrLog()
return nil, "", nil, fmt.Errorf("failed to create git client: %w", err)
}
logCtx.Debugf("Initializing repo %s", r.Repo.Repo)
err = gitClient.Init()
if err != nil {
cleanupOrLog()
return nil, "", nil, fmt.Errorf("failed to init git client: %w", err)
}
logCtx.Debugf("Fetching repo %s", r.Repo.Repo)
err = gitClient.Fetch("")
if err != nil {
cleanupOrLog()
return nil, "", nil, fmt.Errorf("failed to clone repo: %w", err)
}
logCtx.Debugf("Getting user info for repo credentials")
gitCreds := r.Repo.GetGitCreds(s.gitCredsStore)
startTime := time.Now()
authorName, authorEmail, err := gitCreds.GetUserInfo(ctx)
s.metricsServer.ObserveUserInfoRequestDuration(r.Repo.Repo, getCredentialType(r.Repo), time.Since(startTime))
if err != nil {
cleanupOrLog()
return nil, "", nil, fmt.Errorf("failed to get github app info: %w", err)
}
if authorName == "" {
authorName = "Argo CD"
}
if authorEmail == "" {
logCtx.Warnf("Author email not available, using 'argo-cd@example.com'.")
authorEmail = "argo-cd@example.com"
}
logCtx.Debugf("Setting author %s <%s>", authorName, authorEmail)
_, err = gitClient.SetAuthor(authorName, authorEmail)
if err != nil {
cleanupOrLog()
return nil, "", nil, fmt.Errorf("failed to set author: %w", err)
}
return gitClient, dirPath, cleanupOrLog, nil
}
type hydratorMetadataFile struct {
RepoURL string `json:"repoURL"`
DrySHA string `json:"drySha"`
Commands []string `json:"commands"`
}
// TODO: make this configurable via ConfigMap.
var manifestHydrationReadmeTemplate = `
# Manifest Hydration
To hydrate the manifests in this repository, run the following commands:
` + "```shell\n" + `
git clone {{ .RepoURL }}
# cd into the cloned directory
git checkout {{ .DrySHA }}
{{ range $command := .Commands -}}
{{ $command }}
{{ end -}}` + "```"

View File

@@ -0,0 +1,50 @@
syntax = "proto3";
option go_package = "github.com/argoproj/argo-cd/v2/commitserver/apiclient";
import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1/generated.proto";
// CommitHydratedManifestsRequest is the request to commit hydrated manifests to a repository.
message CommitHydratedManifestsRequest {
// Repo contains repository information including, at minimum, the URL of the repository. Generally it will contain
// repo credentials.
github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository repo = 1;
// SyncBranch is the branch Argo CD syncs from, i.e. the hydrated branch.
string syncBranch = 2;
// TargetBranch is the branch Argo CD is committing to, i.e. the branch that will be updated.
string targetBranch = 3;
// DrySha is the commit SHA from the dry branch, i.e. pre-rendered manifest branch.
string drySha = 4;
// CommitMessage is the commit message to use when committing changes.
string commitMessage = 5;
// Paths contains the paths to write hydrated manifests to, along with the manifests and commands to execute.
repeated PathDetails paths = 6;
}
// PathDetails holds information about hydrated manifests to be written to a particular path in the hydrated manifests
// commit.
message PathDetails {
// Path is the path to write the hydrated manifests to.
string path = 1;
// Manifests contains the manifests to write to the path.
repeated HydratedManifestDetails manifests = 2;
// Commands contains the commands executed when hydrating the manifests.
repeated string commands = 3;
}
// ManifestDetails contains the hydrated manifests.
message HydratedManifestDetails {
// ManifestJSON is the hydrated manifest as JSON.
string manifestJSON = 1;
}
// ManifestsResponse is the response to the ManifestsRequest.
message CommitHydratedManifestsResponse {
// HydratedSha is the commit SHA of the hydrated manifests commit.
string hydratedSha = 1;
}
// CommitService is the service for committing hydrated manifests to a repository.
service CommitService {
// Commit commits hydrated manifests to a repository.
rpc CommitHydratedManifests (CommitHydratedManifestsRequest) returns (CommitHydratedManifestsResponse);
}

View File

@@ -0,0 +1,123 @@
package commit
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"github.com/argoproj/argo-cd/v2/commitserver/apiclient"
"github.com/argoproj/argo-cd/v2/commitserver/commit/mocks"
"github.com/argoproj/argo-cd/v2/commitserver/metrics"
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/v2/util/git"
gitmocks "github.com/argoproj/argo-cd/v2/util/git/mocks"
)
func Test_CommitHydratedManifests(t *testing.T) {
t.Parallel()
validRequest := &apiclient.CommitHydratedManifestsRequest{
Repo: &v1alpha1.Repository{
Repo: "https://github.com/argoproj/argocd-example-apps.git",
},
TargetBranch: "main",
SyncBranch: "env/test",
CommitMessage: "test commit message",
}
t.Run("missing repo", func(t *testing.T) {
t.Parallel()
service, _ := newServiceWithMocks(t)
request := &apiclient.CommitHydratedManifestsRequest{}
_, err := service.CommitHydratedManifests(context.Background(), request)
require.Error(t, err)
assert.ErrorContains(t, err, "repo is required")
})
t.Run("missing repo URL", func(t *testing.T) {
t.Parallel()
service, _ := newServiceWithMocks(t)
request := &apiclient.CommitHydratedManifestsRequest{
Repo: &v1alpha1.Repository{},
}
_, err := service.CommitHydratedManifests(context.Background(), request)
require.Error(t, err)
assert.ErrorContains(t, err, "repo URL is required")
})
t.Run("missing target branch", func(t *testing.T) {
t.Parallel()
service, _ := newServiceWithMocks(t)
request := &apiclient.CommitHydratedManifestsRequest{
Repo: &v1alpha1.Repository{
Repo: "https://github.com/argoproj/argocd-example-apps.git",
},
}
_, err := service.CommitHydratedManifests(context.Background(), request)
require.Error(t, err)
assert.ErrorContains(t, err, "target branch is required")
})
t.Run("missing sync branch", func(t *testing.T) {
t.Parallel()
service, _ := newServiceWithMocks(t)
request := &apiclient.CommitHydratedManifestsRequest{
Repo: &v1alpha1.Repository{
Repo: "https://github.com/argoproj/argocd-example-apps.git",
},
TargetBranch: "main",
}
_, err := service.CommitHydratedManifests(context.Background(), request)
require.Error(t, err)
assert.ErrorContains(t, err, "sync branch is required")
})
t.Run("failed to create git client", func(t *testing.T) {
t.Parallel()
service, mockRepoClientFactory := newServiceWithMocks(t)
mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
_, err := service.CommitHydratedManifests(context.Background(), validRequest)
require.Error(t, err)
assert.ErrorIs(t, err, assert.AnError)
})
t.Run("happy path", func(t *testing.T) {
t.Parallel()
service, mockRepoClientFactory := newServiceWithMocks(t)
mockGitClient := gitmocks.NewClient(t)
mockGitClient.On("Init").Return(nil).Once()
mockGitClient.On("Fetch", mock.Anything).Return(nil).Once()
mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once()
mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once()
mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once()
mockGitClient.On("RemoveContents").Return("", nil).Once()
mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once()
mockGitClient.On("CommitSHA").Return("it-worked!", nil).Once()
mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once()
resp, err := service.CommitHydratedManifests(context.Background(), validRequest)
require.NoError(t, err)
require.NotNil(t, resp)
assert.Equal(t, "it-worked!", resp.HydratedSha)
})
}
func newServiceWithMocks(t *testing.T) (*Service, *mocks.RepoClientFactory) {
metricsServer := metrics.NewMetricsServer()
mockCredsStore := git.NoopCredsStore{}
service := NewService(mockCredsStore, metricsServer)
mockRepoClientFactory := mocks.NewRepoClientFactory(t)
service.repoClientFactory = mockRepoClientFactory
return service, mockRepoClientFactory
}

View File

@@ -0,0 +1,23 @@
package commit
import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
// getCredentialType returns the type of credential used by the repository.
func getCredentialType(repo *v1alpha1.Repository) string {
if repo == nil {
return ""
}
if repo.Password != "" {
return "https"
}
if repo.SSHPrivateKey != "" {
return "ssh"
}
if repo.GithubAppPrivateKey != "" && repo.GithubAppId != 0 && repo.GithubAppInstallationId != 0 {
return "github-app"
}
if repo.GCPServiceAccountKey != "" {
return "cloud-source-repositories"
}
return ""
}

View File

@@ -0,0 +1,62 @@
package commit
import (
"testing"
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
)
func TestRepository_GetCredentialType(t *testing.T) {
tests := []struct {
name string
repo *v1alpha1.Repository
want string
}{
{
name: "Empty Repository",
repo: nil,
want: "",
},
{
name: "HTTPS Repository",
repo: &v1alpha1.Repository{
Repo: "foo",
Password: "some-password",
},
want: "https",
},
{
name: "SSH Repository",
repo: &v1alpha1.Repository{
Repo: "foo",
SSHPrivateKey: "some-key",
},
want: "ssh",
},
{
name: "GitHub App Repository",
repo: &v1alpha1.Repository{
Repo: "foo",
GithubAppPrivateKey: "some-key",
GithubAppId: 1,
GithubAppInstallationId: 1,
},
want: "github-app",
},
{
name: "Google Cloud Repository",
repo: &v1alpha1.Repository{
Repo: "foo",
GCPServiceAccountKey: "some-key",
},
want: "cloud-source-repositories",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := getCredentialType(tt.repo); got != tt.want {
t.Errorf("Repository.GetCredentialType() = %v, want %v", got, tt.want)
}
})
}
}

View File

@@ -0,0 +1,145 @@
package commit
import (
"encoding/json"
"fmt"
"os"
"path"
"text/template"
log "github.com/sirupsen/logrus"
"gopkg.in/yaml.v3"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"github.com/argoproj/argo-cd/v2/commitserver/apiclient"
"github.com/argoproj/argo-cd/v2/util/io/files"
)
// WriteForPaths writes the manifests, hydrator.metadata, and README.md files for each path in the provided paths. It
// also writes a root-level hydrator.metadata file containing the repo URL and dry SHA.
func WriteForPaths(rootPath string, repoUrl string, drySha string, paths []*apiclient.PathDetails) error {
// Write the top-level readme.
err := writeMetadata(rootPath, hydratorMetadataFile{DrySHA: drySha, RepoURL: repoUrl})
if err != nil {
return fmt.Errorf("failed to write top-level hydrator metadata: %w", err)
}
for _, p := range paths {
hydratePath := p.Path
if hydratePath == "." {
hydratePath = ""
}
var fullHydratePath string
fullHydratePath, err = files.SecureMkdirAll(rootPath, hydratePath, os.ModePerm)
if err != nil {
return fmt.Errorf("failed to create path: %w", err)
}
// Write the manifests
err = writeManifests(fullHydratePath, p.Manifests)
if err != nil {
return fmt.Errorf("failed to write manifests: %w", err)
}
// Write hydrator.metadata containing information about the hydration process.
hydratorMetadata := hydratorMetadataFile{
Commands: p.Commands,
DrySHA: drySha,
RepoURL: repoUrl,
}
err = writeMetadata(fullHydratePath, hydratorMetadata)
if err != nil {
return fmt.Errorf("failed to write hydrator metadata: %w", err)
}
// Write README
err = writeReadme(fullHydratePath, hydratorMetadata)
if err != nil {
return fmt.Errorf("failed to write readme: %w", err)
}
}
return nil
}
// writeMetadata writes the metadata to the hydrator.metadata file.
func writeMetadata(dirPath string, metadata hydratorMetadataFile) error {
hydratorMetadataJson, err := json.MarshalIndent(metadata, "", " ")
if err != nil {
return fmt.Errorf("failed to marshal hydrator metadata: %w", err)
}
// No need to use SecureJoin here, as the path is already sanitized.
hydratorMetadataPath := path.Join(dirPath, "hydrator.metadata")
err = os.WriteFile(hydratorMetadataPath, hydratorMetadataJson, os.ModePerm)
if err != nil {
return fmt.Errorf("failed to write hydrator metadata: %w", err)
}
return nil
}
// writeReadme writes the readme to the README.md file.
func writeReadme(dirPath string, metadata hydratorMetadataFile) error {
readmeTemplate := template.New("readme")
readmeTemplate, err := readmeTemplate.Parse(manifestHydrationReadmeTemplate)
if err != nil {
return fmt.Errorf("failed to parse readme template: %w", err)
}
// Create writer to template into
// No need to use SecureJoin here, as the path is already sanitized.
readmePath := path.Join(dirPath, "README.md")
readmeFile, err := os.Create(readmePath)
if err != nil && !os.IsExist(err) {
return fmt.Errorf("failed to create README file: %w", err)
}
err = readmeTemplate.Execute(readmeFile, metadata)
closeErr := readmeFile.Close()
if closeErr != nil {
log.WithError(closeErr).Error("failed to close README file")
}
if err != nil {
return fmt.Errorf("failed to execute readme template: %w", err)
}
return nil
}
// writeManifests writes the manifests to the manifest.yaml file, truncating the file if it exists and appending the
// manifests in the order they are provided.
func writeManifests(dirPath string, manifests []*apiclient.HydratedManifestDetails) error {
// If the file exists, truncate it.
// No need to use SecureJoin here, as the path is already sanitized.
manifestPath := path.Join(dirPath, "manifest.yaml")
file, err := os.OpenFile(manifestPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
if err != nil {
return fmt.Errorf("failed to open manifest file: %w", err)
}
defer func() {
err := file.Close()
if err != nil {
log.WithError(err).Error("failed to close file")
}
}()
enc := yaml.NewEncoder(file)
defer func() {
err := enc.Close()
if err != nil {
log.WithError(err).Error("failed to close yaml encoder")
}
}()
enc.SetIndent(2)
for _, m := range manifests {
obj := &unstructured.Unstructured{}
err = json.Unmarshal([]byte(m.ManifestJSON), obj)
if err != nil {
return fmt.Errorf("failed to unmarshal manifest: %w", err)
}
err = enc.Encode(&obj.Object)
if err != nil {
return fmt.Errorf("failed to encode manifest: %w", err)
}
}
return nil
}

View File

@@ -0,0 +1,154 @@
package commit
import (
"encoding/json"
"os"
"path"
"testing"
securejoin "github.com/cyphar/filepath-securejoin"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/argoproj/argo-cd/v2/commitserver/apiclient"
)
func TestWriteForPaths(t *testing.T) {
dir := t.TempDir()
repoUrl := "https://github.com/example/repo"
drySha := "abc123"
paths := []*apiclient.PathDetails{
{
Path: "path1",
Manifests: []*apiclient.HydratedManifestDetails{
{ManifestJSON: `{"kind":"Pod","apiVersion":"v1"}`},
},
Commands: []string{"command1", "command2"},
},
{
Path: "path2",
Manifests: []*apiclient.HydratedManifestDetails{
{ManifestJSON: `{"kind":"Service","apiVersion":"v1"}`},
},
Commands: []string{"command3"},
},
}
err := WriteForPaths(dir, repoUrl, drySha, paths)
require.NoError(t, err)
// Check if the top-level hydrator.metadata exists and contains the repo URL and dry SHA
topMetadataPath := path.Join(dir, "hydrator.metadata")
topMetadataBytes, err := os.ReadFile(topMetadataPath)
require.NoError(t, err)
var topMetadata hydratorMetadataFile
err = json.Unmarshal(topMetadataBytes, &topMetadata)
require.NoError(t, err)
assert.Equal(t, repoUrl, topMetadata.RepoURL)
assert.Equal(t, drySha, topMetadata.DrySHA)
for _, p := range paths {
fullHydratePath, err := securejoin.SecureJoin(dir, p.Path)
require.NoError(t, err)
// Check if each path directory exists
assert.DirExists(t, fullHydratePath)
// Check if each path contains a hydrator.metadata file and contains the repo URL
metadataPath := path.Join(fullHydratePath, "hydrator.metadata")
metadataBytes, err := os.ReadFile(metadataPath)
require.NoError(t, err)
var readMetadata hydratorMetadataFile
err = json.Unmarshal(metadataBytes, &readMetadata)
require.NoError(t, err)
assert.Equal(t, repoUrl, readMetadata.RepoURL)
// Check if each path contains a README.md file and contains the repo URL
readmePath := path.Join(fullHydratePath, "README.md")
readmeBytes, err := os.ReadFile(readmePath)
require.NoError(t, err)
assert.Contains(t, string(readmeBytes), repoUrl)
// Check if each path contains a manifest.yaml file and contains the word Pod
manifestPath := path.Join(fullHydratePath, "manifest.yaml")
manifestBytes, err := os.ReadFile(manifestPath)
require.NoError(t, err)
assert.Contains(t, string(manifestBytes), "kind")
}
}
func TestWriteForPaths_invalid_yaml(t *testing.T) {
dir := t.TempDir()
repoUrl := "https://github.com/example/repo"
drySha := "abc123"
paths := []*apiclient.PathDetails{
{
Path: "path1",
Manifests: []*apiclient.HydratedManifestDetails{
{ManifestJSON: `{`}, // Invalid YAML
},
Commands: []string{"command1", "command2"},
},
}
err := WriteForPaths(dir, repoUrl, drySha, paths)
require.Error(t, err)
}
func TestWriteMetadata(t *testing.T) {
dir := t.TempDir()
metadata := hydratorMetadataFile{
RepoURL: "https://github.com/example/repo",
DrySHA: "abc123",
}
err := writeMetadata(dir, metadata)
require.NoError(t, err)
metadataPath := path.Join(dir, "hydrator.metadata")
metadataBytes, err := os.ReadFile(metadataPath)
require.NoError(t, err)
var readMetadata hydratorMetadataFile
err = json.Unmarshal(metadataBytes, &readMetadata)
require.NoError(t, err)
assert.Equal(t, metadata, readMetadata)
}
func TestWriteReadme(t *testing.T) {
dir := t.TempDir()
metadata := hydratorMetadataFile{
RepoURL: "https://github.com/example/repo",
DrySHA: "abc123",
}
err := writeReadme(dir, metadata)
require.NoError(t, err)
readmePath := path.Join(dir, "README.md")
readmeBytes, err := os.ReadFile(readmePath)
require.NoError(t, err)
assert.Contains(t, string(readmeBytes), metadata.RepoURL)
}
func TestWriteManifests(t *testing.T) {
dir := t.TempDir()
manifests := []*apiclient.HydratedManifestDetails{
{ManifestJSON: `{"kind":"Pod","apiVersion":"v1"}`},
}
err := writeManifests(dir, manifests)
require.NoError(t, err)
manifestPath := path.Join(dir, "manifest.yaml")
manifestBytes, err := os.ReadFile(manifestPath)
require.NoError(t, err)
assert.Contains(t, string(manifestBytes), "kind")
}

View File

@@ -0,0 +1,59 @@
// Code generated by mockery v2.43.2. DO NOT EDIT.
package mocks
import (
git "github.com/argoproj/argo-cd/v2/util/git"
mock "github.com/stretchr/testify/mock"
v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
)
// RepoClientFactory is an autogenerated mock type for the RepoClientFactory type
type RepoClientFactory struct {
mock.Mock
}
// NewClient provides a mock function with given fields: repo, rootPath
func (_m *RepoClientFactory) NewClient(repo *v1alpha1.Repository, rootPath string) (git.Client, error) {
ret := _m.Called(repo, rootPath)
if len(ret) == 0 {
panic("no return value specified for NewClient")
}
var r0 git.Client
var r1 error
if rf, ok := ret.Get(0).(func(*v1alpha1.Repository, string) (git.Client, error)); ok {
return rf(repo, rootPath)
}
if rf, ok := ret.Get(0).(func(*v1alpha1.Repository, string) git.Client); ok {
r0 = rf(repo, rootPath)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(git.Client)
}
}
if rf, ok := ret.Get(1).(func(*v1alpha1.Repository, string) error); ok {
r1 = rf(repo, rootPath)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// NewRepoClientFactory creates a new instance of RepoClientFactory. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewRepoClientFactory(t interface {
mock.TestingT
Cleanup(func())
}) *RepoClientFactory {
mock := &RepoClientFactory{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}

View File

@@ -0,0 +1,32 @@
package commit
import (
"github.com/argoproj/argo-cd/v2/commitserver/metrics"
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/v2/util/git"
)
// RepoClientFactory is a factory for creating git clients for a repository.
type RepoClientFactory interface {
NewClient(repo *v1alpha1.Repository, rootPath string) (git.Client, error)
}
type repoClientFactory struct {
gitCredsStore git.CredsStore
metricsServer *metrics.Server
}
// NewRepoClientFactory returns a new instance of the repo client factory.
func NewRepoClientFactory(gitCredsStore git.CredsStore, metricsServer *metrics.Server) RepoClientFactory {
return &repoClientFactory{
gitCredsStore: gitCredsStore,
metricsServer: metricsServer,
}
}
// NewClient creates a new git client for the repository.
func (r *repoClientFactory) NewClient(repo *v1alpha1.Repository, rootPath string) (git.Client, error) {
gitCreds := repo.GetGitCreds(r.gitCredsStore)
opts := git.WithEventHandlers(metrics.NewGitClientEventHandlers(r.metricsServer))
return git.NewClientExt(repo.Repo, rootPath, gitCreds, repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy, opts)
}

View File

@@ -0,0 +1,22 @@
//go:build !linux
package commit
import (
"fmt"
"os"
securejoin "github.com/cyphar/filepath-securejoin"
)
func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) {
fullPath, err := securejoin.SecureJoin(root, unsafePath)
if err != nil {
return "", fmt.Errorf("failed to construct secure path: %w", err)
}
err = os.MkdirAll(fullPath, mode)
if err != nil {
return "", fmt.Errorf("failed to create directory: %w", err)
}
return fullPath, nil
}

View File

@@ -0,0 +1,69 @@
//go:build !linux
package commit
import (
"os"
"path"
"path/filepath"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestSecureMkdirAllDefault(t *testing.T) {
root := t.TempDir()
unsafePath := "test/dir"
fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm)
require.NoError(t, err)
expectedPath := path.Join(root, unsafePath)
assert.Equal(t, expectedPath, fullPath)
}
func TestSecureMkdirAllWithExistingDir(t *testing.T) {
root := t.TempDir()
unsafePath := "existing/dir"
fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm)
require.NoError(t, err)
newPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm)
require.NoError(t, err)
assert.Equal(t, fullPath, newPath)
}
func TestSecureMkdirAllWithFile(t *testing.T) {
root := t.TempDir()
unsafePath := "file.txt"
filePath := filepath.Join(root, unsafePath)
err := os.WriteFile(filePath, []byte("test"), os.ModePerm)
require.NoError(t, err)
_, err = SecureMkdirAll(root, unsafePath, os.ModePerm)
require.Error(t, err)
assert.Contains(t, err.Error(), "failed to create directory")
}
func TestSecureMkdirAllDotDotPath(t *testing.T) {
root := t.TempDir()
unsafePath := "../outside"
fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm)
require.NoError(t, err)
expectedPath := filepath.Join(root, "outside")
assert.Equal(t, expectedPath, fullPath)
info, err := os.Stat(fullPath)
require.NoError(t, err)
assert.True(t, info.IsDir())
relPath, err := filepath.Rel(root, fullPath)
require.NoError(t, err)
assert.False(t, strings.HasPrefix(relPath, ".."))
}

View File

@@ -0,0 +1,22 @@
//go:build linux
package commit
import (
"fmt"
"os"
securejoin "github.com/cyphar/filepath-securejoin"
)
func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) {
err := securejoin.MkdirAll(root, unsafePath, int(mode))
if err != nil {
return "", fmt.Errorf("failed to make directory: %w", err)
}
fullPath, err := securejoin.SecureJoin(root, unsafePath)
if err != nil {
return "", fmt.Errorf("failed to construct secure path: %w", err)
}
return fullPath, nil
}

View File

@@ -0,0 +1,22 @@
//go:build linux
package commit
import (
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/require"
)
func TestSecureMkdirAllLinux(t *testing.T) {
root := t.TempDir()
unsafePath := "test/dir"
fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm)
require.NoError(t, err)
expectedPath := filepath.Join(root, unsafePath)
require.Equal(t, expectedPath, fullPath)
}

View File

@@ -0,0 +1,34 @@
package metrics
import (
"time"
"github.com/argoproj/argo-cd/v2/util/git"
)
// NewGitClientEventHandlers creates event handlers that update Git related metrics
func NewGitClientEventHandlers(metricsServer *Server) git.EventHandlers {
return git.EventHandlers{
OnFetch: func(repo string) func() {
startTime := time.Now()
metricsServer.IncGitRequest(repo, GitRequestTypeFetch)
return func() {
metricsServer.ObserveGitRequestDuration(repo, GitRequestTypeFetch, time.Since(startTime))
}
},
OnLsRemote: func(repo string) func() {
startTime := time.Now()
metricsServer.IncGitRequest(repo, GitRequestTypeLsRemote)
return func() {
metricsServer.ObserveGitRequestDuration(repo, GitRequestTypeLsRemote, time.Since(startTime))
}
},
OnPush: func(repo string) func() {
startTime := time.Now()
metricsServer.IncGitRequest(repo, GitRequestTypePush)
return func() {
metricsServer.ObserveGitRequestDuration(repo, GitRequestTypePush, time.Since(startTime))
}
},
}
}

