Update manifests to v1.3.2

* Make directory enforcer more lenient and add flag

* Fixes

* Lint fixes

* Lint fixes

* Fixed test

* Minor

* Removed enforcer option

* Move directory traversal check higher up

* Go fmt

* Allow URLs

* Added test

.circleci/config.yml

@@ -1,15 +1,5 @@
 version: 2.1
 commands:
-  prepare_environment:
-    steps:
-      - run:
-          name: Configure environment
-          command: |
-            set -x
-            echo "export GOCACHE=/tmp/go-build-cache" | tee -a $BASH_ENV
-            echo "export ARGOCD_TEST_VERBOSE=true" | tee -a $BASH_ENV
-            echo "export ARGOCD_TEST_PARALLELISM=8" | tee -a $BASH_ENV
-            echo "export ARGOCD_SONAR_VERSION=4.2.0.1873" | tee -a $BASH_ENV
   configure_git:
     steps:
       - run:
@@ -21,107 +11,59 @@ commands:
             git config --global user.name "Your Name"
             echo "export PATH=/home/circleci/.go_workspace/src/github.com/argoproj/argo-cd/hack:\$PATH" | tee -a $BASH_ENV
             echo "export GIT_ASKPASS=git-ask-pass.sh" | tee -a $BASH_ENV
-  restore_vendor:
+  dep_ensure:
     steps:
       - restore_cache:
-          name: Restore vendor cache
           keys:
-            - vendor-v2-{{ checksum "Gopkg.lock" }}
-  save_vendor:
-    steps:
+            - vendor-v4-{{ checksum "Gopkg.lock" }}
+      - run:
+          name: Run dep ensure
+          command: dep ensure -v
       - save_cache:
-          name: Save vendor cache
-          key: vendor-v2-{{ checksum "Gopkg.lock" }}
-          paths:
-            - ./vendor
-      - persist_to_workspace:
-          root: .
+          key: vendor-v4-{{ checksum "Gopkg.lock" }}
           paths:
             - vendor
-  save_coverage_info:
-    steps:
-      - persist_to_workspace:
-          root: .
-          paths:
-            - coverage.out
-  save_node_modules:
-    steps:
-      - persist_to_workspace:
-          root: ~/argo-cd
-          paths:
-            - ui/node_modules
-  attach_vendor:
-    steps:
-      - attach_workspace:
-          at: .
   install_golang:
     steps:
       - run:
-          name: Install Golang v1.14.1
+          name: Install Golang v1.12.6
           command: |
-            go get golang.org/dl/go1.14.1
-            [ -e /home/circleci/sdk/go1.14.1 ] || go1.14.1 download
-            go env
+            go get golang.org/dl/go1.12.6
+            [ -e /home/circleci/sdk/go1.12.6 ] || go1.12.6 download
             echo "export GOPATH=/home/circleci/.go_workspace" | tee -a $BASH_ENV
-            echo "export PATH=/home/circleci/sdk/go1.14.1/bin:\$PATH" | tee -a $BASH_ENV
+            echo "export PATH=/home/circleci/sdk/go1.12.6/bin:\$PATH" | tee -a $BASH_ENV
   save_go_cache:
     steps:
       - save_cache:
-          key: go-v2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}
-          # https://circleci.com/docs/2.0/language-go/
+          key: go-v18-{{ .Branch }}
           paths:
+            - /home/circleci/.go_workspace
             - /home/circleci/.cache/go-build
-            - /home/circleci/sdk/go1.14.1
+            - /home/circleci/sdk/go1.12.6
   restore_go_cache:
     steps:
       - restore_cache:
           keys:
-            - go-v2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}
-
-  save_go_cache_docker:
-    steps:
-      - save_cache:
-          name: Save Go build cache
-          key: go-docker-v2-{{ .Branch }}-{{ .Environment.CIRCLE_WORKFLOW_ID }}
-          # https://circleci.com/docs/2.0/language-go/
-          paths:
-            - /tmp/go-build-cache
-  restore_go_cache_docker:
-    steps:
-      - restore_cache:
-          name: Restore Go build cache
-          keys:
-            - go-docker-v2-{{ .Branch }}-{{ .Environment.CIRCLE_WORKFLOW_ID }}
+            - go-v18-{{ .Branch }}
+            - go-v18-master
+            - go-v17-{{ .Branch }}
+            - go-v17-master
 jobs:
-  build:
-    docker:
-      - image: argoproj/argocd-test-tools:v0.5.0
-    working_directory: /go/src/github.com/argoproj/argo-cd
-    steps:
-      - prepare_environment
-      - checkout
-      - restore_vendor
-      - run:
-          name: Ensuring Gopkg.lock is up-to-date
-          command: make dep-check-local
-      - run:
-          name: Syncing vendor dependencies
-          command: dep ensure -v
-      - run: make build-local
-      - run: chmod -R 777 vendor
-      - run: chmod -R 777 ${GOCACHE}
-      - save_vendor
-      - save_go_cache_docker
-
   codegen:
     docker:
-      - image: argoproj/argocd-test-tools:v0.5.0
+      - image: circleci/golang:1.12
     working_directory: /go/src/github.com/argoproj/argo-cd
     steps:
-      - prepare_environment
       - checkout
-      - restore_vendor
-      - run: helm2 init --client-only
+      - restore_cache:
+          keys: [codegen-v2]
+      - run: ./hack/install.sh codegen-go-tools
+      - run: sudo ./hack/install.sh codegen-tools
+      - run: dep ensure
+      - save_cache:
+          key: codegen-v2
+          paths: [vendor, /tmp/dl, /go/pkg]
+      - run: helm init --client-only
       - run: make codegen-local
       - run:
           name: Check nothing has changed
@@ -136,122 +78,40 @@ jobs:
           path: codegen.patch
           destination: .
   test:
-    working_directory: /go/src/github.com/argoproj/argo-cd
-    docker:
-      - image: argoproj/argocd-test-tools:v0.5.0
+    working_directory: /home/circleci/.go_workspace/src/github.com/argoproj/argo-cd
+    machine:
+      image: circleci/classic:201808-01
     steps:
-      - prepare_environment
+      - restore_go_cache
+      - install_golang
       - checkout
+      - restore_cache:
+          key: test-dl-v1
+      - run: sudo ./hack/install.sh kubectl-linux kubectx-linux dep-linux ksonnet-linux helm-linux kustomize-linux
+      - save_cache:
+          key: test-dl-v1
+          paths: [/tmp/dl]
       - configure_git
-      - restore_vendor
-      - run: dep ensure -v
-      - restore_go_cache_docker
-      - run: make test-local
+      - run: go get github.com/jstemmer/go-junit-report
+      - dep_ensure
+      - save_go_cache
+      - run: make test
       - run:
           name: Uploading code coverage
           command: bash <(curl -s https://codecov.io/bash) -f coverage.out
-      - run:
-          name: Output of test-results
-          command: |
-            ls -l test-results || true
-            cat test-results/junit.xml || true
-      - save_coverage_info
       - store_test_results:
           path: test-results
       - store_artifacts:
           path: test-results
           destination: .
-  
-  lint:
-    working_directory: /go/src/github.com/argoproj/argo-cd
-    docker:
-      - image: argoproj/argocd-test-tools:v0.5.0
-    steps:
-      - prepare_environment
-      - checkout
-      - configure_git
-      - restore_vendor
-      - run: dep ensure -v
-      - restore_go_cache_docker
-      - run:
-          name: Run golangci-lint
-          command: ARGOCD_LINT_GOGC=10 make lint-local
-      - run:
-          name: Check that nothing has changed
-          command: |
-            gDiff=$(git diff)
-            if test "$gDiff" != ""; then
-              echo
-              echo "###############################################################################"
-              echo "golangci-lint has made automatic corrections to your code. Please check below"
-              echo "diff output and commit this to your local branch, or run make lint locally."
-              echo "###############################################################################"
-              echo
-              git diff
-              exit 1
-            fi
-
-  sonarcloud:
-    working_directory: /go/src/github.com/argoproj/argo-cd
-    docker:
-      - image: argoproj/argocd-test-tools:v0.5.0
-    environment:
-      NODE_MODULES: /go/src/github.com/argoproj/argo-cd/ui/node_modules
-    steps:
-      - prepare_environment
-      - checkout
-      - attach_workspace:
-          at: .
-      - run:
-          command: mkdir -p /tmp/cache/scanner
-          name: Create cache directory if it doesn't exist
-      - restore_cache:
-          keys:
-            - v1-sonarcloud-scanner-4.2.0.1873
-      - run:
-          command: |
-            set -e
-            VERSION=4.2.0.1873
-            SONAR_TOKEN=$SONAR_TOKEN
-            SCANNER_DIRECTORY=/tmp/cache/scanner
-            export SONAR_USER_HOME=$SCANNER_DIRECTORY/.sonar
-            OS="linux"
-            echo $SONAR_USER_HOME
-
-            if [[ ! -x "$SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner" ]]; then
-              curl -Ol https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$VERSION-$OS.zip
-              unzip -qq -o sonar-scanner-cli-$VERSION-$OS.zip -d $SCANNER_DIRECTORY
-            fi
-
-            chmod +x $SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner
-            chmod +x $SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/jre/bin/java
-
-            # Workaround for a possible bug in CircleCI
-            if ! echo $CIRCLE_PULL_REQUEST | grep https://github.com/argoproj; then
-              unset CIRCLE_PULL_REQUEST
-              unset CIRCLE_PULL_REQUESTS
-            fi
-
-            # Explicitly set NODE_MODULES
-            export NODE_MODULES=/go/src/github.com/argoproj/argo-cd/ui/node_modules
-            export NODE_PATH=/go/src/github.com/argoproj/argo-cd/ui/node_modules
-
-            $SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner
-          name: SonarCloud
-      - save_cache:
-          key: v1-sonarcloud-scanner-4.2.0.1873
-          paths:
-            - /tmp/cache/scanner
-    
   e2e:
     working_directory: /home/circleci/.go_workspace/src/github.com/argoproj/argo-cd
     machine:
-      image: ubuntu-1604:201903-01
+      image: circleci/classic:201808-01
     environment:
       ARGOCD_FAKE_IN_CLUSTER: "true"
       ARGOCD_SSH_DATA_PATH: "/tmp/argo-e2e/app/config/ssh"
       ARGOCD_TLS_DATA_PATH: "/tmp/argo-e2e/app/config/tls"
-      ARGOCD_E2E_K3S: "true"
     steps:
       - run:
           name: Install and start K3S v0.5.0
@@ -259,60 +119,65 @@ jobs:
             curl -sfL https://get.k3s.io | sh -
             sudo chmod -R a+rw /etc/rancher/k3s
             kubectl version
+          background: true
           environment:
             INSTALL_K3S_EXEC: --docker
             INSTALL_K3S_VERSION: v0.5.0
-      - prepare_environment
-      - restore_go_cache_docker
+      - restore_go_cache
+      - install_golang
       - checkout
       - restore_cache:
-          keys: [e2e-dl-v2]
-      - run: sudo ./hack/install.sh dep-linux
+          keys: [e2e-dl-v1]
+      - run: sudo ./hack/install.sh kubectx-linux dep-linux ksonnet-linux helm-linux kustomize-linux
+      - run: go get github.com/jstemmer/go-junit-report
       - save_cache:
-          key: e2e-dl-v2
+          key: e2e-dl-v10
           paths: [/tmp/dl]
-      - attach_vendor
-      - run: dep ensure -v
+      - dep_ensure
+      - configure_git
+      - run: make cli
       - run:
-          name: Update kubectl configuration for container
+          name: Create namespace
           command: |
-            ipaddr=$(ifconfig $IFACE |grep "inet " | awk '{print $2}')
-            if echo $ipaddr | grep -q 'addr:'; then
-              ipaddr=$(echo $ipaddr | awk -F ':' '{print $2}')
-            fi
-            test -d $HOME/.kube || mkdir -p $HOME/.kube
-            kubectl config view --raw | sed -e "s/127.0.0.1:6443/${ipaddr}:6443/g" -e "s/localhost:6443/${ipaddr}:6443/g" > $HOME/.kube/config
-          environment:
-            IFACE: ens4
+            set -x
+            kubectl create ns argocd-e2e
+            kubens argocd-e2e
+            # install the certificates (not 100% sure we need this)
+            sudo cp /var/lib/rancher/k3s/server/tls/token-ca.crt /usr/local/share/ca-certificates/k3s.crt
+            sudo update-ca-certificates
+            # create the kubecfg, again - not sure we need this
+            cat /etc/rancher/k3s/k3s.yaml | sed "s/localhost/`hostname`/" | tee ~/.kube/config
+            echo "127.0.0.1 `hostname`" | sudo tee -a /etc/hosts
       - run:
-          name: Start E2E test server
-          command: make start-e2e
+          name: Apply manifests
+          command: kustomize build test/manifests/base | kubectl apply -f -
+      - run:
+          name: Start Redis
+          command: docker run --rm --name argocd-redis -i -p 6379:6379 redis:5.0.3-alpine --save "" --appendonly no
           background: true
-          environment:
-            DOCKER_SRCDIR: /home/circleci/.go_workspace/src
-            ARGOCD_E2E_TEST: "true"
-            ARGOCD_IN_CI: "true"
       - run:
-          name: Wait for API server to become available
-          command: |
-            count=1
-            until curl -v http://localhost:8080/healthz; do 
-              sleep 10;
-              if test $count -ge 60; then
-                echo "Timeout"
-                exit 1
-              fi
-              count=$((count+1))
-            done
+          name: Start repo server
+          command: go run ./cmd/argocd-repo-server/main.go --loglevel debug --redis localhost:6379
+          background: true
       - run:
-          name: Run E2E tests
+          name: Start API server
+          command: go run ./cmd/argocd-server/main.go --loglevel debug --redis localhost:6379 --insecure --dex-server http://localhost:5556 --repo-server localhost:8081 --staticassets ../argo-cd-ui/dist/app
+          background: true
+      - run:
+          name: Start Test Git
           command: |
-            make test-e2e
+            test/fixture/testrepos/start-git.sh
+          background: true
+      - run: until curl -v http://localhost:8080/healthz; do sleep 10; done
+      - run:
+          name: Start controller
+          command: go run ./cmd/argocd-application-controller/main.go --loglevel debug --redis localhost:6379 --repo-server localhost:8081 --kubeconfig ~/.kube/config
+          background: true
+      - run:
+          command: PATH=dist:$PATH make test-e2e
           environment:
-            ARGOCD_OPTS: "--plaintext"
+            ARGOCD_OPTS: "--server localhost:8080 --plaintext"
             ARGOCD_E2E_K3S: "true"
-            IFACE: ens4
-            DOCKER_SRCDIR: /home/circleci/.go_workspace/src
       - store_test_results:
           path: test-results
       - store_artifacts:
@@ -333,33 +198,17 @@ jobs:
           key: yarn-packages-v4-{{ checksum "yarn.lock" }}
           paths: [~/.cache/yarn, node_modules]
       - run: yarn test
-      - run: ./node_modules/.bin/codecov -p ..
-      - run: NODE_ENV='production' yarn build
+      - run: yarn build
       - run: yarn lint
-      - save_node_modules
-
-orbs:
-  sonarcloud: sonarsource/sonarcloud@1.0.1
-
 workflows:
   version: 2
   workflow:
     jobs:
-      - build
-      - test:
-          requires:
-            - build
+      - test
       - codegen:
           requires:
-            - build
+            - test
       - ui:
           requires:
-            - build
-      - sonarcloud:
-          context: SonarCloud
-          requires:
-            - test
-            - ui
-      - e2e:
-          requires:
-            - build
+            - codegen
+      - e2e

.codecov.yml

@@ -13,5 +13,5 @@ coverage:
     patch: off
     project:
       default:
-        # allow test coverage to drop by 2%, assume that it's typically due to CI problems
-        threshold: 2
+        # allow test coverage to drop by 1%, assume that it's typically due to CI problems
+        threshold: 1

.github/ISSUE_TEMPLATE/bug_report.md

@@ -5,13 +5,8 @@ title: ''
 labels: 'bug'
 assignees: ''
 ---
-
-If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a
-question in argocd slack [channel](https://argoproj.github.io/community/join-slack).
-
 Checklist:
 
-* [ ] I've searched in the docs and FAQ for my answer: http://bit.ly/argocd-faq.
 * [ ] I've included steps to reproduce the bug.
 * [ ] I've pasted the output of `argocd version`.
 

.github/pull_request_template.md

@@ -1,7 +1,5 @@
 Checklist:
 
-* [ ] Either (a) I've created an [enhancement proposal](https://github.com/argoproj/argo-cd/issues/new/choose) and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
-* [ ] The title of the PR states what changed and the related issues number (used for the release note).
-* [ ] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
-* [ ] Optional. My organization is added to USERS.md.
-* [ ] I've signed the CLA and my build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)). 
+* [ ] I've created an [enhancement proposal](https://github.com/argoproj/argo-cd/issues/new/choose) and I feel I've gotten a green light from the community. 
+* [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)). 
+* [ ] Optional. My organisation is added to the README.

.github/workflows/gh-pages.yaml

@@ -1,27 +0,0 @@
-name: Deploy
-
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Setup Python
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.x
-      - name: build
-        run: |
-          pip install mkdocs==1.0.4 mkdocs_material==4.1.1
-          mkdocs build
-          mkdir ./site/.circleci && echo '{version: 2, jobs: {build: {branches: {ignore: gh-pages}}}}' > ./site/.circleci/config.yml
-      - name: deploy
-        uses: peaceiris/actions-gh-pages@v2.5.0
-        env:
-          PERSONAL_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
-          PUBLISH_BRANCH: gh-pages
-          PUBLISH_DIR: ./site

.github/workflows/image.yaml

@@ -1,59 +0,0 @@
-name: Image
-
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    env:
-      GOPATH: /home/runner/work/argo-cd/argo-cd
-    steps:
-      - uses: actions/setup-go@v1
-        with:
-          go-version: '1.14.1'
-      - uses: actions/checkout@master
-        with:
-          path: src/github.com/argoproj/argo-cd
-      - uses: actions/cache@v1
-        with:
-          path: src/github.com/argoproj/argo-cd/vendor
-          key: ${{ runner.os }}-go-dep-${{ hashFiles('**/Gopkg.lock') }}
-      # download dependencies
-      - run: mkdir -p $GITHUB_WORKSPACE/bin && curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-        working-directory: src/github.com/argoproj/argo-cd
-      - run: $GOPATH/bin/dep ensure -v
-        working-directory: ./src/github.com/argoproj/argo-cd
-
-      # get image tag
-      - run: echo ::set-output name=tag::$(cat ./VERSION)-${GITHUB_SHA::8}
-        working-directory: ./src/github.com/argoproj/argo-cd
-        id: image
-
-      # build
-      - run: |
-          docker images -a --format "{{.ID}}" | xargs -I {} docker rmi {}
-          make image DEV_IMAGE=true DOCKER_PUSH=false IMAGE_NAMESPACE=docker.pkg.github.com/argoproj/argo-cd IMAGE_TAG=${{ steps.image.outputs.tag }}
-        working-directory: ./src/github.com/argoproj/argo-cd
-
-      # publish
-      - run: |
-          docker login docker.pkg.github.com --username $USERNAME --password $PASSWORD
-          docker push docker.pkg.github.com/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }}
-        env:
-          USERNAME: ${{ secrets.USERNAME }}
-          PASSWORD: ${{ secrets.TOKEN }}
-
-      # deploy
-      - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
-        env:
-          TOKEN: ${{ secrets.TOKEN }}
-      - run: |
-          docker run -v $(pwd):/src -w /src --rm -t lyft/kustomizer:v3.3.0 kustomize edit set image argoproj/argocd=docker.pkg.github.com/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }}
-          git config --global user.email 'ci@argoproj.com'
-          git config --global user.name 'CI'
-          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push)
-        working-directory: argoproj-deployments/argocd
-      # TODO: clean up old images once github supports it: https://github.community/t5/How-to-use-Git-and-GitHub/Deleting-images-from-Github-Package-Registry/m-p/41202/thread-id/9811

.gitignore

@@ -9,6 +9,4 @@ site/
 cmd/**/debug
 debug.test
 coverage.out
-test-results
-.scannerwork
-.scratch
+test-results

.golangci.yml

@@ -1,5 +1,5 @@
 run:
-  timeout: 2m
+  deadline: 2m
   skip-files:
     - ".*\\.pb\\.go"
   skip-dirs:

CHANGELOG.md

@@ -1,559 +1,5 @@
 # Changelog
 
-## v1.5.3 (Unreleased)
-
-This patch release introduces a set of enhancements and bug fixes. Here are most notable changes:
-
-#### Multiple Kustomize Versions
-
-The bundled Kustomize version had been upgraded to v3.5.4. Argo CD allows changing bundled version using
-[custom image or init container](https://argoproj.github.io/argo-cd/operator-manual/custom_tools/). 
-This [feature](https://argoproj.github.io/argo-cd/user-guide/kustomize/#custom-kustomize-versions)
-enables bundling multiple Kustomize versions at the same time and allows end-users to specify the required version per application.
-
-#### Custom Root Path
-
-The feature allows accessing Argo CD UI and API using a custom root path(for example https://myhostname/argocd).
-This enables running Argo CD behind a proxy that takes care of user authentication (such as Ambassador) or hosting
-multiple Argo CD using the same hostname. A set of bug fixes and enhancements had been implemented to makes it easier.
-Use new `--rootpath` [flag](https://argoproj.github.io/argo-cd/operator-manual/ingress/#argocd-server-and-ui-root-path-v153) to enable the feature.
-
-### Login Rate Limiting
-
-The feature prevents a built-in user password brute force attack and addresses the known 
-[vulnerability](https://argoproj.github.io/argo-cd/security_considerations/#cve-2020-8827-insufficient-anti-automationanti-brute-force).
-
-### Settings Management Tools
-
-A new set of [CLI commands](https://argoproj.github.io/argo-cd/operator-manual/troubleshooting/) that simplify configuring Argo CD.
-Using the CLI you can test settings changes offline without affecting running Argo CD instance and have ability to troubleshot diffing
-customizations, custom resource health checks, and more.
-
-### Other
-
-* New Project and Application CRD settings ([#2900](https://github.com/argoproj/argo-cd/issues/2900), [#2873](https://github.com/argoproj/argo-cd/issues/2873)) that allows customizing Argo CD behavior.
-* Upgraded Dex (v2.22.0) enables seamless [SSO integration](https://www.openshift.com/blog/openshift-authentication-integration-with-argocd) with Openshift.
-
-
-#### Enhancements
-
-* feat: added --grpc-web-root-path for CLI. (#3483)
-* feat: limit the maximum number of concurrent login attempts (#3467)
-* feat: upgrade kustomize version to 3.5.4 (#3472)
-* feat: upgrade dex to 2.22.0 (#3468)
-* feat: support user specified account token ids (#3425)
-* feat: support separate Kustomize version per application (#3414)
-* feat: add support for dex prometheus metrics (#3249)
-* feat: add settings troubleshooting commands to the 'argocd-util' binary (#3398)
-* feat: Let user to define meaningful unique JWT token name (#3388)
-* feat: Display link between OLM ClusterServiceVersion and it's OperatorGroup (#3390)
-* feat: Introduce sync-option SkipDryRunOnMissingResource=true (#2873) (#3247)
-* feat: support normalizing CRD fields that use known built-in K8S types (#3357)
-* feat: Whitelisted namespace resources (#2900)
-
-#### Bug Fixes
-
-* fix: added path to cookie (#3501)
-* fix: 'argocd sync' does not take into account IgnoreExtraneous annotation (#3486)
-* fix: CLI renders flipped diff results (#3480)
-* fix: GetApplicationSyncWindows API should not validate project permissions (#3456)
-* fix: argocd-util kubeconfig should use RawRestConfig to export config (#3447)
-* fix: javascript error on accounts list page (#3453)
-* fix: support both <group>/<kind> as well as <kind> as a resource override key (#3433)
-* fix: Updating to jsonnet v1.15.0 fix issue #3277 (#3431)
-* fix for helm repo add with flag --insecure-skip-server-verification (#3420)
-* fix: app diff --local support for helm repo. #3151 (#3407)
-* fix: Syncing apps incorrectly states "app synced", but this is not true (#3286)
-* fix: for jsonnet when it is localed in nested subdirectory and uses import (#3372)
-* fix: Update 4.5.3 redis-ha helm manifest (#3370)
-* fix: return 401 error code if username does not exist (#3369)
-* fix: Do not panic while running hooks with short revision (#3368)
-
-## v1.5.2 (2020-04-20)
-
-#### Critical security fix
-
-This release contains a critical security fix. Please refer to the
-[security document](https://argoproj.github.io/argo-cd/security_considerations/#CVE-2020-5260-possible-git-credential-leak)
-for more information.
-
-**Upgrading is strongly recommended**
-
-## v1.4.3 (2020-04-20)
-
-#### Critical security fix
-
-This release contains a critical security fix. Please refer to the
-[security document](https://argoproj.github.io/argo-cd/security_considerations/#CVE-2020-5260-possible-git-credential-leak)
-for more information.
-
-## v1.5.1 (2020-04-06)
-
-#### Bug Fixes
-
-* fix: return 401 error code if username does not exist (#3369)
-* fix: Do not panic while running hooks with short revision (#3368)
-* fix: Increase HAProxy check interval to prevent intermittent failures (#3356)
-* fix: Helm v3 CRD are not deployed (#3345)
-
-## v1.5.0 (2020-04-02)
-
-#### Helm Integration Enhancements - Helm 3 Support And More
-
-Introduced native support Helm3 charts. For backward compatibility Helm 2 charts are still rendered using Helm 2 CLI. Argo CD inspects the
-Charts.yaml file and choose the right binary based on `apiVersion` value.
-
-Following enhancement were implemented in addition to Helm 3:
-* The `--api-version` flag is passed to the `helm template` command during manifest generation.
-* The `--set-file` flag can be specified in the application specification.
-* Fixed bug that prevents automatically update Helm chart when new version is published (#3193)
-
-#### Better Performance and Improved Metrics
-
- If you are running Argo CD instances with several hundred applications on it, you should see a
- huge performance boost and significantly less Kubernetes API server load.
-
- The Argo CD controller Prometheus metrics have been reworked to enable a richer Grafana dashboard.
- The improved dashboard is available at [examples/dashboard.json](https://github.com/argoproj/argo-cd/blob/master/examples/dashboard.json).
- You can set `ARGOCD_LEGACY_CONTROLLER_METRICS=true` environment variable and use [examples/dashboard-legacy.json](https://github.com/argoproj/argo-cd/blob/master/examples/dashboard-legacy.json)
- to keep using old dashboard.
-
-#### Local accounts
-
-The local accounts had been introduced additional to `admin` user and SSO integration. The feature is useful for creating authentication
-tokens with limited permissions to automate Argo CD management. Local accounts also could be used small by teams when SSO integration is overkill.
-This enhancement also allows to disable admin user and enforce only SSO logins.
-
-#### Redis HA Proxy mode
-
-As part of this release, the bundled Redis was upgraded to version 4.3.4 with enabled HAProxy.
-The HA proxy replaced the sentinel and provides more reliable Redis connection.
-
-> After publishing 1.5.0 release we've discovered that default HAProxy settings might cause intermittent failures.
-> See [argo-cd#3358](https://github.com/argoproj/argo-cd/issues/3358)
-
-#### Windows CLI
-
-Windows users deploy to Kubernetes too! Now you can use Argo CD CLI on Linux, Mac OS, and Windows. The Windows compatible binary is available 
-in the release details page as well as on the Argo CD Help page.
-
-#### Breaking Changes
-
-The `argocd_app_sync_status`, `argocd_app_health_status` and `argocd_app_created_time` prometheus metrics are deprecated in favor of additional labels
-to `argocd_app_info` metric. The deprecated labels are still available can be re-enabled using `ARGOCD_LEGACY_CONTROLLER_METRICS=true` environment variable.
-The legacy example Grafana dashboard is available at [examples/dashboard-legacy.json](https://github.com/argoproj/argo-cd/blob/master/examples/dashboard-legacy.json). 
-
-####  Known issues
-Last-minute bugs that will be addressed in 1.5.1 shortly:
- 
-* https://github.com/argoproj/argo-cd/issues/3336
-* https://github.com/argoproj/argo-cd/issues/3319
-* https://github.com/argoproj/argo-cd/issues/3339
-* https://github.com/argoproj/argo-cd/issues/3358
-
-#### Enhancements
-* feat: support helm3 (#2383) (#3178)
-* feat: Argo CD Service Account / Local Users #3185
-* feat: Disable Admin Login (fixes #3019) (#3179)
-* feat(ui): add docs to sync policy options present in create application panel (Close #3098) (#3203)
-* feat: add "service-account" flag to "cluster add" command (#3183) (#3184)
-* feat: Supports the validate-false option at an app level. Closes #1063 (#2542)
-* feat: add dest cluster and namespace in the Events (#3093)
-* feat: Rollback disables auto sync issue #2441 (#2591)
-* feat: allow ssh and http repository references in bitbucketserver webhook #2773 (#3036)
-* feat: Add helm --set-file support (#2751)
-* feat: Include resource group for Event's InvolvedObject.APIVersion
-* feat: Add argocd cmd for Windows #2121 (#3015)
-
-#### Bug Fixes
-
-- fix: app reconciliation fails with panic: index out of (#3233)
-- fix: upgrade argoproj/pkg version to fix leaked sensitive information in logs (#3230)
-- fix: set MaxCallSendMsgSize to MaxGRPCMessageSize for the GRPC caller (#3117)
-- fix: stop caching helm index (#3193)
-- fix: dex proxy should forward request to dex preserving the basehref (#3165)
-- fix: set default login redirect to baseHRef (#3164)
-- fix: don't double-prepend basehref to redirect URLs (fixes #3137)
-- fix: ui referring to /api/version using absolute path (#3092)
-- fix: Unhang UI on long app info items by using more sane URL match pattern (#3159)
-- fix: Allow multiple hostnames per SSH known hosts entry and also allow IPv6 (#2814) (#3074)
-- fix: argocd-util backup produced truncated backups. import app status (#3096)
-- fix: upgrade redis-ha chart and enable haproxy (#3147)
-- fix: make dex server deployment init container resilient to restarts (#3136)
-- fix: reduct secret values of manifests stored in git (#3088)
-- fix: labels not being deleted via UI (#3081)
-- fix: HTTP|HTTPS|NO_PROXY env variable reading #3055 (#3063)
-- fix: Correct usage text for repo add command regarding insecure repos (#3068)
-- fix: Ensure SSH private key is written out with a final newline character (#2890) (#3064)
-- fix: Handle SSH URLs in 'git@server:org/repo' notation correctly (#3062)
-- fix sso condition when several sso connectors has been configured (#3057)
-- fix: Fix bug where the same pointer is used. (#3059)
-- fix: Opening in new tab bad key binding on Linux (#3020)
-- fix: K8s secrets for repository credential templates are not deleted when credential template is deleted (#3028)
-- fix: SSH credential template not working #3016
-- fix: Unable to parse kubectl pre-release version strings (#3034)
-- fix: Jsonnet TLA parameters of same type are overwritten (#3022)
-- fix: Replace aws-iam-authenticator to support IRSA (#3010)
-- fix: Hide bindPW in dex config (#3025)
-- fix: SSH repo URL with a user different from `git` is not matched correctly when resolving a webhook (#2988)
-- fix: JWT invalid => Password for superuser has changed since token issued (#2108)
-
-#### Contributors
-* alexandrfox
-* alexec
-* alexmt
-* bergur88
-* CBytelabs
-* dbeal-wiser 
-* dnascimento
-* Elgarni
-* eSamS
-* gpaul
-* jannfis
-* jdmulloy
-* machgo
-* masa213f
-* matthyx
-* rayanebel
-* shelby-moore
-* tomcruise81
-* wecger
-* zeph
-
-## v1.4.2 (2020-01-24)
-
-- fix: correctly replace cache in namespace isolation mode (#3023)
-
-## v1.4.1 (2020-01-23)
-
-- fix: impossible to config RBAC if group name includes ',' (#3013)
-
-## v1.4.0 (2020-01-17)
-
-The v1.4.0 is a stability release that brings multiple bug fixes, security, performance enhancements, and multiple usability improvements.
-
-#### New Features
-
-#### Security
-A number of security enhancements and features have been implemented (thanks to [@jannfis](https://github.com/jannfis) for driving it! ):
-* **Repository Credential Templates Management UI/CLI**. Now you can use Argo CD CLI or UI to configure
-[credentials template](https://argoproj.github.io/argo-cd/user-guide/private-repositories/#credential-templates) for multiple repositories!
-* **X-Frame-Options header on serving static assets**. The X-Frame-Options prevents third party sites to trick users into interacting with the application.
-* **Tighten AppProject RBAC enforcement**. We've improved the enforcement of access rules specified in the
-[application project](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#projects) configuration.
-
-#### Namespace Isolation
-With the namespace isolation feature, you are no longer have to give full read-only cluster access to the Argo CD. Instead, you can give access only to selected namespaces with-in
-the cluster:
-
-```bash
-argocd cluster add <mycluster> --namespace <mynamespace1> --namespace <mynamespace2>
-```
-
-This feature is useful if you don't have full cluster access but still want to use Argo CD to manage some cluster namespaces. The feature also improves performance if Argo CD is
-used to manage a few namespaces of a large cluster.
-
-#### Reconciliation Performance
-The Argo CD no longer fork/exec `kubectl` to apply resource changes in the target cluster or convert resource manifest to the required manifest version. This reduces
-CPU and Memory usage of large Argo CD instances.
-
-#### Resources Health based Hook Status
-The existing Argo CD [resource hooks](https://argoproj.github.io/argo-cd/user-guide/resource_hooks/) feature allows running custom logic during the syncing process. You can mark
-any Kubernetes resource as a hook and Argo CD assess hook status if resource is a `Pod`, `Job` or `Argo Workflow`. In the v1.4.0 release Argo CD is going to leverage resource
-[health assessment](https://argoproj.github.io/argo-cd/operator-manual/health/) to get sync hook status. This allows using any custom CRD as a sync hook and leverage custom health
-check logic.
-
-#### Manifest Generation
-* **Track Helm Charts By Semantic Version**. You've been able to track charts hosted in Git repositories using branches to tags. This is now possible for Helm charts. You no longer
- need to choose the exact version, such as v1.4.0 ,instead you can use a semantic version constraint such as v1.4.* and the latest version that matches will be installed.
-* **Build Environment Variables**. Feature allows config management tool to get access to app details during manifest generation via
-[environment variables](https://argoproj.github.io/argo-cd/user-guide/build-environment/).
-* **Git submodules**. Argo CD is going to automatically fetch sub-modules if your repository has `.gitmodules` directory.
-
-#### UI and CLI
-* **Improved Resource Tree View**. The Application details page got even prettier. The resource view was tuned to fit more resources into the screen, include more information about
-each resource and don't lose usability at the same time.
-* **New Account Management CLI Command**. The CLI allows to check which actions are allowed for your account: `argocd account can-i sync applications '*'`
-
-#### Maintenance Tools
-The team put more effort into building tools that help to maintain Argo CD itself:
-* **Bulk Project Editing**. The `argocd-util` allows to add and remove permissions defined in multiple project roles using one command.
-* **More Prometheus Metrics**. A set of additional metrics that contains useful information managed clusters is exposed by application controller.
-
-More documentation and tools are coming in patch releases.
-
-#### Breaking Changes
-
-The Argo CD deletes all **in-flight** hooks if you terminate running sync operation. The hook state assessment change implemented in this release the Argo CD enables detection of 
-an in-flight state for all Kubernetes resources including `Deployment`, `PVC`, `StatefulSet`, `ReplicaSet` etc. So if you terminate the sync operation that has, for example,
-`StatefulSet` hook that is `Progressing` it will be deleted. The long-running jobs are not supposed to be used as a sync hook and you should consider using
-[Sync Waves](https://argoproj.github.io/argo-cd/user-guide/sync-waves/) instead.
-
-#### Enhancements
-* feat: Add custom healthchecks for cert-manager v0.11.0 (#2689) 
-* feat: add git submodule support (#2495)
-* feat: Add repository credential management API and CLI (addresses #2136) (#2207)
-* feat: add support for --additional-headers cli flag (#2467)
-* feat: Add support for ssh-with-port repo url (#2866) (#2948)
-* feat: Add Time to ApplicationCondition. (#2417)
-* feat: Adds `argocd auth can-i` command. Close #2255
-* feat: Adds revision history limit. Closes #2790 (#2818)
-* feat: Adds support for ARGO_CD_[TARGET_REVISION|REVISION] and pass to Custom Tool/Helm/Jsonnet 
-* feat: Adds support for Helm charts to be a semver range. Closes #2552 (#2606)
-* feat: Adds tracing to key external invocations. (#2811)
-* feat: argocd-util should allow editing project policies in bulk  (#2615)
-* feat: Displays controllerrevsion's revision in the UI. Closes #2306 (#2702)
-* feat: Issue #2559 - Add gauge Prometheus metric which represents the number of pending manifest requests. (#2658)
-* feat: Make ConvertToVersion maybe 1090% faster on average (#2820)
-* feat: namespace isolation (#2839)
-* feat: removes redundant mutex usage in controller cache and adds cluster cache metrics (#2898)
-* feat: Set X-Frame-Options on serving static assets (#2706) (#2711)
-* feat: Simplify using Argo CD without users/SSO/UI (#2688)
-* feat: Template Out Data Source in Grafana Dashboard (#2859) 
-* feat: Updates UI icons. Closes #2625 and #2757 (#2653)
-* feat: use editor arguments in InteractiveEditor (#2833)
-* feat: Use kubectl apply library instead of forking binary (#2861)
-* feat: use resource health for hook status evaluation (#2938)
-
-#### Bug Fixes
-
-- fix: Adds support for /api/v1/account* via HTTP. Fixes #2664 (#2701)
-- fix: Allow '@'-character in SSH usernames when connecting a repository (#2612)
-- fix: Allow dot in project policy. Closes #2724 (#2755)
-- fix: Allow you to sync local Helm apps.  Fixes #2741 (#2747)
-- fix: Allows Helm parameters that contains arrays or maps. (#2525)
-- fix: application-controller doesn't deal with rm/add same cluster gracefully (x509 unknown) (#2389)
-- fix: diff local ignore kustomize build options (#2942)
-- fix: Ensures that Helm charts are correctly resolved before sync. Fixes #2758 (#2760)
-- fix: Fix 'Open application' link when using basehref (#2729)
-- fix: fix a bug with cluster add when token secret is not first in list. (#2744)
-- fix: fix bug where manifests are not cached. Fixes #2770 (#2771)
-- fix: Fixes bug whereby retry does not work for CLI. Fixes #2767 (#2768)
-- fix: git contention leads applications into Unknown state (#2877)
-- fix: Issue #1944 - Gracefully handle missing cached app state (#2464)
-- fix: Issue #2668 - Delete a specified context (#2669)
-- fix: Issue #2683 - Make sure app update don't fail due to concurrent modification (#2852)
-- fix: Issue #2721 Optimize helm repo querying (#2816)
-- fix: Issue #2853 - Improve application env variables/labels editing (#2856)
-- fix: Issue 2848 - Application Deployment history panel shows incorrect info for recent releases (#2849)
-- fix: Make BeforeHookCreation the default. Fixes #2754 (#2759)
-- fix: No error on `argocd app create` in CLI if `--revision` is omitted #2665
-- fix: Only delete resources during app delete cascade if permitted to (fixes #2693) (#2695)
-- fix: prevent user from seeing/deleting resources not permitted in project (#2908) (#2910)
-- fix: self-heal should retry syncing an application after specified delay
-- fix: stop logging dex config secrets #(2904) (#2937)
-- fix: stop using jsondiffpatch on clientside to render resource difference  (#2869)
-- fix: Target Revision truncated #2736
-- fix: UI should re-trigger SSO login if SSO JWT token expires (#2891)
-- fix: update argocd-util import was not working properly (#2939)
-
-#### Contributors
-
-* Aalok Ahluwalia
-* Aananth K
-* Abhishek Jaisingh
-* Adam Johnson
-* Alan Tang
-* Alex Collins
-* Alexander Matyushentsev
-* Andrew Waters
-* Byungjin Park
-* Christine Banek
-* Daniel Helfand
-* David Hong
-* David J. M. Karlsen
-* David Maciel
-* Devan Goodwin
-* Devin Stein
-* dthomson25
-* Gene Liverman
-* Gregor Krmelj
-* Guido Maria Serra
-* Ilir Bekteshi
-* Imran Ismail
-* INOUE BANJI
-* Isaac Gaskin
-* jannfis
-* Jeff Hastings
-* Jesse Suen
-* John Girvan
-* Konstantin
-* Lev Aminov
-* Manatsawin Hanmongkolchai
-* Marco Schmid
-* Masayuki Ishii
-* Michael Bridgen
-* Naoki Oketani
-* niqdev
-* nitinpatil1992
-* Olivier Boukili
-* Olivier Lemasle
-* Omer Kahani
-* Paul Brit
-* Qingbo Zhou
-* Saradhi Sreegiriraju
-* Scott Cabrinha
-* shlo
-* Simon Behar
-* stgarf
-* Yujun Zhang
-* Zoltán Reegn
-
-## v1.3.4 (2019-12-05)
-- #2819 Fixes logging of tracing option in CLI
-
-## v1.3.3 (2019-12-05)
-- #2721 High CPU utilisation (5 cores) and spammy logs
-
-## v1.3.2 (2019-12-03)
-- #2797 Fix directory traversal edge case and enhance tests
-
-## v1.3.1 (2019-12-02)
-- #2664 update account password from API resulted 404
-- #2724 Can't use `DNS-1123` compliant app name when creating project role
-- #2726 App list does not show chart for Helm app
-- #2741 argocd local sync cannot parse kubernetes version
-- #2754 BeforeHookCreation should be the default hook
-- #2767 Fix bug whereby retry does not work for CLI
-- #2770 Always cache miss for manifests
-- #1345 argocd-application-controller: can not retrieve list of objects using index : Index with name namespace does not exist
-
-## v1.3.0 (2019-11-13)
-
-#### New Features
-
-##### Helm 1st-Class Support
-
-We know that for many of our users, they want to deploy existing Helm charts using Argo CD. Up until now that has required you to create an Argo CD app in a Git repo that does nothing but point to that chart. Now you can use a Helm chart repository is the same way as a Git repository.
-
-On top of that, we've improved support for Helm apps. The most common types of Helm hooks such as `pre-install` and `post-install` are supported as well as a the delete policy `before-hook-creation` which makes it easier to work with hooks.
-
-https://youtu.be/GP7xtrnNznw
-
-##### Orphan Resources
-
-Some users would like to make sure that resources in a namespace are managed only by Argo CD. So we've introduced the concept of an "orphan resource" - any resource that is in namespace associated with an app, but not managed by Argo CD. This is enabled in the project settings. Once enabled, Argo CD will show in the app view any resources in the app's namepspace that is not mananged by Argo CD. 
-
-https://youtu.be/9ZoTevVQf5I
-
-##### Sync Windows
-
-There may be instances when you want to control the times during which an Argo CD app can sync. Sync Windows now gives you the capability to create windows of time in which apps are either allowed or denied the ability to sync. This can apply to both manual and auto-sync, or just auto-sync. The windows are configured at the project level and assigned to apps using app name, namespace or cluster. Wildcards are supported for all fields.
-
-#### Enhancements
-
-* [UI] Add application labels to Applications list and Applications details page (#1099)
-* Helm repository as first class Argo CD Application source (#1145)
-* Ability to generate a warn/alert when a namespace deviates from the expected state (#1167)
-* Improve diff support for resource requests/limits (#1615)
-* HTTP API should allow JWT to be passed via Authorization header (#1642)
-* Ability to create & upsert projects from spec (#1852)
-* Support for in-line block from helm chart values (#1930)
-* Request OIDC groups claim if groups scope is not supported (#1956)
-* Add a maintenance window for Applications with automated syncing (#1995)
-* Support `argocd.argoproj.io/hook-delete-policy: BeforeHookCreation` (#2036)
-* Support setting Helm string parameters using CLI/UI (#2078)
-* Config management plugin environment variable UI/CLI support (#2203)
-* Helm: auto-detect URLs (#2260)
-* Helm: UI improvements (#2261)
-* Support `helm template --kube-version ` (#2275)
-* Use community icons for resources (#2277)
-* Make `group` optional for `ignoreDifferences` config (#2298)
-* Update Helm docs (#2315)
-* Add cluster information into Splunk (#2354)
-* argocd list command should have filter options like by project (#2396)
-* Add target/current revision to status badge (#2445)
-* Update tooling to use Kustomize v3 (#2487)
-* Update root `Dockerfile` to use the `hack/install.sh` (#2488)
-* Support and document using HPA for repo-server (#2559)
-* Upgrade Helm  (#2587)
-* UI fixes for "Sync Apps" panel. (#2604)
-* Upgrade kustomize from v3.1.0 to v3.2.1 (#2609)
-* Map helm lifecycle hooks to ArgoCD pre/post/sync hooks (#355)
-* [UI] Enhance app creation page with Helm parameters overrides (#1059)
-
-#### Bug Fixes
-
-- failed parsing on parameters with comma (#1660)
-- Statefuleset with OnDelete Update Strategy stuck progressing (#1881)
-- Warning during secret diffing (#1923)
-- Error message "Unable to load data: key is missing" is confusing (#1944)
-- OIDC group bindings are truncated (#2006)
-- Multiple parallel app syncs causes OOM (#2022)
-- Unknown error when setting params with argocd app set on helm app (#2046)
-- Endpoint is no longer shown as a child of services (#2060)
-- SSH known hosts entry cannot be deleted if contains shell pattern in name (#2099)
-- Application 404s on names with periods (#2114)
-- Adding certs for hostnames ending with a dot (.) is not possible (#2116)
-- Fix `TestHookDeleteBeforeCreation` (#2141)
-- v1.2.0-rc1 nil pointer dereference when syncing (#2146)
-- Replacing services failure (#2150)
-- 1.2.0-rc1 - Authentication Required error in Repo Server (#2152)
-- v1.2.0-rc1 Applications List View doesn't work (#2174)
-- Manual sync does not trigger Presync hooks (#2185)
-- SyncError app condition disappears during app reconciliation (#2192)
-- argocd app wait\sync prints 'Unknown' for resources without health (#2198)
-- 1.2.0-rc2 Warning during secret diffing (#2206)
-- SSO redirect url is incorrect if configured Argo CD URL has trailing slash (#2212)
-- Application summary diff page shows hooks (#2215)
-- An app with a single resource and Sync hook remains progressing (#2216)
-- CONTRIBUTING documentation outdated (#2231)
-- v1.2.0-rc2 does not retrieve http(s) based git repository behind the proxy (#2243)
-- Intermittent "git ls-remote" request failures should not fail app reconciliation (#2245)
-- Result of ListApps operation for Git repo is cached incorrectly (#2263)
-- ListApps does not utilize cache (#2287)
-- Controller panics due to nil pointer error (#2290)
-- The Helm --kube-version support does not work on GKE: (#2303)
-- Fixes bug that prevents you creating repos via UI/CLI.  (#2308)
-- The 'helm.repositories' settings is dropped without migration path (#2316)
-- Badge response does not contain cache control header (#2317)
-- Inconsistent sync result from UI and CLI (#2321)
-- Failed edit application with plugin type requiring environment (#2330)
-- AutoSync doesn't work anymore (#2339)
-- End-to-End tests not working with Kubernetes v1.16 (#2371)
-- Creating an application from Helm repository should select "Helm" as source type (#2378)
-- The parameters of ValidateAccess GRPC method should not be logged  (#2386)
-- Maintenance window meaning is confusing (#2398)
-- UI bug when targetRevision is ommited (#2407)
-- Too many vulnerabilities in Docker image (#2425)
-- proj windows commands not consistent with other commands (#2443)
-- Custom resource actions cannot be executed from the UI (#2448)
-- Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2453)
-- Logic that checks sync windows state in the cli is incorrect (#2455)
-- UI don't allow to create window with `* * * * *` schedule (#2475)
-- Helm Hook is executed twice if annotated with both pre-install and pre-upgrade annotations (#2480)
-- Impossible to edit chart name using App details page (#2484)
-- ArgoCD does not provide CSRF protection (#2496)
-- ArgoCD failing to install CRDs in master from Helm Charts (#2497)
-- Timestamp in Helm package file name causes error in Application with Helm source (#2549)
-- Attempting to create a repo with password but not username panics (#2567)
-- UI incorrectly mark resources as `Required Pruning` (#2577)
-- argocd app diff prints only first difference (#2616)
-- Bump min client cache version (#2619)
-- Cluster list page fails if any cluster is not reachable (#2620)
-- Repository type should be mandatory for repo add command in CLI (#2622)
-- Repo server executes unnecessary ls-remotes (#2626)
-- Application list page incorrectly filter apps by label selector (#2633)
-- Custom actions are disabled in Argo CD UI (#2635)
-- Failure of `argocd version` in the self-building container image (#2645)
-- Application list page is not updated automatically anymore (#2655)
-- Login regression issues (#2659)
-- Regression: Cannot return Kustomize version for 3.1.0 (#2662)
-- API server does not allow creating role with action `action/*` (#2670)
-- Application controller `kubectl-parallelism-limit` flag is broken (#2673)
-- Annoying toolbar flickering (#2691)
-
-## v1.2.5 (2019-10-29)
-
-- Issue #2339 - Don't update `status.reconciledAt` unless compared with latest git version (#2581)
-
-## v1.2.4 (2019-10-23)
-
-- Issue #2185 - Manual sync don't trigger hooks (#2477)
-- Issue #2339 - Controller should compare with latest git revision if app has changed (#2543)
-- Unknown child app should not affect app health (#2544)
-- Redact secrets in dex logs (#2538)
-
 ## v1.2.3 (2019-10-1)
 * Make argo-cd docker images openshift friendly (#2362) (@duboisf)
 * Add dest-server and dest-namespace field to reconciliation logs (#2354)

Dockerfile

@@ -4,7 +4,7 @@ ARG BASE_IMAGE=debian:10-slim
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM golang:1.14.1 as builder
+FROM golang:1.12.6 as builder
 
 RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list
 
@@ -30,9 +30,9 @@ RUN ./install.sh dep-linux
 RUN ./install.sh packr-linux
 RUN ./install.sh kubectl-linux
 RUN ./install.sh ksonnet-linux
-RUN ./install.sh helm2-linux
 RUN ./install.sh helm-linux
 RUN ./install.sh kustomize-linux
+RUN ./install.sh aws-iam-authenticator-linux
 
 ####################################################################################################
 # Argo CD Base - used as the base for both the release and dev argocd images
@@ -50,17 +50,16 @@ RUN groupadd -g 999 argocd && \
     chmod g=u /home/argocd && \
     chmod g=u /etc/passwd && \
     apt-get update && \
-    apt-get install -y git git-lfs python3-pip && \
+    apt-get install -y git git-lfs && \
     apt-get clean && \
-    pip3 install awscli==1.18.80 && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 COPY hack/git-ask-pass.sh /usr/local/bin/git-ask-pass.sh
 COPY --from=builder /usr/local/bin/ks /usr/local/bin/ks
-COPY --from=builder /usr/local/bin/helm2 /usr/local/bin/helm2
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl
 COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
+COPY --from=builder /usr/local/bin/aws-iam-authenticator /usr/local/bin/aws-iam-authenticator
 # script to add current (possibly arbitrary) user to /etc/passwd at runtime
 # (if it's not already there, to be openshift friendly)
 COPY uid_entrypoint.sh /usr/local/bin/uid_entrypoint.sh
@@ -97,7 +96,7 @@ RUN NODE_ENV='production' yarn build
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM golang:1.14.1 as argocd-build
+FROM golang:1.12.6 as argocd-build
 
 COPY --from=builder /usr/local/bin/dep /usr/local/bin/dep
 COPY --from=builder /usr/local/bin/packr /usr/local/bin/packr
@@ -116,8 +115,7 @@ RUN cd ${GOPATH}/src/dummy && \
 WORKDIR /go/src/github.com/argoproj/argo-cd
 COPY . .
 RUN make cli server controller repo-server argocd-util && \
-    make CLI_NAME=argocd-darwin-amd64 GOOS=darwin cli && \
-    make CLI_NAME=argocd-windows-amd64.exe GOOS=windows cli
+    make CLI_NAME=argocd-darwin-amd64 GOOS=darwin cli
 
 
 ####################################################################################################
@@ -126,3 +124,4 @@ RUN make cli server controller repo-server argocd-util && \
 FROM argocd-base
 COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/local/bin/
 COPY --from=argocd-ui ./src/dist/app /shared/app
+

Gopkg.lock

@@ -25,14 +25,6 @@
   revision = "d216395917cc49052c7c7094cf57f09657ca08a8"
   version = "v3.0.0"
 
-[[projects]]
-  digest = "1:63e57618d792cccb87ad7cb8a0602e6205732beb3b01b0ea858fc4a5fd3ce8f1"
-  name = "github.com/MakeNowJust/heredoc"
-  packages = ["."]
-  pruneopts = ""
-  revision = "efb6ca8de9d5385c3963279701760e37637cf238"
-  version = "v2.0.1"
-
 [[projects]]
   digest = "1:b856d8248663c39265a764561c1a1a149783f6cc815feb54a1f3a591b91f6eca"
   name = "github.com/Masterminds/semver"
@@ -66,38 +58,24 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:3cce78d5d0090e3f1162945fba60ba74e72e8422e8e41bb9c701afb67237bb65"
-  name = "github.com/alicebob/gopher-json"
-  packages = ["."]
+  digest = "1:0caf9208419fa5db5a0ca7112affaa9550c54291dda8e2abac0c0e76181c959e"
+  name = "github.com/argoproj/argo"
+  packages = ["util"]
   pruneopts = ""
-  revision = "5a6b3ba71ee69b77cf64febf8b5a7526ca5eaef0"
-
-[[projects]]
-  digest = "1:18a07506ddaa87b1612bfd69eef03f510faf122398df3da774d46dcfe751a060"
-  name = "github.com/alicebob/miniredis"
-  packages = [
-    ".",
-    "server",
-  ]
-  pruneopts = ""
-  revision = "3d7aa1333af56ab862d446678d93aaa6803e0938"
-  version = "v2.7.0"
+  revision = "7ef1cea68c94f7f0e1e2f8bd75bedc5a7df8af90"
 
 [[projects]]
   branch = "master"
-  digest = "1:fbe4779f247babd0b21e2283d419f848a8dab42c0f6bbdeb88d83f190f52c159"
+  digest = "1:4f6afcf4ebe041b3d4aa7926d09344b48d2f588e1f957526bbbe54f9cbb366a1"
   name = "github.com/argoproj/pkg"
   packages = [
     "errors",
     "exec",
-    "grpc/http",
-    "kubeclientmetrics",
     "rand",
-    "stats",
     "time",
   ]
   pruneopts = ""
-  revision = "f46beff7cd548bafc0264b95a4efed645fb1862c"
+  revision = "38dba6e98495680ff1f8225642b63db10a96bb06"
 
 [[projects]]
   digest = "1:d8a2bb36a048d1571bcc1aee208b61f39dc16c6c53823feffd37449dde162507"
@@ -116,22 +94,12 @@
   revision = "3a771d992973f24aa725d07868b467d1ddfceafb"
 
 [[projects]]
-  digest = "1:6e56c4e58a4359f844880c50b3c0a154c73c51c9399c2d16fa79221a6a110598"
-  name = "github.com/bsm/redislock"
-  packages = ["."]
-  pruneopts = ""
-  revision = "3d76f17a9f1e22d11521f78267ce1795641ae596"
-  version = "v0.4.3"
-
-[[projects]]
-  digest = "1:6e2b0748ea11cffebe87b4a671a44ecfb243141cdd5df54cb44b7e8e93cb7ea3"
+  digest = "1:e04162bd6a6d4950541bae744c968108e14913b1cebccf29f7650b573f44adb3"
   name = "github.com/casbin/casbin"
   packages = [
     ".",
     "config",
     "effect",
-    "errors",
-    "log",
     "model",
     "persist",
     "persist/file-adapter",
@@ -140,21 +108,8 @@
     "util",
   ]
   pruneopts = ""
-  revision = "aaed1b7a7eac65d37ec4e15e308429fdf0bd6a9e"
-  version = "v1.9.1"
-
-[[projects]]
-  branch = "master"
-  digest = "1:9c19f8c33e635e0439c8afc167d6d02e3aa6eea5b69d64880244fd354a99edc4"
-  name = "github.com/chai2010/gettext-go"
-  packages = [
-    "gettext",
-    "gettext/mo",
-    "gettext/plural",
-    "gettext/po",
-  ]
-  pruneopts = ""
-  revision = "bf70f2a70fb1b1f36d90d671a72795984eab0fcb"
+  revision = "d71629e497929858300c38cd442098c178121c30"
+  version = "v1.5.0"
 
 [[projects]]
   branch = "v2"
@@ -180,17 +135,6 @@
   revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
   version = "v3.2.0"
 
-[[projects]]
-  digest = "1:c05f1899f086e3b4613d94d9e6f7ba6f4b6587498a1aa6037c5c294b22f5a743"
-  name = "github.com/docker/distribution"
-  packages = [
-    "digestset",
-    "reference",
-  ]
-  pruneopts = ""
-  revision = "2461543d988979529609e8cb6fca9ca190dc48da"
-  version = "v2.7.1"
-
 [[projects]]
   digest = "1:b021ef379356343bdc13ec101e546b756fcef4b1186d08163bef7d3bc8c1e07f"
   name = "github.com/docker/docker"
@@ -248,28 +192,12 @@
   version = "v1.9.0"
 
 [[projects]]
-  digest = "1:46ddeb9dd35d875ac7568c4dc1fc96ce424e034bdbb984239d8ffc151398ec01"
+  digest = "1:4216202f4088a73e2982df875e2f0d1401137bbc248e57391e70547af167a18a"
   name = "github.com/evanphx/json-patch"
   packages = ["."]
   pruneopts = ""
-  revision = "026c730a0dcc5d11f93f1cf1cc65b01247ea7b6f"
-  version = "v4.5.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:549f95037fea25e00a5341ac6a169a5b3e5306be107f45260440107b779b74f9"
-  name = "github.com/exponent-io/jsonpath"
-  packages = ["."]
-  pruneopts = ""
-  revision = "d6023ce2651d8eafb5c75bb0c7167536102ec9f5"
-
-[[projects]]
-  digest = "1:23a5efa4b272df86a8ebffc942f5e0c1aac4b750836037394cc450b6d91e241a"
-  name = "github.com/fatih/camelcase"
-  packages = ["."]
-  pruneopts = ""
-  revision = "44e46d280b43ec1531bb25252440e34f1b800b65"
-  version = "v1.0.0"
+  revision = "72bf35d0ff611848c1dc9df0f976c81192392fa5"
+  version = "v4.1.0"
 
 [[projects]]
   digest = "1:b13707423743d41665fd23f0c36b2f37bb49c30e94adb813319c44188a51ba22"
@@ -277,7 +205,6 @@
   packages = ["."]
   pruneopts = ""
   revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"
-  version = "v1.0.0"
 
 [[projects]]
   branch = "master"
@@ -429,7 +356,7 @@
   revision = "5a05380e4bc2440e0ec12f54f6f45648dbdd5e55"
 
 [[projects]]
-  digest = "1:d69d2ba23955582a64e367ff2b0808cdbd048458c178cea48f11ab8c40bd7aea"
+  digest = "1:6e73003ecd35f4487a5e88270d3ca0a81bc80dc88053ac7e4dcfec5fba30d918"
   name = "github.com/gogo/protobuf"
   packages = [
     "gogoproto",
@@ -462,8 +389,8 @@
     "vanity/command",
   ]
   pruneopts = ""
-  revision = "5628607bb4c51c3157aacc3a50f0ab707582b805"
-  version = "v1.3.1"
+  revision = "636bf0302bc95575d69441b25a2603156ffdddf1"
+  version = "v1.1.1"
 
 [[projects]]
   branch = "master"
@@ -497,52 +424,15 @@
   version = "v1.2.0"
 
 [[projects]]
-  digest = "1:dcf8316121302735c0ac84e05f4686e3b34e284444435e9a206da48d8be18cb1"
-  name = "github.com/gomodule/redigo"
-  packages = [
-    "internal",
-    "redis",
-  ]
-  pruneopts = ""
-  revision = "9c11da706d9b7902c6da69c592f75637793fe121"
-  version = "v2.0.0"
-
-[[projects]]
-  digest = "1:1e5b1e14524ed08301977b7b8e10c719ed853cbf3f24ecb66fae783a46f207a6"
-  name = "github.com/google/btree"
-  packages = ["."]
-  pruneopts = ""
-  revision = "4030bb1f1f0c35b30ca7009e9ebd06849dd45306"
-  version = "v1.0.0"
-
-[[projects]]
-  digest = "1:9fcb267c272bc5054564b392e3ff7e65e35400fd9914afb1d169f92b95e7dbc9"
-  name = "github.com/google/go-cmp"
-  packages = [
-    "cmp",
-    "cmp/internal/diff",
-    "cmp/internal/flags",
-    "cmp/internal/function",
-    "cmp/internal/value",
-  ]
-  pruneopts = ""
-  revision = "2d0692c2e9617365a95b295612ac0d4415ba4627"
-  version = "v0.3.1"
-
-[[projects]]
-  digest = "1:ce886a0d7c4737485b1d72453aa6f22282c021fffe209abe33220d54d0e2e670"
+  digest = "1:14d826ee25139b4674e9768ac287a135f4e7c14e1134a5b15e4e152edfd49f41"
   name = "github.com/google/go-jsonnet"
   packages = [
     ".",
     "ast",
-    "astgen",
-    "internal/errors",
-    "internal/parser",
-    "internal/program",
+    "parser",
   ]
   pruneopts = ""
-  revision = "70a6b3d419d9ee16a144345c35e0305052c6f2d9"
-  version = "v0.15.0"
+  revision = "dfddf2b4e3aec377b0dcdf247ff92e7d078b8179"
 
 [[projects]]
   branch = "master"
@@ -560,14 +450,6 @@
   pruneopts = ""
   revision = "c34317bd91bf98fab745d77b03933cf8769299fe"
 
-[[projects]]
-  digest = "1:ad92aa49f34cbc3546063c7eb2cabb55ee2278b72842eda80e2a20a8a06a8d73"
-  name = "github.com/google/uuid"
-  packages = ["."]
-  pruneopts = ""
-  revision = "0cd6bf5da1e1c83f8b45653022c74f71af0538a4"
-  version = "v1.1.1"
-
 [[projects]]
   digest = "1:2a131706ff80636629ab6373f2944569b8252ecc018cda8040931b05d32e3c16"
   name = "github.com/googleapis/gnostic"
@@ -588,17 +470,6 @@
   revision = "66b9c49e59c6c48f0ffce28c2d8b8a5678502c6d"
   version = "v1.4.0"
 
-[[projects]]
-  branch = "master"
-  digest = "1:e1fd67b5695fb12f54f979606c5d650a5aa72ef242f8e71072bfd4f7b5a141a0"
-  name = "github.com/gregjones/httpcache"
-  packages = [
-    ".",
-    "diskcache",
-  ]
-  pruneopts = ""
-  revision = "901d90724c7919163f472a9812253fb26761123d"
-
 [[projects]]
   branch = "master"
   digest = "1:9dca8c981b8aed7448d94e78bc68a76784867a38b3036d5aabc0b32d92ffd1f4"
@@ -689,14 +560,6 @@
   pruneopts = ""
   revision = "d14ea06fba99483203c19d92cfcd13ebe73135f4"
 
-[[projects]]
-  digest = "1:302ad9379eb146668760df4d779a95379acab43ce5f9a28f27f3273f98232020"
-  name = "github.com/jonboulle/clockwork"
-  packages = ["."]
-  pruneopts = ""
-  revision = "2eee05ed794112d45db504eb05aa693efd2b8b09"
-  version = "v0.1.0"
-
 [[projects]]
   digest = "1:31c6f3c4f1e15fcc24fcfc9f5f24603ff3963c56d6fa162116493b4025fb6acc"
   name = "github.com/json-iterator/go"
@@ -728,14 +591,6 @@
   pruneopts = ""
   revision = "b729f2633dfe35f4d1d8a32385f6685610ce1cb5"
 
-[[projects]]
-  branch = "master"
-  digest = "1:93018a4331df9925058905133cb997aec8f54d5303f4536a23e49b5648632d06"
-  name = "github.com/liggitt/tabwriter"
-  packages = ["."]
-  pruneopts = ""
-  revision = "89fcab3d43de07060e4fd4c1547430ed57e87f24"
-
 [[projects]]
   branch = "master"
   digest = "1:ccc20cacf54eb16464dad02efa1c14fa7c0b9e124639b0d2a51dcc87b0154e4c"
@@ -796,14 +651,6 @@
   revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd"
   version = "1.0.1"
 
-[[projects]]
-  digest = "1:5d9b668b0b4581a978f07e7d2e3314af18eb27b3fb5d19b70185b7c575723d11"
-  name = "github.com/opencontainers/go-digest"
-  packages = ["."]
-  pruneopts = ""
-  revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf"
-  version = "v1.0.0-rc1"
-
 [[projects]]
   digest = "1:4c0404dc03d974acd5fcd8b8d3ce687b13bd169db032b89275e8b9d77b98ce8c"
   name = "github.com/patrickmn/go-cache"
@@ -820,22 +667,6 @@
   revision = "c37440a7cf42ac63b919c752ca73a85067e05992"
   version = "v0.2.0"
 
-[[projects]]
-  branch = "master"
-  digest = "1:5f0faa008e8ff4221b55a1a5057c8b02cb2fd68da6a65c9e31c82b72cbc836d0"
-  name = "github.com/petar/GoLLRB"
-  packages = ["llrb"]
-  pruneopts = ""
-  revision = "33fb24c13b99c46c93183c291836c573ac382536"
-
-[[projects]]
-  digest = "1:4709c61d984ef9ba99b037b047546d8a576ae984fb49486e48d99658aa750cd5"
-  name = "github.com/peterbourgon/diskv"
-  packages = ["."]
-  pruneopts = ""
-  revision = "0be1b92a6df0e4f5cb0a5d15fb7f643d0ad93ce6"
-  version = "v3.0.0"
-
 [[projects]]
   digest = "1:7365acd48986e205ccb8652cc746f09c8b7876030d53710ea6ef7d0bd0dcd7ca"
   name = "github.com/pkg/errors"
@@ -923,14 +754,6 @@
   revision = "9a47f48565a795472d43519dd49aac781f3034fb"
   version = "v1.6.0"
 
-[[projects]]
-  digest = "1:2761e287c811d0948d47d0252b82281eca3801eb3c9d5f9530956643d5b9f430"
-  name = "github.com/russross/blackfriday"
-  packages = ["."]
-  pruneopts = ""
-  revision = "05f3235734ad95d0016f6a23902f06461fcf567a"
-  version = "v1.5.2"
-
 [[projects]]
   digest = "1:3962f553b77bf6c03fc07cd687a22dd3b00fe11aa14d31194f5505f5bb65cdc8"
   name = "github.com/sergi/go-diff"
@@ -967,11 +790,11 @@
   version = "v0.1.4"
 
 [[projects]]
-  digest = "1:0c63b3c7ad6d825a898f28cb854252a3b29d37700c68a117a977263f5ec94efe"
+  digest = "1:9ba49264cef4386aded205f9cb5b1f2d30f983d7dc37a21c780d9db3edfac9a7"
   name = "github.com/spf13/cobra"
   packages = ["."]
   pruneopts = ""
-  revision = "0.0.5"
+  revision = "fe5e611709b0c57fa4a89136deaa8e1d4004d053"
 
 [[projects]]
   digest = "1:8e243c568f36b09031ec18dff5f7d2769dcf5ca4d624ea511c8e3197dc3d352d"
@@ -1003,15 +826,15 @@
   version = "v0.1"
 
 [[projects]]
-  digest = "1:cc4eb6813da8d08694e557fcafae8fcc24f47f61a0717f952da130ca9a486dfc"
+  digest = "1:c587772fb8ad29ad4db67575dad25ba17a51f072ff18a22b4f0257a4d9c24f75"
   name = "github.com/stretchr/testify"
   packages = [
     "assert",
     "mock",
   ]
   pruneopts = ""
-  revision = "3ebf1ddaeb260c4b1ae502a01c7844fa8c1fa0e9"
-  version = "v1.5.1"
+  revision = "f35b8ab0b5a2cef36673838d662e249dd9c94686"
+  version = "v1.2.2"
 
 [[projects]]
   digest = "1:51cf0fca93f4866709ceaf01b750e51d997c299a7bd2edf7ccd79e3b428754ae"
@@ -1418,13 +1241,11 @@
   version = "v2.2.2"
 
 [[projects]]
-  branch = "release-1.16"
-  digest = "1:5e5cfbab57ea5444c1eb295a39fdc403f097f5ace592c829db7b3e0e3ea66903"
+  branch = "release-1.14"
+  digest = "1:d8a6f1ec98713e685346a2e4b46c6ec4a1792a5535f8b0dffe3b1c08c9d69b12"
   name = "k8s.io/api"
   packages = [
-    "admission/v1",
     "admission/v1beta1",
-    "admissionregistration/v1",
     "admissionregistration/v1beta1",
     "apps/v1",
     "apps/v1beta1",
@@ -1444,7 +1265,6 @@
     "coordination/v1",
     "coordination/v1beta1",
     "core/v1",
-    "discovery/v1alpha1",
     "events/v1beta1",
     "extensions/v1beta1",
     "imagepolicy/v1alpha1",
@@ -1465,41 +1285,34 @@
     "storage/v1beta1",
   ]
   pruneopts = ""
-  revision = "195af9ec35214c6d98662c5791364285bf2e2cf2"
+  revision = "40a48860b5abbba9aa891b02b32da429b08d96a0"
 
 [[projects]]
-  branch = "release-1.16"
-  digest = "1:7f29d62c07c68767171cf2ed8598e0cb862b99584bb8beb93189e2ed00ac520e"
+  branch = "master"
+  digest = "1:49e0fcdcaeaf937c6c608d1da19eb80de74fe990021278d49d46e10288659be6"
   name = "k8s.io/apiextensions-apiserver"
   packages = [
     "pkg/apis/apiextensions",
-    "pkg/apis/apiextensions/v1",
     "pkg/apis/apiextensions/v1beta1",
     "pkg/client/clientset/clientset",
     "pkg/client/clientset/clientset/scheme",
-    "pkg/client/clientset/clientset/typed/apiextensions/v1",
     "pkg/client/clientset/clientset/typed/apiextensions/v1beta1",
-    "pkg/features",
   ]
   pruneopts = ""
-  revision = "07afe84a85e43cf2503133660c424a0b594b21db"
+  revision = "7f7d2b94eca3a7a1c49840e119a8bc03c3afb1e3"
 
 [[projects]]
-  branch = "release-1.16"
-  digest = "1:36db89a45a8cb3d565f7ebfd67dafd42c9c0bbb80d6bbd4991629b39b02a4c64"
+  branch = "release-1.14"
+  digest = "1:a802c91b189a31200cfb66744441fe62dac961ec7c5c58c47716570de7da195c"
   name = "k8s.io/apimachinery"
   packages = [
     "pkg/api/equality",
     "pkg/api/errors",
     "pkg/api/meta",
     "pkg/api/resource",
-    "pkg/api/validation",
-    "pkg/api/validation/path",
     "pkg/apis/meta/internalversion",
     "pkg/apis/meta/v1",
     "pkg/apis/meta/v1/unstructured",
-    "pkg/apis/meta/v1/unstructured/unstructuredscheme",
-    "pkg/apis/meta/v1/validation",
     "pkg/apis/meta/v1beta1",
     "pkg/conversion",
     "pkg/conversion/queryparams",
@@ -1518,14 +1331,12 @@
     "pkg/util/cache",
     "pkg/util/clock",
     "pkg/util/diff",
-    "pkg/util/duration",
     "pkg/util/errors",
     "pkg/util/framer",
     "pkg/util/httpstream",
     "pkg/util/httpstream/spdy",
     "pkg/util/intstr",
     "pkg/util/json",
-    "pkg/util/jsonmergepatch",
     "pkg/util/mergepatch",
     "pkg/util/naming",
     "pkg/util/net",
@@ -1544,51 +1355,14 @@
     "third_party/forked/golang/reflect",
   ]
   pruneopts = ""
-  revision = "72ed19daf4bb788ae595ae4103c404cb0fa09c84"
+  revision = "6a84e37a896db9780c75367af8d2ed2bb944022e"
 