View File

@@ -0,0 +1,157 @@
package metrics
import (
"net/http"
"time"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/collectors"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
// Server is a prometheus server which collects application metrics.
type Server struct {
handler http.Handler
commitPendingRequestsGauge *prometheus.GaugeVec
gitRequestCounter *prometheus.CounterVec
gitRequestHistogram *prometheus.HistogramVec
commitRequestHistogram *prometheus.HistogramVec
userInfoRequestHistogram *prometheus.HistogramVec
commitRequestCounter *prometheus.CounterVec
}
// GitRequestType is the type of git request
type GitRequestType string
const (
// GitRequestTypeLsRemote is a request to list remote refs
GitRequestTypeLsRemote = "ls-remote"
// GitRequestTypeFetch is a request to fetch from remote
GitRequestTypeFetch = "fetch"
// GitRequestTypePush is a request to push to remote
GitRequestTypePush = "push"
)
// CommitResponseType is the type of response for a commit request
type CommitResponseType string
const (
// CommitResponseTypeSuccess is a successful commit request
CommitResponseTypeSuccess = "success"
// CommitResponseTypeFailure is a failed commit request
CommitResponseTypeFailure = "failure"
)
// NewMetricsServer returns a new prometheus server which collects application metrics.
func NewMetricsServer() *Server {
registry := prometheus.NewRegistry()
registry.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{}))
registry.MustRegister(collectors.NewGoCollector())
commitPendingRequestsGauge := prometheus.NewGaugeVec(
prometheus.GaugeOpts{
Name: "argocd_commitserver_commit_pending_request_total",
Help: "Number of pending commit requests",
},
[]string{"repo"},
)
registry.MustRegister(commitPendingRequestsGauge)
gitRequestCounter := prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "argocd_commitserver_git_request_total",
Help: "Number of git requests performed by repo server",
},
[]string{"repo", "request_type"},
)
registry.MustRegister(gitRequestCounter)
gitRequestHistogram := prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Name: "argocd_commitserver_git_request_duration_seconds",
Help: "Git requests duration seconds.",
Buckets: []float64{0.1, 0.25, .5, 1, 2, 4, 10, 20},
},
[]string{"repo", "request_type"},
)
registry.MustRegister(gitRequestHistogram)
commitRequestHistogram := prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Name: "argocd_commitserver_commit_request_duration_seconds",
Help: "Commit request duration seconds.",
Buckets: []float64{0.1, 0.25, .5, 1, 2, 4, 10, 20},
},
[]string{"repo", "response_type"},
)
registry.MustRegister(commitRequestHistogram)
userInfoRequestHistogram := prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Name: "argocd_commitserver_userinfo_request_duration_seconds",
Help: "Userinfo request duration seconds.",
Buckets: []float64{0.1, 0.25, .5, 1, 2, 4, 10, 20},
},
[]string{"repo", "credential_type"},
)
registry.MustRegister(userInfoRequestHistogram)
commitRequestCounter := prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "argocd_commitserver_commit_request_total",
Help: "Number of commit requests performed handled",
},
[]string{"repo", "response_type"},
)
registry.MustRegister(commitRequestCounter)
return &Server{
handler: promhttp.HandlerFor(registry, promhttp.HandlerOpts{}),
commitPendingRequestsGauge: commitPendingRequestsGauge,
gitRequestCounter: gitRequestCounter,
gitRequestHistogram: gitRequestHistogram,
commitRequestHistogram: commitRequestHistogram,
userInfoRequestHistogram: userInfoRequestHistogram,
commitRequestCounter: commitRequestCounter,
}
}
// GetHandler returns the http.Handler for the prometheus server
func (m *Server) GetHandler() http.Handler {
return m.handler
}
// IncPendingCommitRequest increments the pending commit requests gauge
func (m *Server) IncPendingCommitRequest(repo string) {
m.commitPendingRequestsGauge.WithLabelValues(repo).Inc()
}
// DecPendingCommitRequest decrements the pending commit requests gauge
func (m *Server) DecPendingCommitRequest(repo string) {
m.commitPendingRequestsGauge.WithLabelValues(repo).Dec()
}
// IncGitRequest increments the git requests counter
func (m *Server) IncGitRequest(repo string, requestType GitRequestType) {
m.gitRequestCounter.WithLabelValues(repo, string(requestType)).Inc()
}
// ObserveGitRequestDuration observes the duration of a git request
func (m *Server) ObserveGitRequestDuration(repo string, requestType GitRequestType, duration time.Duration) {
m.gitRequestHistogram.WithLabelValues(repo, string(requestType)).Observe(duration.Seconds())
}
// ObserveCommitRequestDuration observes the duration of a commit request
func (m *Server) ObserveCommitRequestDuration(repo string, rt CommitResponseType, duration time.Duration) {
m.commitRequestHistogram.WithLabelValues(repo, string(rt)).Observe(duration.Seconds())
}
// ObserveUserInfoRequestDuration observes the duration of a userinfo request
func (m *Server) ObserveUserInfoRequestDuration(repo string, credentialType string, duration time.Duration) {
m.userInfoRequestHistogram.WithLabelValues(repo, credentialType).Observe(duration.Seconds())
}
// IncCommitRequest increments the commit request counter
func (m *Server) IncCommitRequest(repo string, rt CommitResponseType) {
m.commitRequestCounter.WithLabelValues(repo, string(rt)).Inc()
}

29
commitserver/server.go Normal file
View File

@@ -0,0 +1,29 @@
package commitserver
import (
"google.golang.org/grpc"
"github.com/argoproj/argo-cd/v2/commitserver/metrics"
"github.com/argoproj/argo-cd/v2/util/git"
"github.com/argoproj/argo-cd/v2/commitserver/apiclient"
"github.com/argoproj/argo-cd/v2/commitserver/commit"
)
// ArgoCDCommitServer is the server that handles commit requests.
type ArgoCDCommitServer struct {
commitService *commit.Service
}
// NewServer returns a new instance of the commit server.
func NewServer(gitCredsStore git.CredsStore, metricsServer *metrics.Server) *ArgoCDCommitServer {
return &ArgoCDCommitServer{commitService: commit.NewService(gitCredsStore, metricsServer)}
}
// CreateGRPC creates a new gRPC server.
func (a *ArgoCDCommitServer) CreateGRPC() *grpc.Server {
server := grpc.NewServer()
apiclient.RegisterCommitServiceServer(server, a.commitService)
return server
}

View File

@@ -26,6 +26,8 @@ const (
const (
// DefaultRepoServerAddr is the gRPC address of the Argo CD repo server
DefaultRepoServerAddr = "argocd-repo-server:8081"
// DefaultCommitServerAddr is the gRPC address of the Argo CD commit server
DefaultCommitServerAddr = "argocd-commit-server:8086"
// DefaultDexServerAddr is the HTTP address of the Dex OIDC server, which we run a reverse proxy against
DefaultDexServerAddr = "argocd-dex-server:5556"
// DefaultRedisAddr is the default redis address
@@ -61,15 +63,19 @@ const (
DefaultPortArgoCDMetrics = 8082
DefaultPortArgoCDAPIServerMetrics = 8083
DefaultPortRepoServerMetrics = 8084
DefaultPortCommitServer = 8086
DefaultPortCommitServerMetrics = 8087
)
// DefaultAddressAPIServer for ArgoCD components
const (
DefaultAddressAdminDashboard = "localhost"
DefaultAddressAPIServer = "0.0.0.0"
DefaultAddressAPIServerMetrics = "0.0.0.0"
DefaultAddressRepoServer = "0.0.0.0"
DefaultAddressRepoServerMetrics = "0.0.0.0"
DefaultAddressAdminDashboard = "localhost"
DefaultAddressAPIServer = "0.0.0.0"
DefaultAddressAPIServerMetrics = "0.0.0.0"
DefaultAddressRepoServer = "0.0.0.0"
DefaultAddressRepoServerMetrics = "0.0.0.0"
DefaultAddressCommitServer = "0.0.0.0"
DefaultAddressCommitServerMetrics = "0.0.0.0"
)
// Default paths on the pod's file system
@@ -174,6 +180,8 @@ const (
LabelValueSecretTypeRepository = "repository"
// LabelValueSecretTypeRepoCreds indicates a secret type of repository credentials
LabelValueSecretTypeRepoCreds = "repo-creds"
// LabelValueSecretTypeRepositoryWrite indicates a secret type of repository credentials for writing
LabelValueSecretTypeRepositoryWrite = "repository-write"
// AnnotationKeyAppInstance is the Argo CD application name is used as the instance name
AnnotationKeyAppInstance = "argocd.argoproj.io/tracking-id"

View File

@@ -42,6 +42,8 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/util/workqueue"
commitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient"
"github.com/argoproj/argo-cd/v2/common"
statecache "github.com/argoproj/argo-cd/v2/controller/cache"
"github.com/argoproj/argo-cd/v2/controller/metrics"
@@ -121,6 +123,8 @@ type ApplicationController struct {
appComparisonTypeRefreshQueue workqueue.RateLimitingInterface
appOperationQueue workqueue.RateLimitingInterface
projectRefreshQueue workqueue.RateLimitingInterface
appHydrateQueue workqueue.RateLimitingInterface
hydrationQueue workqueue.RateLimitingInterface
appInformer cache.SharedIndexInformer
appLister applisters.ApplicationLister
projInformer cache.SharedIndexInformer
@@ -131,6 +135,7 @@ type ApplicationController struct {
statusRefreshJitter time.Duration
selfHealTimeout time.Duration
repoClientset apiclient.Clientset
commitClientset commitclient.Clientset
db db.ArgoDB
settingsMgr *settings_util.SettingsManager
refreshRequestedApps map[string]CompareWith
@@ -154,6 +159,7 @@ func NewApplicationController(
kubeClientset kubernetes.Interface,
applicationClientset appclientset.Interface,
repoClientset apiclient.Clientset,
commitClientset commitclient.Clientset,
argoCache *appstatecache.Cache,
kubectl kube.Kubectl,
appResyncPeriod time.Duration,
@@ -186,10 +192,13 @@ func NewApplicationController(
kubectl: kubectl,
applicationClientset: applicationClientset,
repoClientset: repoClientset,
commitClientset: commitClientset,
appRefreshQueue: workqueue.NewRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.RateLimitingQueueConfig{Name: "app_reconciliation_queue"}),
appOperationQueue: workqueue.NewRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.RateLimitingQueueConfig{Name: "app_operation_processing_queue"}),
projectRefreshQueue: workqueue.NewRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.RateLimitingQueueConfig{Name: "project_reconciliation_queue"}),
appComparisonTypeRefreshQueue: workqueue.NewRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig)),
appHydrateQueue: workqueue.NewRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.RateLimitingQueueConfig{Name: "app_hydration_queue"}),
hydrationQueue: workqueue.NewRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.RateLimitingQueueConfig{Name: "manifest_hydration_queue"}),
db: db,
statusRefreshTimeout: appResyncPeriod,
statusHardRefreshTimeout: appHardResyncPeriod,
@@ -834,6 +843,8 @@ func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int
defer ctrl.appComparisonTypeRefreshQueue.ShutDown()
defer ctrl.appOperationQueue.ShutDown()
defer ctrl.projectRefreshQueue.ShutDown()
defer ctrl.appHydrateQueue.ShutDown()
defer ctrl.hydrationQueue.ShutDown()
ctrl.metricsServer.RegisterClustersInfoSource(ctx, ctrl.stateCache)
ctrl.RegisterClusterSecretUpdater(ctx)
@@ -892,6 +903,17 @@ func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int
for ctrl.processProjectQueueItem() {
}
}, time.Second, ctx.Done())
go wait.Until(func() {
for ctrl.processAppHydrateQueueItem() {
}
}, time.Second, ctx.Done())
go wait.Until(func() {
for ctrl.processHydrationQueueItem() {
}
}, time.Second, ctx.Done())
<-ctx.Done()
}
@@ -1533,6 +1555,12 @@ func (ctrl *ApplicationController) PatchAppWithWriteBack(ctx context.Context, na
return patchedApp, err
}
// processAppRefreshQueueItem does roughly these tasks:
// 1. If we're shutting down, it quits early and returns "false" to indicate we're done processing refreshes.
// 2. Checks whether the app needs to be refreshed. If not, quit early.
// 3. If we're "comparing with nothing," just update the app resource tree in Redis and the app status in k8s.
// 4. Checks that all AppProject restrictions are being followed. If not, clears the app resource tree and managed
// resources in Redis and sets failure conditions on the app status.
func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext bool) {
patchMs := time.Duration(0) // time spent in doing patch/update calls
setOpMs := time.Duration(0) // time spent in doing Operation patch calls in autosync
@@ -1742,6 +1770,329 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
return
}
func (ctrl *ApplicationController) processAppHydrateQueueItem() (processNext bool) {
appKey, shutdown := ctrl.appHydrateQueue.Get()
if shutdown {
processNext = false
return
}
processNext = true
defer func() {
if r := recover(); r != nil {
log.Errorf("Recovered from panic: %+v\n%s", r, debug.Stack())
}
ctrl.appHydrateQueue.Done(appKey)
}()
obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey.(string))
if err != nil {
log.Errorf("Failed to get application '%s' from informer index: %+v", appKey, err)
return
}
if !exists {
// This happens after app was deleted, but the work queue still had an entry for it.
return
}
origApp, ok := obj.(*appv1.Application)
if !ok {
log.Warnf("Key '%s' in index is not an application", appKey)
return
}
origApp = origApp.DeepCopy()
app := origApp.DeepCopy()
if app.Spec.SourceHydrator == nil {
return
}
logCtx := getAppLog(app)
logCtx.Debug("Processing app hydrate queue item")
// If we're using a source hydrator, see if the dry source has changed.
latestRevision, err := ctrl.appStateManager.ResolveDryRevision(app.Spec.SourceHydrator.DrySource.RepoURL, app.Spec.SourceHydrator.DrySource.TargetRevision)
if err != nil {
logCtx.Errorf("Failed to check whether dry source has changed, skipping: %v", err)
return
}
// TODO: don't reuse statusRefreshTimeout. Create a new timeout for hydration.
reason := appNeedsHydration(origApp, ctrl.statusRefreshTimeout, latestRevision)
if reason == "" {
return
}
if latestRevision == "" {
logCtx.Errorf("Dry source has not been resolved, skipping")
return
}
logCtx.WithField("reason", reason).Info("Hydrating app")
app.Status.SourceHydrator.CurrentOperation = &appv1.HydrateOperation{
DrySHA: latestRevision,
StartedAt: metav1.Now(),
FinishedAt: nil,
Phase: appv1.HydrateOperationPhaseHydrating,
SourceHydrator: *app.Spec.SourceHydrator,
}
ctrl.persistAppStatus(origApp, &app.Status)
origApp.Status.SourceHydrator = app.Status.SourceHydrator
ctrl.hydrationQueue.Add(getHydrationQueueKey(app))
logCtx.Debug("Successfully processed app hydrate queue item")
return
}
func getHydrationQueueKey(app *appv1.Application) hydrationQueueKey {
destinationBranch := app.Spec.SourceHydrator.SyncSource.TargetBranch
if app.Spec.SourceHydrator.HydrateTo != nil {
destinationBranch = app.Spec.SourceHydrator.HydrateTo.TargetBranch
}
key := hydrationQueueKey{
sourceRepoURL: app.Spec.SourceHydrator.DrySource.RepoURL,
sourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
destinationBranch: destinationBranch,
}
return key
}
type hydrationQueueKey struct {
sourceRepoURL string
sourceTargetRevision string
destinationBranch string
}
type uniqueHydrationDestination struct {
sourceRepoURL string
sourceTargetRevision string
destinationBranch string
destinationPath string
}
func (ctrl *ApplicationController) processHydrationQueueItem() (processNext bool) {
key, shutdown := ctrl.hydrationQueue.Get()
if shutdown {
processNext = false
return
}
hydrationKey, ok := key.(hydrationQueueKey)
if !ok {
log.Errorf("Failed to cast key to hydrationQueueKey")
processNext = true
return
}
logCtx := log.WithFields(log.Fields{
"sourceRepoURL": hydrationKey.sourceRepoURL,
"sourceTargetRevision": hydrationKey.sourceTargetRevision,
"destinationBranch": hydrationKey.destinationBranch,
})
processNext = true
defer func() {
if r := recover(); r != nil {
log.Errorf("Recovered from panic: %+v\n%s", r, debug.Stack())
}
ctrl.hydrationQueue.Done(key)
}()
logCtx.Debug("Processing hydration queue item")
relevantApps, drySHA, hydratedSHA, err := ctrl.hydrateAppsLatestCommit(logCtx, hydrationKey)
if err != nil {
logCtx.WithField("appCount", len(relevantApps)).WithError(err).Error("Failed to hydrate apps")
for _, app := range relevantApps {
origApp := app.DeepCopy()
app.Status.SourceHydrator.CurrentOperation.Phase = appv1.HydrateOperationPhaseFailed
failedAt := metav1.Now()
app.Status.SourceHydrator.CurrentOperation.FinishedAt = &failedAt
app.Status.SourceHydrator.CurrentOperation.Message = fmt.Sprintf("Failed to hydrated revision %s: %v", drySHA, err.Error())
ctrl.persistAppStatus(origApp, &app.Status)
logCtx.Errorf("Failed to hydrate app: %v", err)
}
return
}
logCtx.WithField("appCount", len(relevantApps)).Debug("Successfully hydrated apps")
finishedAt := metav1.Now()
for _, app := range relevantApps {
origApp := app.DeepCopy()
operation := &appv1.HydrateOperation{
StartedAt: app.Status.SourceHydrator.CurrentOperation.StartedAt,
FinishedAt: &finishedAt,
Phase: appv1.HydrateOperationPhaseHydrated,
Message: "",
DrySHA: drySHA,
HydratedSHA: hydratedSHA,
SourceHydrator: app.Status.SourceHydrator.CurrentOperation.SourceHydrator,
}
app.Status.SourceHydrator.CurrentOperation = operation
app.Status.SourceHydrator.LastSuccessfulOperation = &appv1.SuccessfulHydrateOperation{
DrySHA: drySHA,
HydratedSHA: hydratedSHA,
SourceHydrator: app.Status.SourceHydrator.CurrentOperation.SourceHydrator,
}
ctrl.persistAppStatus(origApp, &app.Status)
// Request a refresh since we pushed a new commit.
ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), nil)
}
return
}
func (ctrl *ApplicationController) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey hydrationQueueKey) ([]*appv1.Application, string, string, error) {
relevantApps, err := ctrl.getRelevantAppsForHydration(logCtx, hydrationKey)
if err != nil {
return nil, "", "", fmt.Errorf("failed to get relevant apps for hydration: %w", err)
}
dryRevision, err := ctrl.appStateManager.ResolveDryRevision(hydrationKey.sourceRepoURL, hydrationKey.sourceTargetRevision)
if err != nil {
return relevantApps, "", "", fmt.Errorf("failed to resolve dry revision: %w", err)
}
hydratedRevision, err := ctrl.hydrate(relevantApps, dryRevision)
if err != nil {
return relevantApps, dryRevision, "", fmt.Errorf("failed to hydrate apps: %w", err)
}
return relevantApps, dryRevision, hydratedRevision, nil
}
func (ctrl *ApplicationController) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey hydrationQueueKey) ([]*appv1.Application, error) {
// Get all apps
apps, err := ctrl.appLister.List(labels.Everything())
if err != nil {
return nil, fmt.Errorf("failed to list apps: %w", err)
}
var relevantApps []*appv1.Application
uniqueDestinations := make(map[uniqueHydrationDestination]bool, len(apps))
for _, app := range apps {
// TODO: test that we're actually skipping un-processable apps.
if !ctrl.canProcessApp(app) {
continue
}
if app.Spec.SourceHydrator == nil {
continue
}
if app.Spec.SourceHydrator.DrySource.RepoURL != hydrationKey.sourceRepoURL ||
app.Spec.SourceHydrator.DrySource.TargetRevision != hydrationKey.sourceTargetRevision {
continue
}
destinationBranch := app.Spec.SourceHydrator.SyncSource.TargetBranch
if app.Spec.SourceHydrator.HydrateTo != nil {
destinationBranch = app.Spec.SourceHydrator.HydrateTo.TargetBranch
}
if destinationBranch != hydrationKey.destinationBranch {
continue
}
var proj *appv1.AppProject
proj, err = ctrl.getAppProj(app)
if err != nil {
return nil, fmt.Errorf("failed to get project %q for app %q: %w", app.Spec.Project, app.QualifiedName(), err)
}
permitted := proj.IsSourcePermitted(app.Spec.GetSource())
if !permitted {
// Log and skip. We don't want to fail the entire operation because of one app.
logCtx.Warnf("App %q is not permitted to use source %q", app.QualifiedName(), app.Spec.Source.String())
continue
}
uniqueDestinationKey := uniqueHydrationDestination{
sourceRepoURL: app.Spec.SourceHydrator.DrySource.RepoURL,
sourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
destinationBranch: destinationBranch,
destinationPath: app.Spec.SourceHydrator.SyncSource.Path,
}
// TODO: test the dupe detection
if _, ok := uniqueDestinations[uniqueDestinationKey]; ok {
return nil, fmt.Errorf("multiple app hydrators use the same destination: %v", uniqueDestinationKey)
}
uniqueDestinations[uniqueDestinationKey] = true
relevantApps = append(relevantApps, app)
}
return relevantApps, nil
}
func (ctrl *ApplicationController) hydrate(apps []*appv1.Application, revision string) (string, error) {
if len(apps) == 0 {
return "", nil
}
repoURL := apps[0].Spec.SourceHydrator.DrySource.RepoURL
syncBranch := apps[0].Spec.SourceHydrator.SyncSource.TargetBranch
targetBranch := apps[0].Spec.GetHydrateToSource().TargetRevision
var paths []*commitclient.PathDetails
for _, app := range apps {
project, err := ctrl.getAppProj(app)
if err != nil {
return "", fmt.Errorf("failed to get project: %w", err)
}
drySource := appv1.ApplicationSource{
RepoURL: app.Spec.SourceHydrator.DrySource.RepoURL,
Path: app.Spec.SourceHydrator.DrySource.Path,
TargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
}
drySources := []appv1.ApplicationSource{drySource}
revisions := []string{app.Spec.SourceHydrator.DrySource.TargetRevision}
appLabelKey, err := ctrl.settingsMgr.GetAppInstanceLabelKey()
if err != nil {
return "", fmt.Errorf("failed to get app instance label key: %w", err)
}
// TODO: enable signature verification
objs, resp, err := ctrl.appStateManager.GetRepoObjs(app, drySources, appLabelKey, revisions, false, false, false, project, false, false)
if err != nil {
return "", fmt.Errorf("failed to get repo objects: %w", err)
}
// Set up a ManifestsRequest
manifestDetails := make([]*commitclient.HydratedManifestDetails, len(objs))
for i, obj := range objs {
objJson, err := json.Marshal(obj)
if err != nil {
return "", fmt.Errorf("failed to marshal object: %w", err)
}
manifestDetails[i] = &commitclient.HydratedManifestDetails{ManifestJSON: string(objJson)}
}
paths = append(paths, &commitclient.PathDetails{
Path: app.Spec.SourceHydrator.SyncSource.Path,
Manifests: manifestDetails,
Commands: resp[0].Commands,
})
}
repo, err := ctrl.db.GetHydratorCredentials(context.Background(), repoURL)
if err != nil {
return "", fmt.Errorf("failed to get hydrator credentials: %w", err)
}
if repo == nil {
// Try without credentials.
repo = &appv1.Repository{
Repo: repoURL,
}
}
manifestsRequest := commitclient.CommitHydratedManifestsRequest{
Repo: repo,
SyncBranch: syncBranch,
TargetBranch: targetBranch,
DrySha: revision,
CommitMessage: fmt.Sprintf("[Argo CD Bot] hydrate %s", revision),
Paths: paths,
}
closer, commitService, err := ctrl.commitClientset.NewCommitServerClient()
if err != nil {
return "", fmt.Errorf("failed to create commit service: %w", err)
}
defer closer.Close()
resp, err := commitService.CommitHydratedManifests(context.Background(), &manifestsRequest)
if err != nil {
return "", fmt.Errorf("failed to commit hydrated manifests: %w", err)
}
return resp.HydratedSha, nil
}
func resourceStatusKey(res appv1.ResourceStatus) string {
return strings.Join([]string{res.Group, res.Kind, res.Namespace, res.Name}, "/")
}
@@ -1810,6 +2161,36 @@ func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application,
return false, refreshType, compareWith
}
// appNeedsHydration answers if application needs manifests hydrated.
func appNeedsHydration(app *appv1.Application, statusHydrateTimeout time.Duration, latestRevision string) string {
if app.Spec.SourceHydrator == nil {
return ""
}
var hydratedAt *metav1.Time
if app.Status.SourceHydrator.CurrentOperation != nil {
hydratedAt = &app.Status.SourceHydrator.CurrentOperation.StartedAt
}
if app.IsHydrateRequested() {
return "hydrate requested"
} else if app.Status.SourceHydrator.CurrentOperation == nil {
return "no previous hydrate operation"
} else if !app.Spec.SourceHydrator.DeepEquals(app.Status.SourceHydrator.CurrentOperation.SourceHydrator) {
return "spec.sourceHydrator differs"
} else if app.Status.SourceHydrator.CurrentOperation.DrySHA != latestRevision {
return "revision differs"
} else if app.Status.SourceHydrator.CurrentOperation.Phase == appv1.HydrateOperationPhaseFailed && metav1.Now().Sub(app.Status.SourceHydrator.CurrentOperation.FinishedAt.Time) > 2*time.Minute {
return "previous hydrate operation failed more than 2 minutes ago"
} else if hydratedAt == nil || hydratedAt.Add(statusHydrateTimeout).Before(time.Now().UTC()) {
return "hydration expired"
}
return ""
}
// refreshAppConditions validates whether AppProject restrictions are being followed. If not, it adds error conditions
// to the app status.
func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application) (*appv1.AppProject, bool) {
errorConditions := make([]appv1.ApplicationCondition, 0)
proj, err := ctrl.getAppProj(app)
@@ -2084,7 +2465,7 @@ func alreadyAttemptedSync(app *appv1.Application, commitSHA string, commitSHAsMS
} else {
// Ignore differences in target revision, since we already just verified commitSHAs are equal,
// and we do not want to trigger auto-sync due to things like HEAD != master
specSource := app.Spec.Source.DeepCopy()
specSource := app.Spec.GetSource()
specSource.TargetRevision = ""
syncResSource := app.Status.OperationState.SyncResult.Source.DeepCopy()
syncResSource.TargetRevision = ""
@@ -2275,6 +2656,7 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar
if !newOK || (delay != nil && *delay != time.Duration(0)) {
ctrl.appOperationQueue.AddRateLimited(key)
}
ctrl.appHydrateQueue.AddRateLimited(newApp.QualifiedName())
ctrl.clusterSharding.UpdateApp(newApp)
},
DeleteFunc: func(obj interface{}) {