 [[projects]]
-  branch = "release-1.16"
-  digest = "1:4e236f3f94cfc5f005ceb143948ad39a4b2ad10373f394b232838f797bddd6ef"
-  name = "k8s.io/apiserver"
-  packages = [
-    "pkg/apis/audit",
-    "pkg/authentication/serviceaccount",
-    "pkg/authentication/user",
-    "pkg/endpoints/request",
-    "pkg/features",
-    "pkg/util/feature",
-  ]
-  pruneopts = ""
-  revision = "ebfe712c1fff40c4800d779470515e6025eda218"
-
-[[projects]]
-  branch = "release-1.16"
-  digest = "1:b46a88b317c3187b6fa7c5351eca48b35aad182eee371168677747430ff955bb"
-  name = "k8s.io/cli-runtime"
-  packages = [
-    "pkg/genericclioptions",
-    "pkg/kustomize",
-    "pkg/kustomize/k8sdeps",
-    "pkg/kustomize/k8sdeps/configmapandsecret",
-    "pkg/kustomize/k8sdeps/kunstruct",
-    "pkg/kustomize/k8sdeps/kv",
-    "pkg/kustomize/k8sdeps/transformer",
-    "pkg/kustomize/k8sdeps/transformer/hash",
-    "pkg/kustomize/k8sdeps/transformer/patch",
-    "pkg/kustomize/k8sdeps/validator",
-    "pkg/printers",
-    "pkg/resource",
-  ]
-  pruneopts = ""
-  revision = "6bff60de437070d7e8644b7a930837d5de512240"
-
-[[projects]]
-  branch = "release-13.0"
-  digest = "1:84f90f6a3b5b16f2c57164c5281d302b2647da8f77aa9cb14d5ebeb17fccc25e"
+  branch = "release-11.0"
+  digest = "1:794140b3ac07405646ea3d4a57e1f6155186e672aed8aa0c996779381cd92fe6"
   name = "k8s.io/client-go"
   packages = [
     "discovery",
-    "discovery/cached/disk",
     "discovery/fake",
     "dynamic",
     "dynamic/fake",
@@ -1597,8 +1371,6 @@
     "kubernetes",
     "kubernetes/fake",
     "kubernetes/scheme",
-    "kubernetes/typed/admissionregistration/v1",
-    "kubernetes/typed/admissionregistration/v1/fake",
     "kubernetes/typed/admissionregistration/v1beta1",
     "kubernetes/typed/admissionregistration/v1beta1/fake",
     "kubernetes/typed/apps/v1",
@@ -1637,8 +1409,6 @@
     "kubernetes/typed/coordination/v1beta1/fake",
     "kubernetes/typed/core/v1",
     "kubernetes/typed/core/v1/fake",
-    "kubernetes/typed/discovery/v1alpha1",
-    "kubernetes/typed/discovery/v1alpha1/fake",
     "kubernetes/typed/events/v1beta1",
     "kubernetes/typed/events/v1beta1/fake",
     "kubernetes/typed/extensions/v1beta1",
@@ -1683,15 +1453,6 @@
     "plugin/pkg/client/auth/oidc",
     "rest",
     "rest/watch",
-    "restmapper",
-    "scale",
-    "scale/scheme",
-    "scale/scheme/appsint",
-    "scale/scheme/appsv1beta1",
-    "scale/scheme/appsv1beta2",
-    "scale/scheme/autoscalingv1",
-    "scale/scheme/extensionsint",
-    "scale/scheme/extensionsv1beta1",
     "testing",
     "third_party/forked/golang/template",
     "tools/auth",
@@ -1702,10 +1463,8 @@
     "tools/clientcmd/api/v1",
     "tools/metrics",
     "tools/pager",
-    "tools/portforward",
     "tools/reference",
     "tools/remotecommand",
-    "tools/watch",
     "transport",
     "transport/spdy",
     "util/cert",
@@ -1719,11 +1478,11 @@
     "util/workqueue",
   ]
   pruneopts = ""
-  revision = "85029d69edeae82e97dd1a0de3b24668cee9a15d"
+  revision = "11646d1007e006f6f24995cb905c68bc62901c81"
 
 [[projects]]
-  branch = "release-1.16"
-  digest = "1:254da4cb69b3776686b730a206e081e6f8898bb64760619d1895c25c407e718f"
+  branch = "release-1.14"
+  digest = "1:742ce70d2c6de0f02b5331a25d4d549f55de6b214af22044455fd6e6b451cad9"
   name = "k8s.io/code-generator"
   packages = [
     "cmd/go-to-protobuf",
@@ -1732,15 +1491,7 @@
     "third_party/forked/golang/reflect",
   ]
   pruneopts = ""
-  revision = "8e001e5d18949be7e823ccb9cfe9b60026e7bda0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:06c18e328063f3612dfda3c4c5e5b8becda1eabceca689335c8d98704dffe70a"
-  name = "k8s.io/component-base"
-  packages = ["featuregate"]
-  pruneopts = ""
-  revision = "435ce712a6949916fa293dc4d3d49429962043d8"
+  revision = "50b561225d70b3eb79a1faafd3dfe7b1a62cbe73"
 
 [[projects]]
   branch = "master"
@@ -1778,7 +1529,7 @@
   revision = "e80910364765199a4baebd4dec54c885fe52b680"
 
 [[projects]]
-  digest = "1:16a343bd9d820ae320de4d1eaa8acc7a214aac4b38fb21d03255d3a457d861df"
+  digest = "1:42ea993b351fdd39b9aad3c9ebe71f2fdb5d1f8d12eed24e71c3dff1a31b2a43"
   name = "k8s.io/kube-openapi"
   packages = [
     "cmd/openapi-gen",
@@ -1787,145 +1538,41 @@
     "pkg/generators",
     "pkg/generators/rules",
     "pkg/util/proto",
-    "pkg/util/proto/validation",
     "pkg/util/sets",
   ]
   pruneopts = ""
-  revision = "30be4d16710ac61bce31eb28a01054596fe6a9f1"
+  revision = "411b2483e5034420675ebcdd4a55fc76fe5e55cf"
 
 [[projects]]
-  branch = "release-1.16"
-  digest = "1:687af22932f9b53ff2e6755b2eefe160f076d522794abb980f0ddb187bcefacd"
-  name = "k8s.io/kubectl"
-  packages = [
-    "pkg/cmd/apply",
-    "pkg/cmd/delete",
-    "pkg/cmd/util",
-    "pkg/cmd/util/editor",
-    "pkg/cmd/util/editor/crlf",
-    "pkg/cmd/wait",
-    "pkg/describe",
-    "pkg/describe/versioned",
-    "pkg/generated",
-    "pkg/rawhttp",
-    "pkg/scheme",
-    "pkg/util",
-    "pkg/util/certificate",
-    "pkg/util/deployment",
-    "pkg/util/event",
-    "pkg/util/fieldpath",
-    "pkg/util/i18n",
-    "pkg/util/interrupt",
-    "pkg/util/openapi",
-    "pkg/util/openapi/validation",
-    "pkg/util/printers",
-    "pkg/util/qos",
-    "pkg/util/rbac",
-    "pkg/util/resource",
-    "pkg/util/slice",
-    "pkg/util/storage",
-    "pkg/util/templates",
-    "pkg/util/term",
-    "pkg/validation",
-    "pkg/version",
-  ]
-  pruneopts = ""
-  revision = "14647fd13a8b4cffc5a8f327b0018e037f72e4e8"
-
-[[projects]]
-  branch = "release-1.16"
-  digest = "1:02241e5570c239d31e52955b1a8e6d603a35fd6542d14e98882fb6c3c4ef3d56"
+  branch = "release-1.14"
+  digest = "1:78aa6079e011ece0d28513c7fe1bd64284fa9eb5d671760803a839ffdf0e9e38"
   name = "k8s.io/kubernetes"
   packages = [
-    "pkg/api/legacyscheme",
     "pkg/api/v1/pod",
     "pkg/apis/apps",
-    "pkg/apis/apps/install",
-    "pkg/apis/apps/v1",
-    "pkg/apis/apps/v1beta1",
-    "pkg/apis/apps/v1beta2",
-    "pkg/apis/authentication",
-    "pkg/apis/authentication/install",
-    "pkg/apis/authentication/v1",
-    "pkg/apis/authentication/v1beta1",
-    "pkg/apis/authorization",
-    "pkg/apis/authorization/install",
-    "pkg/apis/authorization/v1",
-    "pkg/apis/authorization/v1beta1",
     "pkg/apis/autoscaling",
-    "pkg/apis/autoscaling/install",
-    "pkg/apis/autoscaling/v1",
-    "pkg/apis/autoscaling/v2beta1",
-    "pkg/apis/autoscaling/v2beta2",
     "pkg/apis/batch",
-    "pkg/apis/batch/install",
-    "pkg/apis/batch/v1",
-    "pkg/apis/batch/v1beta1",
-    "pkg/apis/batch/v2alpha1",
-    "pkg/apis/certificates",
-    "pkg/apis/certificates/install",
-    "pkg/apis/certificates/v1beta1",
-    "pkg/apis/coordination",
-    "pkg/apis/coordination/install",
-    "pkg/apis/coordination/v1",
-    "pkg/apis/coordination/v1beta1",
     "pkg/apis/core",
-    "pkg/apis/core/install",
-    "pkg/apis/core/v1",
-    "pkg/apis/events",
-    "pkg/apis/events/install",
-    "pkg/apis/events/v1beta1",
-    "pkg/apis/extensions",
-    "pkg/apis/extensions/install",
-    "pkg/apis/extensions/v1beta1",
-    "pkg/apis/networking",
-    "pkg/apis/policy",
-    "pkg/apis/policy/install",
-    "pkg/apis/policy/v1beta1",
-    "pkg/apis/rbac",
-    "pkg/apis/rbac/install",
-    "pkg/apis/rbac/v1",
-    "pkg/apis/rbac/v1alpha1",
-    "pkg/apis/rbac/v1beta1",
-    "pkg/apis/scheduling",
-    "pkg/apis/scheduling/install",
-    "pkg/apis/scheduling/v1",
-    "pkg/apis/scheduling/v1alpha1",
-    "pkg/apis/scheduling/v1beta1",
-    "pkg/apis/settings",
-    "pkg/apis/settings/install",
-    "pkg/apis/settings/v1alpha1",
-    "pkg/apis/storage",
-    "pkg/apis/storage/install",
-    "pkg/apis/storage/v1",
-    "pkg/apis/storage/v1alpha1",
-    "pkg/apis/storage/v1beta1",
-    "pkg/features",
-    "pkg/kubectl/cmd/auth",
-    "pkg/registry/rbac/reconciliation",
-    "pkg/registry/rbac/validation",
+    "pkg/kubectl/scheme",
+    "pkg/kubectl/util/term",
+    "pkg/util/interrupt",
     "pkg/util/node",
-    "pkg/util/parsers",
-    "pkg/util/slice",
-    "pkg/util/workqueue/prometheus",
   ]
   pruneopts = ""
-  revision = "bfafae8f1c2fdf3c3cfef04674db028531a7c098"
+  revision = "2d20b5759406ded89f8b25cf085ff4733b144ba5"
 
 [[projects]]
   branch = "master"
-  digest = "1:a8a2e6bbef691323b833d0eb11bb0e570e7eb9619ac76f7b11265530e1cac922"
+  digest = "1:4c5d39f7ca1c940d7e74dbc62d2221e2c59b3d35c54f1fa9c77f3fd3113bbcb1"
   name = "k8s.io/utils"
   packages = [
     "buffer",
-    "exec",
     "integer",
-    "net",
     "pointer",
     "trace",
   ]
   pruneopts = ""
-  revision = "6ca3b61696b65b0e81f1a39b4937fc2d2994ed6a"
+  revision = "c55fbcfc754a5b2ec2fbae8fb9dcac36bdba6a12"
 
 [[projects]]
   branch = "master"
@@ -1935,37 +1582,6 @@
   pruneopts = ""
   revision = "97fed8db84274c421dbfffbb28ec859901556b97"
 
-[[projects]]
-  digest = "1:0b2daace3dcced8712072529b621360cf520f3c2ead92d755f35a0ec8dca2714"
-  name = "sigs.k8s.io/kustomize"
-  packages = [
-    "pkg/commands/build",
-    "pkg/constants",
-    "pkg/expansion",
-    "pkg/factory",
-    "pkg/fs",
-    "pkg/git",
-    "pkg/gvk",
-    "pkg/ifc",
-    "pkg/ifc/transformer",
-    "pkg/image",
-    "pkg/internal/error",
-    "pkg/loader",
-    "pkg/patch",
-    "pkg/patch/transformer",
-    "pkg/resid",
-    "pkg/resmap",
-    "pkg/resource",
-    "pkg/target",
-    "pkg/transformers",
-    "pkg/transformers/config",
-    "pkg/transformers/config/defaultconfig",
-    "pkg/types",
-  ]
-  pruneopts = ""
-  revision = "a6f65144121d1955266b0cd836ce954c04122dc8"
-  version = "v2.0.3"
-
 [[projects]]
   digest = "1:321081b4a44256715f2b68411d8eda9a17f17ebfe6f0cc61d2cc52d11c08acfa"
   name = "sigs.k8s.io/yaml"
@@ -1981,16 +1597,13 @@
     "bou.ke/monkey",
     "github.com/Masterminds/semver",
     "github.com/TomOnTime/utfutil",
-    "github.com/alicebob/miniredis",
+    "github.com/argoproj/argo/util",
     "github.com/argoproj/pkg/errors",
     "github.com/argoproj/pkg/exec",
-    "github.com/argoproj/pkg/grpc/http",
-    "github.com/argoproj/pkg/kubeclientmetrics",
-    "github.com/argoproj/pkg/stats",
     "github.com/argoproj/pkg/time",
-    "github.com/bsm/redislock",
     "github.com/casbin/casbin",
     "github.com/casbin/casbin/model",
+    "github.com/casbin/casbin/persist",
     "github.com/coreos/go-oidc",
     "github.com/dgrijalva/jwt-go",
     "github.com/dustin/go-humanize",
@@ -2014,7 +1627,6 @@
     "github.com/golang/protobuf/ptypes/empty",
     "github.com/google/go-jsonnet",
     "github.com/google/shlex",
-    "github.com/google/uuid",
     "github.com/grpc-ecosystem/go-grpc-middleware",
     "github.com/grpc-ecosystem/go-grpc-middleware/auth",
     "github.com/grpc-ecosystem/go-grpc-middleware/logging",
@@ -2080,7 +1692,6 @@
     "k8s.io/api/batch/v1",
     "k8s.io/api/core/v1",
     "k8s.io/api/extensions/v1beta1",
-    "k8s.io/api/networking/v1beta1",
     "k8s.io/api/rbac/v1",
     "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1",
     "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset",
@@ -2095,15 +1706,10 @@
     "k8s.io/apimachinery/pkg/runtime/serializer",
     "k8s.io/apimachinery/pkg/selection",
     "k8s.io/apimachinery/pkg/types",
-    "k8s.io/apimachinery/pkg/util/intstr",
-    "k8s.io/apimachinery/pkg/util/jsonmergepatch",
-    "k8s.io/apimachinery/pkg/util/net",
     "k8s.io/apimachinery/pkg/util/runtime",
     "k8s.io/apimachinery/pkg/util/strategicpatch",
     "k8s.io/apimachinery/pkg/util/wait",
     "k8s.io/apimachinery/pkg/watch",
-    "k8s.io/cli-runtime/pkg/genericclioptions",
-    "k8s.io/cli-runtime/pkg/printers",
     "k8s.io/client-go/discovery",
     "k8s.io/client-go/discovery/fake",
     "k8s.io/client-go/dynamic",
@@ -2111,7 +1717,6 @@
     "k8s.io/client-go/informers/core/v1",
     "k8s.io/client-go/kubernetes",
     "k8s.io/client-go/kubernetes/fake",
-    "k8s.io/client-go/kubernetes/scheme",
     "k8s.io/client-go/listers/core/v1",
     "k8s.io/client-go/plugin/pkg/client/auth/gcp",
     "k8s.io/client-go/plugin/pkg/client/auth/oidc",
@@ -2120,9 +1725,6 @@
     "k8s.io/client-go/tools/cache",
     "k8s.io/client-go/tools/clientcmd",
     "k8s.io/client-go/tools/clientcmd/api",
-    "k8s.io/client-go/tools/pager",
-    "k8s.io/client-go/tools/portforward",
-    "k8s.io/client-go/transport/spdy",
     "k8s.io/client-go/util/flowcontrol",
     "k8s.io/client-go/util/workqueue",
     "k8s.io/code-generator/cmd/go-to-protobuf",
@@ -2131,32 +1733,13 @@
     "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1",
     "k8s.io/kube-openapi/cmd/openapi-gen",
     "k8s.io/kube-openapi/pkg/common",
-    "k8s.io/kubectl/pkg/cmd/apply",
-    "k8s.io/kubectl/pkg/cmd/util",
-    "k8s.io/kubectl/pkg/scheme",
-    "k8s.io/kubectl/pkg/util/term",
-    "k8s.io/kubernetes/pkg/api/legacyscheme",
     "k8s.io/kubernetes/pkg/api/v1/pod",
-    "k8s.io/kubernetes/pkg/apis/apps/install",
-    "k8s.io/kubernetes/pkg/apis/authentication/install",
-    "k8s.io/kubernetes/pkg/apis/authorization/install",
-    "k8s.io/kubernetes/pkg/apis/autoscaling/install",
-    "k8s.io/kubernetes/pkg/apis/batch/install",
-    "k8s.io/kubernetes/pkg/apis/certificates/install",
-    "k8s.io/kubernetes/pkg/apis/coordination/install",
+    "k8s.io/kubernetes/pkg/apis/apps",
+    "k8s.io/kubernetes/pkg/apis/batch",
     "k8s.io/kubernetes/pkg/apis/core",
-    "k8s.io/kubernetes/pkg/apis/core/install",
-    "k8s.io/kubernetes/pkg/apis/events/install",
-    "k8s.io/kubernetes/pkg/apis/extensions/install",
-    "k8s.io/kubernetes/pkg/apis/policy/install",
-    "k8s.io/kubernetes/pkg/apis/rbac/install",
-    "k8s.io/kubernetes/pkg/apis/scheduling/install",
-    "k8s.io/kubernetes/pkg/apis/settings/install",
-    "k8s.io/kubernetes/pkg/apis/storage/install",
-    "k8s.io/kubernetes/pkg/kubectl/cmd/auth",
+    "k8s.io/kubernetes/pkg/kubectl/scheme",
+    "k8s.io/kubernetes/pkg/kubectl/util/term",
     "k8s.io/kubernetes/pkg/util/node",
-    "k8s.io/kubernetes/pkg/util/slice",
-    "k8s.io/kubernetes/pkg/util/workqueue/prometheus",
     "k8s.io/utils/pointer",
     "layeh.com/gopher-json",
   ]

Gopkg.toml

@@ -19,7 +19,7 @@ required = [
 
 [[constraint]]
   name = "github.com/gogo/protobuf"
-  version = "1.3.1"
+  version = "1.1.1"
 
 # override github.com/grpc-ecosystem/go-grpc-middleware's constraint on master
 [[override]]
@@ -36,57 +36,28 @@ required = [
   revision = "7858729281ec582767b20e0d696b6041d995d5e0"
 
 [[override]]
-  branch = "release-1.16"
+  branch = "release-1.14"
   name = "k8s.io/api"
 
 [[override]]
-  branch = "release-1.16"
+  branch = "release-1.14"
   name = "k8s.io/kubernetes"
 
 [[override]]
-  branch = "release-1.16"
+  branch = "release-1.14"
   name = "k8s.io/code-generator"
 
 [[override]]
-  branch = "release-1.16"
+  branch = "release-1.14"
   name = "k8s.io/apimachinery"
 
 [[override]]
-  branch = "release-1.16"
-  name = "k8s.io/apiextensions-apiserver"
-
-[[override]]
-  branch = "release-1.16"
-  name = "k8s.io/apiserver"
-
-[[override]]
-  branch = "release-1.16"
-  name = "k8s.io/kubectl"
-
-[[override]]
-  branch = "release-1.16"
-  name = "k8s.io/cli-runtime"
-
-[[override]]
-  version = "2.0.3"
-  name = "sigs.k8s.io/kustomize"
-
-# ASCIIRenderer does not implement blackfriday.Renderer
-[[override]]
-  name = "github.com/russross/blackfriday"
-  version = "1.5.2"
- 
-[[override]]
-  branch = "release-13.0"
+  branch = "release-11.0"
   name = "k8s.io/client-go"
 
-[[override]]
-  name = "github.com/casbin/casbin"
-  version = "1.9.1"
-
 [[constraint]]
   name = "github.com/stretchr/testify"
-  version = "1.5.1"
+  version = "1.2.2"
 
 [[constraint]]
   name = "github.com/gobuffalo/packr"
@@ -100,31 +71,12 @@ required = [
   branch = "master"
   name = "github.com/yudai/gojsondiff"
 
-# Fixes: Could not introduce sigs.k8s.io/kustomize@v2.0.3, as it has a dependency on github.com/spf13/cobra with constraint ^0.0.2, which has no overlap with existing constraint 0.0.5 from (root)
-[[override]]
+[[constraint]]
   name = "github.com/spf13/cobra"
-  revision = "0.0.5"
+  revision = "fe5e611709b0c57fa4a89136deaa8e1d4004d053"
 
 # TODO: move off of k8s.io/kube-openapi and use controller-tools for CRD spec generation
 # (override argoproj/argo contraint on master)
 [[override]]
-  revision = "30be4d16710ac61bce31eb28a01054596fe6a9f1"
+  revision = "411b2483e5034420675ebcdd4a55fc76fe5e55cf"
   name = "k8s.io/kube-openapi"
-
-# jsonpatch replace operation does not apply: doc is missing key: /metadata/annotations
-[[override]]
-  name = "github.com/evanphx/json-patch"
-  version = "v4.1.0"
-
-[[constraint]]
-  name = "github.com/google/uuid"
-  version = "1.1.1"
-
-
-[[constraint]]
-  name = "github.com/alicebob/miniredis"
-  version = "2.7.0"
-
-[[constraint]]
-  name = "github.com/bsm/redislock"
-  version = "0.4.3"

Makefile

@@ -9,82 +9,10 @@ GIT_COMMIT=$(shell git rev-parse HEAD)
 GIT_TAG=$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)
 GIT_TREE_STATE=$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)
 PACKR_CMD=$(shell if [ "`which packr`" ]; then echo "packr"; else echo "go run vendor/github.com/gobuffalo/packr/packr/main.go"; fi)
-VOLUME_MOUNT=$(shell if test "$(go env GOOS)"=="darwin"; then echo ":delegated"; elif test selinuxenabled; then echo ":Z"; else echo ""; fi)
+VOLUME_MOUNT=$(shell [[ $(go env GOOS)=="darwin" ]] && echo ":delegated" || echo "")
 
-GOPATH?=$(shell if test -x `which go`; then go env GOPATH; else echo "$(HOME)/go"; fi)
-GOCACHE?=$(HOME)/.cache/go-build
-
-DOCKER_SRCDIR?=$(GOPATH)/src
-DOCKER_WORKDIR?=/go/src/github.com/argoproj/argo-cd
-
-ARGOCD_PROCFILE?=Procfile
-
-# Configuration for building argocd-test-tools image
-TEST_TOOLS_NAMESPACE?=argoproj
-TEST_TOOLS_IMAGE=argocd-test-tools
-TEST_TOOLS_TAG?=v0.5.0
-ifdef TEST_TOOLS_NAMESPACE
-TEST_TOOLS_PREFIX=${TEST_TOOLS_NAMESPACE}/
-endif
-
-# You can change the ports where ArgoCD components will be listening on by
-# setting the appropriate environment variables before running make.
-ARGOCD_E2E_APISERVER_PORT?=8080
-ARGOCD_E2E_REPOSERVER_PORT?=8081
-ARGOCD_E2E_REDIS_PORT?=6379
-ARGOCD_E2E_DEX_PORT?=5556
-ARGOCD_E2E_YARN_HOST?=localhost
-
-ARGOCD_IN_CI?=false
-ARGOCD_TEST_E2E?=true
-
-ARGOCD_LINT_GOGC?=20
-
-# Runs any command in the argocd-test-utils container in server mode
-# Server mode container will start with uid 0 and drop privileges during runtime
-define run-in-test-server
-	docker run --rm -it \
-		--name argocd-test-server \
-		-e USER_ID=$(shell id -u) \
-		-e HOME=/home/user \
-		-e GOPATH=/go \
-		-e GOCACHE=/tmp/go-build-cache \
-		-e ARGOCD_IN_CI=$(ARGOCD_IN_CI) \
-		-e ARGOCD_E2E_TEST=$(ARGOCD_E2E_TEST) \
-		-e ARGOCD_E2E_YARN_HOST=$(ARGOCD_E2E_YARN_HOST) \
-		-v ${DOCKER_SRCDIR}:/go/src${VOLUME_MOUNT} \
-		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
-		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
-		-v /tmp:/tmp${VOLUME_MOUNT} \
-		-w ${DOCKER_WORKDIR} \
-		-p ${ARGOCD_E2E_APISERVER_PORT}:8080 \
-		-p 4000:4000 \
-		$(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
-		bash -c "$(1)"
-endef
-
-# Runs any command in the argocd-test-utils container in client mode
-define run-in-test-client
-	docker run --rm -it \
-	  --name argocd-test-client \
-		-u $(shell id -u) \
-		-e HOME=/home/user \
-		-e GOPATH=/go \
-		-e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) \
-		-e GOCACHE=/tmp/go-build-cache \
-		-e ARGOCD_LINT_GOGC=$(ARGOCD_LINT_GOGC) \
-		-v ${DOCKER_SRCDIR}:/go/src${VOLUME_MOUNT} \
-		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
-		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
-		-v /tmp:/tmp${VOLUME_MOUNT} \
-		-w ${DOCKER_WORKDIR} \
-		$(TEST_TOOLS_NAMESPACE)/$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
-		bash -c "$(1)"
-endef
-
-# 
-define exec-in-test-server
-	docker exec -it -u $(shell id -u) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
+define run-in-dev-tool
+    docker run --rm -it -u $(shell id -u) -e HOME=/home/user -v ${CURRENT_DIR}:/go/src/github.com/argoproj/argo-cd${VOLUME_MOUNT} -w /go/src/github.com/argoproj/argo-cd argocd-dev-tools bash -c "GOPATH=/go $(1)"
 endef
 