View File

@@ -37,6 +37,7 @@ import (
dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks"
mockcommitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient/mocks"
mockstatecache "github.com/argoproj/argo-cd/v2/controller/cache/mocks"
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake"
@@ -113,6 +114,8 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController {
mockRepoClientset := mockrepoclient.Clientset{RepoServerServiceClient: &mockRepoClient}
mockCommitClientset := mockcommitclient.Clientset{}
secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "argocd-secret",
@@ -142,6 +145,7 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController {
kubeClient,
appclientset.NewSimpleClientset(data.apps...),
&mockRepoClientset,
&mockCommitClientset,
appstatecache.NewCache(
cacheutil.NewCache(cacheutil.NewInMemoryCache(1*time.Minute)),
1*time.Minute,
@@ -2134,3 +2138,88 @@ func TestAppStatusIsReplaced(t *testing.T) {
require.True(t, has)
require.Nil(t, val)
}
func Test_appNeedsHydration(t *testing.T) {
t.Parallel()
now := time.Now()
oneHourAgo := metav1.NewTime(now.Add(-1 * time.Hour))
testCases := []struct {
name string
app *v1alpha1.Application
timeout time.Duration
latestRevision string
expected string
}{
{
name: "source hydrator not configured",
app: &v1alpha1.Application{},
expected: "source hydrator not configured",
},
{
name: "hydrate requested",
app: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{v1alpha1.AnnotationKeyHydrate: "normal"}}},
timeout: 1 * time.Hour,
latestRevision: "abc123",
expected: "hydrate requested",
},
{
name: "no previous hydrate operation",
app: &v1alpha1.Application{},
timeout: 1 * time.Hour,
latestRevision: "abc123",
expected: "no previous hydrate operation",
},
{
name: "spec.sourceHydrator differs",
app: &v1alpha1.Application{
Spec: v1alpha1.ApplicationSpec{
SourceHydrator: &v1alpha1.SourceHydrator{},
},
Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{
SourceHydrator: v1alpha1.SourceHydrator{DrySource: v1alpha1.DrySource{RepoURL: "something new"}},
}}},
},
timeout: 1 * time.Hour,
latestRevision: "abc123",
expected: "spec.sourceHydrator differs",
},
{
name: "dry SHA has changed",
app: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{DrySHA: "xyz123"}}}},
timeout: 1 * time.Hour,
latestRevision: "abc123",
expected: "revision differs",
},
{
name: "hydration failed more than two minutes ago",
app: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{DrySHA: "abc123", FinishedAt: &oneHourAgo, Phase: v1alpha1.HydrateOperationPhaseFailed}}}},
timeout: 1 * time.Hour,
latestRevision: "abc123",
expected: "previous hydrate operation failed more than 2 minutes ago",
},
{
name: "timeout reached",
app: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{StartedAt: oneHourAgo}}}},
timeout: 1 * time.Minute,
latestRevision: "abc123",
expected: "hydration expired",
},
{
name: "hydrate not needed",
app: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{DrySHA: "abc123", FinishedAt: &oneHourAgo, Phase: v1alpha1.HydrateOperationPhaseFailed}}}},
timeout: 1 * time.Hour,
latestRevision: "abc123",
expected: "",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
result := appNeedsHydration(tc.app, tc.timeout, tc.latestRevision)
assert.Equal(t, tc.expected, result)
})
}
}

View File

@@ -51,7 +51,7 @@ func (ctrl *ApplicationController) executePostDeleteHooks(app *v1alpha1.Applicat
revisions = append(revisions, src.TargetRevision)
}
targets, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, false)
targets, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, false, true)
if err != nil {
return false, err
}

View File

@@ -70,7 +70,8 @@ type managedResource struct {
type AppStateManager interface {
CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error)
SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState)
GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error)
GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool, sendAppName bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error)
ResolveDryRevision(repoURL string, revision string) (string, error)
}
// comparisonResult holds the state of an application after the reconciliation
@@ -123,7 +124,7 @@ type appStateManager struct {
// task to the repo-server. It returns the list of generated manifests as unstructured
// objects. It also returns the full response from all calls to the repo server as the
// second argument.
func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) {
func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) {
ts := stats.NewTimingStats()
helmRepos, err := m.db.ListHelmRepositories(context.Background())
if err != nil {
@@ -205,6 +206,14 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
}
}
appNamespace := app.Spec.Destination.Namespace
apiVersions := argo.APIResourcesToStrings(apiResources, true)
if !sendRuntimeState {
appNamespace = ""
apiVersions = nil
serverVersion = ""
}
val, ok := app.Annotations[v1alpha1.AnnotationKeyManifestGeneratePaths]
if !source.IsHelm() && syncedRevision != "" && ok && val != "" {
// Validate the manifest-generate-path annotation to avoid generating manifests if it has not changed.
@@ -215,10 +224,10 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
Paths: path.GetAppRefreshPaths(app),
AppLabelKey: appLabelKey,
AppName: app.InstanceName(m.namespace),
Namespace: app.Spec.Destination.Namespace,
Namespace: appNamespace,
ApplicationSource: &source,
KubeVersion: serverVersion,
ApiVersions: argo.APIResourcesToStrings(apiResources, true),
ApiVersions: apiVersions,
TrackingMethod: string(argo.GetTrackingMethod(m.settingsMgr)),
RefSources: refSources,
HasMultipleSources: app.Spec.HasMultipleSources(),
@@ -238,11 +247,11 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
NoRevisionCache: noRevisionCache,
AppLabelKey: appLabelKey,
AppName: app.InstanceName(m.namespace),
Namespace: app.Spec.Destination.Namespace,
Namespace: appNamespace,
ApplicationSource: &source,
KustomizeOptions: kustomizeOptions,
KubeVersion: serverVersion,
ApiVersions: argo.APIResourcesToStrings(apiResources, true),
ApiVersions: apiVersions,
VerifySignature: verifySignature,
HelmRepoCreds: permittedHelmCredentials,
TrackingMethod: string(argo.GetTrackingMethod(m.settingsMgr)),
@@ -275,6 +284,38 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
return targetObjs, manifestInfos, nil
}
func (m *appStateManager) ResolveDryRevision(repoURL string, revision string) (string, error) {
conn, repoClient, err := m.repoClientset.NewRepoServerClient()
if err != nil {
return "", fmt.Errorf("failed to connect to repo server: %w", err)
}
defer io.Close(conn)
repo, err := m.db.GetRepository(context.Background(), repoURL, "")
if err != nil {
return "", fmt.Errorf("failed to get repo %q: %w", repoURL, err)
}
// Mock the app. The repo-server only needs to know whether the "chart" field is populated.
app := &v1alpha1.Application{
Spec: v1alpha1.ApplicationSpec{
Source: &v1alpha1.ApplicationSource{
RepoURL: repoURL,
TargetRevision: revision,
},
},
}
resp, err := repoClient.ResolveRevision(context.Background(), &apiclient.ResolveRevisionRequest{
Repo: repo,
App: app,
AmbiguousRevision: revision,
})
if err != nil {
return "", fmt.Errorf("failed to determine whether the dry source has changed: %w", err)
}
return resp.Revision, nil
}
func unmarshalManifests(manifests []string) ([]*unstructured.Unstructured, error) {
targetObjs := make([]*unstructured.Unstructured, 0)
for _, manifest := range manifests {
@@ -449,7 +490,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
}
}
targetObjs, manifestInfos, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, rollback)
targetObjs, manifestInfos, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, rollback, true)
if err != nil {
targetObjs = make([]*unstructured.Unstructured, 0)
msg := fmt.Sprintf("Failed to load target state: %s", err.Error())

View File

@@ -92,10 +92,14 @@ spec:
# You can specify the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses
# the Kubernetes version of the target cluster. The value must be semver formatted. Do not prefix with `v`.
# This field is useful primarily when using sourceHydrator, which requires the Kubernetes version to be set
# explicitly in .argocd-source.yaml.
kubeVersion: 1.30.0
# You can specify the Kubernetes resource API versions to pass to Helm when templating manifests. By default, Argo
# CD uses the API versions of the target cluster. The format is [group/]version/kind.
# This field is useful primarily when using sourceHydrator, which requires the API versions to be set explicitly
# in .argocd-source.yaml.
apiVersions:
- traefik.io/v1alpha1/TLSOption
- v1/Service
@@ -139,10 +143,14 @@ spec:
# You can specify the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses
# the Kubernetes version of the target cluster. The value must be semver formatted. Do not prefix with `v`.
# This field is useful primarily when using sourceHydrator, which requires the Kubernetes version to be set
# explicitly in .argocd-source.yaml.
kubeVersion: 1.30.0
# You can specify the Kubernetes resource API versions to pass to Helm when templating manifests. By default, Argo
# CD uses the API versions of the target cluster. The format is [group/]version/kind.
# This field is useful primarily when using sourceHydrator, which requires the API versions to be set explicitly
# in .argocd-source.yaml.
apiVersions:
- traefik.io/v1alpha1/TLSOption
- v1/Service
@@ -199,6 +207,29 @@ spec:
path: guestbook # This has no meaning for Helm charts pulled directly from a Helm repo instead of git.
ref: my-repo # For Helm, acts as a reference to this source for fetching values files from this source. Has no meaning when under `source` field
# Hydrates manifests and pushes them to the configured hydrateTo or syncSource branch.
sourceHydrator:
# drySource is the source of "don't repeat yourself" manifests to hydrate - i.e. Kustomize, Helm, etc. manifests.
drySource:
# repoURL is the URL of the git repository containing the manifests to hydrate. It must be git, Helm is not
# a supported dry source.
repoURL: https://github.com/argoproj/argocd-example-apps.git
path: helm-guestbook
targetRevision: HEAD
# syncSource is the branch/path from which Argo CD will sync. If hydrateTo is not set, this is also the branch to
# which Argo CD will push hydrated manifests.
syncSource:
targetBranch: env/dev
# You can set path to '.', but it is recommended to set it to a directory. This will make it easier to add other
# applications to hydrate to the same branch.
path: guestbook
# hydrateTo is the branch to which Argo CD will push hydrated manifests. If not set, Argo CD will push to the branch
# specified in syncSource.
# Setting hydrateTo allows you to "stage" changes in a branch which Argo CD does not sync from. You can then use an
# external tool to merge the changes into the syncSource branch.
hydrateTo:
targetBranch: env/dev-next
# Destination cluster and namespace to deploy the application
destination:
# cluster API URL

View File

@@ -9,6 +9,9 @@ data:
# Repo server address. (default "argocd-repo-server:8081")
repo.server: "argocd-repo-server:8081"
# Commit server address. (default "argocd-commit-server:8086")
commit.server: "argocd-commit-server:8086"
# Redis server hostname and port (e.g. argocd-redis:6379)
redis.server: "argocd-redis:6379"
# Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip')
@@ -188,6 +191,16 @@ data:
# Include hidden directories from Git
reposerver.include.hidden.directories: "false"
## Commit-server properties
# Listen on given address for incoming connections (default "0.0.0.0")
commitserver.listen.address: "0.0.0.0"
# Set the logging format. One of: text|json (default "text")
commitserver.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
commitserver.log.level: "info"
# Listen on given address for metrics (default "0.0.0.0")
commitserver.metrics.listen.address: "0.0.0.0"
# Disable TLS on the HTTP endpoint
dexserver.disable.tls: "false"

View File

@@ -86,6 +86,20 @@ Scraped at the `argocd-repo-server:8084/metrics` endpoint.
| `argocd_redis_request_total` | counter | Number of Kubernetes requests executed during application reconciliation. |
| `argocd_repo_pending_request_total` | gauge | Number of pending requests requiring repository lock |
## Commit Server Metrics
Metrics about the Commit Server.
Scraped at the `argocd-commit-server:8087/metrics` endpoint.
| Metric | Type | Description |
|---------------------------------------------------------|:---------:|------------------------------------------------------|
| `argocd_commitserver_commit_pending_request_total` | guage | Number of pending commit requests. |
| `argocd_commitserver_git_request_duration_seconds` | histogram | Git requests duration seconds. |
| `argocd_commitserver_git_request_total` | counter | Number of git requests performed by commit server |
| `argocd_commitserver_commit_request_duration_seconds` | histogram | Commit requests duration seconds. |
| `argocd_commitserver_userinfo_request_duration_seconds` | histogram | Userinfo requests duration seconds. |
| `argocd_commitserver_commit_request_total` | counter | Number of commit requests performed by commit server |
## Prometheus Operator
If using Prometheus Operator, the following ServiceMonitor example manifests can be used.

View File

@@ -33,6 +33,7 @@
- [notification.toolkit.fluxcd.io/Receiver/reconcile](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/reconcile/action.lua)
- [notification.toolkit.fluxcd.io/Receiver/resume](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/resume/action.lua)
- [notification.toolkit.fluxcd.io/Receiver/suspend](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/suspend/action.lua)
- [promoter.argoproj.io/PullRequest/merge](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/promoter.argoproj.io/PullRequest/actions/merge/action.lua)
- [source.toolkit.fluxcd.io/Bucket/reconcile](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/reconcile/action.lua)
- [source.toolkit.fluxcd.io/Bucket/resume](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/resume/action.lua)
- [source.toolkit.fluxcd.io/Bucket/suspend](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/suspend/action.lua)

View File

@@ -27,6 +27,7 @@ argocd-application-controller [flags]
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--commit-server string Commit server address. (default "argocd-commit-server:8086")
--context string The name of the kubeconfig context to use
--default-cache-expiration duration Cache expiration default (default 24h0m0s)
--disable-compression If true, opt-out of response compression for all requests to the server

View File

@@ -9,6 +9,9 @@ Argo CD supports several different ways in which Kubernetes manifests can be def
* A directory of YAML/JSON/Jsonnet manifests, including [Jsonnet](jsonnet.md).
* Any [custom config management tool](../operator-manual/config-management-plugins.md) configured as a config management plugin
Argo CD also supports the "rendered manifest" pattern, i.e. pushing the hydrated manifests to git before syncing them to
the cluster. See the [source hydrator](source-hydrator.md) page for more information.
## Development
Argo CD also supports uploading local manifests directly. Since this is an anti-pattern of the
GitOps paradigm, this should only be done for development purposes. A user with an `override` permission is required

View File

@@ -45,6 +45,9 @@ argocd admin app generate-spec APPNAME [flags]
--directory-exclude string Set glob expression used to exclude files from application source path
--directory-include string Set glob expression used to include files from application source path
--directory-recurse Recurse directory
--dry-source-path string Path in repository to the app directory for the dry source
--dry-source-repo string Repository URL of the app dry source
--dry-source-revision string Revision of the app dry source
--env string Application environment to monitor
-f, --file string Filename or URL to Kubernetes manifests for the app
--helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster
@@ -58,6 +61,7 @@ argocd admin app generate-spec APPNAME [flags]
--helm-skip-crds Skip helm crd installation step
--helm-version string Helm version
-h, --help help for generate-spec
--hydrate-to-branch string The branch to hydrate the app to
--ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values
-i, --inline If set then generated resource is written back to the file specified in --file flag
--jsonnet-ext-var-code stringArray Jsonnet ext var
@@ -98,6 +102,8 @@ argocd admin app generate-spec APPNAME [flags]
--sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2)
--sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s)
--sync-retry-limit int Max number of allowed sync retries
--sync-source-branch string The branch from which the app will sync
--sync-source-path string The path in the repository from which the app will sync
--validate Validation of repo and cluster (default true)
--values stringArray Helm values file(s) to use
--values-literal-file string Filename or URL to import as a literal Helm values block

View File

@@ -28,6 +28,9 @@ argocd app add-source APPNAME [flags]
--directory-exclude string Set glob expression used to exclude files from application source path
--directory-include string Set glob expression used to include files from application source path
--directory-recurse Recurse directory
--dry-source-path string Path in repository to the app directory for the dry source
--dry-source-repo string Repository URL of the app dry source
--dry-source-revision string Revision of the app dry source
--env string Application environment to monitor
--helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster
--helm-chart string Helm Chart name
@@ -40,6 +43,7 @@ argocd app add-source APPNAME [flags]
--helm-skip-crds Skip helm crd installation step
--helm-version string Helm version
-h, --help help for add-source
--hydrate-to-branch string The branch to hydrate the app to
--ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values
--jsonnet-ext-var-code stringArray Jsonnet ext var
--jsonnet-ext-var-str stringArray Jsonnet string ext var
@@ -75,6 +79,8 @@ argocd app add-source APPNAME [flags]
--sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2)
--sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s)
--sync-retry-limit int Max number of allowed sync retries
--sync-source-branch string The branch from which the app will sync
--sync-source-path string The path in the repository from which the app will sync
--validate Validation of repo and cluster (default true)
--values stringArray Helm values file(s) to use
--values-literal-file string Filename or URL to import as a literal Helm values block

View File

@@ -47,6 +47,9 @@ argocd app create APPNAME [flags]
--directory-exclude string Set glob expression used to exclude files from application source path
--directory-include string Set glob expression used to include files from application source path
--directory-recurse Recurse directory
--dry-source-path string Path in repository to the app directory for the dry source
--dry-source-repo string Repository URL of the app dry source
--dry-source-revision string Revision of the app dry source
--env string Application environment to monitor
-f, --file string Filename or URL to Kubernetes manifests for the app
--helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster
@@ -60,6 +63,7 @@ argocd app create APPNAME [flags]
--helm-skip-crds Skip helm crd installation step
--helm-version string Helm version
-h, --help help for create
--hydrate-to-branch string The branch to hydrate the app to
--ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values
--jsonnet-ext-var-code stringArray Jsonnet ext var
--jsonnet-ext-var-str stringArray Jsonnet string ext var
@@ -98,6 +102,8 @@ argocd app create APPNAME [flags]
--sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2)
--sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s)
--sync-retry-limit int Max number of allowed sync retries
--sync-source-branch string The branch from which the app will sync
--sync-source-path string The path in the repository from which the app will sync
--upsert Allows to override application with the same name even if supplied application spec is different from existing spec
--validate Validation of repo and cluster (default true)
--values stringArray Helm values file(s) to use

View File

@@ -37,6 +37,9 @@ argocd app set APPNAME [flags]
--directory-exclude string Set glob expression used to exclude files from application source path
--directory-include string Set glob expression used to include files from application source path
--directory-recurse Recurse directory
--dry-source-path string Path in repository to the app directory for the dry source
--dry-source-repo string Repository URL of the app dry source
--dry-source-revision string Revision of the app dry source
--env string Application environment to monitor
--helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster
--helm-chart string Helm Chart name
@@ -49,6 +52,7 @@ argocd app set APPNAME [flags]
--helm-skip-crds Skip helm crd installation step
--helm-version string Helm version
-h, --help help for set
--hydrate-to-branch string The branch to hydrate the app to
--ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values
--jsonnet-ext-var-code stringArray Jsonnet ext var
--jsonnet-ext-var-str stringArray Jsonnet string ext var
@@ -85,6 +89,8 @@ argocd app set APPNAME [flags]
--sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2)
--sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s)
--sync-retry-limit int Max number of allowed sync retries
--sync-source-branch string The branch from which the app will sync
--sync-source-path string The path in the repository from which the app will sync
--validate Validation of repo and cluster (default true)
--values stringArray Helm values file(s) to use
--values-literal-file string Filename or URL to import as a literal Helm values block

View File

@@ -43,6 +43,7 @@ argocd app wait [APPNAME.. | -l selector] [flags]
--delete Wait for delete
--health Wait for health
-h, --help help for wait
--hydrated Wait for hydration operations
--operation Wait for pending operations
-o, --output string Output format. One of: json|yaml|wide|tree|tree=detailed (default "wide")
--resource stringArray Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly

View File

@@ -0,0 +1,131 @@
# Source Hydrator
**Current feature state**: Alpha
Tools like Helm and Kustomize allow users to express their Kubernetes manifests in a more concise and reusable way
(keeping it DRY - Don't Repeat Yourself). However, these tools can obscure the actual Kubernetes manifests that are
applied to the cluster.
The "rendered manifest pattern" is a way to push the hydrated manifests to git before syncing them to the cluster. This
allows users to see the actual Kubernetes manifests that are applied to the cluster.
The source hydrator is a feature of Argo CD that allows users to push the hydrated manifests to git before syncing them
to the cluster.
## Using the Source Hydrator
To use the source hydrator, you must first install a push secret.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-push-secret
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository-write
type: Opaque
stringData:
url: "https://github.com"
type: "git"
githubAppID: "<your app ID here>"
githubAppInstallationID: "<your installation ID here>"
githubAppPrivateKey: |
<your private key here>
```
For now, the source hydrator only supports GitHub Apps. To use the source hydrator, you must first
[create a GitHub App](https://github.com/settings/apps/new) with read/write permissions and install it in the repository
you want to use it in. After you install the app, the installation ID will appear in the URL. The private key is
generated when you create the GitHub App.
Once your push secret is installed, set the `spec.sourceHydrator` field of the Application. For example:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
sourceHydrator:
drySource:
repoURL: https://github.com/argoproj/argocd-example-apps
path: helm-guestbook
targetRevision: HEAD
syncSource:
targetBranch: environments/dev
path: helm-guestbook
```
In this example, the hydrated manifests will be pushed to the `environments/dev` branch of the `argocd-example-apps`
repository.
## Pushing to a "Staging" Branch
The source hydrator can be used to push hydrated manifests to a "staging" branch instead of the `syncSource` branch.
This provides a way to prevent the hydrated manifests from being applied to the cluster until some prerequisite
conditions are met (in effect providing a way to handle environment promotion via Pull Requests).
To use the source hydrator to push to a "staging" branch, set the `spec.sourceHydrator.hydrateTo` field of the
Application. For example:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
project: my-project
destination:
server: https://kubernetes.default.svc
namespace: default
sourceHydrator:
drySource:
repoURL: https://github.com/argoproj/argocd-example-apps
path: helm-guestbook
targetRevision: HEAD
syncSource:
targetBranch: environments/dev
path: helm-guestbook
hydrateTo:
targetBranch: environments/dev-next
```
In this example, the hydrated manifests will be pushed to the `environments/dev-next` branch, and Argo CD will not sync
the changes until something moves them to the `environments/dev` branch.
You could use a CI action to move the hydrated manifests from the `hydrateTo` branch to the `syncSource` branch. To
introduce a gating mechanism, you could require a Pull Request to be opened to merge the changes from the `hydrateTo`
branch to the `syncSource` branch.
## Prerequisites
### Handle Secrets on the Destination Cluster
Do not use the source hydrator with any tool that injects secrets into your manifests as part of the hydration process
(for example, Helm with SOPS or the Argo CD Vault Plugin). These secrets would be committed to git. Instead, use a
secrets operator that populates the secret values on the destination cluster.
## Best Practices
### Make Hydration Deterministic
The source hydrator should be deterministic. For a given dry source commit, the hydrator should always produce the same
hydrated manifests. This means that the hydrator should not rely on external state or configuration that is not stored
in git.
Examples of non-deterministic hydration:
* A Helm chart using unpinned dependencies
* A Helm chart is using a template function such as `randAlphaNum`
* [Config Management Plugins](../operator-manual/config-management-plugins.md) which retrieve non-git state, such as secrets
* Kustomize manifests referencing unpinned remote bases
* Kustomize manifests which use generated names, such as the configMapGenerator
### Enable Branch Protection
Argo CD should be the only thing pushing hydrated manifests to the hydrated branches. To prevent other tools or users
from pushing to the hydrated branches, enable branch protection in your SCM.
It is best practice to prefix the hydrated branches with a common prefix, such as `environment/`. This makes it easier
to configure branch protection rules on the destination repository.

2
go.mod
View File

@@ -42,6 +42,7 @@ require (
github.com/golang/protobuf v1.5.4
github.com/google/btree v1.1.2
github.com/google/go-cmp v0.6.0
github.com/google/go-github/v62 v62.0.0
github.com/google/go-github/v63 v63.0.0
github.com/google/go-jsonnet v0.20.0
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
@@ -138,7 +139,6 @@ require (
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-github/v62 v62.0.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect

View File

@@ -86,7 +86,7 @@ MOD_ROOT=${GOPATH}/pkg/mod
grpc_gateway_version=$(go list -m github.com/grpc-ecosystem/grpc-gateway | awk '{print $NF}' | head -1)
GOOGLE_PROTO_API_PATH=${MOD_ROOT}/github.com/grpc-ecosystem/grpc-gateway@${grpc_gateway_version}/third_party/googleapis
GOGO_PROTOBUF_PATH=${PROJECT_ROOT}/vendor/github.com/gogo/protobuf
PROTO_FILES=$(find "$PROJECT_ROOT" \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" -or -path '*/cmpserver/*' -and -name "*.proto" \) | sort)
PROTO_FILES=$(find "$PROJECT_ROOT" \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" -or -path '*/cmpserver/*' -and -name "*.proto" -or -path '*/commitserver/*' -and -name "*.proto" \) | sort)
for i in ${PROTO_FILES}; do
protoc \
-I"${PROJECT_ROOT}" \
@@ -153,3 +153,4 @@ clean_swagger server
clean_swagger reposerver
clean_swagger controller
clean_swagger cmpserver
clean_swagger commitserver

View File

@@ -64,6 +64,12 @@ spec:
name: argocd-cmd-params-cm
key: controller.repo.server.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commit.server
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:

View File

@@ -0,0 +1,159 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: commit-server
name: argocd-commit-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-commit-server
spec:
serviceAccountName: argocd-commit-server
automountServiceAccountToken: false
containers:
- name: argocd-commit-server
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
args:
- /usr/local/bin/argocd-commit-server
env:
- name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.listen.address
optional: true
- name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.metrics.listen.address
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.log.format
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.log.level
optional: true
ports:
- containerPort: 8086
- containerPort: 8087
livenessProbe:
httpGet:
path: /healthz?full=true
port: 8087
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 3
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /healthz
port: 8087
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: ssh-known-hosts
mountPath: /app/config/ssh
- name: tls-certs
mountPath: /app/config/tls
- name: gpg-keys
mountPath: /app/config/gpg/source
- name: gpg-keyring
mountPath: /app/config/gpg/keys
- name: argocd-commit-server-tls
mountPath: /app/config/reposerver/tls
- name: tmp
mountPath: /tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
name: copyutil
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
volumes:
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
emptyDir: {}
- name: tmp
emptyDir: {}
- name: helm-working-dir
emptyDir: {}
- name: argocd-commit-server-tls
secret:
secretName: argocd-commit-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
topologyKey: kubernetes.io/hostname
- weight: 5
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname

View File

@@ -0,0 +1,22 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: argocd-commit-server-network-policy
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- protocol: TCP
port: 8086
- from:
- namespaceSelector: { }
ports:
- port: 8087

View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: commit-server
name: argocd-commit-server

View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: commit-server
name: argocd-commit-server
spec:
ports:
- name: server
protocol: TCP
port: 8086
targetPort: 8086
- name: metrics
protocol: TCP
port: 8087
targetPort: 8087
selector:
app.kubernetes.io/name: argocd-commit-server

View File

@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- argocd-commit-server-sa.yaml
- argocd-commit-server-deployment.yaml
- argocd-commit-server-service.yaml
- argocd-commit-server-network-policy.yaml

View File

@@ -10,6 +10,7 @@ resources:
- ./application-controller
- ./dex
- ./repo-server
- ./commit-server
- ./server
- ./config
- ./redis

File diff suppressed because it is too large Load Diff

View File

@@ -1362,6 +1362,64 @@ spec:
required:
- repoURL
type: object
sourceHydrator:
description: SourceHydrator provides a way to push hydrated manifests
back to git before syncing them to the cluster.
properties:
drySource:
description: DrySource specifies where the dry "don't repeat yourself"
manifest source lives.
properties:
path:
description: Path is a directory path within the Git repository
where the manifests are located
type: string
repoURL:
description: RepoURL is the URL to the git repository that
contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to hydrate
type: string
required:
- path
- repoURL
- targetRevision
type: object
hydrateTo:
description: |-
HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
have to move manifests to the SyncSource, e.g. by pull request.
properties:
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- targetBranch
type: object
syncSource:
description: SyncSource specifies where to sync hydrated manifests
from.
properties:
path:
description: |-
Path is a directory path within the git repository where hydrated manifests should be committed to and synced
from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
type: string
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- path
- targetBranch
type: object
required:
- drySource
- syncSource
type: object
sources:
description: Sources is a reference to the location of the application's
manifests or chart
@@ -4472,6 +4530,177 @@ spec:
type: string
type: object
type: array
sourceHydrator:
description: SourceHydrator stores information about the current state
of source hydration
properties:
currentOperation:
description: CurrentOperation holds the status of the hydrate
operation
properties:
drySHA:
description: DrySHA holds the resolved revision (sha) of the
dry source as of the most recent reconciliation
type: string
finishedAt:
description: FinishedAt indicates when the hydrate operation
finished
format: date-time
type: string
hydratedSHA:
description: HydratedSHA holds the resolved revision (sha)
of the hydrated source as of the most recent reconciliation
type: string
message:
description: Message contains a message describing the current
status of the hydrate operation
type: string
phase:
description: Phase indicates the status of the hydrate operation
enum:
- Hydrating
- Failed
- Hydrated
type: string
sourceHydrator:
description: SourceHydrator holds the hydrator config used
for the hydrate operation
properties:
drySource:
description: DrySource specifies where the dry "don't
repeat yourself" manifest source lives.
properties:
path:
description: Path is a directory path within the Git
repository where the manifests are located
type: string
repoURL:
description: RepoURL is the URL to the git repository
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to hydrate
type: string
required:
- path
- repoURL
- targetRevision
type: object
hydrateTo:
description: |-
HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
have to move manifests to the SyncSource, e.g. by pull request.
properties:
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- targetBranch
type: object
syncSource:
description: SyncSource specifies where to sync hydrated
manifests from.
properties:
path:
description: |-
Path is a directory path within the git repository where hydrated manifests should be committed to and synced
from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
type: string
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- path
- targetBranch
type: object
required:
- drySource
- syncSource
type: object
startedAt:
description: StartedAt indicates when the hydrate operation
started
format: date-time
type: string
required:
- message
- phase
type: object
lastSuccessfulOperation:
description: LastSuccessfulOperation holds info about the most
recent successful hydration
properties:
drySHA:
description: DrySHA holds the resolved revision (sha) of the
dry source as of the most recent reconciliation
type: string
hydratedSHA:
description: HydratedSHA holds the resolved revision (sha)
of the hydrated source as of the most recent reconciliation
type: string
sourceHydrator:
description: SourceHydrator holds the hydrator config used
for the hydrate operation
properties:
drySource:
description: DrySource specifies where the dry "don't
repeat yourself" manifest source lives.
properties:
path:
description: Path is a directory path within the Git
repository where the manifests are located
type: string
repoURL:
description: RepoURL is the URL to the git repository
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to hydrate
type: string
required:
- path
- repoURL
- targetRevision
type: object
hydrateTo:
description: |-
HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
have to move manifests to the SyncSource, e.g. by pull request.
properties:
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- targetBranch
type: object
syncSource:
description: SyncSource specifies where to sync hydrated
manifests from.
properties:
path:
description: |-
Path is a directory path within the git repository where hydrated manifests should be committed to and synced
from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
type: string
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- path
- targetBranch
type: object
required:
- drySource
- syncSource
type: object
type: object
type: object
sourceType:
description: SourceType specifies the type of this application
type: string

File diff suppressed because it is too large Load Diff

1099
manifests/ha/install.yaml generated

File diff suppressed because it is too large Load Diff

View File

@@ -2869,6 +2869,12 @@ spec:
key: controller.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
valueFrom:
configMapKeyRef:
key: commit.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:

1312
manifests/install.yaml generated

File diff suppressed because it is too large Load Diff

View File

@@ -19,6 +19,15 @@ metadata:
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: dex-server
@@ -521,6 +530,27 @@ spec:
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server
spec:
ports:
- name: server
port: 8086
protocol: TCP
targetPort: 8086
- name: metrics
port: 8087
protocol: TCP
targetPort: 8087
selector:
app.kubernetes.io/name: argocd-commit-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: dex-server
@@ -870,6 +900,166 @@ spec:
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-commit-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
automountServiceAccountToken: false
containers:
- args:
- /usr/local/bin/argocd-commit-server
env:
- name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: commitserver.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: commitserver.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: commitserver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: commitserver.log.level
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: 8087
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
name: argocd-commit-server
ports:
- containerPort: 8086
- containerPort: 8087
readinessProbe:
httpGet:
path: /healthz
port: 8087
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-commit-server-tls
- mountPath: /tmp
name: tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
serviceAccountName: argocd-commit-server
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
- emptyDir: {}
name: helm-working-dir
- name: argocd-commit-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-commit-server-tls
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: dex-server
@@ -1937,6 +2127,12 @@ spec:
key: controller.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
valueFrom:
configMapKeyRef:
key: commit.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
@@ -2169,6 +2365,29 @@ spec:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-commit-server-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 8086
protocol: TCP
- from:
- namespaceSelector: {}
ports:
- port: 8087
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: argocd-dex-server-network-policy
spec:

View File

@@ -298,7 +298,10 @@ type RepoQuery struct {
// Whether to force a cache refresh on repo's connection state
ForceRefresh bool `protobuf:"varint,2,opt,name=forceRefresh,proto3" json:"forceRefresh,omitempty"`
// App project for query
AppProject string `protobuf:"bytes,3,opt,name=appProject,proto3" json:"appProject,omitempty"`
AppProject string `protobuf:"bytes,3,opt,name=appProject,proto3" json:"appProject,omitempty"`
// Type determines what kind of credential we're interacting with. It can be "read", "write", or "both". Default is
// "read".
Type string `protobuf:"bytes,4,opt,name=type,proto3" json:"type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@@ -358,6 +361,13 @@ func (m *RepoQuery) GetAppProject() string {
return ""
}
func (m *RepoQuery) GetType() string {
if m != nil {
return m.Type
}
return ""
}
// RepoAccessQuery is a query for checking access to a repo
type RepoAccessQuery struct {
// The URL to the repo
@@ -606,7 +616,9 @@ type RepoCreateRequest struct {
// Whether to create in upsert mode
Upsert bool `protobuf:"varint,2,opt,name=upsert,proto3" json:"upsert,omitempty"`
// Whether to operate on credential set instead of repository
CredsOnly bool `protobuf:"varint,3,opt,name=credsOnly,proto3" json:"credsOnly,omitempty"`
CredsOnly bool `protobuf:"varint,3,opt,name=credsOnly,proto3" json:"credsOnly,omitempty"`
// Write determines whether the credential will be stored as a read credential or a write credential.
Write bool `protobuf:"varint,4,opt,name=write,proto3" json:"write,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@@ -666,11 +678,20 @@ func (m *RepoCreateRequest) GetCredsOnly() bool {
return false
}
func (m *RepoCreateRequest) GetWrite() bool {
if m != nil {
return m.Write
}
return false
}
type RepoUpdateRequest struct {
Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"`
// Write determines whether the credential to be updated is a read credential or a write credential.
Write bool `protobuf:"varint,2,opt,name=write,proto3" json:"write,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RepoUpdateRequest) Reset() { *m = RepoUpdateRequest{} }
@@ -713,6 +734,13 @@ func (m *RepoUpdateRequest) GetRepo() *v1alpha1.Repository {
return nil
}
func (m *RepoUpdateRequest) GetWrite() bool {
if m != nil {
return m.Write
}
return false
}
func init() {
proto.RegisterType((*RepoAppsQuery)(nil), "repository.RepoAppsQuery")
proto.RegisterType((*AppInfo)(nil), "repository.AppInfo")
@@ -730,81 +758,82 @@ func init() {
}
var fileDescriptor_8d38260443475705 = []byte{
// 1178 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x5d, 0x6f, 0x1b, 0x45,
0x17, 0xd6, 0x26, 0x8d, 0x93, 0x9c, 0x7c, 0xd4, 0x99, 0xe4, 0xed, 0xbb, 0xb8, 0x6e, 0x1a, 0x6d,
0x4b, 0x15, 0xa2, 0xb2, 0x6e, 0x8c, 0x10, 0xa8, 0x08, 0x24, 0xe7, 0x43, 0x4d, 0x44, 0x44, 0xca,
0x56, 0xe1, 0x02, 0x81, 0xd0, 0x64, 0x7d, 0x62, 0x6f, 0xbb, 0xde, 0x9d, 0xce, 0x8c, 0x4d, 0xad,
0xaa, 0x37, 0x5c, 0x21, 0xc1, 0x0d, 0x42, 0x48, 0xdc, 0x21, 0x24, 0x24, 0x2e, 0xf8, 0x23, 0x5c,
0x22, 0xf1, 0x07, 0x50, 0xc4, 0x8f, 0xe0, 0x0a, 0xa1, 0x99, 0x59, 0xef, 0xae, 0x13, 0xdb, 0x49,
0x45, 0xc8, 0xdd, 0xcc, 0x73, 0xce, 0x9e, 0xf3, 0xcc, 0xb3, 0xe7, 0x9c, 0x9d, 0x05, 0x47, 0x20,
0xef, 0x20, 0xaf, 0x70, 0x64, 0xb1, 0x08, 0x64, 0xcc, 0xbb, 0xb9, 0xa5, 0xcb, 0x78, 0x2c, 0x63,
0x02, 0x19, 0x52, 0x2a, 0x37, 0xe2, 0xb8, 0x11, 0x62, 0x85, 0xb2, 0xa0, 0x42, 0xa3, 0x28, 0x96,
0x54, 0x06, 0x71, 0x24, 0x8c, 0x67, 0x69, 0xaf, 0x11, 0xc8, 0x66, 0xfb, 0xd0, 0xf5, 0xe3, 0x56,
0x85, 0xf2, 0x46, 0xcc, 0x78, 0xfc, 0x58, 0x2f, 0x5e, 0xf7, 0xeb, 0x95, 0x4e, 0xb5, 0xc2, 0x9e,
0x34, 0xd4, 0x93, 0xa2, 0x42, 0x19, 0x0b, 0x03, 0x5f, 0x3f, 0x5b, 0xe9, 0xac, 0xd3, 0x90, 0x35,
0xe9, 0x7a, 0xa5, 0x81, 0x11, 0x72, 0x2a, 0xb1, 0x9e, 0x44, 0xdb, 0x3e, 0x23, 0x9a, 0xa6, 0x75,
0x26, 0x7d, 0xa7, 0x0b, 0x73, 0x1e, 0xb2, 0xb8, 0xc6, 0x98, 0xf8, 0xb0, 0x8d, 0xbc, 0x4b, 0x08,
0x5c, 0x51, 0x4e, 0xb6, 0xb5, 0x62, 0xad, 0x4e, 0x7b, 0x7a, 0x4d, 0x4a, 0x30, 0xc5, 0xb1, 0x13,
0x88, 0x20, 0x8e, 0xec, 0x31, 0x8d, 0xa7, 0x7b, 0x62, 0xc3, 0x24, 0x65, 0xec, 0x03, 0xda, 0x42,
0x7b, 0x5c, 0x9b, 0x7a, 0x5b, 0xb2, 0x0c, 0x40, 0x19, 0x7b, 0xc8, 0xe3, 0xc7, 0xe8, 0x4b, 0xfb,
0x8a, 0x36, 0xe6, 0x10, 0x67, 0x1d, 0x26, 0x6b, 0x8c, 0xed, 0x46, 0x47, 0xb1, 0x4a, 0x2a, 0xbb,
0x0c, 0x7b, 0x49, 0xd5, 0x5a, 0x61, 0x8c, 0xca, 0x66, 0x92, 0x50, 0xaf, 0x9d, 0xbf, 0x2c, 0x58,
0x4c, 0xe8, 0x6e, 0xa1, 0xa4, 0x41, 0x98, 0x90, 0x6e, 0x40, 0x41, 0xc4, 0x6d, 0xee, 0x9b, 0x08,
0x33, 0xd5, 0x7d, 0x37, 0x53, 0xc7, 0xed, 0xa9, 0xa3, 0x17, 0x9f, 0xf9, 0x75, 0xb7, 0x53, 0x75,
0xd9, 0x93, 0x86, 0xab, 0xb4, 0x76, 0x73, 0x5a, 0xbb, 0x3d, 0xad, 0xdd, 0x5a, 0x06, 0x3e, 0xd2,
0x61, 0xbd, 0x24, 0x7c, 0xfe, 0xb4, 0x63, 0xa3, 0x4e, 0x3b, 0x7e, 0xf2, 0xb4, 0x64, 0x05, 0x66,
0x4c, 0x8c, 0xdd, 0xa8, 0x8e, 0xcf, 0xb4, 0x1c, 0x13, 0x5e, 0x1e, 0x22, 0x65, 0x98, 0xee, 0x20,
0x57, 0xa2, 0xee, 0xd6, 0xed, 0x09, 0x6d, 0xcf, 0x00, 0xe7, 0x5d, 0x28, 0xf6, 0x5e, 0x94, 0x87,
0x82, 0xc5, 0x91, 0x40, 0xf2, 0x1a, 0x4c, 0x04, 0x12, 0x5b, 0xc2, 0xb6, 0x56, 0xc6, 0x57, 0x67,
0xaa, 0x8b, 0x6e, 0xee, 0xf5, 0x26, 0xd2, 0x7a, 0xc6, 0xc3, 0xf1, 0x61, 0x5a, 0x3d, 0x3e, 0xfc,
0x1d, 0x3b, 0x30, 0x7b, 0x14, 0xab, 0xa3, 0xe2, 0x11, 0x47, 0x61, 0x64, 0x9f, 0xf2, 0xfa, 0xb0,
0xb3, 0xce, 0xe8, 0xfc, 0x38, 0x01, 0x57, 0x35, 0x49, 0xdf, 0x47, 0x31, 0xba, 0x9e, 0xda, 0x02,
0x79, 0x94, 0xc9, 0x98, 0xee, 0x95, 0x8d, 0x51, 0x21, 0x3e, 0x8f, 0x79, 0x3d, 0xc9, 0x90, 0xee,
0xc9, 0x6d, 0x98, 0x13, 0xa2, 0xf9, 0x90, 0x07, 0x1d, 0x2a, 0xf1, 0x7d, 0xec, 0x26, 0x45, 0xd5,
0x0f, 0xaa, 0x08, 0x41, 0x24, 0xd0, 0x6f, 0x73, 0xd4, 0x32, 0x4e, 0x79, 0xe9, 0x9e, 0xdc, 0x85,
0x05, 0x19, 0x8a, 0xcd, 0x30, 0xc0, 0x48, 0x6e, 0x22, 0x97, 0x5b, 0x54, 0x52, 0xbb, 0xa0, 0xa3,
0x9c, 0x36, 0x90, 0x35, 0x28, 0xf6, 0x81, 0x2a, 0xe5, 0xa4, 0x76, 0x3e, 0x85, 0xa7, 0x25, 0x3c,
0xdd, 0x5f, 0xc2, 0xfa, 0x8c, 0x60, 0x30, 0x7d, 0xbe, 0x32, 0x4c, 0x63, 0x44, 0x0f, 0x43, 0xdc,
0xf7, 0x03, 0x7b, 0x46, 0xd3, 0xcb, 0x00, 0x72, 0x0f, 0x16, 0x4d, 0xe5, 0xd6, 0x94, 0xaa, 0xe9,
0x39, 0x67, 0x75, 0x80, 0x41, 0x26, 0x55, 0x57, 0x29, 0xbc, 0xbb, 0x65, 0xcf, 0xad, 0x58, 0xab,
0xe3, 0x5e, 0x1e, 0x22, 0x6f, 0xc3, 0xff, 0xb3, 0x6d, 0x24, 0x24, 0x0d, 0x43, 0x5d, 0xda, 0xbb,
0x5b, 0xf6, 0xbc, 0xf6, 0x1e, 0x66, 0x26, 0xef, 0x41, 0x29, 0x35, 0x6d, 0x47, 0x12, 0x39, 0xe3,
0x81, 0xc0, 0x0d, 0x2a, 0xf0, 0x80, 0x87, 0xf6, 0x55, 0x4d, 0x6a, 0x84, 0x07, 0x59, 0x82, 0x09,
0xc6, 0xe3, 0x67, 0x5d, 0xbb, 0xa8, 0x5d, 0xcd, 0x46, 0xf5, 0x10, 0x4b, 0x4a, 0x68, 0xc1, 0xf4,
0x50, 0xb2, 0x25, 0x55, 0x58, 0x6a, 0xf8, 0xec, 0x11, 0xf2, 0x4e, 0xe0, 0x63, 0xcd, 0xf7, 0xe3,
0x76, 0xa4, 0x35, 0x27, 0xda, 0x6d, 0xa0, 0x8d, 0xb8, 0x40, 0x74, 0x8d, 0xee, 0x48, 0xc9, 0x36,
0xa8, 0x08, 0xfc, 0x5a, 0x5b, 0x36, 0xed, 0x45, 0x2d, 0xec, 0x00, 0x8b, 0x33, 0x0f, 0xb3, 0xaa,
0x44, 0x7b, 0x3d, 0xe4, 0xfc, 0x6c, 0xc1, 0x82, 0x02, 0x36, 0x39, 0x52, 0x89, 0x1e, 0x3e, 0x6d,
0xa3, 0x90, 0xe4, 0x93, 0x5c, 0xd5, 0xce, 0x54, 0x77, 0xfe, 0xdd, 0x38, 0xf1, 0xd2, 0xae, 0x4c,
0xea, 0xff, 0x1a, 0x14, 0xda, 0x4c, 0x20, 0x97, 0x49, 0x97, 0x25, 0x3b, 0x55, 0x1b, 0x3e, 0xc7,
0xba, 0xd8, 0x8f, 0xc2, 0xae, 0x2e, 0xfe, 0x29, 0x2f, 0x03, 0x9c, 0xa7, 0x86, 0xe8, 0x01, 0xab,
0x5f, 0x16, 0xd1, 0xea, 0xdf, 0xf3, 0x26, 0xa7, 0x01, 0x13, 0xf1, 0xc9, 0xd7, 0x16, 0x5c, 0xd9,
0x0b, 0x84, 0x24, 0xff, 0xcb, 0x0f, 0x9c, 0x74, 0xbc, 0x94, 0xf6, 0x2e, 0x8a, 0x85, 0x4a, 0xe2,
0xdc, 0xfc, 0xe2, 0xf7, 0x3f, 0xbf, 0x1d, 0xbb, 0x46, 0x96, 0xf4, 0x67, 0xb5, 0xb3, 0x9e, 0x7d,
0xc3, 0x02, 0x14, 0x5f, 0x8e, 0x59, 0xe4, 0x2b, 0x0b, 0xc6, 0x1f, 0xe0, 0x50, 0x36, 0x17, 0xa6,
0x89, 0x73, 0x4b, 0x33, 0xb9, 0x41, 0xae, 0x0f, 0x62, 0x52, 0x79, 0xae, 0x76, 0x2f, 0xc8, 0x77,
0x16, 0x14, 0x15, 0x6f, 0x2f, 0x67, 0xbb, 0x1c, 0xa1, 0xca, 0xa3, 0x84, 0x22, 0x9f, 0xc2, 0x94,
0xa1, 0x75, 0x34, 0x94, 0x4e, 0xb1, 0x1f, 0x3e, 0x12, 0xce, 0xaa, 0x0e, 0xe9, 0x90, 0x95, 0x11,
0x27, 0xae, 0x70, 0x15, 0xb2, 0x65, 0xc2, 0xab, 0xcf, 0x13, 0x79, 0xe5, 0x64, 0xf8, 0xf4, 0x76,
0x51, 0x2a, 0x0f, 0x32, 0xa5, 0xbd, 0x78, 0xae, 0x74, 0x54, 0xa5, 0xf8, 0xc6, 0x82, 0xb9, 0x07,
0x28, 0xb3, 0x7b, 0x00, 0xb9, 0x39, 0x20, 0x72, 0xfe, 0x8e, 0x50, 0x72, 0x86, 0x3b, 0xa4, 0x04,
0xde, 0xd1, 0x04, 0xde, 0x74, 0xee, 0x0d, 0x26, 0x60, 0xbe, 0xd6, 0x3a, 0xce, 0x81, 0xb7, 0xa7,
0xa9, 0xd4, 0x4d, 0x84, 0xfb, 0xd6, 0x1a, 0xe9, 0x68, 0x4a, 0x3b, 0x18, 0xb6, 0x36, 0x9b, 0x94,
0xcb, 0xa1, 0x32, 0x2f, 0xe7, 0xe1, 0xcc, 0x3d, 0x25, 0xe1, 0x6a, 0x12, 0xab, 0xe4, 0xce, 0x28,
0x15, 0x9a, 0x18, 0xb6, 0x7c, 0x93, 0xe6, 0x7b, 0x0b, 0x0a, 0x66, 0x7a, 0x91, 0x1b, 0x27, 0x33,
0xf6, 0x4d, 0xb5, 0x0b, 0x6c, 0x85, 0x57, 0x35, 0xc7, 0xb2, 0x33, 0xb0, 0xd6, 0xee, 0xeb, 0xe1,
0xa1, 0x5a, 0xf3, 0x07, 0x0b, 0x8a, 0x3d, 0x0a, 0xbd, 0x67, 0x2f, 0x8f, 0xa4, 0x73, 0x36, 0x49,
0xf2, 0x93, 0x05, 0x05, 0x33, 0x51, 0x4f, 0xf3, 0xea, 0x9b, 0xb4, 0x17, 0xc8, 0x6b, 0xdd, 0xbc,
0xe0, 0xd2, 0x88, 0x32, 0xd7, 0x54, 0x5e, 0x64, 0x42, 0xfe, 0x62, 0x41, 0xb1, 0x47, 0x67, 0xb8,
0x90, 0xff, 0x15, 0x61, 0xf7, 0xe5, 0x08, 0x13, 0x0a, 0x85, 0x2d, 0x0c, 0x51, 0xe2, 0xb0, 0x16,
0xb0, 0x4f, 0xc2, 0x69, 0xf1, 0xdf, 0x31, 0x33, 0x76, 0x6d, 0xd4, 0x8c, 0x55, 0x82, 0x34, 0xa1,
0x68, 0x52, 0xe4, 0xf4, 0x78, 0xe9, 0x64, 0xb7, 0xce, 0x91, 0x8c, 0x3c, 0x87, 0xf9, 0x8f, 0x68,
0x18, 0x28, 0x65, 0xcd, 0xbd, 0x96, 0x5c, 0x3f, 0x35, 0x49, 0xb2, 0xfb, 0xee, 0x88, 0x6c, 0x55,
0x9d, 0xed, 0xae, 0x73, 0x7b, 0x54, 0x5f, 0x77, 0x92, 0x54, 0x46, 0xc9, 0x8d, 0xed, 0x5f, 0x8f,
0x97, 0xad, 0xdf, 0x8e, 0x97, 0xad, 0x3f, 0x8e, 0x97, 0xad, 0x8f, 0xdf, 0x3a, 0xdf, 0x1f, 0xa4,
0xaf, 0x2f, 0xa6, 0xb9, 0x7f, 0xbd, 0xc3, 0x82, 0xfe, 0xd9, 0x7b, 0xe3, 0x9f, 0x00, 0x00, 0x00,
0xff, 0xff, 0x56, 0xc6, 0x8e, 0x59, 0xd1, 0x0e, 0x00, 0x00,
// 1197 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0xd7, 0xe6, 0x8f, 0xeb, 0xbc, 0x34, 0xa9, 0x3b, 0x29, 0x65, 0x71, 0xdd, 0x34, 0xda, 0x96,
0x2a, 0x54, 0x65, 0xdd, 0x18, 0x21, 0x50, 0x11, 0x48, 0xce, 0x1f, 0x35, 0x11, 0x11, 0x29, 0x5b,
0x85, 0x03, 0x02, 0xa1, 0xc9, 0xfa, 0xc5, 0xde, 0x76, 0xbd, 0x3b, 0xcc, 0x8c, 0x9d, 0x5a, 0x55,
0x2f, 0x5c, 0x40, 0x82, 0x0b, 0x42, 0x48, 0xdc, 0x10, 0x12, 0x37, 0x3e, 0x03, 0x77, 0x8e, 0x48,
0x7c, 0x01, 0x14, 0xf1, 0x21, 0x38, 0x21, 0x34, 0x33, 0xeb, 0xdd, 0x75, 0x62, 0x3b, 0xa9, 0x08,
0xb9, 0xcd, 0xfb, 0xb3, 0xef, 0xfd, 0xe6, 0x37, 0xef, 0xbd, 0x99, 0x05, 0x47, 0x20, 0xef, 0x22,
0xaf, 0x72, 0x64, 0xb1, 0x08, 0x64, 0xcc, 0x7b, 0xb9, 0xa5, 0xcb, 0x78, 0x2c, 0x63, 0x02, 0x99,
0xa6, 0x5c, 0x69, 0xc6, 0x71, 0x33, 0xc4, 0x2a, 0x65, 0x41, 0x95, 0x46, 0x51, 0x2c, 0xa9, 0x0c,
0xe2, 0x48, 0x18, 0xcf, 0xf2, 0x76, 0x33, 0x90, 0xad, 0xce, 0x9e, 0xeb, 0xc7, 0xed, 0x2a, 0xe5,
0xcd, 0x98, 0xf1, 0xf8, 0xb1, 0x5e, 0xbc, 0xee, 0x37, 0xaa, 0xdd, 0x5a, 0x95, 0x3d, 0x69, 0xaa,
0x2f, 0x45, 0x95, 0x32, 0x16, 0x06, 0xbe, 0xfe, 0xb6, 0xda, 0x5d, 0xa1, 0x21, 0x6b, 0xd1, 0x95,
0x6a, 0x13, 0x23, 0xe4, 0x54, 0x62, 0x23, 0x89, 0xb6, 0x71, 0x42, 0x34, 0x0d, 0xeb, 0x44, 0xf8,
0x4e, 0x0f, 0xe6, 0x3c, 0x64, 0x71, 0x9d, 0x31, 0xf1, 0x61, 0x07, 0x79, 0x8f, 0x10, 0x98, 0x52,
0x4e, 0xb6, 0xb5, 0x64, 0x2d, 0xcf, 0x78, 0x7a, 0x4d, 0xca, 0x50, 0xe4, 0xd8, 0x0d, 0x44, 0x10,
0x47, 0xf6, 0x84, 0xd6, 0xa7, 0x32, 0xb1, 0xe1, 0x02, 0x65, 0xec, 0x03, 0xda, 0x46, 0x7b, 0x52,
0x9b, 0xfa, 0x22, 0x59, 0x04, 0xa0, 0x8c, 0x3d, 0xe4, 0xf1, 0x63, 0xf4, 0xa5, 0x3d, 0xa5, 0x8d,
0x39, 0x8d, 0xb3, 0x02, 0x17, 0xea, 0x8c, 0x6d, 0x45, 0xfb, 0xb1, 0x4a, 0x2a, 0x7b, 0x0c, 0xfb,
0x49, 0xd5, 0x5a, 0xe9, 0x18, 0x95, 0xad, 0x24, 0xa1, 0x5e, 0x3b, 0x7f, 0x5b, 0xb0, 0x90, 0xc0,
0x5d, 0x47, 0x49, 0x83, 0x30, 0x01, 0xdd, 0x84, 0x82, 0x88, 0x3b, 0xdc, 0x37, 0x11, 0x66, 0x6b,
0x3b, 0x6e, 0xc6, 0x8e, 0xdb, 0x67, 0x47, 0x2f, 0x3e, 0xf3, 0x1b, 0x6e, 0xb7, 0xe6, 0xb2, 0x27,
0x4d, 0x57, 0x71, 0xed, 0xe6, 0xb8, 0x76, 0xfb, 0x5c, 0xbb, 0xf5, 0x4c, 0xf9, 0x48, 0x87, 0xf5,
0x92, 0xf0, 0xf9, 0xdd, 0x4e, 0x8c, 0xdb, 0xed, 0xe4, 0xd1, 0xdd, 0x92, 0x25, 0x98, 0x35, 0x31,
0xb6, 0xa2, 0x06, 0x3e, 0xd5, 0x74, 0x4c, 0x7b, 0x79, 0x15, 0xa9, 0xc0, 0x4c, 0x17, 0xb9, 0x22,
0x75, 0xab, 0x61, 0x4f, 0x6b, 0x7b, 0xa6, 0x70, 0xde, 0x85, 0x52, 0xff, 0xa0, 0x3c, 0x14, 0x2c,
0x8e, 0x04, 0x92, 0xd7, 0x60, 0x3a, 0x90, 0xd8, 0x16, 0xb6, 0xb5, 0x34, 0xb9, 0x3c, 0x5b, 0x5b,
0x70, 0x73, 0xc7, 0x9b, 0x50, 0xeb, 0x19, 0x0f, 0xe7, 0x00, 0x66, 0xd4, 0xe7, 0xa3, 0xcf, 0xd8,
0x81, 0x8b, 0xfb, 0xb1, 0xda, 0x2a, 0xee, 0x73, 0x14, 0x86, 0xf6, 0xa2, 0x37, 0xa0, 0x3b, 0x71,
0x8f, 0xfd, 0x63, 0x9c, 0xca, 0x8e, 0xd1, 0xf9, 0x69, 0x1a, 0x2e, 0x69, 0xe0, 0xbe, 0x8f, 0x62,
0x7c, 0x8d, 0x75, 0x04, 0xf2, 0x28, 0xa3, 0x36, 0x95, 0x95, 0x8d, 0x51, 0x21, 0x0e, 0x62, 0xde,
0x48, 0xb2, 0xa6, 0x32, 0xb9, 0x05, 0x73, 0x42, 0xb4, 0x1e, 0xf2, 0xa0, 0x4b, 0x25, 0xbe, 0x8f,
0xbd, 0x24, 0xf9, 0xa0, 0x52, 0x45, 0x08, 0x22, 0x81, 0x7e, 0x87, 0xa3, 0xa6, 0xb6, 0xe8, 0xa5,
0x32, 0xb9, 0x0b, 0x97, 0x65, 0x28, 0xd6, 0xc2, 0x00, 0x23, 0xb9, 0x86, 0x5c, 0xae, 0x53, 0x49,
0xed, 0x82, 0x8e, 0x72, 0xdc, 0x40, 0xee, 0x40, 0x69, 0x40, 0xa9, 0x52, 0x5e, 0xd0, 0xce, 0xc7,
0xf4, 0x29, 0x1f, 0x33, 0x83, 0x65, 0xad, 0xf7, 0x08, 0x46, 0xa7, 0xf7, 0x57, 0x81, 0x19, 0x8c,
0xe8, 0x5e, 0x88, 0x3b, 0x7e, 0x60, 0xcf, 0x6a, 0x78, 0x99, 0x82, 0xdc, 0x83, 0x05, 0x53, 0xcd,
0x75, 0xc5, 0x74, 0xba, 0xcf, 0x8b, 0x3a, 0xc0, 0x30, 0x93, 0xaa, 0xb5, 0x54, 0xbd, 0xb5, 0x6e,
0xcf, 0x2d, 0x59, 0xcb, 0x93, 0x5e, 0x5e, 0x45, 0xde, 0x86, 0x97, 0x33, 0x31, 0x12, 0x92, 0x86,
0xa1, 0x2e, 0xf7, 0xad, 0x75, 0x7b, 0x5e, 0x7b, 0x8f, 0x32, 0x93, 0xf7, 0xa0, 0x9c, 0x9a, 0x36,
0x22, 0x89, 0x9c, 0xf1, 0x40, 0xe0, 0x2a, 0x15, 0xb8, 0xcb, 0x43, 0xfb, 0x92, 0x06, 0x35, 0xc6,
0x83, 0x5c, 0x81, 0x69, 0xc6, 0xe3, 0xa7, 0x3d, 0xbb, 0xa4, 0x5d, 0x8d, 0xa0, 0xfa, 0x8a, 0x25,
0x65, 0x75, 0xd9, 0xf4, 0x55, 0x22, 0x92, 0x1a, 0x5c, 0x69, 0xfa, 0xec, 0x11, 0xf2, 0x6e, 0xe0,
0x63, 0xdd, 0xf7, 0xe3, 0x4e, 0xa4, 0x39, 0x27, 0xda, 0x6d, 0xa8, 0x8d, 0xb8, 0x40, 0x74, 0xdd,
0x6e, 0x4a, 0xc9, 0x56, 0xa9, 0x08, 0xfc, 0x7a, 0x47, 0xb6, 0xec, 0x05, 0x4d, 0xec, 0x10, 0x8b,
0x33, 0x0f, 0x17, 0x55, 0x89, 0xf6, 0xfb, 0xca, 0xf9, 0xd5, 0x82, 0xcb, 0x4a, 0xb1, 0xc6, 0x91,
0x4a, 0xf4, 0xf0, 0xf3, 0x0e, 0x0a, 0x49, 0x3e, 0xc9, 0x55, 0xed, 0x6c, 0x6d, 0xf3, 0xbf, 0x8d,
0x18, 0x2f, 0xed, 0xd4, 0xa4, 0xfe, 0xaf, 0x42, 0xa1, 0xc3, 0x04, 0x72, 0x99, 0x74, 0x5e, 0x22,
0xa9, 0xda, 0xf0, 0x39, 0x36, 0xc4, 0x4e, 0x14, 0xf6, 0x74, 0xf1, 0x17, 0xbd, 0x4c, 0xa1, 0xd8,
0x3c, 0xe0, 0x81, 0x34, 0x2d, 0x57, 0xf4, 0x8c, 0xe0, 0x7c, 0x99, 0xe0, 0xdf, 0x65, 0x8d, 0x73,
0xc3, 0x9f, 0x22, 0x99, 0xc8, 0x21, 0xa9, 0xfd, 0x33, 0x6f, 0x90, 0x18, 0xd7, 0xe4, 0xa4, 0xc8,
0x37, 0x16, 0x4c, 0x6d, 0x07, 0x42, 0x92, 0x97, 0xf2, 0x13, 0x2b, 0x9d, 0x4f, 0xe5, 0xed, 0xb3,
0xc2, 0xa6, 0x92, 0x38, 0x37, 0xbe, 0xf8, 0xe3, 0xaf, 0xef, 0x26, 0xae, 0x92, 0x2b, 0xfa, 0x5e,
0xee, 0xae, 0x64, 0x97, 0x60, 0x80, 0xe2, 0xab, 0x09, 0x8b, 0x7c, 0x6d, 0xc1, 0xe4, 0x03, 0x1c,
0x89, 0xe6, 0xcc, 0x98, 0x72, 0x6e, 0x6a, 0x24, 0xd7, 0xc9, 0xb5, 0x61, 0x48, 0xaa, 0xcf, 0x94,
0xf4, 0x9c, 0x7c, 0x6f, 0x41, 0x49, 0xe1, 0xf6, 0x72, 0xb6, 0xf3, 0x21, 0xaa, 0x32, 0x8e, 0x28,
0xf2, 0x29, 0x14, 0x0d, 0xac, 0xfd, 0x91, 0x70, 0x4a, 0x83, 0xea, 0x7d, 0xe1, 0x2c, 0xeb, 0x90,
0x0e, 0x59, 0x1a, 0xb3, 0xe3, 0x2a, 0x57, 0x21, 0xdb, 0x26, 0xbc, 0xba, 0xdf, 0xc8, 0x2b, 0x47,
0xc3, 0xa7, 0xcf, 0x93, 0x72, 0x65, 0x98, 0x29, 0x6d, 0xdc, 0x53, 0xa5, 0xa3, 0x2a, 0xc5, 0xb7,
0x16, 0xcc, 0x3d, 0x40, 0x99, 0x3d, 0x24, 0xc8, 0x8d, 0x21, 0x91, 0xf3, 0x8f, 0x8c, 0xb2, 0x33,
0xda, 0x21, 0x05, 0xf0, 0x8e, 0x06, 0xf0, 0xa6, 0x73, 0x6f, 0x38, 0x00, 0x73, 0xdd, 0xeb, 0x38,
0xbb, 0xde, 0xb6, 0x86, 0xd2, 0x30, 0x11, 0xee, 0x5b, 0x77, 0x48, 0x57, 0x43, 0xda, 0xc4, 0xb0,
0xbd, 0xd6, 0xa2, 0x5c, 0x8e, 0xa4, 0x79, 0x31, 0xaf, 0xce, 0xdc, 0x53, 0x10, 0xae, 0x06, 0xb1,
0x4c, 0x6e, 0x8f, 0x63, 0xa1, 0x85, 0x61, 0xdb, 0x37, 0x69, 0x7e, 0xb0, 0xa0, 0x60, 0x46, 0x1d,
0xb9, 0x7e, 0x34, 0xe3, 0xc0, 0x08, 0x3c, 0xc3, 0x56, 0x78, 0x55, 0x63, 0xac, 0x38, 0x43, 0x6b,
0xed, 0xbe, 0x1e, 0x29, 0xaa, 0x35, 0x7f, 0xb4, 0xa0, 0xd4, 0x87, 0xd0, 0xff, 0xf6, 0xfc, 0x40,
0x3a, 0x27, 0x83, 0x24, 0x3f, 0x5b, 0x50, 0x30, 0x73, 0xf6, 0x38, 0xae, 0x81, 0xf9, 0x7b, 0x86,
0xb8, 0x56, 0xcc, 0x01, 0x97, 0xc7, 0x94, 0xb9, 0x86, 0xf2, 0x3c, 0x23, 0xf2, 0x17, 0x0b, 0x4a,
0x7d, 0x38, 0xa3, 0x89, 0xfc, 0xbf, 0x00, 0xbb, 0x2f, 0x06, 0x98, 0x50, 0x28, 0xac, 0x63, 0x88,
0x12, 0x47, 0xb5, 0x80, 0x7d, 0x54, 0x9d, 0x16, 0xff, 0x6d, 0x33, 0x63, 0xef, 0x8c, 0x9b, 0xb1,
0x8a, 0x90, 0x16, 0x94, 0x4c, 0x8a, 0x1c, 0x1f, 0x2f, 0x9c, 0xec, 0xe6, 0x29, 0x92, 0x91, 0x67,
0x30, 0xff, 0x11, 0x0d, 0x03, 0xc5, 0xac, 0x79, 0x04, 0x93, 0x6b, 0xc7, 0x26, 0x49, 0xf6, 0x38,
0x1e, 0x93, 0xad, 0xa6, 0xb3, 0xdd, 0x75, 0x6e, 0x8d, 0xeb, 0xeb, 0x6e, 0x92, 0xca, 0x30, 0xb9,
0xba, 0xf1, 0xdb, 0xe1, 0xa2, 0xf5, 0xfb, 0xe1, 0xa2, 0xf5, 0xe7, 0xe1, 0xa2, 0xf5, 0xf1, 0x5b,
0xa7, 0xfb, 0x05, 0xf5, 0xf5, 0x2b, 0x36, 0xf7, 0xb3, 0xb8, 0x57, 0xd0, 0x7f, 0x8b, 0x6f, 0xfc,
0x1b, 0x00, 0x00, 0xff, 0xff, 0xc6, 0xa3, 0x42, 0x12, 0x12, 0x0f, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
@@ -1609,6 +1638,13 @@ func (m *RepoQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintRepository(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x22
}
if len(m.AppProject) > 0 {
i -= len(m.AppProject)
copy(dAtA[i:], m.AppProject)
@@ -1853,6 +1889,16 @@ func (m *RepoCreateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Write {
i--
if m.Write {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if m.CredsOnly {
i--
if m.CredsOnly {
@@ -1912,6 +1958,16 @@ func (m *RepoUpdateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Write {
i--
if m.Write {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if m.Repo != nil {
{
size, err := m.Repo.MarshalToSizedBuffer(dAtA[:i])
@@ -2051,6 +2107,10 @@ func (m *RepoQuery) Size() (n int) {
if l > 0 {
n += 1 + l + sovRepository(uint64(l))
}
l = len(m.Type)
if l > 0 {
n += 1 + l + sovRepository(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
@@ -2164,6 +2224,9 @@ func (m *RepoCreateRequest) Size() (n int) {
if m.CredsOnly {
n += 2
}
if m.Write {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
@@ -2180,6 +2243,9 @@ func (m *RepoUpdateRequest) Size() (n int) {
l = m.Repo.Size()
n += 1 + l + sovRepository(uint64(l))
}
if m.Write {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
@@ -2873,6 +2939,38 @@ func (m *RepoQuery) Unmarshal(dAtA []byte) error {
}
m.AppProject = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowRepository
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthRepository
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthRepository
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Type = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipRepository(dAtA[iNdEx:])
@@ -3616,6 +3714,26 @@ func (m *RepoCreateRequest) Unmarshal(dAtA []byte) error {
}
}
m.CredsOnly = bool(v != 0)
case 4:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Write", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowRepository
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.Write = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipRepository(dAtA[iNdEx:])
@@ -3703,6 +3821,26 @@ func (m *RepoUpdateRequest) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 2:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Write", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowRepository
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.Write = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipRepository(dAtA[iNdEx:])

View File

@@ -567,6 +567,10 @@ func local_request_RepositoryService_CreateRepository_0(ctx context.Context, mar
}
var (
filter_RepositoryService_Update_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 3, 2, 0, 0}, Check: []int{0, 1, 2, 3, 2}}
)
func request_RepositoryService_Update_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq RepoUpdateRequest
var metadata runtime.ServerMetadata
@@ -597,6 +601,13 @@ func request_RepositoryService_Update_0(ctx context.Context, marshaler runtime.M
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo.repo", err)
}
if err := req.ParseForm(); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_Update_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.Update(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
@@ -632,11 +643,22 @@ func local_request_RepositoryService_Update_0(ctx context.Context, marshaler run
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo.repo", err)
}
if err := req.ParseForm(); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_Update_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := server.Update(ctx, &protoReq)
return msg, metadata, err
}
var (
filter_RepositoryService_UpdateRepository_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 3, 2, 0, 0}, Check: []int{0, 1, 2, 3, 2}}
)
func request_RepositoryService_UpdateRepository_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq RepoUpdateRequest
var metadata runtime.ServerMetadata
@@ -667,6 +689,13 @@ func request_RepositoryService_UpdateRepository_0(ctx context.Context, marshaler
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo.repo", err)
}
if err := req.ParseForm(); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_UpdateRepository_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.UpdateRepository(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
@@ -702,6 +731,13 @@ func local_request_RepositoryService_UpdateRepository_0(ctx context.Context, mar
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo.repo", err)
}
if err := req.ParseForm(); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_UpdateRepository_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := server.UpdateRepository(ctx, &protoReq)
return msg, metadata, err

View File

@@ -4,6 +4,7 @@ const (
// AnnotationKeyRefresh is the annotation key which indicates that app needs to be refreshed. Removed by application controller after app is refreshed.
// Might take values 'normal'/'hard'. Value 'hard' means manifest cache and target cluster state cache should be invalidated before refresh.
AnnotationKeyRefresh string = "argocd.argoproj.io/refresh"
AnnotationKeyHydrate string = "argocd.argoproj.io/hydrate"
// AnnotationKeyManifestGeneratePaths is an annotation that contains a list of semicolon-separated paths in the
// manifests repository that affects the manifest generation. Paths might be either relative or absolute. The

File diff suppressed because it is too large Load Diff

View File

@@ -620,6 +620,9 @@ message ApplicationSpec {
// Sources is a reference to the location of the application's manifests or chart
repeated ApplicationSource sources = 8;
// SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster.
optional SourceHydrator sourceHydrator = 9;
}
// ApplicationStatus contains status information for the application
@@ -663,6 +666,9 @@ message ApplicationStatus {
// ControllerNamespace indicates the namespace in which the application controller is located
optional string controllerNamespace = 13;
// SourceHydrator stores information about the current state of source hydration
optional SourceHydratorStatus sourceHydrator = 14;
}
// ApplicationSummary contains information about URLs and container images used by an application
@@ -921,6 +927,18 @@ message ConnectionState {
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3;
}
// DrySource specifies a location for dry "don't repeat yourself" manifest source information.
message DrySource {
// RepoURL is the URL to the git repository that contains the application manifests
optional string repoURL = 1;
// TargetRevision defines the revision of the source to hydrate
optional string targetRevision = 2;
// Path is a directory path within the Git repository where the manifests are located
optional string path = 3;
}
// DuckType defines a generator to match against clusters registered with ArgoCD.
message DuckTypeGenerator {
// ConfigMapRef is a ConfigMap with the duck type definitions needed to retrieve the data
@@ -1086,6 +1104,37 @@ message HostResourceInfo {
optional int64 capacity = 4;
}
// HydrateOperation contains information about the most recent hydrate operation
message HydrateOperation {
// StartedAt indicates when the hydrate operation started
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 1;
// FinishedAt indicates when the hydrate operation finished
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 2;
// Phase indicates the status of the hydrate operation
optional string phase = 3;
// Message contains a message describing the current status of the hydrate operation
optional string message = 4;
// DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation
optional string drySHA = 5;
// HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation
optional string hydratedSHA = 6;
// SourceHydrator holds the hydrator config used for the hydrate operation
optional SourceHydrator sourceHydrator = 7;
}
// HydrateTo specifies a location to which hydrated manifests should be pushed as a "staging area" before being moved to
// the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.
message HydrateTo {
// TargetBranch is the branch to which hydrated manifests should be committed
optional string targetBranch = 1;
}
message Info {
optional string name = 1;
@@ -2195,6 +2244,41 @@ message SignatureKey {
optional string keyID = 1;
}
// SourceHydrator specifies a dry "don't repeat yourself" source for manifests, a sync source from which to sync
// hydrated manifests, and an optional hydrateTo location to act as a "staging" aread for hydrated manifests.
message SourceHydrator {
// DrySource specifies where the dry "don't repeat yourself" manifest source lives.
optional DrySource drySource = 1;
// SyncSource specifies where to sync hydrated manifests from.
optional SyncSource syncSource = 2;
// HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
// have to move manifests to the SyncSource, e.g. by pull request.
optional HydrateTo hydrateTo = 3;
}
// SourceHydratorStatus contains information about the current state of source hydration
message SourceHydratorStatus {
// LastSuccessfulOperation holds info about the most recent successful hydration
optional SuccessfulHydrateOperation lastSuccessfulOperation = 1;
// CurrentOperation holds the status of the hydrate operation
optional HydrateOperation currentOperation = 2;
}
// SuccessfulHydrateOperation contains information about the most recent successful hydrate operation
message SuccessfulHydrateOperation {
// DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation
optional string drySHA = 5;
// HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation
optional string hydratedSHA = 6;
// SourceHydrator holds the hydrator config used for the hydrate operation
optional SourceHydrator sourceHydrator = 7;
}
// SyncOperation contains details about a sync operation.
message SyncOperation {
// Revision is the revision (Git) or chart version (Helm) which to sync the application to
@@ -2291,6 +2375,17 @@ message SyncPolicyAutomated {
optional bool allowEmpty = 3;
}
// SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the
// associated DrySource config in the SourceHydrator.
message SyncSource {
// TargetBranch is the branch to which hydrated manifests should be committed
optional string targetBranch = 1;
// Path is a directory path within the git repository where hydrated manifests should be committed to and synced
// from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
optional string path = 2;
}
// SyncStatus contains information about the currently observed live and desired states of an application
message SyncStatus {
// Status is the sync state of the comparison

View File

@@ -71,6 +71,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigManagementPlugin": schema_pkg_apis_application_v1alpha1_ConfigManagementPlugin(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef": schema_pkg_apis_application_v1alpha1_ConfigMapKeyRef(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConnectionState": schema_pkg_apis_application_v1alpha1_ConnectionState(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DrySource": schema_pkg_apis_application_v1alpha1_DrySource(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator": schema_pkg_apis_application_v1alpha1_DuckTypeGenerator(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.EnvEntry": schema_pkg_apis_application_v1alpha1_EnvEntry(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ErrApplicationNotAllowedToUseProject": schema_pkg_apis_application_v1alpha1_ErrApplicationNotAllowedToUseProject(ref),
@@ -86,6 +87,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HelmParameter": schema_pkg_apis_application_v1alpha1_HelmParameter(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HostInfo": schema_pkg_apis_application_v1alpha1_HostInfo(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HostResourceInfo": schema_pkg_apis_application_v1alpha1_HostResourceInfo(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateOperation": schema_pkg_apis_application_v1alpha1_HydrateOperation(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateTo": schema_pkg_apis_application_v1alpha1_HydrateTo(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Info": schema_pkg_apis_application_v1alpha1_Info(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.InfoItem": schema_pkg_apis_application_v1alpha1_InfoItem(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.JWTToken": schema_pkg_apis_application_v1alpha1_JWTToken(ref),
@@ -157,11 +160,15 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitlab": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorGitlab(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef": schema_pkg_apis_application_v1alpha1_SecretRef(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SignatureKey": schema_pkg_apis_application_v1alpha1_SignatureKey(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator": schema_pkg_apis_application_v1alpha1_SourceHydrator(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydratorStatus": schema_pkg_apis_application_v1alpha1_SourceHydratorStatus(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SuccessfulHydrateOperation": schema_pkg_apis_application_v1alpha1_SuccessfulHydrateOperation(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncOperation": schema_pkg_apis_application_v1alpha1_SyncOperation(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncOperationResource": schema_pkg_apis_application_v1alpha1_SyncOperationResource(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncOperationResult": schema_pkg_apis_application_v1alpha1_SyncOperationResult(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicy": schema_pkg_apis_application_v1alpha1_SyncPolicy(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicyAutomated": schema_pkg_apis_application_v1alpha1_SyncPolicyAutomated(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncSource": schema_pkg_apis_application_v1alpha1_SyncSource(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStatus": schema_pkg_apis_application_v1alpha1_SyncStatus(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStrategy": schema_pkg_apis_application_v1alpha1_SyncStrategy(ref),
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStrategyApply": schema_pkg_apis_application_v1alpha1_SyncStrategyApply(ref),
@@ -2268,12 +2275,18 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSpec(ref common.ReferenceCa
},
},
},
"sourceHydrator": {
SchemaProps: spec.SchemaProps{
Description: "SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster.",
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"),
},
},
},
Required: []string{"destination", "project"},
},
},
Dependencies: []string{
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Info", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceIgnoreDifferences", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicy"},
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Info", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceIgnoreDifferences", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicy"},
}
}
@@ -2401,11 +2414,18 @@ func schema_pkg_apis_application_v1alpha1_ApplicationStatus(ref common.Reference
Format: "",
},
},
"sourceHydrator": {
SchemaProps: spec.SchemaProps{
Description: "SourceHydrator stores information about the current state of source hydration",
Default: map[string]interface{}{},
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydratorStatus"),
},
},
},
},
},
Dependencies: []string{
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSummary", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HealthStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationState", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionHistory", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSummary", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HealthStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationState", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionHistory", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydratorStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
}
}
@@ -3290,6 +3310,44 @@ func schema_pkg_apis_application_v1alpha1_ConnectionState(ref common.ReferenceCa
}
}
func schema_pkg_apis_application_v1alpha1_DrySource(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "DrySource specifies a location for dry \"don't repeat yourself\" manifest source information.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"repoURL": {
SchemaProps: spec.SchemaProps{
Description: "RepoURL is the URL to the git repository that contains the application manifests",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"targetRevision": {
SchemaProps: spec.SchemaProps{
Description: "TargetRevision defines the revision of the source to hydrate",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"path": {
SchemaProps: spec.SchemaProps{
Description: "Path is a directory path within the Git repository where the manifests are located",
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"repoURL", "targetRevision", "path"},
},
},
}
}
func schema_pkg_apis_application_v1alpha1_DuckTypeGenerator(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@@ -3902,6 +3960,93 @@ func schema_pkg_apis_application_v1alpha1_HostResourceInfo(ref common.ReferenceC
}
}
func schema_pkg_apis_application_v1alpha1_HydrateOperation(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "HydrateOperation contains information about the most recent hydrate operation",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"startedAt": {
SchemaProps: spec.SchemaProps{
Description: "StartedAt indicates when the hydrate operation started",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
"finishedAt": {
SchemaProps: spec.SchemaProps{
Description: "FinishedAt indicates when the hydrate operation finished",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
"phase": {
SchemaProps: spec.SchemaProps{
Description: "Phase indicates the status of the hydrate operation",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"message": {
SchemaProps: spec.SchemaProps{
Description: "Message contains a message describing the current status of the hydrate operation",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"drySHA": {
SchemaProps: spec.SchemaProps{
Description: "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation",
Type: []string{"string"},
Format: "",
},
},
"hydratedSHA": {
SchemaProps: spec.SchemaProps{
Description: "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation",
Type: []string{"string"},
Format: "",
},
},
"sourceHydrator": {
SchemaProps: spec.SchemaProps{
Description: "SourceHydrator holds the hydrator config used for the hydrate operation",
Default: map[string]interface{}{},
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"),
},
},
},
Required: []string{"phase", "message"},
},
},
Dependencies: []string{
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
}
}
func schema_pkg_apis_application_v1alpha1_HydrateTo(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "HydrateTo specifies a location to which hydrated manifests should be pushed as a \"staging area\" before being moved to the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"targetBranch": {
SchemaProps: spec.SchemaProps{
Description: "TargetBranch is the branch to which hydrated manifests should be committed",
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"targetBranch"},
},
},
}
}
func schema_pkg_apis_application_v1alpha1_Info(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@@ -7573,6 +7718,105 @@ func schema_pkg_apis_application_v1alpha1_SignatureKey(ref common.ReferenceCallb
}
}