 PATH:=$(PATH):$(PWD)/hack
@@ -110,8 +38,6 @@ endif
 ifneq (${GIT_TAG},)
 IMAGE_TAG=${GIT_TAG}
 LDFLAGS += -X ${PACKAGE}.gitTag=${GIT_TAG}
-else
-IMAGE_TAG?=latest
 endif
 
 ifeq (${DOCKER_PUSH},true)
@@ -127,10 +53,6 @@ endif
 .PHONY: all
 all: cli image argocd-util
 
-.PHONY: gogen
-gogen:
-	go generate ./util/argo/...
-
 .PHONY: protogen
 protogen:
 	./hack/generate-proto.sh
@@ -144,25 +66,21 @@ clientgen:
 	./hack/update-codegen.sh
 
 .PHONY: codegen-local
-codegen-local: gogen protogen clientgen openapigen manifests-local
+codegen-local: protogen clientgen openapigen manifests-local
 
 .PHONY: codegen
-codegen:
-	$(call run-in-test-client,make codegen-local)
+codegen: dev-tools-image
+	$(call run-in-dev-tool,make codegen-local)
 
 .PHONY: cli
 cli: clean-debug
 	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd/argocd
 
-.PHONY: cli-docker
-	go build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd/argocd
-
 .PHONY: release-cli
 release-cli: clean-debug image
 	docker create --name tmp-argocd-linux $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)
 	docker cp tmp-argocd-linux:/usr/local/bin/argocd ${DIST_DIR}/argocd-linux-amd64
 	docker cp tmp-argocd-linux:/usr/local/bin/argocd-darwin-amd64 ${DIST_DIR}/argocd-darwin-amd64
-	docker cp tmp-argocd-linux:/usr/local/bin/argocd-windows-amd64.exe ${DIST_DIR}/argocd-windows-amd64.exe
 	docker rm tmp-argocd-linux
 
 .PHONY: argocd-util
@@ -170,23 +88,17 @@ argocd-util: clean-debug
 	# Build argocd-util as a statically linked binary, so it could run within the alpine-based dex container (argoproj/argo-cd#844)
 	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-util ./cmd/argocd-util
 
-# .PHONY: dev-tools-image
-# dev-tools-image:
-# 	docker build -t $(DEV_TOOLS_PREFIX)$(DEV_TOOLS_IMAGE) . -f hack/Dockerfile.dev-tools
-# 	docker tag $(DEV_TOOLS_PREFIX)$(DEV_TOOLS_IMAGE) $(DEV_TOOLS_PREFIX)$(DEV_TOOLS_IMAGE):$(DEV_TOOLS_VERSION)
-
-.PHONY: test-tools-image
-test-tools-image:
-	docker build -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
-	docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
+.PHONY: dev-tools-image
+dev-tools-image:
+	cd hack && docker build -t argocd-dev-tools . -f Dockerfile.dev-tools
 
 .PHONY: manifests-local
 manifests-local:
 	./hack/update-manifests.sh
 
 .PHONY: manifests
-manifests: test-tools-image
-	$(call run-in-test-client,make manifests-local IMAGE_TAG='${IMAGE_TAG}')
+manifests:
+	$(call run-in-dev-tool,make manifests-local IMAGE_TAG='${IMAGE_TAG}')
 
 
 # NOTE: we use packr to do the build instead of go, since we embed swagger files and policy.csv
@@ -222,7 +134,6 @@ image: packr
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-util ./cmd/argocd-util
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd/argocd
 	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-darwin-amd64 ./cmd/argocd
-	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-windows-amd64.exe ./cmd/argocd
 	cp Dockerfile.dev dist
 	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) -f dist/Dockerfile.dev dist
 else
@@ -236,121 +147,40 @@ builder-image:
 	docker build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) --target builder .
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) ; fi
 
-# Pulls in all vendor dependencies
 .PHONY: dep
 dep:
-	$(call run-in-test-client,dep ensure -v)
-
-# Pulls in all vendor dependencies (local version)
-.PHONY: dep-local
-dep-local:
 	dep ensure -v
 
-# Pulls in all unvendored dependencies
 .PHONY: dep-ensure
 dep-ensure:
-	$(call run-in-test-client,dep ensure -no-vendor -v)
-
-# Pulls in all unvendored dependencies (local version)
-.PHONY: dep-ensure-local
-dep-ensure-local:
 	dep ensure -no-vendor
 
-# Runs dep check in a container to ensure Gopkg.lock is up-to-date with dependencies
-.PHONY: dep-check
-dep-check:
-	$(call run-in-test-client,make dep-check-local)
-
-# Runs dep check locally to ensure Gopkg.lock is up-to-date with dependencies
-.PHONY: dep-check-local
-dep-check-local:
-	if ! dep check -skip-vendor; then echo "Please make sure Gopkg.lock is up-to-date - see https://argoproj.github.io/argo-cd/developer-guide/faq/#why-does-the-build-step-fail"; exit 1; fi
-
-# Deprecated - replace by install-local-tools
 .PHONY: install-lint-tools
 install-lint-tools:
 	./hack/install.sh lint-tools
 
-# Run linter on the code
 .PHONY: lint
 lint:
-	$(call run-in-test-client,make lint-local)
-
-# Run linter on the code (local version)
-.PHONY: lint-local
-lint-local:
 	golangci-lint --version
-	# NOTE: If you get a "Killed" OOM message, try reducing the value of GOGC
-	# See https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint
-	GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s
+	golangci-lint run --fix --verbose
 
-.PHONY: lint-ui
-lint-ui:
-	$(call run-in-test-client,make lint-ui-local)
-
-.PHONY: lint-ui-local
-lint-ui-local:
-	cd ui && yarn lint
-
-# Build all Go code
 .PHONY: build
 build:
-	mkdir -p $(GOCACHE)
-	$(call run-in-test-client, make build-local)
+	go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
 
-# Build all Go code (local version)
-.PHONY: build-local
-build-local:
-	go build -p 1 -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
-
-# Run all unit tests
-#
-# If TEST_MODULE is set (to fully qualified module name), only this specific
-# module will be tested.
 .PHONY: test
 test:
-	mkdir -p $(GOCACHE)
-	$(call run-in-test-client,make TEST_MODULE=$(TEST_MODULE) test-local)
+	 ./hack/test.sh -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`
 
-# Run all unit tests (local version)
-.PHONY: test-local
-test-local:
-	if test "$(TEST_MODULE)" = ""; then \
-		./hack/test.sh -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
-	else \
-		./hack/test.sh -coverprofile=coverage.out "$(TEST_MODULE)"; \
-	fi
-
-# Run the E2E test suite. E2E test servers (see start-e2e target) must be
-# started before.
 .PHONY: test-e2e
-test-e2e: 
-	$(call exec-in-test-server,make test-e2e-local)
+test-e2e:
+	./hack/test.sh -timeout 15m ./test/e2e
 
-# Run the E2E test suite (local version)
-.PHONY: test-e2e-local
-test-e2e-local: cli
-	# NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system
-	NO_PROXY=* ./hack/test.sh -timeout 15m -v ./test/e2e
-
-# Spawns a shell in the test server container for debugging purposes
-debug-test-server:
-	$(call run-in-test-server,/bin/bash)
-
-# Spawns a shell in the test client container for debugging purposes
-debug-test-client:
-	$(call run-in-test-client,/bin/bash)
-
-# Starts e2e server in a container
 .PHONY: start-e2e
-start-e2e: 
+start-e2e: cli
+	killall goreman || true
+	# check we can connect to Docker to start Redis
 	docker version
-	mkdir -p ${GOCACHE}
-	$(call run-in-test-server,make ARGOCD_PROCFILE=test/container/Procfile start-e2e-local)
-
-# Starts e2e server locally (or within a container)
-.PHONY: start-e2e-local
-start-e2e-local: 
 	kubectl create ns argocd-e2e || true
 	kubectl config set-context --current --namespace=argocd-e2e
 	kustomize build test/manifests/base | kubectl apply -f -
@@ -359,9 +189,7 @@ start-e2e-local:
 	ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \
 	ARGOCD_E2E_DISABLE_AUTH=false \
 	ARGOCD_ZJWT_FEATURE_FLAG=always \
-	ARGOCD_IN_CI=$(ARGOCD_IN_CI) \
-	ARGOCD_E2E_TEST=true \
-		goreman -f $(ARGOCD_PROCFILE) start
+		goreman start
 
 # Cleans VSCode debug.test files from sub-dirs to prevent them from being included in packr boxes
 .PHONY: clean-debug
@@ -374,28 +202,17 @@ clean: clean-debug
 
 .PHONY: start
 start:
-	docker version
-	$(call run-in-test-server,make ARGOCD_PROCFILE=test/container/Procfile start-local ARGOCD_START=${ARGOCD_START})
-
-# Starts a local instance of ArgoCD
-.PHONY: start-local
-start-local:
-	# check we can connect to Docker to start Redis
 	killall goreman || true
+	# check we can connect to Docker to start Redis
+	docker version
 	kubectl create ns argocd || true
+	kubens argocd
 	ARGOCD_ZJWT_FEATURE_FLAG=always \
-	ARGOCD_IN_CI=false \
-	ARGOCD_E2E_TEST=false \
-		goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START}
+		goreman start
 
-# Runs pre-commit validaiton with the virtualized toolchain
 .PHONY: pre-commit
 pre-commit: dep-ensure codegen build lint test
 
-# Runs pre-commit validation with the local toolchain
-.PHONY: pre-commit-local
-pre-commit-local: dep-ensure-local codegen-local build-local lint-local test-local
-
 .PHONY: release-precheck
 release-precheck: manifests
 	@if [ "$(GIT_TREE_STATE)" != "clean" ]; then echo 'git tree state is $(GIT_TREE_STATE)' ; exit 1; fi
@@ -404,53 +221,3 @@ release-precheck: manifests
 
 .PHONY: release
 release: pre-commit release-precheck image release-cli
-
-.PHONY: build-docs
-build-docs:
-	mkdocs build
-
-.PHONY: serve-docs
-serve-docs:
-	mkdocs serve
-
-.PHONY: lint-docs
-lint-docs:
-	#  https://github.com/dkhamsing/awesome_bot
-	find docs -name '*.md' -exec grep -l http {} + | xargs docker run --rm -v $(PWD):/mnt:ro dkhamsing/awesome_bot -t 3 --allow-dupe --allow-redirect --white-list `cat white-list | grep -v "#" | tr "\n" ','` --skip-save-results --
-
-.PHONY: publish-docs
-publish-docs: lint-docs
-	mkdocs gh-deploy
-
-# Verify that kubectl can connect to your K8s cluster from Docker
-.PHONY: verify-kube-connect
-verify-kube-connect:
-	$(call run-in-test-client,kubectl version)
-
-# Show the Go version of local and virtualized environments
-.PHONY: show-go-version
-show-go-version:
-	@echo -n "Local Go version: "
-	@go version
-	@echo -n "Docker Go version: "
-	$(call run-in-test-client,go version)
-
-# Installs all tools required to build and test ArgoCD locally
-.PHONY: install-tools-local
-install-tools-local:
-	./hack/install.sh dep-linux
-	./hack/install.sh packr-linux
-	./hack/install.sh kubectl-linux
-	./hack/install.sh ksonnet-linux
-	./hack/install.sh helm2-linux
-	./hack/install.sh helm-linux
-	./hack/install.sh codegen-tools
-	./hack/install.sh codegen-go-tools
-	./hack/install.sh lint-tools
-
-.PHONY: dep-ui
-dep-ui:
-	$(call run-in-test-client,make dep-ui-local)
-
-dep-ui-local:
-	cd ui && yarn install

OWNERS

@@ -1,12 +1,12 @@
 owners:
+- alexec
 - alexmt
 - jessesuen
 
+reviewers:
+- jannfis
+
 approvers:
 - alexec
 - alexmt
-- dthomson25
-- jannfis
 - jessesuen
-- mayzhang2000
-- rachelwang20

Procfile

@@ -1,6 +1,6 @@
 controller: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true go run ./cmd/argocd-application-controller/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
 api-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true go run ./cmd/argocd-server/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --staticassets ui/dist/app"
-dex: sh -c "go run github.com/argoproj/argo-cd/cmd/argocd-util gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml quay.io/dexidp/dex:v2.22.0 serve /dex.yaml"
+dex: sh -c "go run ./cmd/argocd-util/main.go gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml quay.io/dexidp/dex:v2.14.0 serve /dex.yaml"
 redis: docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:5.0.3-alpine --save "" --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}
 repo-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true go run ./cmd/argocd-repo-server/main.go --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'

README.md

@@ -12,21 +12,45 @@ Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
 
 ## Why Argo CD?
 
-1. Application definitions, configurations, and environments should be declarative and version controlled.
-1. Application deployment and lifecycle management should be automated, auditable, and easy to understand.
+Application definitions, configurations, and environments should be declarative and version controlled.
+
+Application deployment and lifecycle management should be automated, auditable, and easy to understand.
+
 
 ## Who uses Argo CD?
 
-[Official Argo CD user list](USERS.md)
+Organizations below are **officially** using Argo CD. Please send a PR with your organization name if you are using Argo CD.
+
+1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
+1. [Codility](https://www.codility.com/)
+1. [Commonbond](https://commonbond.co/)
+1. [CyberAgent](https://www.cyberagent.co.jp/en/)
+1. [END.](https://www.endclothing.com/)
+1. [Future PLC](https://www.futureplc.com/)
+1. [GMETRI](https://gmetri.com/)
+1. [Intuit](https://www.intuit.com/)
+1. [KintoHub](https://www.kintohub.com/)
+1. [KompiTech GmbH](https://www.kompitech.com/)
+1. [Lytt](https://www.lytt.co/)
+1. [Mambu](https://www.mambu.com/) 
+1. [Mirantis](https://mirantis.com/)
+1. [OpenSaaS Studio](https://opensaas.studio)
+1. [Optoro](https://www.optoro.com/)
+1. [Riskified](https://www.riskified.com/)
+1. [Saildrone](https://www.saildrone.com/)
+1. [Tesla](https://tesla.com/)
+1. [tZERO](https://www.tzero.com/)
+1. [Ticketmaster](https://ticketmaster.com)
+1. [Yieldlab](https://www.yieldlab.de/)
+1. [UBIO](https://ub.io/)
+1. [Volvo Cars](https://www.volvocars.com/)
 
 ## Documentation
 
 To learn more about Argo CD [go to the complete documentation](https://argoproj.github.io/argo-cd/).
-Check live demo at https://cd.apps.argoproj.io/.
 
 ## Community Blogs and Presentations
 
-1. [Tutorial: Everything You Need To Become A GitOps Ninja](https://www.youtube.com/watch?v=r50tRQjisxw) 90m tutorial on GitOps and Argo CD.
 1. [Comparison of Argo CD, Spinnaker, Jenkins X, and Tekton](https://www.inovex.de/blog/spinnaker-vs-argo-cd-vs-tekton-vs-jenkins-x/)
 1. [Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager 3.1.2](https://medium.com/ibm-cloud/simplify-and-automate-deployments-using-gitops-with-ibm-multicloud-manager-3-1-2-4395af317359)
 1. [GitOps for Kubeflow using Argo CD](https://www.kubeflow.org/docs/use-cases/gitops-for-kubeflow/)
@@ -35,4 +59,3 @@ Check live demo at https://cd.apps.argoproj.io/.
 1. [CI/CD in Light Speed with K8s and Argo CD](https://www.youtube.com/watch?v=OdzH82VpMwI&feature=youtu.be)
 1. [Machine Learning as Code](https://www.youtube.com/watch?v=VXrGp5er1ZE&t=0s&index=135&list=PLj6h78yzYM2PZf9eA7bhWnIh_mK1vyOfU). Among other things, describes how Kubeflow uses Argo CD to implement GitOPs for ML
 1. [Argo CD - GitOps Continuous Delivery for Kubernetes](https://www.youtube.com/watch?v=aWDIQMbp1cc&feature=youtu.be&t=1m4s)
-1. [Introduction to Argo CD : Kubernetes DevOps CI/CD](https://www.youtube.com/watch?v=2WSJF7d8dUg&feature=youtu.be)

SECURITY_CONTACTS

@@ -1,8 +0,0 @@
-# Defined below are the security contacts for this repo.
-#
-# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
-# INSTRUCTIONS AT https://argoproj.github.io/argo-cd/security_considerations/#reporting-vulnerabilities
-
-alexmt
-edlee2121
-jessesuen

USERS.md

@@ -1,60 +0,0 @@
-## Who uses Argo CD?
-
-As the Argo Community grows, we'd like to keep track of our users. Please send a PR with your organization name if you are using Argo CD.
-
-Currently, the following organizations are **officially** using Argo CD:
-
-1. [127Labs](https://127labs.com/)
-1. [Adevinta](https://www.adevinta.com/)
-1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
-1. [ARZ Allgemeines Rechenzentrum GmbH ](https://www.arz.at/)
-1. [Baloise](https://www.baloise.com)
-1. [BioBox Analytics](https://biobox.io)
-1. [CARFAX](https://www.carfax.com)
-1. [Celonis](https://www.celonis.com/)
-1. [Codility](https://www.codility.com/)
-1. [Commonbond](https://commonbond.co/)
-1. [CyberAgent](https://www.cyberagent.co.jp/en/)
-1. [Cybozu](https://cybozu-global.com)
-1. [EDF Renewables](https://www.edf-re.com/)
-1. [Elium](https://www.elium.com)
-1. [END.](https://www.endclothing.com/)
-1. [Fave](https://myfave.com)
-1. [Future PLC](https://www.futureplc.com/)
-1. [GMETRI](https://gmetri.com/)
-1. [Healy](https://www.healyworld.net)
-1. [hipages](https://hipages.com.au/)
-1. [Intuit](https://www.intuit.com/)
-1. [KintoHub](https://www.kintohub.com/)
-1. [KompiTech GmbH](https://www.kompitech.com/)
-1. [Lytt](https://www.lytt.co/)
-1. [Major League Baseball](https://mlb.com)
-1. [Mambu](https://www.mambu.com/)
-1. [Max Kelsen](https://www.maxkelsen.com/)
-1. [Mirantis](https://mirantis.com/)
-1. [MOO Print](https://www.moo.com/)
-1. [OpenSaaS Studio](https://opensaas.studio)
-1. [Optoro](https://www.optoro.com/)
-1. [Peloton Interactive](https://www.onepeloton.com/)
-1. [Pipefy](https://www.pipefy.com/)
-1. [Prudential](https://prudential.com.sg)
-1. [Red Hat](https://www.redhat.com/)
-1. [Robotinfra](https://www.robotinfra.com)
-1. [Riskified](https://www.riskified.com/)
-1. [Saildrone](https://www.saildrone.com/)
-1. [Saloodo! GmbH](https://www.saloodo.com)
-1. [Syncier](https://syncier.com/)
-1. [Tesla](https://tesla.com/)
-1. [ThousandEyes](https://www.thousandeyes.com/)
-1. [Ticketmaster](https://ticketmaster.com)
-1. [Tiger Analytics](https://www.tigeranalytics.com/)
-1. [Twilio SendGrid](https://sendgrid.com)
-1. [tZERO](https://www.tzero.com/)
-1. [UBIO](https://ub.io/)
-1. [Universidad Mesoamericana](https://www.umes.edu.gt/)
-1. [Viaduct](https://www.viaduct.ai/)
-1. [Volvo Cars](https://www.volvocars.com/)
-1. [Walkbase](https://www.walkbase.com/)
-1. [Whitehat Berlin](https://whitehat.berlin) by Guido Maria Serra +Fenaroli
-1. [Yieldlab](https://www.yieldlab.de/)
-1. [MTN Group](https://www.mtn.com/)