func schema_pkg_apis_application_v1alpha1_SourceHydrator(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "SourceHydrator specifies a dry \"don't repeat yourself\" source for manifests, a sync source from which to sync hydrated manifests, and an optional hydrateTo location to act as a \"staging\" aread for hydrated manifests.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"drySource": {
SchemaProps: spec.SchemaProps{
Description: "DrySource specifies where the dry \"don't repeat yourself\" manifest source lives.",
Default: map[string]interface{}{},
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DrySource"),
},
},
"syncSource": {
SchemaProps: spec.SchemaProps{
Description: "SyncSource specifies where to sync hydrated manifests from.",
Default: map[string]interface{}{},
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncSource"),
},
},
"hydrateTo": {
SchemaProps: spec.SchemaProps{
Description: "HydrateTo specifies an optional \"staging\" location to push hydrated manifests to. An external system would then have to move manifests to the SyncSource, e.g. by pull request.",
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateTo"),
},
},
},
Required: []string{"drySource", "syncSource"},
},
},
Dependencies: []string{
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DrySource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateTo", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncSource"},
}
}
func schema_pkg_apis_application_v1alpha1_SourceHydratorStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "SourceHydratorStatus contains information about the current state of source hydration",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"lastSuccessfulOperation": {
SchemaProps: spec.SchemaProps{
Description: "LastSuccessfulOperation holds info about the most recent successful hydration",
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SuccessfulHydrateOperation"),
},
},
"currentOperation": {
SchemaProps: spec.SchemaProps{
Description: "CurrentOperation holds the status of the hydrate operation",
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateOperation"),
},
},
},
},
},
Dependencies: []string{
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateOperation", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SuccessfulHydrateOperation"},
}
}
func schema_pkg_apis_application_v1alpha1_SuccessfulHydrateOperation(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "SuccessfulHydrateOperation contains information about the most recent successful hydrate operation",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"drySHA": {
SchemaProps: spec.SchemaProps{
Description: "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation",
Type: []string{"string"},
Format: "",
},
},
"hydratedSHA": {
SchemaProps: spec.SchemaProps{
Description: "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation",
Type: []string{"string"},
Format: "",
},
},
"sourceHydrator": {
SchemaProps: spec.SchemaProps{
Description: "SourceHydrator holds the hydrator config used for the hydrate operation",
Default: map[string]interface{}{},
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"),
},
},
},
},
},
Dependencies: []string{
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"},
}
}
func schema_pkg_apis_application_v1alpha1_SyncOperation(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@@ -7895,6 +8139,36 @@ func schema_pkg_apis_application_v1alpha1_SyncPolicyAutomated(ref common.Referen
}
}
func schema_pkg_apis_application_v1alpha1_SyncSource(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the associated DrySource config in the SourceHydrator.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"targetBranch": {
SchemaProps: spec.SchemaProps{
Description: "TargetBranch is the branch to which hydrated manifests should be committed",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"path": {
SchemaProps: spec.SchemaProps{
Description: "Path is a directory path within the git repository where hydrated manifests should be committed to and synced from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"targetBranch", "path"},
},
},
}
}
func schema_pkg_apis_application_v1alpha1_SyncStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{

View File

@@ -84,6 +84,9 @@ type ApplicationSpec struct {
// Sources is a reference to the location of the application's manifests or chart
Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,8,opt,name=sources"`
// SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster.
SourceHydrator *SourceHydrator `json:"sourceHydrator,omitempty" protobuf:"bytes,9,opt,name=sourceHydrator"`
}
type IgnoreDifferences []ResourceIgnoreDifferences
@@ -212,6 +215,9 @@ func (a ApplicationSources) IsZero() bool {
}
func (a *ApplicationSpec) GetSource() ApplicationSource {
if a.SourceHydrator != nil {
return a.SourceHydrator.GetSyncSource()
}
// if Application has multiple sources, return the first source in sources
if a.HasMultipleSources() {
return a.Sources[0]
@@ -222,7 +228,26 @@ func (a *ApplicationSpec) GetSource() ApplicationSource {
return ApplicationSource{}
}
// GetHydrateToSource returns the hydrateTo source if it exists, otherwise returns the sync source.
func (a *ApplicationSpec) GetHydrateToSource() ApplicationSource {
if a.SourceHydrator != nil {
targetRevision := a.SourceHydrator.SyncSource.TargetBranch
if a.SourceHydrator.HydrateTo != nil {
targetRevision = a.SourceHydrator.HydrateTo.TargetBranch
}
return ApplicationSource{
RepoURL: a.SourceHydrator.DrySource.RepoURL,
Path: a.SourceHydrator.SyncSource.Path,
TargetRevision: targetRevision,
}
}
return ApplicationSource{}
}
func (a *ApplicationSpec) GetSources() ApplicationSources {
if a.SourceHydrator != nil {
return ApplicationSources{a.SourceHydrator.GetSyncSource()}
}
if a.HasMultipleSources() {
return a.Sources
}
@@ -233,7 +258,7 @@ func (a *ApplicationSpec) GetSources() ApplicationSources {
}
func (a *ApplicationSpec) HasMultipleSources() bool {
return a.Sources != nil && len(a.Sources) > 0
return a.SourceHydrator == nil && a.Sources != nil && len(a.Sources) > 0
}
func (a *ApplicationSpec) GetSourcePtrByPosition(sourcePosition int) *ApplicationSource {
@@ -242,6 +267,10 @@ func (a *ApplicationSpec) GetSourcePtrByPosition(sourcePosition int) *Applicatio
}
func (a *ApplicationSpec) GetSourcePtrByIndex(sourceIndex int) *ApplicationSource {
if a.SourceHydrator != nil {
source := a.SourceHydrator.GetSyncSource()
return &source
}
// if Application has multiple sources, return the first source in sources
if a.HasMultipleSources() {
if sourceIndex > 0 {
@@ -347,6 +376,80 @@ const (
ApplicationSourceTypePlugin ApplicationSourceType = "Plugin"
)
// SourceHydrator specifies a dry "don't repeat yourself" source for manifests, a sync source from which to sync
// hydrated manifests, and an optional hydrateTo location to act as a "staging" aread for hydrated manifests.
type SourceHydrator struct {
// DrySource specifies where the dry "don't repeat yourself" manifest source lives.
DrySource DrySource `json:"drySource" protobuf:"bytes,1,name=drySource"`
// SyncSource specifies where to sync hydrated manifests from.
SyncSource SyncSource `json:"syncSource" protobuf:"bytes,2,name=syncSource"`
// HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
// have to move manifests to the SyncSource, e.g. by pull request.
HydrateTo *HydrateTo `json:"hydrateTo,omitempty" protobuf:"bytes,3,opt,name=hydrateTo"`
}
// GetSyncSource gets the source from which we should sync when a source hydrator is configured.
func (s SourceHydrator) GetSyncSource() ApplicationSource {
return ApplicationSource{
// Pull the RepoURL from the dry source. The SyncSource's RepoURL is assumed to be the same.
RepoURL: s.DrySource.RepoURL,
Path: s.SyncSource.Path,
TargetRevision: s.SyncSource.TargetBranch,
}
}
// GetDrySource gets the dry source when a source hydrator is configured.
func (s SourceHydrator) GetDrySource() ApplicationSource {
return ApplicationSource{
RepoURL: s.DrySource.RepoURL,
Path: s.DrySource.Path,
TargetRevision: s.DrySource.TargetRevision,
}
}
func (s SourceHydrator) DeepEquals(hydrator SourceHydrator) bool {
return s.DrySource == hydrator.DrySource && s.SyncSource == hydrator.SyncSource && s.HydrateTo.DeepEquals(hydrator.HydrateTo)
}
// DrySource specifies a location for dry "don't repeat yourself" manifest source information.
type DrySource struct {
// RepoURL is the URL to the git repository that contains the application manifests
RepoURL string `json:"repoURL" protobuf:"bytes,1,name=repoURL"`
// TargetRevision defines the revision of the source to hydrate
TargetRevision string `json:"targetRevision" protobuf:"bytes,2,name=targetRevision"`
// Path is a directory path within the Git repository where the manifests are located
Path string `json:"path" protobuf:"bytes,3,name=path"`
}
// SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the
// associated DrySource config in the SourceHydrator.
type SyncSource struct {
// TargetBranch is the branch to which hydrated manifests should be committed
TargetBranch string `json:"targetBranch" protobuf:"bytes,1,name=targetBranch"`
// Path is a directory path within the git repository where hydrated manifests should be committed to and synced
// from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
Path string `json:"path" protobuf:"bytes,2,name=path"`
}
// HydrateTo specifies a location to which hydrated manifests should be pushed as a "staging area" before being moved to
// the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.
type HydrateTo struct {
// TargetBranch is the branch to which hydrated manifests should be committed
TargetBranch string `json:"targetBranch" protobuf:"bytes,1,name=targetBranch"`
}
func (in *HydrateTo) DeepEquals(to *HydrateTo) bool {
if in == nil {
return to == nil
}
if to == nil {
// We already know in is not nil.
return false
}
// Compare de-referenced structs.
return *in == *to
}
// RefreshType specifies how to refresh the sources of a given application
type RefreshType string
@@ -1035,8 +1138,56 @@ type ApplicationStatus struct {
SourceTypes []ApplicationSourceType `json:"sourceTypes,omitempty" protobuf:"bytes,12,opt,name=sourceTypes"`
// ControllerNamespace indicates the namespace in which the application controller is located
ControllerNamespace string `json:"controllerNamespace,omitempty" protobuf:"bytes,13,opt,name=controllerNamespace"`
// SourceHydrator stores information about the current state of source hydration
SourceHydrator SourceHydratorStatus `json:"sourceHydrator,omitempty" protobuf:"bytes,14,opt,name=sourceHydrator"`
}
// SourceHydratorStatus contains information about the current state of source hydration
type SourceHydratorStatus struct {
// LastSuccessfulOperation holds info about the most recent successful hydration
LastSuccessfulOperation *SuccessfulHydrateOperation `json:"lastSuccessfulOperation,omitempty" protobuf:"bytes,1,opt,name=lastSuccessfulOperation"`
// CurrentOperation holds the status of the hydrate operation
CurrentOperation *HydrateOperation `json:"currentOperation,omitempty" protobuf:"bytes,2,opt,name=currentOperation"`
}
// HydrateOperation contains information about the most recent hydrate operation
type HydrateOperation struct {
// StartedAt indicates when the hydrate operation started
StartedAt metav1.Time `json:"startedAt,omitempty" protobuf:"bytes,1,opt,name=startedAt"`
// FinishedAt indicates when the hydrate operation finished
FinishedAt *metav1.Time `json:"finishedAt,omitempty" protobuf:"bytes,2,opt,name=finishedAt"`
// Phase indicates the status of the hydrate operation
Phase HydrateOperationPhase `json:"phase" protobuf:"bytes,3,opt,name=phase"`
// Message contains a message describing the current status of the hydrate operation
Message string `json:"message" protobuf:"bytes,4,opt,name=message"`
// DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation
DrySHA string `json:"drySHA,omitempty" protobuf:"bytes,5,opt,name=drySHA"`
// HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation
HydratedSHA string `json:"hydratedSHA,omitempty" protobuf:"bytes,6,opt,name=hydratedSHA"`
// SourceHydrator holds the hydrator config used for the hydrate operation
SourceHydrator SourceHydrator `json:"sourceHydrator,omitempty" protobuf:"bytes,7,opt,name=sourceHydrator"`
}
// SuccessfulHydrateOperation contains information about the most recent successful hydrate operation
type SuccessfulHydrateOperation struct {
// DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation
DrySHA string `json:"drySHA,omitempty" protobuf:"bytes,5,opt,name=drySHA"`
// HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation
HydratedSHA string `json:"hydratedSHA,omitempty" protobuf:"bytes,6,opt,name=hydratedSHA"`
// SourceHydrator holds the hydrator config used for the hydrate operation
SourceHydrator SourceHydrator `json:"sourceHydrator,omitempty" protobuf:"bytes,7,opt,name=sourceHydrator"`
}
// HydrateOperationPhase indicates the status of a hydrate operation
// +kubebuilder:validation:Enum=Hydrating;Failed;Hydrated
type HydrateOperationPhase string
const (
HydrateOperationPhaseHydrating HydrateOperationPhase = "Hydrating"
HydrateOperationPhaseFailed HydrateOperationPhase = "Failed"
HydrateOperationPhaseHydrated HydrateOperationPhase = "Hydrated"
)
// GetRevisions will return the current revision associated with the Application.
// If app has multisources, it will return all corresponding revisions preserving
// order from the app.spec.sources. If app has only one source, it will return a
@@ -2735,6 +2886,22 @@ func (app *Application) IsRefreshRequested() (RefreshType, bool) {
return refreshType, true
}
// IsHydrateRequested returns whether hydration has been requested for an application
func (app *Application) IsHydrateRequested() bool {
annotations := app.GetAnnotations()
if annotations == nil {
return false
}
typeStr, ok := annotations[AnnotationKeyRefresh]
if !ok {
return false
}
if typeStr == "normal" {
return true
}
return false
}
func (app *Application) HasPostDeleteFinalizer(stage ...string) bool {
return getFinalizerIndex(app.ObjectMeta, strings.Join(append([]string{PostDeleteFinalizerName}, stage...), "/")) > -1
}

View File

@@ -1065,6 +1065,11 @@ func (in *ApplicationSourceHelm) DeepCopyInto(out *ApplicationSourceHelm) {
*out = new(runtime.RawExtension)
(*in).DeepCopyInto(*out)
}
if in.APIVersions != nil {
in, out := &in.APIVersions, &out.APIVersions
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
@@ -1308,6 +1313,11 @@ func (in *ApplicationSpec) DeepCopyInto(out *ApplicationSpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.SourceHydrator != nil {
in, out := &in.SourceHydrator, &out.SourceHydrator
*out = new(SourceHydrator)
(*in).DeepCopyInto(*out)
}
return
}
@@ -1366,6 +1376,7 @@ func (in *ApplicationStatus) DeepCopyInto(out *ApplicationStatus) {
*out = make([]ApplicationSourceType, len(*in))
copy(*out, *in)
}
in.SourceHydrator.DeepCopyInto(&out.SourceHydrator)
return
}
@@ -1825,6 +1836,22 @@ func (in *ConnectionState) DeepCopy() *ConnectionState {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DrySource) DeepCopyInto(out *DrySource) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DrySource.
func (in *DrySource) DeepCopy() *DrySource {
if in == nil {
return nil
}
out := new(DrySource)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DuckTypeGenerator) DeepCopyInto(out *DuckTypeGenerator) {
*out = *in
@@ -2157,6 +2184,43 @@ func (in *HostResourceInfo) DeepCopy() *HostResourceInfo {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HydrateOperation) DeepCopyInto(out *HydrateOperation) {
*out = *in
in.StartedAt.DeepCopyInto(&out.StartedAt)
if in.FinishedAt != nil {
in, out := &in.FinishedAt, &out.FinishedAt
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HydrateOperation.
func (in *HydrateOperation) DeepCopy() *HydrateOperation {
if in == nil {
return nil
}
out := new(HydrateOperation)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HydrateTo) DeepCopyInto(out *HydrateTo) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HydrateTo.
func (in *HydrateTo) DeepCopy() *HydrateTo {
if in == nil {
return nil
}
out := new(HydrateTo)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in IgnoreDifferences) DeepCopyInto(out *IgnoreDifferences) {
{
@@ -4078,6 +4142,50 @@ func (in *SignatureKey) DeepCopy() *SignatureKey {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SourceHydrator) DeepCopyInto(out *SourceHydrator) {
*out = *in
out.DrySource = in.DrySource
out.SyncSource = in.SyncSource
if in.HydrateTo != nil {
in, out := &in.HydrateTo, &out.HydrateTo
*out = new(HydrateTo)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceHydrator.
func (in *SourceHydrator) DeepCopy() *SourceHydrator {
if in == nil {
return nil
}
out := new(SourceHydrator)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SourceHydratorStatus) DeepCopyInto(out *SourceHydratorStatus) {
*out = *in
if in.CurrentOperation != nil {
in, out := &in.CurrentOperation, &out.CurrentOperation
*out = new(HydrateOperation)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceHydratorStatus.
func (in *SourceHydratorStatus) DeepCopy() *SourceHydratorStatus {
if in == nil {
return nil
}
out := new(SourceHydratorStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SyncOperation) DeepCopyInto(out *SyncOperation) {
*out = *in
@@ -4264,6 +4372,22 @@ func (in *SyncPolicyAutomated) DeepCopy() *SyncPolicyAutomated {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SyncSource) DeepCopyInto(out *SyncSource) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncSource.
func (in *SyncSource) DeepCopy() *SyncSource {
if in == nil {
return nil
}
out := new(SyncSource)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SyncStatus) DeepCopyInto(out *SyncStatus) {
*out = *in

View File

@@ -8,7 +8,6 @@ import (
v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
@@ -20,9 +19,9 @@ type FakeApplications struct {
ns string
}
var applicationsResource = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "applications"}
var applicationsResource = v1alpha1.SchemeGroupVersion.WithResource("applications")
var applicationsKind = schema.GroupVersionKind{Group: "argoproj.io", Version: "v1alpha1", Kind: "Application"}
var applicationsKind = v1alpha1.SchemeGroupVersion.WithKind("Application")
// Get takes name of the application, and returns the corresponding application object, and an error if there is any.
func (c *FakeApplications) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.Application, err error) {

View File

@@ -8,7 +8,6 @@ import (
v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
@@ -20,9 +19,9 @@ type FakeApplicationSets struct {
ns string
}
var applicationsetsResource = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "applicationsets"}
var applicationsetsResource = v1alpha1.SchemeGroupVersion.WithResource("applicationsets")
var applicationsetsKind = schema.GroupVersionKind{Group: "argoproj.io", Version: "v1alpha1", Kind: "ApplicationSet"}
var applicationsetsKind = v1alpha1.SchemeGroupVersion.WithKind("ApplicationSet")
// Get takes name of the applicationSet, and returns the corresponding applicationSet object, and an error if there is any.
func (c *FakeApplicationSets) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ApplicationSet, err error) {

View File

@@ -8,7 +8,6 @@ import (
v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
@@ -20,9 +19,9 @@ type FakeAppProjects struct {
ns string
}
var appprojectsResource = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "appprojects"}
var appprojectsResource = v1alpha1.SchemeGroupVersion.WithResource("appprojects")
var appprojectsKind = schema.GroupVersionKind{Group: "argoproj.io", Version: "v1alpha1", Kind: "AppProject"}
var appprojectsKind = v1alpha1.SchemeGroupVersion.WithKind("AppProject")
// Get takes name of the appProject, and returns the corresponding appProject object, and an error if there is any.
func (c *FakeAppProjects) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.AppProject, err error) {

View File

@@ -26,6 +26,7 @@ type sharedInformerFactory struct {
lock sync.Mutex
defaultResync time.Duration
customResync map[reflect.Type]time.Duration
transform cache.TransformFunc
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
@@ -64,6 +65,14 @@ func WithNamespace(namespace string) SharedInformerOption {
}
}
// WithTransform sets a transform on all informers.
func WithTransform(transform cache.TransformFunc) SharedInformerOption {
return func(factory *sharedInformerFactory) *sharedInformerFactory {
factory.transform = transform
return factory
}
}
// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory {
return NewSharedInformerFactoryWithOptions(client, defaultResync)
@@ -150,7 +159,7 @@ func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[ref
return res
}
// InternalInformerFor returns the SharedIndexInformer for obj using an internal
// InformerFor returns the SharedIndexInformer for obj using an internal
// client.
func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer {
f.lock.Lock()
@@ -168,6 +177,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
}
informer = newFunc(f.client, resyncPeriod)
informer.SetTransform(f.transform)
f.informers[informerType] = informer
return informer
@@ -223,7 +233,7 @@ type SharedInformerFactory interface {
// ForResource gives generic access to a shared informer of the matching type.
ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
// InternalInformerFor returns the SharedIndexInformer for obj using an internal
// InformerFor returns the SharedIndexInformer for obj using an internal
// client.
InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer

View File

@@ -11,6 +11,8 @@ const (
ASKPASS_NONCE_ENV = "ARGOCD_GIT_ASKPASS_NONCE"
// AKSPASS_SOCKET_PATH_ENV is the environment variable that is used to pass the socket path to the askpass script
AKSPASS_SOCKET_PATH_ENV = "ARGOCD_ASK_PASS_SOCK"
// CommitServerSocketPath is the path to the socket used by the commit server to communicate with the askpass server
CommitServerSocketPath = "/tmp/commit-server-ask-pass.sock"
)
func init() {

View File

@@ -1135,6 +1135,12 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
if appHelm.ReleaseName != "" {
templateOpts.Name = appHelm.ReleaseName
}
if appHelm.Namespace != "" {
templateOpts.Namespace = appHelm.Namespace
}
if templateOpts.Namespace == "" {
return nil, "", fmt.Errorf("cannot generate application '%s' without helm namespace", appName)
}
resolvedValueFiles, err := getResolvedValueFiles(appPath, repoRoot, env, q.GetValuesFileSchemes(), appHelm.ValueFiles, q.RefSources, gitRepoPaths, appHelm.IgnoreMissingValueFiles)
if err != nil {
@@ -2486,7 +2492,7 @@ func checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bo
}
}
err = gitClient.Checkout(revision, submoduleEnabled)
_, err = gitClient.Checkout(revision, submoduleEnabled)
if err != nil {
// When fetching with no revision, only refs/heads/* and refs/remotes/origin/* are fetched. If checkout fails
// for the given revision, try explicitly fetching it.
@@ -2498,7 +2504,7 @@ func checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bo
return status.Errorf(codes.Internal, "Failed to checkout revision %s: %v", revision, err)
}
err = gitClient.Checkout("FETCH_HEAD", submoduleEnabled)
_, err = gitClient.Checkout("FETCH_HEAD", submoduleEnabled)
if err != nil {
return status.Errorf(codes.Internal, "Failed to checkout FETCH_HEAD: %v", err)
}

View File

@@ -108,7 +108,7 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", mock.Anything).Return(mock.Anything, nil)
gitClient.On("CommitSHA").Return(mock.Anything, nil)
gitClient.On("Root").Return(root)
@@ -183,7 +183,7 @@ func newServiceWithCommitSHA(t *testing.T, root, revision string) *Service {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", revision).Return(revision, revisionErr)
gitClient.On("CommitSHA").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("Root").Return(root)
@@ -210,7 +210,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) {
}
// update this value if we add/remove manifests
const countOfManifests = 50
const countOfManifests = 54
res1, err := service.GenerateManifest(context.Background(), &q)
@@ -465,6 +465,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) {
Revision: "HEAD",
HasMultipleSources: true,
ApplicationSource: &src,
Namespace: "default",
ProjectName: "default",
ProjectSourceRepos: []string{"*"},
RefSources: map[string]*argoappv1.RefTarget{"$ref": {TargetRevision: "HEAD", Repo: *repo}},
@@ -497,7 +498,7 @@ func TestHelmManifestFromChartRepo(t *testing.T) {
Server: "",
Revision: "1.1.0",
SourceType: "Helm",
Commands: []string{`helm template . --name-template "" --include-crds`},
Commands: []string{`helm template . --include-crds`},
}, response)
mockCache.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{
ExternalSets: 1,
@@ -525,6 +526,7 @@ func TestHelmChartReferencingExternalValues(t *testing.T) {
request := &apiclient.ManifestRequest{
Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
}
response, err := service.GenerateManifest(context.Background(), request)
require.NoError(t, err)
@@ -535,7 +537,7 @@ func TestHelmChartReferencingExternalValues(t *testing.T) {
Server: "",
Revision: "1.1.0",
SourceType: "Helm",
Commands: []string{`helm template . --name-template "" --values ./testdata/my-chart/my-chart-values.yaml --include-crds`},
Commands: []string{`helm template . --namespace default --values ./testdata/my-chart/my-chart-values.yaml --include-crds`},
}, response)
}
@@ -1101,6 +1103,7 @@ func TestGenerateHelmWithValues(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
@@ -1137,6 +1140,7 @@ func TestHelmWithMissingValueFiles(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
}
// Should fail since we're passing a non-existent values file, and error should indicate that
@@ -1164,6 +1168,7 @@ func TestGenerateHelmWithEnvVars(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
@@ -1201,6 +1206,7 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
@@ -1214,6 +1220,7 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
}
@@ -1221,7 +1228,7 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) {
func TestChartRepoWithOutOfBoundsSymlink(t *testing.T) {
service := newService(t, ".")
source := &argoappv1.ApplicationSource{Chart: "out-of-bounds-chart", TargetRevision: ">= 1.0.0"}
request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true}
request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, Namespace: "default"}
_, err := service.GenerateManifest(context.Background(), request)
assert.ErrorContains(t, err, "chart contains out-of-bounds symlinks")
}
@@ -1243,6 +1250,7 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) {
NoCache: true,
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
}
response, err := service.GenerateManifest(context.Background(), request)
require.NoError(t, err)
@@ -1253,7 +1261,7 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) {
Server: "",
Revision: "1.1.0",
SourceType: "Helm",