VERSION

@@ -1 +1 @@
-1.5.7
+1.3.2

assets/badge.svg

@@ -1,24 +1,22 @@
-<svg width="131" height="20" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" >
-    <defs>
-        <filter id="dropShadow">
-            <feDropShadow dx="0.2" dy="0.4" stdDeviation="0.2" flood-color="#333" flood-opacity="0.5"/>
-        </filter>
-    </defs>
-
-    <clipPath id="roundedCorners">
-        <rect width="100%" height="100%" rx="3" opacity="1" />
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="131" height="20">
+    <linearGradient id="b" x2="0" y2="100%">
+        <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
+        <stop offset="1" stop-opacity=".1"/>
+    </linearGradient>
+    <clipPath id="a">
+        <rect width="131" height="20" rx="3" fill="#fff"/>
     </clipPath>
-
-    <g clip-path="url(#roundedCorners)">
-        <rect id="leftRect" fill="#555" x="0" y="0" width="74" height="20" />
-        <rect id="rightRect" fill="#4c1" x="74" y="0" width="57" height="20" />
-        <rect id="revisionRect" fill="#4c1" x="131" y="0" width="62" height="20" display="none"/>
+    <g clip-path="url(#a)">
+        <path id="leftPath" fill="#555" d="M0 0h74v20H0z"/>
+        <path id="rightPath" fill="#4c1" d="M74 0h57v20H74z"/>
+        <path fill="url(#b)" d="M0 0h131v20H0z"/>
     </g>
-
-    <g fill="#fff" style="filter: url(#dropShadow);" text-anchor="middle" font-family="DejaVu Sans, sans-serif" font-size="90">
+    <g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="90">
         <image x="5" y="3" width="14" height="14" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAeCAYAAADU8sWcAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAABPAAAATwFjiv3XAAACC2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOkNvbXByZXNzaW9uPjE8L3RpZmY6Q29tcHJlc3Npb24+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlBob3RvbWV0cmljSW50ZXJwcmV0YXRpb24+MjwvdGlmZjpQaG90b21ldHJpY0ludGVycHJldGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KD0UqkwAACpZJREFUSA11VnmQFcUZ//qY4527by92WWTXwHKqEJDDg0MQUioKSWopK4oaS9RAlMofUSPGbFlBSaViKomgQSNmIdECkUS8ophdozEJArKoKCsgIFlY2Pu9N29mero7X78FxCR2Vb8309PTv+/4fb9vCHz1II2Nm+jmzYul2bJsdlMyO7LyPGlZtYqQck1ZHCgwLZWiROeJgB7bDzpYb/7o0y/emzXv4Pts8+ZGBUC0uf/vQf57wdw3NTVRnOYFfXvj6pJcadkUmbDGRoxVSEItSYAQQrUmRBP81VoRpkFTJUMuZA/3g/28q3dn89b7u885D4348vgf8NPAxY033LJmSlDizlSOU94f6UhoHaZdC/3QCHWON2gDYBhAYyRAWgyD4QSi1815f29++vv/+CoD2Lm2nAFGl8mndzyxMMgk5/iW6xzPi/xVk+oyE8+vLNt14FR/0uYW14ox0IwUJ4ZAaUpAaaBEYByiyLbikWWNnnThvPIxu+L717auVeb81tbWsyk4C34u8I3LnlhcSCameMzykg7TwzOJGIYWQj+M+voLYcSo/hxY1E65FECUq4G4RFP0nSjMCMVAIIKUnOHkw90L6qq/vXvbh02trV8yoBh2E0NMY9GiG+58fIGXTF6epyw7JOnamZQbz/tCnDrVVzgqqdwTT0ZTdWDN0wPpMh3ZPZqHLSw98C7Y4RwtnAodsTwGAg0ppkcxrlkYJFID+Z0bn/zelsFImzQRXfScNJFiOG689dcT/FT6GzlqedVJTHRpPH6yz/PyfTlx2IrLCpvSdWrv5OXkX9fOJB/Mnaz3XzItap+yMDoyZgEE7F1SceIghryeRNwnTBkEqhRIxiLF6bCpDXNybW2v/ruxcTzbt2+zZmfCvWT+zxNhbek3cxaPlyYsXVWSSHT25rxC3o+OWK6aDn7sZ3r79ZNY28w45Esxuhw5RjmVvEQPlIwgR8bOiE7VdrPaA2+TeGEEhFbhtAEmG5pzk5WqqbWTPv7jC8sLpgxNSRWZrUeWTAgor7EY9ytTiURvzg8GskGU5xxKkc33yDcX1yc7x3ijLxF+zZgoEljgCrSiXOWIG/WGrjifHxl1V9iyeKwW1lHNo5SKmDmcYinivwhjVpkor55sQj9+/D4MO9bpLW8RN6zJzMvbPDUkHaecE368N1+IUUJfIm5hPf1w2kTedlm/LgntmqEWEQGT3ScJYUh2NIxiiWupSUFasor1VgzXvPATfv6BC3Roq0E9MLqAXKQcAe1rqi/dv+q3DwQUw6djY6tiAaG1jLEw7nAn64WhcStPqZqpA6chap8aage077GwbQcJDx8Awq3T3DHlbeijUHWwytHFuuizCTergdQ+YocxLRHVPNcESRAJxqo60nbSvExvvvWx23MCVvucDyRt5hitwDRHHG09pZiaT7MlSUdUhtQGZttYRdwA4WnFQjFnDA4LX7UdIlgMYpaouBgGMnuBKVN/ZhgBRCMVynNAHOfRm777q4UcrW3EZxcEnD/kclYlpVaFKFIZrIRtluvdls/G9InnLZ9fpLXoJjwZAzZkDJ5mjkIj8HTCKETH9oD0eoikMSDQ5cTrLrUg4QoaFlxUH5MdYy6yAFAaYBHed6ODkMPOkMcFZggZKa0SkaL/jMeDpq5D1Vez9693V/wNUg1jQRY8yLX8BcSba8AaOgyBOdqtQBz7DNj8lZCeNY9SN6aiD3bTOc89s2iliDVvKa3uGxf6doQAxYE2oBbm0HQPG5IxqKhOg9ZpSSQj+pDU+jv5t7913spV5c70GcqLJwgMGw6ZJUuBLbgHPW0D4rgQdewDvnAllN58B0D918AvzVBn3jWi/p4Hq2/s+et1URgBRlVRMGVvBtITfwyuyYPAoIRmWSIrEqjZW1Ml/qN7dtRWzptfBzXDoaeri6TicWhes8Zsg9iMOaAyU0D3fw4qdSEkrryquP77xx+HZCwG3T09HEZfCBUXTxh125H9VZ9SHp1OfZF4aEWI9MM1AhmiVCmaIwV6a2F5ge2q8s7OBB8ytPiOZduw6pFHYOS4cUUQGsNWXj4MVLYdaGU9UAQ0o2H8eHh49WpAITReKqdmGC0PsvF2JB4Gu+i5RqKg5JSi82mOnu9GYGEhwbFjSOXadJII7Pa6Ed3hwU8igAU8lU7D/ffdZ1pFEUT19YI+sR9oZgLIjo8h6usDu2oIzJpxOc4ZphKQtoqFxw6LzxIV/RMxkabSUPAJRz3A5oc50x9T7Lf3xkR0R0xGSS+IRIFQOUUUkqvGXdR5tGXnLmjbYXI0OLCJykIBvFe2ABVHgCQqgMpjkH9xE9IY7cSgGd0w+8mOVjiy68DOh+sauusiwSM8F11nlhCm39/SvP7ux4qNZVfba/0TJ183Is9opWtxEXe5E/cC+Y5bf+CilmczqaC/JigEOjjYTrwtzwB8tAn4kJFGMIEmy0B98gb4B7tAYimHncd19ObLrP25rW0/rb76pQqsoKTEkKJgoT64biCObVx35xvGGz67qYW3Nl0RWYH/ftxmo7pyfpSoKFFjEiLxhE73jXaueHXlGw+PZ68rS8pQ01QlodUjTqcAfcQo8qGjQB36EwQfbFAuF8wjZbmNtStefZ4nC0uibKIHez92AeZEUln5wocGuLGxyUbg2cVEFp5a9pFz11MH/ZCP6M0V8gmbxWZL35K2paFmUmjDgCXAMQkjqv8wgFMGBFVSCw8g1wWsrB5IBrTDAvB0eaAkhVHCeGzSQDUm3bE9/1hs/d7dBhy5aSqAaNNWN6Mvdn9+e0KGfl8hZCd6vBwqABmISKSkCgkqr/a6QMWrwLpsKaYWhfrwi1ikfWBNvQmUhXItAlznICMlcopFFNXcEA25wBw/EIms2L4O1onZs5u46abFUsILDWhAc/OKo7H+/OtuEFqaUcsmIE8CR47zEMsSuJvRQcceODVmOqR/uAHKftAC6R+9AKcmzgVxci9qexwLTIDZ34+MR6FVErXECXw7kc+3/G7j8gPG0dbWJmQnum1+zDj3U2rJ0rWzvFRynu/YskMTb5vetmwI7xyeg7R0g072ynEGwa0PwZTRDbDn0GGI1j0Ii2pCKPCyqJTl+eei9tOl5Kr1eU2seuG5ZMBv2fjUIMkQymAWC6jouQE3jdlYZa43PLnsLbcn++eYVwi6FCQktTCEmO3QAx2rhOllAl6bOwsahg2FDTMvhRklWVSUMkxcWEyHJFbUqyCW9AtRSV//K18AF4XmbOWeBTegCF78ujTXf3hm+XvTeo49G8/67Sg+A0a0OGc6CDzIlFbDL3+8GPYuuxLWP7AYysprIQx9YNjdzAglyVkD3qGvd3dsWvv0infM2qBj53zr49rZsJsNZwa2WeTTFxtP3L1oe1VCzh3AWqOM2FJJsFBwbMuCUAgQyAqGrVVJ7Zdwyz2RZS/X/GbrguJ5eNYgyhfnncH5v+DmYcft18Y1T5S7fl9jPMN+4aM6IpeQPmgxThNA5AnuJFhIeI2tHafiNqEUW1XQL+8NrfRznENP1drNuTOA5/5/KezmAZ4zaJBSdVaUvQk5PsNTeqfrMsKQOui5LGKibBAjmKgSRk/RIMlc8BiWCLbI95Dx05jybrMkfsh+xfgPf+hH0AC4OlsAAAAASUVORK5CYII="/>
-        <text id="leftText" x="435" y="140" transform="scale(.1)" textLength="470"></text>
-        <text id="rightText" x="995" y="140" transform="scale(.1)" textLength="470"></text>
-        <text id="revisionText" x="1550" y="140" font-family="monospace" transform="scale(.1)" font-size="110" display="none"></text>
-    </g>
+
+        <text id="leftText1" x="435" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="470"></text>
+        <text id="leftText2" x="435" y="140" transform="scale(.1)" textLength="470"></text>
+
+        <text id="rightText1" x="995" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="470"></text>
+        <text id="rightText1" x="995" y="140" transform="scale(.1)" textLength="470"></text></g>
 </svg>

assets/builtin-policy.csv

@@ -11,7 +11,6 @@ p, role:readonly, certificates, get, *, allow
 p, role:readonly, clusters, get, *, allow
 p, role:readonly, repositories, get, *, allow
 p, role:readonly, projects, get, *, allow
-p, role:readonly, accounts, get, *, allow
 
 p, role:admin, applications, create, */*, allow
 p, role:admin, applications, update, */*, allow
@@ -31,7 +30,6 @@ p, role:admin, repositories, delete, *, allow
 p, role:admin, projects, create, *, allow
 p, role:admin, projects, update, *, allow
 p, role:admin, projects, delete, *, allow
-p, role:admin, accounts, update, *, allow
 
 g, role:admin, role:readonly
 g, admin, role:admin

cmd/argocd-application-controller/main.go

@@ -6,8 +6,6 @@ import (
 	"os"
 	"time"
 
-	"github.com/argoproj/pkg/stats"
-	"github.com/go-redis/redis"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
@@ -21,15 +19,13 @@ import (
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/controller"
 	"github.com/argoproj/argo-cd/errors"
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/reposerver/apiclient"
-	cacheutil "github.com/argoproj/argo-cd/util/cache"
-	appstatecache "github.com/argoproj/argo-cd/util/cache/appstate"
+	"github.com/argoproj/argo-cd/util/cache"
 	"github.com/argoproj/argo-cd/util/cli"
-	"github.com/argoproj/argo-cd/util/diff"
 	"github.com/argoproj/argo-cd/util/kube"
 	"github.com/argoproj/argo-cd/util/settings"
+	"github.com/argoproj/argo-cd/util/stats"
 )
 
 const (
@@ -52,8 +48,7 @@ func newCommand() *cobra.Command {
 		glogLevel                int
 		metricsPort              int
 		kubectlParallelismLimit  int64
-		cacheSrc                 func() (*appstatecache.Cache, error)
-		redisClient              *redis.Client
+		cacheSrc                 func() (*cache.Cache, error)
 	)
 	var command = cobra.Command{
 		Use:   cliName,
@@ -64,7 +59,8 @@ func newCommand() *cobra.Command {
 
 			config, err := clientConfig.ClientConfig()
 			errors.CheckError(err)
-			errors.CheckError(v1alpha1.SetK8SConfigDefaults(config))
+			config.QPS = common.K8sClientConfigQPS
+			config.Burst = common.K8sClientConfigBurst
 
 			kubeClient := kubernetes.NewForConfigOrDie(config)
 			appClient := appclientset.NewForConfigOrDie(config)
@@ -82,8 +78,6 @@ func newCommand() *cobra.Command {
 
 			settingsMgr := settings.NewSettingsManager(ctx, kubeClient, namespace)
 			kubectl := &kube.KubectlCmd{}
-			legacyDiffDisabled := os.Getenv("ARGOCD_ENABLE_LEGACY_DIFF") == "false"
-			diff.SetPopulateLegacyDiff(!legacyDiffDisabled)
 			appController, err := controller.NewApplicationController(
 				namespace,
 				settingsMgr,
@@ -97,10 +91,8 @@ func newCommand() *cobra.Command {
 				metricsPort,
 				kubectlParallelismLimit)
 			errors.CheckError(err)
-			cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer())
 
-			vers := common.GetVersion()
-			log.Infof("Application Controller (version: %s, built: %s) starting (namespace: %s)", vers.Version, vers.BuildDate, namespace)
+			log.Infof("Application Controller (version: %s) starting (namespace: %s)", common.GetVersion(), namespace)
 			stats.RegisterStackDumper()
 			stats.StartStatsTicker(10 * time.Minute)
 			stats.RegisterHeapDumper("memprofile")
@@ -123,9 +115,8 @@ func newCommand() *cobra.Command {
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDMetrics, "Start metrics server on given port")
 	command.Flags().IntVar(&selfHealTimeoutSeconds, "self-heal-timeout-seconds", 5, "Specifies timeout between application self heal attempts")
 	command.Flags().Int64Var(&kubectlParallelismLimit, "kubectl-parallelism-limit", 20, "Number of allowed concurrent kubectl fork/execs. Any value less the 1 means no limit.")
-	cacheSrc = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
-		redisClient = client
-	})
+
+	cacheSrc = cache.AddCacheFlagsToCmd(&command)
 	return &command
 }
 

cmd/argocd-repo-server/main.go

@@ -7,18 +7,16 @@ import (
 	"os"
 	"time"
 
-	"github.com/argoproj/pkg/stats"
-	"github.com/go-redis/redis"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
 	"github.com/argoproj/argo-cd/reposerver"
-	reposervercache "github.com/argoproj/argo-cd/reposerver/cache"
 	"github.com/argoproj/argo-cd/reposerver/metrics"
-	cacheutil "github.com/argoproj/argo-cd/util/cache"
+	"github.com/argoproj/argo-cd/util/cache"
 	"github.com/argoproj/argo-cd/util/cli"
+	"github.com/argoproj/argo-cd/util/stats"
 	"github.com/argoproj/argo-cd/util/tls"
 )
 
@@ -33,9 +31,8 @@ func newCommand() *cobra.Command {
 		parallelismLimit       int64
 		listenPort             int
 		metricsPort            int
-		cacheSrc               func() (*reposervercache.Cache, error)
+		cacheSrc               func() (*cache.Cache, error)
 		tlsConfigCustomizerSrc func() (tls.ConfigCustomizer, error)
-		redisClient            *redis.Client
 	)
 	var command = cobra.Command{
 		Use:   cliName,
@@ -50,7 +47,6 @@ func newCommand() *cobra.Command {
 			errors.CheckError(err)
 
 			metricsServer := metrics.NewMetricsServer()
-			cacheutil.CollectMetrics(redisClient, metricsServer)
 			server, err := reposerver.NewServer(metricsServer, cache, tlsConfigCustomizer, parallelismLimit)
 			errors.CheckError(err)
 
@@ -76,9 +72,7 @@ func newCommand() *cobra.Command {
 	command.Flags().IntVar(&listenPort, "port", common.DefaultPortRepoServer, "Listen on given port for incoming connections")
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortRepoServerMetrics, "Start metrics server on given port")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
-	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
-		redisClient = client
-	})
+	cacheSrc = cache.AddCacheFlagsToCmd(&command)
 	return &command
 }
 

cmd/argocd-server/commands/root.go

@@ -4,28 +4,24 @@ import (
 	"context"
 	"time"
 
-	"github.com/argoproj/pkg/stats"
-	"github.com/go-redis/redis"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
 
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/server"
-	servercache "github.com/argoproj/argo-cd/server/cache"
+	"github.com/argoproj/argo-cd/util/cache"
 	"github.com/argoproj/argo-cd/util/cli"
+	"github.com/argoproj/argo-cd/util/stats"
 	"github.com/argoproj/argo-cd/util/tls"
-	log "github.com/sirupsen/logrus"
 )
 
 // NewCommand returns a new instance of an argocd command
 func NewCommand() *cobra.Command {
 	var (
-		redisClient              *redis.Client
 		insecure                 bool
 		listenPort               int
 		metricsPort              int
@@ -35,13 +31,11 @@ func NewCommand() *cobra.Command {
 		repoServerTimeoutSeconds int
 		staticAssetsDir          string
 		baseHRef                 string
-		rootPath                 string
 		repoServerAddress        string
 		dexServerAddress         string
 		disableAuth              bool
 		tlsConfigCustomizerSrc   func() (tls.ConfigCustomizer, error)
-		cacheSrc                 func() (*servercache.Cache, error)
-		frameOptions             string
+		cacheSrc                 func() (*cache.Cache, error)
 	)
 	var command = &cobra.Command{
 		Use:   cliName,
@@ -53,7 +47,8 @@ func NewCommand() *cobra.Command {
 
 			config, err := clientConfig.ClientConfig()
 			errors.CheckError(err)
-			errors.CheckError(v1alpha1.SetK8SConfigDefaults(config))
+			config.QPS = common.K8sClientConfigQPS
+			config.Burst = common.K8sClientConfigBurst
 
 			namespace, _, err := clientConfig.Namespace()
 			errors.CheckError(err)
@@ -67,13 +62,6 @@ func NewCommand() *cobra.Command {
 			appclientset := appclientset.NewForConfigOrDie(config)
 			repoclientset := apiclient.NewRepoServerClientset(repoServerAddress, repoServerTimeoutSeconds)
 
-			if rootPath != "" {
-				if baseHRef != "" && baseHRef != rootPath {
-					log.Warnf("--basehref and --rootpath had conflict: basehref: %s rootpath: %s", baseHRef, rootPath)
-				}
-				baseHRef = rootPath
-			}
-
 			argoCDOpts := server.ArgoCDServerOpts{
 				Insecure:            insecure,
 				ListenPort:          listenPort,
@@ -81,7 +69,6 @@ func NewCommand() *cobra.Command {
 				Namespace:           namespace,
 				StaticAssetsDir:     staticAssetsDir,
 				BaseHRef:            baseHRef,
-				RootPath:            rootPath,
 				KubeClientset:       kubeclientset,
 				AppClientset:        appclientset,
 				RepoClientset:       repoclientset,
@@ -89,8 +76,6 @@ func NewCommand() *cobra.Command {
 				DisableAuth:         disableAuth,
 				TLSConfigCustomizer: tlsConfigCustomizer,
 				Cache:               cache,
-				XFrameOptions:       frameOptions,
-				RedisClient:         redisClient,
 			}
 
 			stats.RegisterStackDumper()
@@ -111,7 +96,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&insecure, "insecure", false, "Run server without TLS")
 	command.Flags().StringVar(&staticAssetsDir, "staticassets", "", "Static assets directory path")
 	command.Flags().StringVar(&baseHRef, "basehref", "/", "Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /")
-	command.Flags().StringVar(&rootPath, "rootpath", "", "Used if Argo CD is running behind reverse proxy under subpath different from /")
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().IntVar(&glogLevel, "gloglevel", 0, "Set the glog logging level")
 	command.Flags().StringVar(&repoServerAddress, "repo-server", common.DefaultRepoServerAddr, "Repo server address")
@@ -121,10 +105,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().IntVar(&listenPort, "port", common.DefaultPortAPIServer, "Listen on given port")
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDAPIServerMetrics, "Start metrics on given port")
 	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", 60, "Repo server RPC call timeout seconds.")
-	command.Flags().StringVar(&frameOptions, "x-frame-options", "sameorigin", "Set X-Frame-Options header in HTTP responses to `value`. To disable, set to \"\".")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command)
-	cacheSrc = servercache.AddCacheFlagsToCmd(command, func(client *redis.Client) {
-		redisClient = client
-	})
+	cacheSrc = cache.AddCacheFlagsToCmd(command)
 	return command
 }

cmd/argocd-util/commands/projects.go

@@ -1,192 +0,0 @@
-package commands
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/argoproj/argo-cd/errors"
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned"
-	appclient "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/typed/application/v1alpha1"
-	"github.com/argoproj/argo-cd/util/cli"
-	"github.com/argoproj/argo-cd/util/diff"
-	"github.com/argoproj/argo-cd/util/kube"
-
-	"github.com/spf13/cobra"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/tools/clientcmd"
-)
-
-func NewProjectsCommand() *cobra.Command {
-	var command = &cobra.Command{
-		Use: "projects",
-		Run: func(c *cobra.Command, args []string) {
-			c.HelpFunc()(c, args)
-		},
-	}
-
-	command.AddCommand(NewUpdatePolicyRuleCommand())
-	return command
-}
-
-func globMatch(pattern string, val string) bool {
-	if pattern == "*" {
-		return true
-	}
-	if ok, err := filepath.Match(pattern, val); ok && err == nil {
-		return true
-	}
-	return false
-}
-
-func getModification(modification string, resource string, scope string, permission string) (func(string, string) string, error) {
-	switch modification {
-	case "set":
-		if scope == "" {
-			return nil, fmt.Errorf("Flag --group cannot be empty if permission should be set in role")
-		}
-		if permission == "" {
-			return nil, fmt.Errorf("Flag --permission cannot be empty if permission should be set in role")
-		}
-		return func(proj string, action string) string {
-			return fmt.Sprintf("%s, %s, %s/%s, %s", resource, action, proj, scope, permission)
-		}, nil
-	case "remove":
-		return func(proj string, action string) string {
-			return ""
-		}, nil
-	}
-	return nil, fmt.Errorf("modification %s is not supported", modification)
-}
-
-func saveProject(updated v1alpha1.AppProject, orig v1alpha1.AppProject, projectsIf appclient.AppProjectInterface, dryRun bool) error {
-	fmt.Printf("===== %s ======\n", updated.Name)
-	target, err := kube.ToUnstructured(&updated)
-	errors.CheckError(err)
-	live, err := kube.ToUnstructured(&orig)
-	if err != nil {
-		return err
-	}
-	_ = diff.PrintDiff(updated.Name, target, live)
-	if !dryRun {
-		_, err = projectsIf.Update(&updated)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func formatPolicy(proj string, role string, permission string) string {
-	return fmt.Sprintf("p, proj:%s:%s, %s", proj, role, permission)
-}
-
-func split(input string, delimiter string) []string {
-	parts := strings.Split(input, delimiter)
-	for i := range parts {
-		parts[i] = strings.TrimSpace(parts[i])
-	}
-	return parts
-}
-
-func NewUpdatePolicyRuleCommand() *cobra.Command {
-	var (
-		clientConfig clientcmd.ClientConfig
-		resource     string
-		scope        string
-		rolePattern  string
-		permission   string
-		dryRun       bool
-	)
-	var command = &cobra.Command{
-		Use:   "update-role-policy PROJECT_GLOB MODIFICATION ACTION",
-		Short: "Implement bulk project role update. Useful to back-fill existing project policies or remove obsolete actions.",
-		Example: `  # Add policy that allows executing any action (action/*) to roles which name matches to *deployer* in all projects  
-  argocd-util projects update-role-policy '*' set 'action/*' --role '*deployer*' --resource applications --scope '*' --permission allow
-
-  # Remove policy that which manages running (action/*) from all roles which name matches *deployer* in all projects
-  argocd-util projects update-role-policy '*' remove override --role '*deployer*'
-`,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 3 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projectGlob := args[0]
-			modificationType := args[1]
-			action := args[2]
-
-			config, err := clientConfig.ClientConfig()
-			errors.CheckError(err)
-			config.QPS = 100
-			config.Burst = 50
-
-			namespace, _, err := clientConfig.Namespace()
-			errors.CheckError(err)
-			appclients := appclientset.NewForConfigOrDie(config)
-
-			modification, err := getModification(modificationType, resource, scope, permission)
-			errors.CheckError(err)
-			projIf := appclients.ArgoprojV1alpha1().AppProjects(namespace)
-
-			err = updateProjects(projIf, projectGlob, rolePattern, action, modification, dryRun)
-			errors.CheckError(err)
-		},
-	}
-	command.Flags().StringVar(&resource, "resource", "", "Resource e.g. 'applications'")
-	command.Flags().StringVar(&scope, "scope", "", "Resource scope e.g. '*'")
-	command.Flags().StringVar(&rolePattern, "role", "*", "Role name pattern e.g. '*deployer*'")
-	command.Flags().StringVar(&permission, "permission", "", "Action permission")
-	command.Flags().BoolVar(&dryRun, "dry-run", true, "Dry run")
-	clientConfig = cli.AddKubectlFlagsToCmd(command)
-	return command
-}
-
-func updateProjects(projIf appclient.AppProjectInterface, projectGlob string, rolePattern string, action string, modification func(string, string) string, dryRun bool) error {
-	projects, err := projIf.List(v1.ListOptions{})
-	if err != nil {
-		return err
-	}
-	for _, proj := range projects.Items {
-		if !globMatch(projectGlob, proj.Name) {
-			continue
-		}
-		origProj := proj.DeepCopy()
-		updated := false
-		for i, role := range proj.Spec.Roles {
-			if !globMatch(rolePattern, role.Name) {
-				continue
-			}
-			actionPolicyIndex := -1
-			for i := range role.Policies {
-				parts := split(role.Policies[i], ",")
-				if len(parts) != 6 || parts[3] != action {
-					continue
-				}
-				actionPolicyIndex = i
-				break
-			}
-			policyPermission := modification(proj.Name, action)
-			if actionPolicyIndex == -1 && policyPermission != "" {
-				updated = true
-				role.Policies = append(role.Policies, formatPolicy(proj.Name, role.Name, policyPermission))
-			} else if actionPolicyIndex > -1 && policyPermission == "" {
-				updated = true
-				role.Policies = append(role.Policies[:actionPolicyIndex], role.Policies[actionPolicyIndex+1:]...)
-			} else if actionPolicyIndex > -1 && policyPermission != "" {
-				updated = true
-				role.Policies[actionPolicyIndex] = formatPolicy(proj.Name, role.Name, policyPermission)
-			}
-			proj.Spec.Roles[i] = role
-		}
-		if updated {
-			err = saveProject(proj, *origProj, projIf, dryRun)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}