Commands: []string{`helm template . --name-template "" --values ./testdata/my-chart/my-chart-values.yaml --include-crds`},
Commands: []string{`helm template . --namespace default --values ./testdata/my-chart/my-chart-values.yaml --include-crds`},
}, response)
}
@@ -1268,7 +1276,7 @@ func TestHelmManifestFromChartRepoWithValueFileOutsideRepo(t *testing.T) {
ValueFiles: []string{"../my-chart-2/my-chart-2-values.yaml"},
},
}
request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true}
request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, Namespace: "default"}
_, err := service.GenerateManifest(context.Background(), request)
require.Error(t, err)
}
@@ -1286,6 +1294,7 @@ func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) {
request := &apiclient.ManifestRequest{
Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
}
_, err := service.GenerateManifest(context.Background(), request)
require.NoError(t, err)
@@ -1308,6 +1317,7 @@ func TestGenerateHelmWithURL(t *testing.T) {
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}},
Namespace: "default",
})
require.NoError(t, err)
}
@@ -1329,6 +1339,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.Error(t, err)
assert.Contains(t, err.Error(), "outside repository root")
@@ -1348,6 +1359,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
})
@@ -1366,6 +1378,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
})
@@ -1384,6 +1397,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.Error(t, err)
assert.Contains(t, err.Error(), "outside repository root")
@@ -1403,6 +1417,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.Error(t, err)
assert.Contains(t, err.Error(), "is not allowed")
@@ -1422,6 +1437,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) {
HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.Error(t, err)
assert.Contains(t, err.Error(), "s3://my-bucket/my-chart-values.yaml: no such file or directory")
@@ -1490,6 +1506,7 @@ func TestGenerateHelmWithFileParameter(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
assert.Contains(t, res.Manifests[6], `"replicas":2`, "ValuesObject should override Values")
@@ -1994,6 +2011,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) {
},
ProjectName: "something",
ProjectSourceRepos: []string{"*"},
Namespace: "default",
})
require.NoError(t, err)
resourceByKindName := make(map[string]*unstructured.Unstructured)
@@ -2283,6 +2301,7 @@ func TestGenerateMultiSourceHelmWithFileParameter(t *testing.T) {
HasMultipleSources: true,
NoCache: true,
RefSources: tc.refSources,
Namespace: "default",
}
res, err := service.GenerateManifest(context.Background(), manifestRequest)
@@ -3055,7 +3074,7 @@ func TestCheckoutRevisionPresentSkipFetch(t *testing.T) {
gitClient := &gitmocks.Client{}
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", revision).Return(true)
gitClient.On("Checkout", revision, mock.Anything).Return(nil)
gitClient.On("Checkout", revision, mock.Anything).Return("fake-rev", nil)
err := checkoutRevision(gitClient, revision, false)
require.NoError(t, err)
@@ -3068,7 +3087,7 @@ func TestCheckoutRevisionNotPresentCallFetch(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", revision).Return(false)
gitClient.On("Fetch", "").Return(nil)
gitClient.On("Checkout", revision, mock.Anything).Return(nil)
gitClient.On("Checkout", revision, mock.Anything).Return("fake-rev", nil)
err := checkoutRevision(gitClient, revision, false)
require.NoError(t, err)
@@ -3393,7 +3412,7 @@ func TestErrorGetGitDirectories(t *testing.T) {
}, want: nil, wantErr: assert.Error},
{name: "InvalidResolveRevision", fields: fields{service: func() *Service {
s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error"))
gitClient.On("Root").Return(root)
paths.On("GetPath", mock.Anything).Return(".", nil)
@@ -3410,7 +3429,7 @@ func TestErrorGetGitDirectories(t *testing.T) {
}, want: nil, wantErr: assert.Error},
{name: "ErrorVerifyCommit", fields: fields{service: func() *Service {
s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error"))
gitClient.On("VerifyCommitSignature", mock.Anything).Return("", fmt.Errorf("revision %s is not signed", "sadfsadf"))
gitClient.On("Root").Return(root)
@@ -3447,7 +3466,7 @@ func TestGetGitDirectories(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("Root").Return(root)
paths.On("GetPath", mock.Anything).Return(root, nil)
@@ -3480,7 +3499,7 @@ func TestGetGitDirectoriesWithHiddenDirSupported(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("Root").Return(root)
paths.On("GetPath", mock.Anything).Return(root, nil)
@@ -3535,7 +3554,7 @@ func TestErrorGetGitFiles(t *testing.T) {
}, want: nil, wantErr: assert.Error},
{name: "InvalidResolveRevision", fields: fields{service: func() *Service {
s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error"))
gitClient.On("Root").Return(root)
paths.On("GetPath", mock.Anything).Return(".", nil)
@@ -3574,7 +3593,7 @@ func TestGetGitFiles(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("Root").Return(root)
gitClient.On("LsFiles", mock.Anything, mock.Anything).Once().Return(files, nil)
@@ -3638,7 +3657,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) {
}, want: nil, wantErr: assert.Error},
{name: "InvalidResolveRevision", fields: fields{service: func() *Service {
s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error"))
gitClient.On("Root").Return(root)
paths.On("GetPath", mock.Anything).Return(".", nil)
@@ -3656,7 +3675,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) {
}, want: nil, wantErr: assert.Error},
{name: "InvalidResolveSyncedRevision", fields: fields{service: func() *Service {
s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error"))
gitClient.On("Root").Return(root)
@@ -3709,7 +3728,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
}{
{name: "NoPathAbort", fields: func() fields {
s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
}, ".")
return fields{
service: s,
@@ -3724,7 +3743,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
}, want: &apiclient.UpdateRevisionForPathsResponse{}, wantErr: assert.NoError},
{name: "SameResolvedRevisionAbort", fields: func() fields {
s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
paths.On("GetPath", mock.Anything).Return(".", nil)
@@ -3748,7 +3767,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("1e67a504d03def3a6a1125d934cb511680f72555", nil)
paths.On("GetPath", mock.Anything).Return(".", nil)
@@ -3774,7 +3793,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("1e67a504d03def3a6a1125d934cb511680f72555", nil)
paths.On("GetPath", mock.Anything).Return(".", nil)
@@ -3810,7 +3829,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
gitClient.On("Init").Return(nil)
gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return("fake-rev", nil)
gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("1e67a504d03def3a6a1125d934cb511680f72555", nil)
paths.On("GetPath", mock.Anything).Return(".", nil)

View File

@@ -0,0 +1,3 @@
local actions = {}
actions["merge"] = {["disabled"] = false}
return actions

View File

@@ -0,0 +1,2 @@
obj.spec.state = "merged"
return obj

View File

@@ -78,6 +78,14 @@ func (s *Server) getRepo(ctx context.Context, url, project string) (*appsv1.Repo
return repo, nil
}
func (s *Server) getWriteRepo(ctx context.Context, url, project string) (*appsv1.Repository, error) {
repo, err := s.db.GetWriteRepository(ctx, url, project)
if err != nil {
return nil, errPermissionDenied
}
return repo, nil
}
func createRBACObject(project string, repo string) string {
if project != "" {
return project + "/" + repo
@@ -133,17 +141,32 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R
return nil, err
}
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionGet, createRBACObject(repo.Project, repo.Repo)); err != nil {
if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionGet, createRBACObject(repo.Project, repo.Repo)); err != nil {
return nil, err
}
// getRepo does not return an error for unconfigured repositories, so we are checking here
exists, err := s.db.RepositoryExists(ctx, q.Repo, repo.Project)
if err != nil {
return nil, err
if q.Type != "" && q.Type != "write" && q.Type != "read" && q.Type != "both" {
return nil, status.Errorf(codes.InvalidArgument, "invalid repository type '%s'; must be '', 'read', 'write', or 'both'", q.Type)
}
if !exists {
return nil, status.Errorf(codes.NotFound, "repo '%s' not found", q.Repo)
var exists bool
if q.Type == "write" || q.Type == "both" {
exists, err = s.db.WriteRepositoryExists(ctx, q.Repo, repo.Project)
if err != nil {
return nil, err
}
if !exists {
return nil, status.Errorf(codes.NotFound, "repo '%s' not found", q.Repo)
}
}
if q.Type == "" || q.Type == "read" || q.Type == "both" {
exists, err = s.db.RepositoryExists(ctx, q.Repo, repo.Project)
if err != nil {
return nil, err
}
if !exists {
return nil, status.Errorf(codes.NotFound, "repo '%s' not found", q.Repo)
}
}
// For backwards compatibility, if we have no repo type set assume a default
@@ -174,9 +197,24 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R
// ListRepositories returns a list of all configured repositories and the state of their connections
func (s *Server) ListRepositories(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.RepositoryList, error) {
repos, err := s.db.ListRepositories(ctx)
if err != nil {
return nil, err
if q.Type != "" && q.Type != "write" && q.Type != "read" && q.Type != "both" {
return nil, status.Errorf(codes.InvalidArgument, "invalid repository type '%s'; must be '', 'read', 'write', or 'both'", q.Type)
}
var repos []*appsv1.Repository
var err error
if q.Type == "write" || q.Type == "both" {
wRepos, err := s.db.ListWriteRepositories(ctx)
if err != nil {
return nil, err
}
repos = append(repos, wRepos...)
}
if q.Type == "" || q.Type == "read" || q.Type == "both" {
rRepos, err := s.db.ListRepositories(ctx)
if err != nil {
return nil, err
}
repos = append(repos, rRepos...)
}
items := appsv1.Repositories{}
for _, repo := range repos {
@@ -425,10 +463,20 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea
r := q.Repo
r.ConnectionState = appsv1.ConnectionState{Status: appsv1.ConnectionStatusSuccessful}
repo, err = s.db.CreateRepository(ctx, r)
if q.Write {
repo, err = s.db.CreateWriteRepository(ctx, r)
} else {
repo, err = s.db.CreateRepository(ctx, r)
}
if status.Convert(err).Code() == codes.AlreadyExists {
// act idempotent if existing spec matches new spec
existing, getErr := s.db.GetRepository(ctx, r.Repo, q.Repo.Project)
var existing *appsv1.Repository
var getErr error
if q.Write {
existing, getErr = s.db.GetWriteRepository(ctx, r.Repo, q.Repo.Project)
} else {
existing, getErr = s.db.GetRepository(ctx, r.Repo, q.Repo.Project)
}
if getErr != nil {
return nil, status.Errorf(codes.Internal, "unable to check existing repository details: %v", getErr)
}
@@ -440,7 +488,11 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea
repo, err = existing, nil
} else if q.Upsert {
r.Project = q.Repo.Project
return s.UpdateRepository(ctx, &repositorypkg.RepoUpdateRequest{Repo: r})
if q.Write {
return s.db.UpdateWriteRepository(ctx, r)
} else {
return s.db.UpdateRepository(ctx, r)
}
} else {
return nil, status.Errorf(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository", existing, r))
}
@@ -463,7 +515,14 @@ func (s *Server) UpdateRepository(ctx context.Context, q *repositorypkg.RepoUpda
return nil, status.Errorf(codes.InvalidArgument, "missing payload in request")
}
repo, err := s.getRepo(ctx, q.Repo.Repo, q.Repo.Project)
var repo *appsv1.Repository
var err error
if q.Write {
repo, err = s.getWriteRepo(ctx, q.Repo.Repo, q.Repo.Project)
} else {
repo, err = s.getRepo(ctx, q.Repo.Repo, q.Repo.Project)
}
if err != nil {
return nil, err
}
@@ -476,7 +535,11 @@ func (s *Server) UpdateRepository(ctx context.Context, q *repositorypkg.RepoUpda
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionUpdate, createRBACObject(q.Repo.Project, q.Repo.Repo)); err != nil {
return nil, err
}
_, err = s.db.UpdateRepository(ctx, q.Repo)
if q.Write {
_, err = s.db.UpdateWriteRepository(ctx, q.Repo)
} else {
_, err = s.db.UpdateRepository(ctx, q.Repo)
}
return &appsv1.Repository{Repo: q.Repo.Repo, Type: q.Repo.Type, Name: q.Repo.Name}, err
}
@@ -502,7 +565,11 @@ func (s *Server) DeleteRepository(ctx context.Context, q *repositorypkg.RepoQuer
log.Errorf("error invalidating cache: %v", err)
}
err = s.db.DeleteRepository(ctx, repo.Repo, repo.Project)
if q.Type == "write" {
err = s.db.DeleteWriteRepository(ctx, repo.Repo, repo.Project)
} else {
err = s.db.DeleteRepository(ctx, repo.Repo, repo.Project)
}
return &repositorypkg.RepoResponse{}, err
}

View File

@@ -49,6 +49,9 @@ message RepoQuery {
bool forceRefresh = 2;
// App project for query
string appProject = 3;
// Type determines what kind of credential we're interacting with. It can be "read", "write", or "both". Default is
// "read".
string type = 4;
}
// RepoAccessQuery is a query for checking access to a repo
@@ -101,10 +104,14 @@ message RepoCreateRequest {
bool upsert = 2;
// Whether to operate on credential set instead of repository
bool credsOnly = 3;
// Write determines whether the credential will be stored as a read credential or a write credential.
bool write = 4;
}
message RepoUpdateRequest {
github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository repo = 1;
// Write determines whether the credential to be updated is a read credential or a write credential.
bool write = 2;
}
// RepositoryService

View File

@@ -415,6 +415,7 @@ func TestRepositoryServer(t *testing.T) {
})
require.NoError(t, err)
require.NotNil(t, repo)
assert.Equal(t, "test", repo.Repo)
})

View File

@@ -3,6 +3,7 @@ api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run
dex: sh -c "test $ARGOCD_IN_CI = true && exit 0; ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.41.1 serve /dex.yaml"
redis: sh -c "/usr/local/bin/redis-server --save "" --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}"
repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_BINARY_NAME=argocd-repo-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}"
commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
ui: sh -c "test $ARGOCD_IN_CI = true && exit 0; cd ui && ARGOCD_E2E_YARN_HOST=0.0.0.0 ${ARGOCD_E2E_YARN_CMD:-yarn} start"
reaper: ./test/container/reaper.sh
sshd: sudo sh -c "test $ARGOCD_E2E_TEST = true && /usr/sbin/sshd -p 2222 -D -e"

View File

@@ -222,9 +222,14 @@ func (a *Actions) prepareCreateAppArgs(args []string) []string {
a.context.t.Helper()
args = append([]string{
"app", "create", a.context.AppQualifiedName(),
"--repo", fixture.RepoURL(a.context.repoURLType),
}, args...)
if a.context.drySourceRevision != "" || a.context.drySourcePath != "" || a.context.syncSourcePath != "" || a.context.syncSourceBranch != "" || a.context.hydrateToBranch != "" {
args = append(args, "--dry-source-repo", fixture.RepoURL(a.context.repoURLType))
} else {
args = append(args, "--repo", fixture.RepoURL(a.context.repoURLType))
}
if a.context.destName != "" {
args = append(args, "--dest-name", a.context.destName)
} else {
@@ -234,6 +239,26 @@ func (a *Actions) prepareCreateAppArgs(args []string) []string {
args = append(args, "--path", a.context.path)
}
if a.context.drySourceRevision != "" {
args = append(args, "--dry-source-revision", a.context.drySourceRevision)
}
if a.context.drySourcePath != "" {
args = append(args, "--dry-source-path", a.context.drySourcePath)
}
if a.context.syncSourceBranch != "" {
args = append(args, "--sync-source-branch", a.context.syncSourceBranch)
}
if a.context.syncSourcePath != "" {
args = append(args, "--sync-source-path", a.context.syncSourcePath)
}
if a.context.hydrateToBranch != "" {
args = append(args, "--hydrate-to-branch", a.context.hydrateToBranch)
}
if a.context.chart != "" {
args = append(args, "--helm-chart", a.context.chart)
}

View File

@@ -45,6 +45,11 @@ type Context struct {
helmSkipCrds bool
trackingMethod v1alpha1.TrackingMethod
sources []v1alpha1.ApplicationSource
drySourceRevision string
drySourcePath string
syncSourceBranch string
syncSourcePath string
hydrateToBranch string
}
type ContextArgs struct {
@@ -235,6 +240,31 @@ func (c *Context) Path(path string) *Context {
return c
}
func (c *Context) DrySourceRevision(revision string) *Context {
c.drySourceRevision = revision
return c
}
func (c *Context) DrySourcePath(path string) *Context {
c.drySourcePath = path
return c
}
func (c *Context) SyncSourceBranch(branch string) *Context {
c.syncSourceBranch = branch
return c
}
func (c *Context) SyncSourcePath(path string) *Context {
c.syncSourcePath = path
return c
}
func (c *Context) HydrateToBranch(branch string) *Context {
c.hydrateToBranch = branch
return c
}
func (c *Context) Recurse() *Context {
c.directoryRecurse = true
return c

105
test/e2e/hydrator_test.go Normal file
View File

@@ -0,0 +1,105 @@
package e2e
import (
"testing"
. "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
. "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app"
. "github.com/argoproj/gitops-engine/pkg/sync/common"
)
func TestSimpleHydrator(t *testing.T) {
Given(t).
DrySourcePath("guestbook").
DrySourceRevision("HEAD").
SyncSourcePath("guestbook").
SyncSourceBranch("env/test").
When().
CreateApp().
Refresh(RefreshTypeNormal).
Wait("--hydrated").
Sync().
Then().
Expect(OperationPhaseIs(OperationSucceeded)).
Expect(SyncStatusIs(SyncStatusCodeSynced))
}
func TestHydrateTo(t *testing.T) {
Given(t).
DrySourcePath("guestbook").
DrySourceRevision("HEAD").
SyncSourcePath("guestbook").
SyncSourceBranch("env/test").
HydrateToBranch("env/test-next").
When().
CreateApp().
Refresh(RefreshTypeNormal).
Wait("--hydrated").
Then().
Given().
// Async so we don't fail immediately on the error
Async(true).
When().
Sync().
Wait("--operation").
Then().
// Fails because we hydrated to env/test-next but not to env/test.
Expect(OperationPhaseIs(OperationError)).
When().
// Will now hydrate to the sync source branch.
AppSet("--hydrate-to-branch", "").
Refresh(RefreshTypeNormal).
Wait("--hydrated").
Sync().
Wait("--operation").
Then().
Expect(OperationPhaseIs(OperationSucceeded)).
Expect(SyncStatusIs(SyncStatusCodeSynced))
}
func TestAddingApp(t *testing.T) {
// Make sure that if we add another app targeting the same sync branch, it hydrates correctly.
Given(t).
Name("test-adding-app-1").
DrySourcePath("guestbook").
DrySourceRevision("HEAD").
SyncSourcePath("guestbook-1").
SyncSourceBranch("env/test").
When().
CreateApp().
Refresh(RefreshTypeNormal).
Wait("--hydrated").
Sync().
Then().
Expect(OperationPhaseIs(OperationSucceeded)).
Expect(SyncStatusIs(SyncStatusCodeSynced)).
Given().
Name("test-adding-app-2").
DrySourcePath("guestbook").
DrySourceRevision("HEAD").
SyncSourcePath("guestbook-2").
SyncSourceBranch("env/test").
When().
CreateApp().
Refresh(RefreshTypeNormal).
Wait("--hydrated").
Sync().
Then().
Expect(OperationPhaseIs(OperationSucceeded)).
Expect(SyncStatusIs(SyncStatusCodeSynced)).
// Clean up the apps manually since we used custom names.
When().
Delete(true).
Then().
Expect(DoesNotExist()).
Given().
Name("test-adding-app-1").
When().
Delete(true).
Then().
Expect(DoesNotExist())
}
// TODO: write tests
// - If I change the destination path on one of the apps, the app should be rehydrated, and a new commit should be created.

View File

@@ -31,6 +31,7 @@ import {useSidebarTarget} from '../../../sidebar/sidebar';
import './application-details.scss';
import {AppViewExtension, StatusPanelExtension} from '../../../shared/services/extensions-service';
import {ApplicationHydrateOperationState} from '../application-hydrate-operation-state/application-hydrate-operation-state';
interface ApplicationDetailsState {
page: number;
@@ -117,6 +118,10 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
return new URLSearchParams(this.props.history.location.search).get('operation') === 'true';
}
private get showHydrateOperationState() {
return new URLSearchParams(this.props.history.location.search).get('hydrateOperation') === 'true';
}
private setNodeExpansion(node: string, isExpanded: boolean) {
const index = this.state.collapsedNodes.indexOf(node);
if (isExpanded && index >= 0) {
@@ -452,6 +457,7 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
const isAppSelected = selectedItem === application;
const selectedNode = !isAppSelected && (selectedItem as appModels.ResourceNode);
const operationState = application.status.operationState;
const hydrateOperationState = application.status.sourceHydrator.currentOperation;
const conditions = application.status.conditions || [];
const syncResourceKey = new URLSearchParams(this.props.history.location.search).get('deploy');
const tab = new URLSearchParams(this.props.history.location.search).get('tab');
@@ -638,6 +644,7 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
application={application}
showDiff={() => this.selectNode(appFullName, 0, 'diff')}
showOperation={() => this.setOperationStatusVisible(true)}
showHydrateOperation={() => this.setHydrateOperationStatusVisible(true)}
showConditions={() => this.setConditionsStatusVisible(true)}
showExtension={id => this.setExtensionPanelVisible(id)}
showMetadataInfo={revision => this.setState({...this.state, revision})}
@@ -846,6 +853,11 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
<SlidingPanel isShown={this.showOperationState && !!operationState} onClose={() => this.setOperationStatusVisible(false)}>
{operationState && <ApplicationOperationState application={application} operationState={operationState} />}
</SlidingPanel>
<SlidingPanel
isShown={this.showHydrateOperationState && !!hydrateOperationState}
onClose={() => this.setHydrateOperationStatusVisible(false)}>
{hydrateOperationState && <ApplicationHydrateOperationState hydrateOperationState={hydrateOperationState} />}
</SlidingPanel>
<SlidingPanel isShown={this.showConditions && !!conditions} onClose={() => this.setConditionsStatusVisible(false)}>
{conditions && <ApplicationConditions conditions={conditions} />}
</SlidingPanel>
@@ -1090,6 +1102,10 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
this.appContext.apis.navigation.goto('.', {operation: isVisible}, {replace: true});
}
private setHydrateOperationStatusVisible(isVisible: boolean) {
this.appContext.apis.navigation.goto('.', {hydrateOperation: isVisible}, {replace: true});
}
private setConditionsStatusVisible(isVisible: boolean) {
this.appContext.apis.navigation.goto('.', {conditions: isVisible}, {replace: true});
}

View File

@@ -0,0 +1,19 @@
.application-operation-state {
&__icons_container {
position: absolute;
left: 0;
}
&__icons_container_padding {
left: 15px;
position: relative;
}
&__message {
white-space: normal;
line-height: 16px;
display: inline-block;
vertical-align: middle;
}
}

View File

@@ -0,0 +1,75 @@
import {Duration, Ticker} from 'argo-ui';
import * as moment from 'moment';
import * as PropTypes from 'prop-types';
import * as React from 'react';
import {Revision, Timestamp} from '../../../shared/components';
import * as models from '../../../shared/models';
import './application-hydrate-operation-state.scss';
interface Props {
hydrateOperationState: models.HydrateOperation;
}
export const ApplicationHydrateOperationState: React.FunctionComponent<Props> = ({hydrateOperationState}) => {
const operationAttributes = [
{title: 'PHASE', value: hydrateOperationState.phase},
...(hydrateOperationState.message ? [{title: 'MESSAGE', value: hydrateOperationState.message}] : []),
{title: 'STARTED AT', value: <Timestamp date={hydrateOperationState.startedAt} />},
{
title: 'DURATION',
value: (
<Ticker>
{time => (
<Duration
durationMs={
((hydrateOperationState.finishedAt && moment(hydrateOperationState.finishedAt)) || time).diff(moment(hydrateOperationState.startedAt)) / 1000
}
/>
)}
</Ticker>
)
}
];
if (hydrateOperationState.finishedAt && hydrateOperationState.phase !== 'Hydrating') {
operationAttributes.push({title: 'FINISHED AT', value: <Timestamp date={hydrateOperationState.finishedAt} />});
}
operationAttributes.push({
title: 'DRY REVISION',
value: (
<div>
<Revision repoUrl={hydrateOperationState.sourceHydrator.drySource.repoURL} revision={hydrateOperationState.drySHA} />
</div>
)
});
if (hydrateOperationState.finishedAt) {
operationAttributes.push({
title: 'HYDRATED REVISION',
value: (
<div>
<Revision repoUrl={hydrateOperationState.sourceHydrator.drySource.repoURL} revision={hydrateOperationState.hydratedSHA} />
</div>
)
});
}
return (
<div>
<div className='white-box'>
<div className='white-box__details'>
{operationAttributes.map(attr => (
<div className='row white-box__details-row' key={attr.title}>
<div className='columns small-3'>{attr.title}</div>
<div className='columns small-9'>{attr.value}</div>
</div>
))}
</div>
</div>
</div>
);
};
ApplicationHydrateOperationState.contextTypes = {
apis: PropTypes.object
};

View File

@@ -179,6 +179,10 @@
padding-left: 8px;
margin-bottom: 2px;
}
&__hydrator-link {
width: 134px;
}
}
&__item-name {

View File

@@ -5,8 +5,21 @@ import {Revision} from '../../../shared/components/revision';
import {Timestamp} from '../../../shared/components/timestamp';
import * as models from '../../../shared/models';
import {services} from '../../../shared/services';
import {ApplicationSyncWindowStatusIcon, ComparisonStatusIcon, getAppDefaultSource, getAppDefaultSyncRevisionExtra, getAppOperationState} from '../utils';
import {getConditionCategory, HealthStatusIcon, OperationState, syncStatusMessage, getAppDefaultSyncRevision, getAppDefaultOperationSyncRevision} from '../utils';
import {
ApplicationSyncWindowStatusIcon,
ComparisonStatusIcon,
getAppDefaultSource,
getAppDefaultSyncRevisionExtra,
getAppOperationState,
HydrateOperationPhaseIcon,
getAppDefaultOperationSyncRevision,
getConditionCategory,
HealthStatusIcon,
OperationState,
syncStatusMessage,
getAppDefaultSyncRevision,
hydrationStatusMessage
} from '../utils';
import {RevisionMetadataPanel} from './revision-metadata-panel';
import * as utils from '../utils';
@@ -16,6 +29,7 @@ interface Props {
application: models.Application;
showDiff?: () => any;
showOperation?: () => any;
showHydrateOperation?: () => any;
showConditions?: () => any;
showExtension?: (id: string) => any;
showMetadataInfo?: (revision: string) => any;
@@ -46,7 +60,7 @@ const sectionHeader = (info: SectionInfo, onClick?: () => any) => {
);
};
export const ApplicationStatusPanel = ({application, showDiff, showOperation, showConditions, showExtension, showMetadataInfo}: Props) => {
export const ApplicationStatusPanel = ({application, showDiff, showOperation, showHydrateOperation, showConditions, showExtension, showMetadataInfo}: Props) => {
const today = new Date();
let daysSinceLastSynchronized = 0;
@@ -64,6 +78,8 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
showOperation = null;
}
console.log(application);
const statusExtensions = services.extensions.getStatusPanelExtensions();
const revision = getAppDefaultSyncRevision(application);
@@ -84,6 +100,40 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
</div>
{application.status.health.message && <div className='application-status-panel__item-name'>{application.status.health.message}</div>}
</div>
{application.spec.sourceHydrator && application.status?.sourceHydrator?.currentOperation && (
<div className='application-status-panel__item'>
<div style={{lineHeight: '19.5px', marginBottom: '0.3em'}}>
{sectionLabel({
title: 'SOURCE HYDRATOR',
helpContent: 'The source hydrator reads manifests from git, hydrates (renders) them, and pushes them to a different location in git.'
})}
</div>
<div className='application-status-panel__item-value'>
<a className='application-status-panel__item-value__hydrator-link' onClick={() => showHydrateOperation && showHydrateOperation()}>
<HydrateOperationPhaseIcon operationState={application.status.sourceHydrator.currentOperation} />
&nbsp;
{application.status.sourceHydrator.currentOperation.phase}
</a>
<div className='application-status-panel__item-value__revision show-for-large'>{hydrationStatusMessage(application)}</div>
</div>
<div className='application-status-panel__item-name' style={{marginBottom: '0.5em'}}>
{application.status.sourceHydrator.currentOperation.phase}{' '}
<Timestamp date={application.status.sourceHydrator.currentOperation.finishedAt || application.status.sourceHydrator.currentOperation.startedAt} />
</div>
{application.status.sourceHydrator.currentOperation.message && (
<div className='application-status-panel__item-name'>{application.status.sourceHydrator.currentOperation.message}</div>
)}
<div className='application-status-panel__item-name'>
<RevisionMetadataPanel
appName={application.metadata.name}
appNamespace={application.metadata.namespace}
type={''}
revision={application.status.sourceHydrator.currentOperation.drySHA}
versionId={utils.getAppCurrentVersion(application)}
/>
</div>
</div>
)}
<div className='application-status-panel__item'>
<React.Fragment>
{sectionHeader(
@@ -112,7 +162,7 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
application.status.sync &&
(hasMultipleSources
? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart
: application.status.sync.revision && !application.spec.source.chart) && (
: application.status.sync.revision && !application.spec.source?.chart) && (
<div className='application-status-panel__item-name'>
<RevisionMetadataPanel
appName={application.metadata.name}
@@ -160,7 +210,7 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
<RevisionMetadataPanel
appName={application.metadata.name}
appNamespace={application.metadata.namespace}
type={source.chart && 'helm'}
type={source?.chart && 'helm'}
revision={operationStateRevision}
versionId={utils.getAppCurrentVersion(application)}
/>

View File

@@ -1,6 +1,6 @@
import {DataLoader, Tooltip} from 'argo-ui';
import * as React from 'react';
import {Timestamp} from '../../../shared/components/timestamp';
import {Timestamp} from '../../../shared/components';
import {services} from '../../../shared/services';
export const RevisionMetadataPanel = (props: {appName: string; appNamespace: string; type: string; revision: string; versionId: number}) => {
@@ -8,7 +8,7 @@ export const RevisionMetadataPanel = (props: {appName: string; appNamespace: str
return <React.Fragment />;
}
return (
<DataLoader load={() => services.applications.revisionMetadata(props.appName, props.appNamespace, props.revision, 0, props.versionId)} errorRenderer={() => <div />}>
<DataLoader key={props.revision} load={() => services.applications.revisionMetadata(props.appName, props.appNamespace, props.revision, 0, props.versionId)} errorRenderer={() => <div />}>
{m => (
<Tooltip
popperOptions={{

View File

@@ -13,6 +13,7 @@ import {ResourceTreeNode} from './application-resource-tree/application-resource
import {CheckboxField, COLORS, ErrorNotification, Revision} from '../../shared/components';
import * as appModels from '../../shared/models';
import {services} from '../../shared/services';
import {ApplicationSource} from '../../shared/models';
require('./utils.scss');
@@ -223,6 +224,29 @@ export const OperationPhaseIcon = ({app}: {app: appModels.Application}) => {
return <i title={getOperationStateTitle(app)} qe-id='utils-operations-status-title' className={className} style={{color}} />;
};
export const HydrateOperationPhaseIcon = ({operationState}: {operationState?: appModels.HydrateOperation}) => {
if (operationState === undefined) {
return <React.Fragment />;
}
let className = '';
let color = '';
switch (operationState.phase) {
case appModels.HydrateOperationPhases.Hydrated:
className = 'fa fa-check-circle';
color = COLORS.operation.success;
break;
case appModels.HydrateOperationPhases.Failed:
className = 'fa fa-times-circle';
color = COLORS.operation.failed;
break;
default:
className = 'fa fa-circle-notch fa-spin';
color = COLORS.operation.running;
break;
}
return <i title={operationState.phase} qe-id='utils-operations-status-title' className={className} style={{color}} />;
};
export const ComparisonStatusIcon = ({
status,
resource,
@@ -743,6 +767,65 @@ export function syncStatusMessage(app: appModels.Application) {
}
}
export function hydrationStatusMessage(app: appModels.Application) {
const drySource = app.status.sourceHydrator.currentOperation.sourceHydrator.drySource;
const dryCommit = app.status.sourceHydrator.currentOperation.drySHA;
const syncSource: ApplicationSource = {
repoURL: drySource.repoURL,
targetRevision:
app.status.sourceHydrator.currentOperation.sourceHydrator.hydrateTo?.targetBranch || app.status.sourceHydrator.currentOperation.sourceHydrator.syncSource.targetBranch,
path: app.status.sourceHydrator.currentOperation.sourceHydrator.syncSource.path
};
const hydratedCommit = app.status.sourceHydrator.currentOperation.hydratedSHA || '';
switch (app.status.sourceHydrator.currentOperation.phase) {
case appModels.HydrateOperationPhases.Hydrated:
return (
<span>
from{' '}
<Revision repoUrl={drySource.repoURL} revision={dryCommit}>
{drySource.targetRevision + ' (' + dryCommit.substr(0, 7) + ')'}
</Revision>
<br />
to{' '}
<Revision repoUrl={syncSource.repoURL} revision={hydratedCommit}>
{syncSource.targetRevision + ' (' + hydratedCommit.substr(0, 7) + ')'}
</Revision>
</span>
);
case appModels.HydrateOperationPhases.Hydrating:
return (
<span>
from{' '}
<Revision repoUrl={drySource.repoURL} revision={dryCommit}>
{drySource.targetRevision + ' (' + dryCommit.substr(0, 7) + ')'}
</Revision>
<br />
to{' '}
<Revision repoUrl={syncSource.repoURL} revision={syncSource.targetRevision}>
{syncSource.targetRevision}
</Revision>
</span>
);
case appModels.HydrateOperationPhases.Failed:
return (
<span>
from{' '}
<Revision repoUrl={drySource.repoURL} revision={dryCommit}>
{drySource.targetRevision + ' (' + dryCommit.substr(0, 7) + ')'}
</Revision>
<br />
to{' '}
<Revision repoUrl={syncSource.repoURL} revision={syncSource.targetRevision}>
{syncSource.targetRevision}
</Revision>
</span>
);
default:
return <span>{}</span>;
}
}
export const HealthStatusIcon = ({state, noSpin}: {state: appModels.HealthStatus; noSpin?: boolean}) => {
let color = COLORS.health.unknown;
let icon = 'fa-question-circle';
@@ -1106,7 +1189,7 @@ export function getAppDefaultSource(app?: appModels.Application) {
if (!app) {
return null;
}
return app.spec.sources && app.spec.sources.length > 0 ? app.spec.sources[0] : app.spec.source;
return getAppSpecDefaultSource(app.spec);
}
// getAppDefaultSyncRevision gets the first app revisions from `status.sync.revisions` or, if that list is missing or empty, the `revision`
@@ -1165,6 +1248,13 @@ export function getAppDefaultOperationSyncRevisionExtra(app?: appModels.Applicat
}
export function getAppSpecDefaultSource(spec: appModels.ApplicationSpec) {
if (spec.sourceHydrator) {
return {
repoURL: spec.sourceHydrator.drySource.repoURL,
targetRevision: spec.sourceHydrator.syncSource.targetBranch,
path: spec.sourceHydrator.syncSource.path
};
}
return spec.sources && spec.sources.length > 0 ? spec.sources[0] : spec.source;
}

View File

@@ -38,6 +38,8 @@ export interface NewHTTPSRepoParams {
project?: string;
forceHttpBasicAuth?: boolean;
enableOCI: boolean;
// write should be true if saving as a write credential.
write: boolean;
}
interface NewGitHubAppRepoParams {
@@ -54,6 +56,8 @@ interface NewGitHubAppRepoParams {
enableLfs: boolean;
proxy: string;
project?: string;
// write should be true if saving as a write credential.
write: boolean;
}
interface NewGoogleCloudSourceRepoParams {
@@ -63,11 +67,15 @@ interface NewGoogleCloudSourceRepoParams {
gcpServiceAccountKey: string;
proxy: string;
project?: string;
// write should be true if saving as a write credential.
write: boolean;
}
interface NewSSHRepoCredsParams {
url: string;
sshPrivateKey: string;
// write should be true if saving as a write credential.
write: boolean;
}
interface NewHTTPSRepoCredsParams {
@@ -79,6 +87,8 @@ interface NewHTTPSRepoCredsParams {
proxy: string;
forceHttpBasicAuth: boolean;
enableOCI: boolean;
// write should be true if saving as a write credential.
write: boolean;
}
interface NewGitHubAppRepoCredsParams {
@@ -90,11 +100,15 @@ interface NewGitHubAppRepoCredsParams {
tlsClientCertData: string;
tlsClientCertKey: string;
proxy: string;
// write should be true if saving as a write credential.
write: boolean;
}
interface NewGoogleCloudSourceRepoCredsParams {
url: string;
gcpServiceAccountKey: string;
// write should be true if saving as a write credential.
write: boolean;
}
export enum ConnectionMethod {
@@ -163,7 +177,7 @@ export class ReposList extends React.Component<
}
private onChooseDefaultValues = (): FormValues => {
return {type: 'git', ghType: 'GitHub'};
return {type: 'git', ghType: 'GitHub', write: false};
};
private onValidateErrors(params: FormValues): FormErrors {
@@ -420,38 +434,71 @@ export class ReposList extends React.Component<
defaultValues={this.onChooseDefaultValues()}
validateError={(values: FormValues) => this.onValidateErrors(values)}>
{formApi => (
<form onSubmit={formApi.submitForm} role='form' className='repos-list width-control'>
<form onSubmit={formApi.submitForm} role='form'
className='repos-list width-control'>
<div className='white-box'>
<p>SAVE AS WRITE CREDENTIAL (ALPHA)</p>
<p>The Source Hydrator is an Alpha feature which enables Applications to
push hydrated manifests to git before syncing. To use the Source Hydrator for a repository, you must save two
credentials: a read credential for pulling manifests and a write
credential for pushing hydrated manifests. If you add a write credential for a repository, then <strong>any
Application that can sync from the repo can also push hydrated
manifests to that repo.</strong> Do not use this feature until you've read its documentation and
understand the security implications.</p>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Save as write credential'
field='write' component={CheckboxField}/>
</div>
</div>
{this.state.method === ConnectionMethod.SSH && (
<div className='white-box'>
<p>CONNECT REPO USING SSH</p>
{formApi.getFormState().values.write === false && (
<>
<div className='argo-form-row'>
<FormField formApi={formApi}
label='Name (mandatory for Helm)'
field='name'
component={Text}/>
</div>
<div className='argo-form-row'>
<FormField
formApi={formApi}
label='Project'
field='project'
component={AutocompleteField}
componentProps={{items: projects}}
/>
</div>
</>
)}
<div className='argo-form-row'>
<FormField formApi={formApi} label='Name (mandatory for Helm)' field='name' component={Text} />
<FormField formApi={formApi} label='Repository URL'
field='url' component={Text}/>
</div>
<div className='argo-form-row'>
<FormField
formApi={formApi}
label='Project'
field='project'
component={AutocompleteField}
componentProps={{items: projects}}
/>
<FormField formApi={formApi} label='SSH private key data'
field='sshPrivateKey' component={TextArea}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Repository URL' field='url' component={Text} />
<FormField formApi={formApi}
label='Skip server verification' field='insecure'
component={CheckboxField}/>
<HelpIcon
title='This setting is ignored when creating as credential template.'/>
</div>
{formApi.getFormState().values.write === false && (
<div className='argo-form-row'>
<FormField formApi={formApi}
label='Enable LFS support (Git only)'
field='enableLfs' component={CheckboxField}/>
<HelpIcon
title='This setting is ignored when creating as credential template.'/>
</div>
)}
<div className='argo-form-row'>
<FormField formApi={formApi} label='SSH private key data' field='sshPrivateKey' component={TextArea} />
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Skip server verification' field='insecure' component={CheckboxField} />
<HelpIcon title='This setting is ignored when creating as credential template.' />
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Enable LFS support (Git only)' field='enableLfs' component={CheckboxField} />
<HelpIcon title='This setting is ignored when creating as credential template.' />
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Proxy (optional)' field='proxy' component={Text} />
<FormField formApi={formApi} label='Proxy (optional)'
field='proxy' component={Text}/>
</div>
</div>
)}
@@ -459,11 +506,14 @@ export class ReposList extends React.Component<
<div className='white-box'>
<p>CONNECT REPO USING HTTPS</p>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Type' field='type' component={FormSelect} componentProps={{options: ['git', 'helm']}} />
<FormField formApi={formApi} label='Type' field='type'
component={FormSelect}
componentProps={{options: ['git', 'helm']}}/>
</div>
{formApi.getFormState().values.type === 'helm' && (
<div className='argo-form-row'>
<FormField formApi={formApi} label='Name' field='name' component={Text} />
<FormField formApi={formApi} label='Name' field='name'
component={Text}/>
</div>
)}
<div className='argo-form-row'>
@@ -476,10 +526,12 @@ export class ReposList extends React.Component<
/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Repository URL' field='url' component={Text} />
<FormField formApi={formApi} label='Repository URL' field='url'
component={Text}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Username (optional)' field='username' component={Text} />
<FormField formApi={formApi} label='Username (optional)'
field='username' component={Text}/>
</div>
<div className='argo-form-row'>
<FormField
@@ -491,31 +543,46 @@ export class ReposList extends React.Component<
/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='TLS client certificate (optional)' field='tlsClientCertData' component={TextArea} />
<FormField formApi={formApi}
label='TLS client certificate (optional)'
field='tlsClientCertData' component={TextArea}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='TLS client certificate key (optional)' field='tlsClientCertKey' component={TextArea} />
<FormField formApi={formApi}
label='TLS client certificate key (optional)'
field='tlsClientCertKey' component={TextArea}/>
</div>
{formApi.getFormState().values.type === 'git' && (
<React.Fragment>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Skip server verification' field='insecure' component={CheckboxField} />
<HelpIcon title='This setting is ignored when creating as credential template.' />
<FormField formApi={formApi}
label='Skip server verification'
field='insecure' component={CheckboxField}/>
<HelpIcon
title='This setting is ignored when creating as credential template.'/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Force HTTP basic auth' field='forceHttpBasicAuth' component={CheckboxField} />
<FormField formApi={formApi}
label='Force HTTP basic auth'
field='forceHttpBasicAuth'
component={CheckboxField}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Enable LFS support (Git only)' field='enableLfs' component={CheckboxField} />
<HelpIcon title='This setting is ignored when creating as credential template.' />
<FormField formApi={formApi}
label='Enable LFS support (Git only)'
field='enableLfs' component={CheckboxField}/>
<HelpIcon
title='This setting is ignored when creating as credential template.'/>
</div>
</React.Fragment>
)}
<div className='argo-form-row'>
<FormField formApi={formApi} label='Proxy (optional)' field='proxy' component={Text} />
<FormField formApi={formApi} label='Proxy (optional)'
field='proxy' component={Text}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Enable OCI' field='enableOCI' component={CheckboxField} />
<FormField formApi={formApi} label='Enable OCI'
field='enableOCI' component={CheckboxField}/>
</div>
</div>
)}
@@ -543,35 +610,49 @@ export class ReposList extends React.Component<
</div>
</React.Fragment>
)}
{formApi.getFormState().values.write === false && (
<div className='argo-form-row'>
<FormField
formApi={formApi}
label='Project'
field='project'
component={AutocompleteField}
componentProps={{items: projects}}
/>
</div>
)}
<div className='argo-form-row'>
<FormField
formApi={formApi}
label='Project'
field='project'
component={AutocompleteField}
componentProps={{items: projects}}
/>
<FormField formApi={formApi} label='Repository URL' field='url'
component={Text}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Repository URL' field='url' component={Text} />
<FormField formApi={formApi} label='GitHub App ID'
field='githubAppId' component={NumberField}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='GitHub App ID' field='githubAppId' component={NumberField} />
<FormField formApi={formApi} label='GitHub App Installation ID'
field='githubAppInstallationId'
component={NumberField}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='GitHub App Installation ID' field='githubAppInstallationId' component={NumberField} />
<FormField formApi={formApi} label='GitHub App private key'
field='githubAppPrivateKey' component={TextArea}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='GitHub App private key' field='githubAppPrivateKey' component={TextArea} />
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Skip server verification' field='insecure' component={CheckboxField} />
<HelpIcon title='This setting is ignored when creating as credential template.' />
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Enable LFS support (Git only)' field='enableLfs' component={CheckboxField} />
<HelpIcon title='This setting is ignored when creating as credential template.' />
<FormField formApi={formApi} label='Skip server verification'
field='insecure' component={CheckboxField}/>
<HelpIcon
title='This setting is ignored when creating as credential template.'/>
</div>
{formApi.getFormState().values.write === false && (
<div className='argo-form-row'>
<FormField formApi={formApi}
label='Enable LFS support (Git only)'
field='enableLfs' component={CheckboxField}/>
<HelpIcon
title='This setting is ignored when creating as credential template.'/>
</div>
)}
{formApi.getFormState().values.ghType === 'GitHub Enterprise' && (
<React.Fragment>
<div className='argo-form-row'>
@@ -593,7 +674,8 @@ export class ReposList extends React.Component<
</React.Fragment>
)}
<div className='argo-form-row'>
<FormField formApi={formApi} label='Proxy (optional)' field='proxy' component={Text} />
<FormField formApi={formApi} label='Proxy (optional)'
field='proxy' component={Text}/>
</div>
</div>
)}
@@ -610,13 +692,16 @@ export class ReposList extends React.Component<
/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Repository URL' field='url' component={Text} />
<FormField formApi={formApi} label='Repository URL' field='url'
component={Text}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='GCP service account key' field='gcpServiceAccountKey' component={TextArea} />
<FormField formApi={formApi} label='GCP service account key'
field='gcpServiceAccountKey' component={TextArea}/>
</div>
<div className='argo-form-row'>
<FormField formApi={formApi} label='Proxy (optional)' field='proxy' component={Text} />
<FormField formApi={formApi} label='Proxy (optional)'
field='proxy' component={Text}/>
</div>
</div>
)}

View File

@@ -202,6 +202,27 @@ export interface ApplicationSource {
ref?: string;
}
export interface SourceHydrator {
drySource: DrySource;
syncSource: SyncSource;
hydrateTo?: HydrateTo;
}
export interface DrySource {
repoURL: string;
targetRevision: string;
path: string;
}
export interface SyncSource {
targetBranch: string;
path: string;
}
export interface HydrateTo {
targetBranch: string;
}
export interface ApplicationSourceHelm {
valueFiles: string[];
values?: string;
@@ -273,6 +294,7 @@ export interface ApplicationSpec {
project: string;
source: ApplicationSource;
sources: ApplicationSource[];
sourceHydrator?: SourceHydrator;
destination: ApplicationDestination;
syncPolicy?: SyncPolicy;
ignoreDifferences?: ResourceIgnoreDifferences[];
@@ -432,8 +454,38 @@ export interface ApplicationStatus {
health: HealthStatus;
operationState?: OperationState;
summary?: ApplicationSummary;
sourceHydrator?: SourceHydratorStatus;
}
export interface SourceHydratorStatus {
lastSuccessfulOperation?: SuccessfulHydrateOperation;
currentOperation?: HydrateOperation;
}
export interface HydrateOperation {
startedAt: models.Time;
finishedAt?: models.Time;
phase: HydrateOperationPhase;
message: string;
drySHA: string;
hydratedSHA: string;
sourceHydrator: SourceHydrator;
}
export interface SuccessfulHydrateOperation {
drySHA: string;
hydratedSHA: string;
sourceHydrator: SourceHydrator;
}
export type HydrateOperationPhase = 'Hydrating' | 'Failed' | 'Hydrated';
export const HydrateOperationPhases = {
Hydrating: 'Hydrating' as OperationPhase,
Failed: 'Failed' as OperationPhase,
Hydrated: 'Hydrated' as OperationPhase
};
export interface JwtTokens {
items: JwtToken[];
}

View File

@@ -5,6 +5,7 @@ export class RepositoriesService {
public list(): Promise<models.Repository[]> {
return requests
.get(`/repositories`)
.query({type: "both"})
.then(res => res.body as models.RepositoryList)
.then(list => list.items || []);
}
@@ -29,7 +30,8 @@ export class RepositoriesService {
proxy,
project,
forceHttpBasicAuth,
enableOCI
enableOCI,
write,
}: {
type: string;
name: string;
@@ -44,9 +46,11 @@ export class RepositoriesService {
project?: string;
forceHttpBasicAuth?: boolean;
enableOCI: boolean;
write: boolean;
}): Promise<models.Repository> {
return requests
.post('/repositories')
.query({write})
.send({type, name, repo: url, username, password, tlsClientCertData, tlsClientCertKey, insecure, enableLfs, proxy, project, forceHttpBasicAuth, enableOCI})
.then(res => res.body as models.Repository);
}
@@ -94,7 +98,8 @@ export class RepositoriesService {
insecure,
enableLfs,
proxy,
project
project,
write,
}: {
type: string;
name: string;
@@ -104,9 +109,11 @@ export class RepositoriesService {
enableLfs: boolean;
proxy: string;
project?: string;
write: boolean;
}): Promise<models.Repository> {
return requests
.post('/repositories')
.query({write})
.send({type, name, repo: url, sshPrivateKey, insecure, enableLfs, proxy, project})
.then(res => res.body as models.Repository);
}
@@ -124,7 +131,8 @@ export class RepositoriesService {
insecure,
enableLfs,
proxy,
project
project,
write,
}: {
type: string;
name: string;
@@ -139,9 +147,11 @@ export class RepositoriesService {
enableLfs: boolean;
proxy: string;
project?: string;
write: boolean;
}): Promise<models.Repository> {
return requests
.post('/repositories')
.query({write})
.send({
type,
name,
@@ -166,7 +176,8 @@ export class RepositoriesService {
url,
gcpServiceAccountKey,
proxy,
project
project,
write,
}: {
type: string;
name: string;
@@ -174,9 +185,11 @@ export class RepositoriesService {
gcpServiceAccountKey: string;
proxy: string;
project?: string;
write: boolean;
}): Promise<models.Repository> {
return requests
.post('/repositories')
.query({write})
.send({
type,
name,

View File

@@ -231,6 +231,7 @@ func RefreshApp(appIf v1alpha1.ApplicationInterface, name string, refreshType ar
"metadata": map[string]interface{}{
"annotations": map[string]string{
argoappv1.AnnotationKeyRefresh: string(refreshType),
argoappv1.AnnotationKeyHydrate: "normal",
},
},
}
@@ -389,6 +390,7 @@ func validateRepo(ctx context.Context,
}
if err := TestRepoWithKnownType(ctx, repoClient, repo, source.IsHelm(), source.IsHelmOci()); err != nil {
errMessage = fmt.Sprintf("repositories not accessible: %v: %v", repo.StringForLogging(), err)
log.Debugf("Error testing repository for source %v: %v", source, err)
}
repoAccessible := false
@@ -417,6 +419,13 @@ func validateRepo(ctx context.Context,
if err != nil {
return nil, fmt.Errorf("error getting ref sources: %w", err)
}
// If using the source hydrator, check the dry source instead of the sync source, since the sync source branch may
// not exist yet.
if app.Spec.SourceHydrator != nil {
sources = []argoappv1.ApplicationSource{app.Spec.SourceHydrator.GetDrySource()}
}
conditions = append(conditions, verifyGenerateManifests(
ctx,
db,
@@ -539,11 +548,46 @@ func validateSourcePermissions(ctx context.Context, source argoappv1.Application
return conditions
}
func validateSourceHydratorPermissions(hydrator *argoappv1.SourceHydrator) []argoappv1.ApplicationCondition {
var conditions []argoappv1.ApplicationCondition
if hydrator.DrySource.RepoURL == "" {
conditions = append(conditions, argoappv1.ApplicationCondition{
Type: argoappv1.ApplicationConditionInvalidSpecError,
Message: "spec.sourceHydrator.drySource.repoURL is required",
})
}
if hydrator.SyncSource.TargetBranch == "" {
conditions = append(conditions, argoappv1.ApplicationCondition{
Type: argoappv1.ApplicationConditionInvalidSpecError,
Message: "spec.sourceHydrator.syncSource.targetBranch is required",
})
}
if hydrator.HydrateTo != nil && hydrator.HydrateTo.TargetBranch == "" {
conditions = append(conditions, argoappv1.ApplicationCondition{
Type: argoappv1.ApplicationConditionInvalidSpecError,
Message: "when spec.sourceHydrator.hydrateTo is set, spec.sourceHydrator.hydrateTo.path is required",
})
}
return conditions
}
// ValidatePermissions ensures that the referenced cluster has been added to Argo CD and the app source repo and destination namespace/cluster are permitted in app project
func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, proj *argoappv1.AppProject, db db.ArgoDB) ([]argoappv1.ApplicationCondition, error) {
conditions := make([]argoappv1.ApplicationCondition, 0)
if spec.HasMultipleSources() {
if spec.SourceHydrator != nil {
condition := validateSourceHydratorPermissions(spec.SourceHydrator)
if len(condition) > 0 {
conditions = append(conditions, condition...)
return conditions, nil
}
if !proj.IsSourcePermitted(spec.SourceHydrator.GetDrySource()) {
conditions = append(conditions, argoappv1.ApplicationCondition{
Type: argoappv1.ApplicationConditionInvalidSpecError,
Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.GetSource().RepoURL, spec.Project),
})
}
} else if spec.HasMultipleSources() {
for _, source := range spec.Sources {
condition := validateSourcePermissions(ctx, source, proj, spec.Project, spec.HasMultipleSources())
if len(condition) > 0 {

Some files were not shown because too many files have changed in this diff Show More