cmd/argocd-util/commands/projects_test.go

@@ -1,78 +0,0 @@
-package commands
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake"
-)
-
-const (
-	namespace = "default"
-)
-
-func newProj(name string, roleNames ...string) *v1alpha1.AppProject {
-	var roles []v1alpha1.ProjectRole
-	for i := range roleNames {
-		roles = append(roles, v1alpha1.ProjectRole{Name: roleNames[i]})
-	}
-	return &v1alpha1.AppProject{ObjectMeta: v1.ObjectMeta{
-		Name:      name,
-		Namespace: namespace,
-	}, Spec: v1alpha1.AppProjectSpec{
-		Roles: roles,
-	}}
-}
-
-func TestUpdateProjects_FindMatchingProject(t *testing.T) {
-	clientset := fake.NewSimpleClientset(newProj("foo", "test"), newProj("bar", "test"))
-
-	modification, err := getModification("set", "*", "*", "allow")
-	assert.NoError(t, err)
-	err = updateProjects(clientset.ArgoprojV1alpha1().AppProjects(namespace), "ba*", "*", "set", modification, false)
-	assert.NoError(t, err)
-
-	fooProj, err := clientset.ArgoprojV1alpha1().AppProjects(namespace).Get("foo", v1.GetOptions{})
-	assert.NoError(t, err)
-	assert.Len(t, fooProj.Spec.Roles[0].Policies, 0)
-
-	barProj, err := clientset.ArgoprojV1alpha1().AppProjects(namespace).Get("bar", v1.GetOptions{})
-	assert.NoError(t, err)
-	assert.EqualValues(t, barProj.Spec.Roles[0].Policies, []string{"p, proj:bar:test, *, set, bar/*, allow"})
-}
-
-func TestUpdateProjects_FindMatchingRole(t *testing.T) {
-	clientset := fake.NewSimpleClientset(newProj("proj", "foo", "bar"))
-
-	modification, err := getModification("set", "*", "*", "allow")
-	assert.NoError(t, err)
-	err = updateProjects(clientset.ArgoprojV1alpha1().AppProjects(namespace), "*", "fo*", "set", modification, false)
-	assert.NoError(t, err)
-
-	proj, err := clientset.ArgoprojV1alpha1().AppProjects(namespace).Get("proj", v1.GetOptions{})
-	assert.NoError(t, err)
-	assert.EqualValues(t, proj.Spec.Roles[0].Policies, []string{"p, proj:proj:foo, *, set, proj/*, allow"})
-	assert.Len(t, proj.Spec.Roles[1].Policies, 0)
-}
-
-func TestGetModification_SetPolicy(t *testing.T) {
-	modification, err := getModification("set", "*", "*", "allow")
-	assert.NoError(t, err)
-	policy := modification("proj", "myaction")
-	assert.Equal(t, "*, myaction, proj/*, allow", policy)
-}
-
-func TestGetModification_RemovePolicy(t *testing.T) {
-	modification, err := getModification("remove", "*", "*", "allow")
-	assert.NoError(t, err)
-	policy := modification("proj", "myaction")
-	assert.Equal(t, "", policy)
-}
-
-func TestGetModification_NotSupported(t *testing.T) {
-	_, err := getModification("bar", "*", "*", "allow")
-	assert.Errorf(t, err, "modification bar is not supported")
-}

cmd/argocd-util/commands/settings.go

@@ -1,501 +0,0 @@
-package commands
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"reflect"
-	"sort"
-	"strings"
-
-	"k8s.io/client-go/kubernetes/fake"
-
-	"github.com/ghodss/yaml"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/tools/clientcmd"
-
-	"github.com/argoproj/argo-cd/common"
-	"github.com/argoproj/argo-cd/errors"
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/util/argo/normalizers"
-	"github.com/argoproj/argo-cd/util/cli"
-	"github.com/argoproj/argo-cd/util/diff"
-	"github.com/argoproj/argo-cd/util/health"
-	"github.com/argoproj/argo-cd/util/lua"
-	"github.com/argoproj/argo-cd/util/settings"
-)
-
-type settingsOpts struct {
-	argocdCMPath        string
-	argocdSecretPath    string
-	loadClusterSettings bool
-	clientConfig        clientcmd.ClientConfig
-}
-
-type commandContext interface {
-	createSettingsManager() (*settings.SettingsManager, error)
-}
-
-func collectLogs(callback func()) string {
-	log.SetLevel(log.DebugLevel)
-	out := bytes.Buffer{}
-	log.SetOutput(&out)
-	defer log.SetLevel(log.FatalLevel)
-	callback()
-	return out.String()
-}
-
-func setSettingsMeta(obj v1.Object) {
-	obj.SetNamespace("default")
-	labels := obj.GetLabels()
-	if labels == nil {
-		labels = make(map[string]string)
-	}
-	labels["app.kubernetes.io/part-of"] = "argocd"
-	obj.SetLabels(labels)
-}
-
-func (opts *settingsOpts) createSettingsManager() (*settings.SettingsManager, error) {
-	var argocdCM *corev1.ConfigMap
-	if opts.argocdCMPath == "" && !opts.loadClusterSettings {
-		return nil, fmt.Errorf("either --argocd-cm-path must be provided or --load-cluster-settings must be set to true")
-	} else if opts.argocdCMPath == "" {
-		realClientset, ns, err := opts.getK8sClient()
-		if err != nil {
-			return nil, err
-		}
-
-		argocdCM, err = realClientset.CoreV1().ConfigMaps(ns).Get(common.ArgoCDConfigMapName, v1.GetOptions{})
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		data, err := ioutil.ReadFile(opts.argocdCMPath)
-		if err != nil {
-			return nil, err
-		}
-		err = yaml.Unmarshal(data, &argocdCM)
-		if err != nil {
-			return nil, err
-		}
-	}
-	setSettingsMeta(argocdCM)
-
-	var argocdSecret *corev1.Secret
-	if opts.argocdSecretPath != "" {
-		data, err := ioutil.ReadFile(opts.argocdSecretPath)
-		if err != nil {
-			return nil, err
-		}
-		err = yaml.Unmarshal(data, &argocdSecret)
-		if err != nil {
-			return nil, err
-		}
-		setSettingsMeta(argocdSecret)
-	} else if opts.loadClusterSettings {
-		realClientset, ns, err := opts.getK8sClient()
-		if err != nil {
-			return nil, err
-		}
-		argocdSecret, err = realClientset.CoreV1().Secrets(ns).Get(common.ArgoCDSecretName, v1.GetOptions{})
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		argocdSecret = &corev1.Secret{
-			ObjectMeta: v1.ObjectMeta{
-				Name: common.ArgoCDSecretName,
-			},
-			Data: map[string][]byte{
-				"admin.password":   []byte("test"),
-				"server.secretkey": []byte("test"),
-			},
-		}
-	}
-	setSettingsMeta(argocdSecret)
-	clientset := fake.NewSimpleClientset(argocdSecret, argocdCM)
-
-	manager := settings.NewSettingsManager(context.Background(), clientset, "default")
-	errors.CheckError(manager.ResyncInformers())
-
-	return manager, nil
-}
-
-func (opts *settingsOpts) getK8sClient() (*kubernetes.Clientset, string, error) {
-	namespace, _, err := opts.clientConfig.Namespace()
-	if err != nil {
-		return nil, "", err
-	}
-
-	restConfig, err := opts.clientConfig.ClientConfig()
-	if err != nil {
-		return nil, "", err
-	}
-
-	realClientset, err := kubernetes.NewForConfig(restConfig)
-	if err != nil {
-		return nil, "", err
-	}
-	return realClientset, namespace, nil
-}
-
-func NewSettingsCommand() *cobra.Command {
-	var (
-		opts settingsOpts
-	)
-
-	var command = &cobra.Command{
-		Use:   "settings",
-		Short: "Provides set of commands for settings validation and troubleshooting",
-		Run: func(c *cobra.Command, args []string) {
-			c.HelpFunc()(c, args)
-		},
-	}
-	log.SetLevel(log.FatalLevel)
-
-	command.AddCommand(NewValidateSettingsCommand(&opts))
-	command.AddCommand(NewResourceOverridesCommand(&opts))
-
-	opts.clientConfig = cli.AddKubectlFlagsToCmd(command)
-	command.PersistentFlags().StringVar(&opts.argocdCMPath, "argocd-cm-path", "", "Path to local argocd-cm.yaml file")
-	command.PersistentFlags().StringVar(&opts.argocdSecretPath, "argocd-secret-path", "", "Path to local argocd-secret.yaml file")
-	command.PersistentFlags().BoolVar(&opts.loadClusterSettings, "load-cluster-settings", false,
-		"Indicates that config map and secret should be loaded from cluster unless local file path is provided")
-	return command
-}
-
-type settingValidator func(manager *settings.SettingsManager) (string, error)
-
-func joinValidators(validators ...settingValidator) settingValidator {
-	return func(manager *settings.SettingsManager) (string, error) {
-		var errorStrs []string
-		var summaries []string
-		for i := range validators {
-			summary, err := validators[i](manager)
-			if err != nil {
-				errorStrs = append(errorStrs, err.Error())
-			}
-			if summary != "" {
-				summaries = append(summaries, summary)
-			}
-		}
-		if len(errorStrs) > 0 {
-			return "", fmt.Errorf("%s", strings.Join(errorStrs, "\n"))
-		}
-		return strings.Join(summaries, "\n"), nil
-	}
-}
-
-var validatorsByGroup = map[string]settingValidator{
-	"general": joinValidators(func(manager *settings.SettingsManager) (string, error) {
-		general, err := manager.GetSettings()
-		if err != nil {
-			return "", err
-		}
-		ssoProvider := ""
-		if general.DexConfig != "" {
-			if _, err := settings.UnmarshalDexConfig(general.DexConfig); err != nil {
-				return "", fmt.Errorf("invalid dex.config: %v", err)
-			}
-			ssoProvider = "Dex"
-		} else if general.OIDCConfigRAW != "" {
-			if _, err := settings.UnmarshalOIDCConfig(general.OIDCConfigRAW); err != nil {
-				return "", fmt.Errorf("invalid oidc.config: %v", err)
-			}
-			ssoProvider = "OIDC"
-		}
-		var summary string
-		if ssoProvider != "" {
-			summary = fmt.Sprintf("%s is configured", ssoProvider)
-			if general.URL == "" {
-				summary = summary + " ('url' field is missing)"
-			}
-		} else if ssoProvider != "" && general.URL != "" {
-
-		} else {
-			summary = "SSO is not configured"
-		}
-		return summary, nil
-	}, func(manager *settings.SettingsManager) (string, error) {
-		_, err := manager.GetAppInstanceLabelKey()
-		return "", err
-	}, func(manager *settings.SettingsManager) (string, error) {
-		_, err := manager.GetHelp()
-		return "", err
-	}, func(manager *settings.SettingsManager) (string, error) {
-		_, err := manager.GetGoogleAnalytics()
-		return "", err
-	}),
-	"plugins": func(manager *settings.SettingsManager) (string, error) {
-		plugins, err := manager.GetConfigManagementPlugins()
-		if err != nil {
-			return "", err
-		}
-		return fmt.Sprintf("%d plugins", len(plugins)), nil
-	},
-	"kustomize": func(manager *settings.SettingsManager) (string, error) {
-		opts, err := manager.GetKustomizeSettings()
-		if err != nil {
-			return "", err
-		}
-		summary := "default options"
-		if opts.BuildOptions != "" {
-			summary = opts.BuildOptions
-		}
-		if len(opts.Versions) > 0 {
-			summary = fmt.Sprintf("%s (%d versions)", summary, len(opts.Versions))
-		}
-		return summary, err
-	},
-	"repositories": joinValidators(func(manager *settings.SettingsManager) (string, error) {
-		repos, err := manager.GetRepositories()
-		if err != nil {
-			return "", err
-		}
-		return fmt.Sprintf("%d repositories", len(repos)), nil
-	}, func(manager *settings.SettingsManager) (string, error) {
-		creds, err := manager.GetRepositoryCredentials()
-		if err != nil {
-			return "", err
-		}
-		return fmt.Sprintf("%d repository credentials", len(creds)), nil
-	}),
-	"accounts": func(manager *settings.SettingsManager) (string, error) {
-		accounts, err := manager.GetAccounts()
-		if err != nil {
-			return "", err
-		}
-		return fmt.Sprintf("%d accounts", len(accounts)), nil
-	},
-	"resource-overrides": func(manager *settings.SettingsManager) (string, error) {
-		overrides, err := manager.GetResourceOverrides()
-		if err != nil {
-			return "", err
-		}
-		return fmt.Sprintf("%d resource overrides", len(overrides)), nil
-	},
-}
-
-func NewValidateSettingsCommand(cmdCtx commandContext) *cobra.Command {
-	var (
-		groups []string
-	)
-
-	var allGroups []string
-	for k := range validatorsByGroup {
-		allGroups = append(allGroups, k)
-	}
-	sort.Slice(allGroups, func(i, j int) bool {
-		return allGroups[i] < allGroups[j]
-	})
-
-	var command = &cobra.Command{
-		Use:   "validate",
-		Short: "Validate settings",
-		Long:  "Validates settings specified in 'argocd-cm' ConfigMap and 'argocd-secret' Secret",
-		Example: `
-#Validates all settings in the specified YAML file
-argocd-util settings validate --argocd-cm-path ./argocd-cm.yaml
-
-#Validates accounts and plugins settings in Kubernetes cluster of current kubeconfig context
-argocd-util settings validate --group accounts --group plugins --load-cluster-settings`,
-		Run: func(c *cobra.Command, args []string) {
-			settingsManager, err := cmdCtx.createSettingsManager()
-			errors.CheckError(err)
-
-			if len(groups) == 0 {
-				groups = allGroups
-			}
-			for i, group := range groups {
-				validator := validatorsByGroup[group]
-
-				logs := collectLogs(func() {
-					summary, err := validator(settingsManager)
-
-					if err != nil {
-						_, _ = fmt.Fprintf(os.Stdout, "❌ %s\n", group)
-						_, _ = fmt.Fprintf(os.Stdout, "%s\n", err.Error())
-					} else {
-						_, _ = fmt.Fprintf(os.Stdout, "✅ %s\n", group)
-						if summary != "" {
-							_, _ = fmt.Fprintf(os.Stdout, "%s\n", summary)
-						}
-					}
-				})
-				if logs != "" {
-					_, _ = fmt.Fprintf(os.Stdout, "%s\n", logs)
-				}
-				if i != len(groups)-1 {
-					_, _ = fmt.Fprintf(os.Stdout, "\n")
-				}
-			}
-		},
-	}
-
-	command.Flags().StringArrayVar(&groups, "group", nil, fmt.Sprintf(
-		"Optional list of setting groups that have to be validated ( one of: %s)", strings.Join(allGroups, ", ")))
-
-	return command
-}
-
-func NewResourceOverridesCommand(cmdCtx commandContext) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "resource-overrides",
-		Short: "Troubleshoot resource overrides",
-		Run: func(c *cobra.Command, args []string) {
-			c.HelpFunc()(c, args)
-		},
-	}
-	command.AddCommand(NewResourceIgnoreDifferencesCommand(cmdCtx))
-	command.AddCommand(NewResourceActionCommand(cmdCtx))
-	command.AddCommand(NewResourceHealthCommand(cmdCtx))
-	return command
-}
-
-func executeResourceOverrideCommand(cmdCtx commandContext, args []string, callback func(res unstructured.Unstructured, override v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride)) {
-	data, err := ioutil.ReadFile(args[0])
-	errors.CheckError(err)
-
-	res := unstructured.Unstructured{}
-	errors.CheckError(yaml.Unmarshal(data, &res))
-
-	settingsManager, err := cmdCtx.createSettingsManager()
-	errors.CheckError(err)
-
-	overrides, err := settingsManager.GetResourceOverrides()
-	errors.CheckError(err)
-	gvk := res.GroupVersionKind()
-	key := gvk.Kind
-	if gvk.Group != "" {
-		key = fmt.Sprintf("%s/%s", gvk.Group, gvk.Kind)
-	}
-	override, hasOverride := overrides[key]
-	if !hasOverride {
-		_, _ = fmt.Printf("No overrides configured for '%s/%s'\n", gvk.Group, gvk.Kind)
-		return
-	}
-	callback(res, override, overrides)
-}
-
-func NewResourceIgnoreDifferencesCommand(cmdCtx commandContext) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "ignore-differences RESOURCE_YAML_PATH",
-		Short: "Renders fields excluded from diffing",
-		Long:  "Renders ignored fields using the 'ignoreDifferences' setting specified in the 'resource.customizations' field of 'argocd-cm' ConfigMap",
-		Example: `
-argocd-util settings resource-overrides ignore-differences ./deploy.yaml --argocd-cm-path ./argocd-cm.yaml`,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) < 1 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-
-			executeResourceOverrideCommand(cmdCtx, args, func(res unstructured.Unstructured, override v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride) {
-				gvk := res.GroupVersionKind()
-				if override.IgnoreDifferences == "" {
-					_, _ = fmt.Printf("Ignore differences are not configured for '%s/%s'\n", gvk.Group, gvk.Kind)
-					return
-				}
-
-				normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides)
-				errors.CheckError(err)
-
-				normalizedRes := res.DeepCopy()
-				logs := collectLogs(func() {
-					errors.CheckError(normalizer.Normalize(normalizedRes))
-				})
-				if logs != "" {
-					_, _ = fmt.Println(logs)
-				}
-
-				if reflect.DeepEqual(&res, normalizedRes) {
-					_, _ = fmt.Printf("No fields are ignored by ignoreDifferences settings: \n%s\n", override.IgnoreDifferences)
-					return
-				}
-
-				_, _ = fmt.Printf("Following fields are ignored:\n\n")
-				_ = diff.PrintDiff(res.GetName(), &res, normalizedRes)
-			})
-		},
-	}
-	return command
-}
-
-func NewResourceHealthCommand(cmdCtx commandContext) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "health RESOURCE_YAML_PATH",
-		Short: "Assess resource health",
-		Long:  "Assess resource health using the lua script configured in the 'resource.customizations' field of 'argocd-cm' ConfigMap",
-		Example: `
-argocd-util settings resource-overrides health ./deploy.yaml --argocd-cm-path ./argocd-cm.yaml`,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) < 1 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-
-			executeResourceOverrideCommand(cmdCtx, args, func(res unstructured.Unstructured, override v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride) {
-				gvk := res.GroupVersionKind()
-				if override.HealthLua == "" {
-					_, _ = fmt.Printf("Health script is not configured for '%s/%s'\n", gvk.Group, gvk.Kind)
-					return
-				}
-
-				resHealth, err := health.GetResourceHealth(&res, overrides)
-				errors.CheckError(err)
-
-				_, _ = fmt.Printf("STATUS: %s\n", resHealth.Status)
-				_, _ = fmt.Printf("MESSAGE: %s\n", resHealth.Message)
-			})
-		},
-	}
-	return command
-}
-
-func NewResourceActionCommand(cmdCtx commandContext) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "action RESOURCE_YAML_PATH ACTION",
-		Short: "Executes resource action",
-		Long:  "Executes resource action using the lua script configured in the 'resource.customizations' field of 'argocd-cm' ConfigMap and outputs updated fields",
-		Example: `
-argocd-util settings resource-overrides action /tmp/deploy.yaml restart --argocd-cm-path ./argocd-cm.yaml`,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) < 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			action := args[1]
-
-			executeResourceOverrideCommand(cmdCtx, args, func(res unstructured.Unstructured, override v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride) {
-				gvk := res.GroupVersionKind()
-				if override.Actions == "" {
-					_, _ = fmt.Printf("Actions are not configured for '%s/%s'\n", gvk.Group, gvk.Kind)
-					return
-				}
-
-				luaVM := lua.VM{ResourceOverrides: overrides}
-				action, err := luaVM.GetResourceAction(&res, action)
-				errors.CheckError(err)
-
-				modifiedRes, err := luaVM.ExecuteResourceAction(&res, action.ActionLua)
-				errors.CheckError(err)
-
-				if reflect.DeepEqual(&res, modifiedRes) {
-					_, _ = fmt.Printf("No fields had been changed by action: \n%s\n", action.Name)
-					return
-				}
-
-				_, _ = fmt.Printf("Following fields have been changed:\n\n")
-				_ = diff.PrintDiff(res.GetName(), &res, modifiedRes)
-			})
-		},
-	}
-	return command
-}

cmd/argocd-util/commands/settings_test.go

@@ -1,367 +0,0 @@
-package commands
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/argoproj/argo-cd/common"
-	"github.com/argoproj/argo-cd/util"
-	"github.com/argoproj/argo-cd/util/settings"
-
-	"github.com/stretchr/testify/assert"
-	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes/fake"
-)
-
-func captureStdout(callback func()) (string, error) {
-	oldStdout := os.Stdout
-	oldStderr := os.Stderr
-	r, w, err := os.Pipe()
-	if err != nil {
-		return "", err
-	}
-	os.Stdout = w
-	defer func() {
-		os.Stdout = oldStdout
-		os.Stderr = oldStderr
-	}()
-
-	callback()
-	util.Close(w)
-
-	data, err := ioutil.ReadAll(r)
-
-	if err != nil {
-		return "", err
-	}
-	return string(data), err
-}
-
-func newSettingsManager(data map[string]string) *settings.SettingsManager {
-	clientset := fake.NewSimpleClientset(&v1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: "default",
-			Name:      common.ArgoCDConfigMapName,
-			Labels: map[string]string{
-				"app.kubernetes.io/part-of": "argocd",
-			},
-		},
-		Data: data,
-	}, &v1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: "default",
-			Name:      common.ArgoCDSecretName,
-		},
-		Data: map[string][]byte{
-			"admin.password":   []byte("test"),
-			"server.secretkey": []byte("test"),
-		},
-	})
-	return settings.NewSettingsManager(context.Background(), clientset, "default")
-}
-
-type fakeCmdContext struct {
-	mgr *settings.SettingsManager
-	// nolint:unused,structcheck
-	out bytes.Buffer
-}
-
-func newCmdContext(data map[string]string) *fakeCmdContext {
-	return &fakeCmdContext{mgr: newSettingsManager(data)}
-}
-
-func (ctx *fakeCmdContext) createSettingsManager() (*settings.SettingsManager, error) {
-	return ctx.mgr, nil
-}
-
-type validatorTestCase struct {
-	validator       string
-	data            map[string]string
-	containsSummary string
-	containsError   string
-}
-
-func TestCreateSettingsManager(t *testing.T) {
-	f, closer, err := tempFile(`apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-cm
-data:
-  url: https://myargocd.com`)
-	if !assert.NoError(t, err) {
-		return
-	}
-	defer util.Close(closer)
-
-	opts := settingsOpts{argocdCMPath: f}
-	settingsManager, err := opts.createSettingsManager()
-
-	if !assert.NoError(t, err) {
-		return
-	}
-
-	argoCDSettings, err := settingsManager.GetSettings()
-	if !assert.NoError(t, err) {
-		return
-	}
-
-	assert.Equal(t, "https://myargocd.com", argoCDSettings.URL)
-}
-
-func TestValidator(t *testing.T) {
-	testCases := map[string]validatorTestCase{
-		"General_SSOIsNotConfigured": {
-			validator: "general", containsSummary: "SSO is not configured",
-		},
-		"General_DexInvalidConfig": {
-			validator:     "general",
-			data:          map[string]string{"dex.config": "abcdefg"},
-			containsError: "invalid dex.config",
-		},
-		"General_OIDCConfigured": {
-			validator: "general",
-			data: map[string]string{
-				"url": "https://myargocd.com",
-				"oidc.config": `
-name: Okta
-issuer: https://dev-123456.oktapreview.com
-clientID: aaaabbbbccccddddeee
-clientSecret: aaaabbbbccccddddeee`,
-			},
-			containsSummary: "OIDC is configured",
-		},
-		"General_DexConfiguredMissingURL": {
-			validator: "general",
-			data: map[string]string{
-				"dex.config": `connectors:
-- type: github
-  name: GitHub
-  config:
-    clientID: aabbccddeeff00112233
-    clientSecret: aabbccddeeff00112233`,
-			},
-			containsSummary: "Dex is configured ('url' field is missing)",
-		},
-		"Plugins_ValidConfig": {
-			validator: "plugins",
-			data: map[string]string{
-				"configManagementPlugins": `[{"name": "test1"}, {"name": "test2"}]`,
-			},
-			containsSummary: "2 plugins",
-		},
-		"Kustomize_ModifiedOptions": {
-			validator:       "kustomize",
-			containsSummary: "default options",
-		},
-		"Kustomize_DefaultOptions": {
-			validator: "kustomize",
-			data: map[string]string{
-				"kustomize.buildOptions":  "updated-options (2 versions)",
-				"kustomize.versions.v123": "binary-123",
-				"kustomize.versions.v321": "binary-321",
-			},
-			containsSummary: "updated-options",
-		},
-		"Repositories": {
-			validator: "repositories",
-			data: map[string]string{
-				"repositories": `
-- url: https://github.com/argoproj/my-private-repository1
-- url: https://github.com/argoproj/my-private-repository2`,
-			},
-			containsSummary: "2 repositories",
-		},
-		"Accounts": {
-			validator: "accounts",
-			data: map[string]string{
-				"accounts.user1": "apiKey, login",
-				"accounts.user2": "login",
-				"accounts.user3": "apiKey",
-			},
-			containsSummary: "4 accounts",
-		},
-		"ResourceOverrides": {
-			validator: "resource-overrides",
-			data: map[string]string{
-				"resource.customizations": `
-admissionregistration.k8s.io/MutatingWebhookConfiguration:
-  ignoreDifferences: |
-  jsonPointers:
-  - /webhooks/0/clientConfig/caBundle`,
-			},
-			containsSummary: "1 resource overrides",
-		},
-	}
-	for name := range testCases {
-		tc := testCases[name]
-		t.Run(name, func(t *testing.T) {
-			validator, ok := validatorsByGroup[tc.validator]
-			if !assert.True(t, ok) {
-				return
-			}
-			summary, err := validator(newSettingsManager(tc.data))
-			if tc.containsSummary != "" {
-				assert.NoError(t, err)
-				assert.Contains(t, summary, tc.containsSummary)
-			} else if tc.containsError != "" {
-				if assert.Error(t, err) {
-					assert.Contains(t, err.Error(), tc.containsError)
-				}
-			}
-		})
-	}
-}
-
-const (
-	testDeploymentYAML = `apiVersion: v1
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-deployment
-  labels:
-    app: nginx
-spec:
-  replicas: 0`
-)
-
-func tempFile(content string) (string, io.Closer, error) {
-	f, err := ioutil.TempFile("", "*.yaml")
-	if err != nil {
-		return "", nil, err
-	}
-	_, err = f.Write([]byte(content))
-	if err != nil {
-		_ = os.Remove(f.Name())
-		return "", nil, err
-	}
-	return f.Name(), util.NewCloser(func() error {
-		return os.Remove(f.Name())
-	}), nil
-}
-
-func TestValidateSettingsCommand_NoErrors(t *testing.T) {
-	cmd := NewValidateSettingsCommand(newCmdContext(map[string]string{}))
-	out, err := captureStdout(func() {
-		err := cmd.Execute()
-		assert.NoError(t, err)
-	})
-
-	assert.NoError(t, err)
-	for k := range validatorsByGroup {
-		assert.Contains(t, out, fmt.Sprintf("✅ %s", k))
-	}
-}
-
-func TestResourceOverrideIgnoreDifferences(t *testing.T) {
-	f, closer, err := tempFile(testDeploymentYAML)
-	if !assert.NoError(t, err) {
-		return
-	}
-	defer util.Close(closer)
-
-	t.Run("NoOverridesConfigured", func(t *testing.T) {
-		cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{}))
-		out, err := captureStdout(func() {
-			cmd.SetArgs([]string{"ignore-differences", f})
-			err := cmd.Execute()
-			assert.NoError(t, err)
-		})
-		assert.NoError(t, err)
-		assert.Contains(t, out, "No overrides configured")
-	})
-
-	t.Run("DataIgnored", func(t *testing.T) {
-		cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{
-			"resource.customizations": `apps/Deployment:
-  ignoreDifferences: |
-    jsonPointers:
-    - /spec`}))
-		out, err := captureStdout(func() {
-			cmd.SetArgs([]string{"ignore-differences", f})
-			err := cmd.Execute()
-			assert.NoError(t, err)
-		})
-		assert.NoError(t, err)
-		assert.Contains(t, out, "< spec:")
-	})
-}
-
-func TestResourceOverrideHealth(t *testing.T) {
-	f, closer, err := tempFile(testDeploymentYAML)
-	if !assert.NoError(t, err) {
-		return
-	}
-	defer util.Close(closer)
-
-	t.Run("NoHealthAssessment", func(t *testing.T) {
-		cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{
-			"resource.customizations": `apps/Deployment: {}`}))
-		out, err := captureStdout(func() {
-			cmd.SetArgs([]string{"health", f})
-			err := cmd.Execute()
-			assert.NoError(t, err)
-		})
-		assert.NoError(t, err)
-		assert.Contains(t, out, "Health script is not configured")
-	})
-
-	t.Run("HealthAssessmentConfigured", func(t *testing.T) {
-		cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{
-			"resource.customizations": `apps/Deployment:
-  health.lua: |
-    return { status = "Progressing" }
-`}))
-		out, err := captureStdout(func() {
-			cmd.SetArgs([]string{"health", f})
-			err := cmd.Execute()
-			assert.NoError(t, err)
-		})
-		assert.NoError(t, err)
-		assert.Contains(t, out, "Progressing")
-	})
-}
-
-func TestResourceOverrideAction(t *testing.T) {
-	f, closer, err := tempFile(testDeploymentYAML)
-	if !assert.NoError(t, err) {
-		return
-	}
-	defer util.Close(closer)
-
-	t.Run("NoActions", func(t *testing.T) {
-		cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{
-			"resource.customizations": `apps/Deployment: {}`}))
-		out, err := captureStdout(func() {
-			cmd.SetArgs([]string{"action", f, "test"})
-			err := cmd.Execute()
-			assert.NoError(t, err)
-		})
-		assert.NoError(t, err)
-		assert.Contains(t, out, "Actions are not configured")
-	})
-
-	t.Run("HealthAssessmentConfigured", func(t *testing.T) {
-		cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{
-			"resource.customizations": `apps/Deployment:
-  actions: |
-    definitions:
-    - name: test
-      action.lua: |
-        obj.metadata.labels["test"] = 'updated'
-        return obj
-`}))
-		out, err := captureStdout(func() {
-			cmd.SetArgs([]string{"action", f, "test"})
-			err := cmd.Execute()
-			assert.NoError(t, err)
-		})
-		assert.NoError(t, err)
-		assert.Contains(t, out, "test: updated")
-	})
-}

cmd/argocd-util/main.go

@@ -8,7 +8,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
-	"reflect"
+	"regexp"
 	"syscall"
 
 	"github.com/ghodss/yaml"
@@ -24,8 +24,9 @@ import (
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 
-	"github.com/argoproj/argo-cd/cmd/argocd-util/commands"
 	"github.com/argoproj/argo-cd/common"
+	"github.com/argoproj/argo-cd/util"
+
 	"github.com/argoproj/argo-cd/errors"
 	"github.com/argoproj/argo-cd/util/cli"
 	"github.com/argoproj/argo-cd/util/db"
@@ -73,8 +74,6 @@ func NewCommand() *cobra.Command {
 	command.AddCommand(NewImportCommand())
 	command.AddCommand(NewExportCommand())
 	command.AddCommand(NewClusterConfig())
-	command.AddCommand(commands.NewProjectsCommand())
-	command.AddCommand(commands.NewSettingsCommand())
 
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	return command
@@ -110,7 +109,7 @@ func NewRunDexCommand() *cobra.Command {
 				} else {
 					err = ioutil.WriteFile("/tmp/dex.yaml", dexCfgBytes, 0644)
 					errors.CheckError(err)
-					log.Debug(redactor(string(dexCfgBytes)))
+					log.Info(redactor(string(dexCfgBytes)))
 					cmd = exec.Command("dex", "serve", "/tmp/dex.yaml")
 					cmd.Stdout = os.Stdout
 					cmd.Stderr = os.Stderr
@@ -221,7 +220,6 @@ func NewImportCommand() *cobra.Command {
 				os.Exit(1)
 			}
 			config, err := clientConfig.ClientConfig()
-			errors.CheckError(err)
 			config.QPS = 100
 			config.Burst = 50
 			errors.CheckError(err)
@@ -244,49 +242,43 @@ func NewImportCommand() *cobra.Command {
 			// pruneObjects tracks live objects and it's current resource version. any remaining
 			// items in this map indicates the resource should be pruned since it no longer appears
 			// in the backup
-			pruneObjects := make(map[kube.ResourceKey]unstructured.Unstructured)
+			pruneObjects := make(map[kube.ResourceKey]string)
 			configMaps, err := acdClients.configMaps.List(metav1.ListOptions{})
 			errors.CheckError(err)
-			// referencedSecrets holds any secrets referenced in the argocd-cm configmap. These
-			// secrets need to be imported too
-			var referencedSecrets map[string]bool
 			for _, cm := range configMaps.Items {
-				if isArgoCDConfigMap(cm.GetName()) {
-					pruneObjects[kube.ResourceKey{Group: "", Kind: "ConfigMap", Name: cm.GetName()}] = cm
-				}
-				if cm.GetName() == common.ArgoCDConfigMapName {
-					referencedSecrets = getReferencedSecrets(cm)
+				cmName := cm.GetName()
+				if cmName == common.ArgoCDConfigMapName || cmName == common.ArgoCDRBACConfigMapName {
+					pruneObjects[kube.ResourceKey{Group: "", Kind: "ConfigMap", Name: cm.GetName()}] = cm.GetResourceVersion()
 				}
 			}
-
 			secrets, err := acdClients.secrets.List(metav1.ListOptions{})
 			errors.CheckError(err)
 			for _, secret := range secrets.Items {
-				if isArgoCDSecret(referencedSecrets, secret) {
-					pruneObjects[kube.ResourceKey{Group: "", Kind: "Secret", Name: secret.GetName()}] = secret
+				if isArgoCDSecret(nil, secret) {
+					pruneObjects[kube.ResourceKey{Group: "", Kind: "Secret", Name: secret.GetName()}] = secret.GetResourceVersion()
 				}
 			}
 			applications, err := acdClients.applications.List(metav1.ListOptions{})
 			errors.CheckError(err)
 			for _, app := range applications.Items {
-				pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "Application", Name: app.GetName()}] = app
+				pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "Application", Name: app.GetName()}] = app.GetResourceVersion()
 			}
 			projects, err := acdClients.projects.List(metav1.ListOptions{})
 			errors.CheckError(err)
 			for _, proj := range projects.Items {
-				pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "AppProject", Name: proj.GetName()}] = proj
+				pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "AppProject", Name: proj.GetName()}] = proj.GetResourceVersion()
 			}
 
 			// Create or replace existing object
-			backupObjects, err := kube.SplitYAML(string(input))
+			objs, err := kube.SplitYAML(string(input))
 			errors.CheckError(err)
-			for _, bakObj := range backupObjects {
-				gvk := bakObj.GroupVersionKind()
-				key := kube.ResourceKey{Group: gvk.Group, Kind: gvk.Kind, Name: bakObj.GetName()}
-				liveObj, exists := pruneObjects[key]
+			for _, obj := range objs {
+				gvk := obj.GroupVersionKind()
+				key := kube.ResourceKey{Group: gvk.Group, Kind: gvk.Kind, Name: obj.GetName()}
+				resourceVersion, exists := pruneObjects[key]
 				delete(pruneObjects, key)
 				var dynClient dynamic.ResourceInterface
-				switch bakObj.GetKind() {
+				switch obj.GetKind() {
 				case "Secret":
 					dynClient = acdClients.secrets
 				case "ConfigMap":
@@ -298,19 +290,17 @@ func NewImportCommand() *cobra.Command {
 				}
 				if !exists {
 					if !dryRun {
-						_, err = dynClient.Create(bakObj, metav1.CreateOptions{})
+						_, err = dynClient.Create(obj, metav1.CreateOptions{})
 						errors.CheckError(err)
 					}
-					fmt.Printf("%s/%s %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg)
-				} else if specsEqual(*bakObj, liveObj) {
-					fmt.Printf("%s/%s %s unchanged%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg)
+					fmt.Printf("%s/%s %s created%s\n", gvk.Group, gvk.Kind, obj.GetName(), dryRunMsg)
 				} else {
 					if !dryRun {
-						newLive := updateLive(bakObj, &liveObj)
-						_, err = dynClient.Update(newLive, metav1.UpdateOptions{})
+						obj.SetResourceVersion(resourceVersion)
+						_, err = dynClient.Update(obj, metav1.UpdateOptions{})
 						errors.CheckError(err)
 					}
-					fmt.Printf("%s/%s %s updated%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg)
+					fmt.Printf("%s/%s %s replaced%s\n", gvk.Group, gvk.Kind, obj.GetName(), dryRunMsg)
 				}
 			}
 
@@ -386,14 +376,8 @@ func NewExportCommand() *cobra.Command {
 			} else {
 				f, err := os.Create(out)
 				errors.CheckError(err)
-				bw := bufio.NewWriter(f)
-				writer = bw
-				defer func() {
-					err = bw.Flush()
-					errors.CheckError(err)
-					err = f.Close()
-					errors.CheckError(err)
-				}()
+				defer util.Close(f)
+				writer = bufio.NewWriter(f)
 			}
 
 			acdClients := newArgoCDClientsets(config, namespace)
@@ -444,37 +428,11 @@ func getReferencedSecrets(un unstructured.Unstructured) map[string]bool {
 	err := runtime.DefaultUnstructuredConverter.FromUnstructured(un.Object, &cm)
 	errors.CheckError(err)
 	referencedSecrets := make(map[string]bool)
-
-	// Referenced repository secrets
 	if reposRAW, ok := cm.Data["repositories"]; ok {
-		repos := make([]settings.Repository, 0)
-		err := yaml.Unmarshal([]byte(reposRAW), &repos)
+		repoCreds := make([]settings.RepoCredentials, 0)
+		err := yaml.Unmarshal([]byte(reposRAW), &repoCreds)
 		errors.CheckError(err)
-		for _, cred := range repos {
-			if cred.PasswordSecret != nil {
-				referencedSecrets[cred.PasswordSecret.Name] = true
-			}
-			if cred.SSHPrivateKeySecret != nil {
-				referencedSecrets[cred.SSHPrivateKeySecret.Name] = true
-			}
-			if cred.UsernameSecret != nil {
-				referencedSecrets[cred.UsernameSecret.Name] = true
-			}
-			if cred.TLSClientCertDataSecret != nil {
-				referencedSecrets[cred.TLSClientCertDataSecret.Name] = true
-			}
-			if cred.TLSClientCertKeySecret != nil {
-				referencedSecrets[cred.TLSClientCertKeySecret.Name] = true
-			}
-		}
-	}
-
-	// Referenced repository credentials secrets
-	if reposRAW, ok := cm.Data["repository.credentials"]; ok {
-		creds := make([]settings.RepositoryCredentials, 0)
-		err := yaml.Unmarshal([]byte(reposRAW), &creds)
-		errors.CheckError(err)
-		for _, cred := range creds {
+		for _, cred := range repoCreds {
 			if cred.PasswordSecret != nil {
 				referencedSecrets[cred.PasswordSecret.Name] = true
 			}
@@ -520,73 +478,6 @@ func isArgoCDSecret(repoSecretRefs map[string]bool, un unstructured.Unstructured
 	return false
 }
 
-// isArgoCDConfigMap returns true if the configmap name is one of argo cd's well known configmaps
-func isArgoCDConfigMap(name string) bool {
-	switch name {
-	case common.ArgoCDConfigMapName, common.ArgoCDRBACConfigMapName, common.ArgoCDKnownHostsConfigMapName, common.ArgoCDTLSCertsConfigMapName:
-		return true
-	}
-	return false
-
-}
-
-// specsEqual returns if the spec, data, labels, annotations, and finalizers of the two
-// supplied objects are equal, indicating that no update is necessary during importing
-func specsEqual(left, right unstructured.Unstructured) bool {
-	if !reflect.DeepEqual(left.GetAnnotations(), right.GetAnnotations()) {
-		return false
-	}
-	if !reflect.DeepEqual(left.GetLabels(), right.GetLabels()) {
-		return false
-	}
-	if !reflect.DeepEqual(left.GetFinalizers(), right.GetFinalizers()) {
-		return false
-	}
-	switch left.GetKind() {
-	case "Secret", "ConfigMap":
-		leftData, _, _ := unstructured.NestedMap(left.Object, "data")
-		rightData, _, _ := unstructured.NestedMap(right.Object, "data")
-		return reflect.DeepEqual(leftData, rightData)
-	case "AppProject":
-		leftSpec, _, _ := unstructured.NestedMap(left.Object, "spec")
-		rightSpec, _, _ := unstructured.NestedMap(right.Object, "spec")
-		return reflect.DeepEqual(leftSpec, rightSpec)
-	case "Application":
-		leftSpec, _, _ := unstructured.NestedMap(left.Object, "spec")
-		rightSpec, _, _ := unstructured.NestedMap(right.Object, "spec")
-		leftStatus, _, _ := unstructured.NestedMap(left.Object, "status")
-		rightStatus, _, _ := unstructured.NestedMap(right.Object, "status")
-		// reconciledAt and observedAt are constantly changing and we ignore any diff there
-		delete(leftStatus, "reconciledAt")
-		delete(rightStatus, "reconciledAt")
-		delete(leftStatus, "observedAt")
-		delete(rightStatus, "observedAt")
-		return reflect.DeepEqual(leftSpec, rightSpec) && reflect.DeepEqual(leftStatus, rightStatus)
-	}
-	return false
-}
-
-// updateLive replaces the live object's finalizers, spec, annotations, labels, and data from the
-// backup object but leaves all other fields intact (status, other metadata, etc...)
-func updateLive(bak, live *unstructured.Unstructured) *unstructured.Unstructured {
-	newLive := live.DeepCopy()
-	newLive.SetAnnotations(bak.GetAnnotations())
-	newLive.SetLabels(bak.GetLabels())
-	newLive.SetFinalizers(bak.GetFinalizers())
-	switch live.GetKind() {
-	case "Secret", "ConfigMap":
-		newLive.Object["data"] = bak.Object["data"]
-	case "AppProject":
-		newLive.Object["spec"] = bak.Object["spec"]
-	case "Application":
-		newLive.Object["spec"] = bak.Object["spec"]
-		if _, ok := bak.Object["status"]; ok {
-			newLive.Object["status"] = bak.Object["status"]
-		}
-	}
-	return newLive
-}
-
 // export writes the unstructured object and removes extraneous cruft from output before writing
 func export(w io.Writer, un unstructured.Unstructured) {
 	name := un.GetName()
@@ -634,7 +525,7 @@ func NewClusterConfig() *cobra.Command {
 
 			cluster, err := db.NewDB(namespace, settings.NewSettingsManager(context.Background(), kubeclientset, namespace), kubeclientset).GetCluster(context.Background(), serverUrl)
 			errors.CheckError(err)
-			err = kube.WriteKubeConfig(cluster.RawRestConfig(), namespace, output)
+			err = kube.WriteKubeConfig(cluster.RESTConfig(), namespace, output)
 			errors.CheckError(err)
 		},
 	}
@@ -642,36 +533,9 @@ func NewClusterConfig() *cobra.Command {
 	return command
 }
 
-func iterateStringFields(obj interface{}, callback func(name string, val string) string) {
-	if mapField, ok := obj.(map[string]interface{}); ok {
-		for field, val := range mapField {
-			if strVal, ok := val.(string); ok {
-				mapField[field] = callback(field, strVal)
-			} else {
-				iterateStringFields(val, callback)
-			}
-		}
-	} else if arrayField, ok := obj.([]interface{}); ok {
-		for i := range arrayField {
-			iterateStringFields(arrayField[i], callback)
-		}
-	}
-}
-
 func redactor(dirtyString string) string {
-	config := make(map[string]interface{})
-	err := yaml.Unmarshal([]byte(dirtyString), &config)
-	errors.CheckError(err)
-	iterateStringFields(config, func(name string, val string) string {
-		if name == "clientSecret" || name == "secret" || name == "bindPW" {
-			return "********"
-		} else {
-			return val
-		}
-	})
-	data, err := yaml.Marshal(config)
-	errors.CheckError(err)
-	return string(data)
+	dirtyString = regexp.MustCompile("(clientSecret: )[^ \n]*").ReplaceAllString(dirtyString, "$1********")
+	return regexp.MustCompile("(secret: )[^ \n]*").ReplaceAllString(dirtyString, "$1********")
 }
 
 func main() {

cmd/argocd-util/main_test.go

@@ -7,28 +7,17 @@ import (
 )
 
 var textToRedact = `
-connectors:
 - config:
     clientID: aabbccddeeff00112233
-    clientSecret: |
-      theSecret
+    clientSecret: $dex.github.clientSecret
     orgs:
     - name: your-github-org
     redirectURI: https://argocd.example.com/api/dex/callback
   id: github
   name: GitHub
   type: github
-- config:
-    bindDN: uid=serviceaccount,cn=users,dc=example,dc=com
-    bindPW: theSecret
-    host: ldap.example.com:636
-  id: ldap
-  name: LDAP
-  type: ldap
 grpc:
   addr: 0.0.0.0:5557
-telemetry:
-  http: 0.0.0.0:5558
 issuer: https://argocd.example.com/api/dex
 oauth2:
   skipApprovalScreen: true
@@ -48,23 +37,16 @@ storage:
 web:
   http: 0.0.0.0:5556`
 
-var expectedRedaction = `connectors:
+var expectedRedaction = `
 - config:
     clientID: aabbccddeeff00112233
-    clientSecret: '********'
+    clientSecret: ********
     orgs:
     - name: your-github-org
     redirectURI: https://argocd.example.com/api/dex/callback
   id: github
   name: GitHub
   type: github
-- config:
-    bindDN: uid=serviceaccount,cn=users,dc=example,dc=com
-    bindPW: '********'
-    host: ldap.example.com:636
-  id: ldap
-  name: LDAP
-  type: ldap
 grpc:
   addr: 0.0.0.0:5557
 issuer: https://argocd.example.com/api/dex
@@ -75,7 +57,7 @@ staticClients:
   name: Argo CD
   redirectURIs:
   - https://argocd.example.com/auth/callback
-  secret: '********'
+  secret: ********
 - id: argo-cd-cli
   name: Argo CD CLI
   public: true
@@ -83,11 +65,8 @@ staticClients:
   - http://localhost
 storage:
   type: memory
-telemetry:
-  http: 0.0.0.0:5558
 web:
-  http: 0.0.0.0:5556
-`
+  http: 0.0.0.0:5556`
 
 func TestSecretsRedactor(t *testing.T) {
 	assert.Equal(t, expectedRedaction, redactor(textToRedact))

cmd/argocd/commands/account.go

@@ -5,12 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
-	"text/tabwriter"
-	"time"
+	"syscall"
 
-	timeutil "github.com/argoproj/pkg/time"
 	"github.com/ghodss/yaml"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -20,11 +17,9 @@ import (
 	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
 	accountpkg "github.com/argoproj/argo-cd/pkg/apiclient/account"
 	"github.com/argoproj/argo-cd/pkg/apiclient/session"
-	"github.com/argoproj/argo-cd/server/rbacpolicy"
 	"github.com/argoproj/argo-cd/util"
 	"github.com/argoproj/argo-cd/util/cli"
 	"github.com/argoproj/argo-cd/util/localconfig"
-	sessionutil "github.com/argoproj/argo-cd/util/session"
 )
 
 func NewAccountCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
@@ -38,17 +33,11 @@ func NewAccountCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	}
 	command.AddCommand(NewAccountUpdatePasswordCommand(clientOpts))
 	command.AddCommand(NewAccountGetUserInfoCommand(clientOpts))
-	command.AddCommand(NewAccountCanICommand(clientOpts))
-	command.AddCommand(NewAccountListCommand(clientOpts))
-	command.AddCommand(NewAccountGenerateTokenCommand(clientOpts))
-	command.AddCommand(NewAccountGetCommand(clientOpts))
-	command.AddCommand(NewAccountDeleteTokenCommand(clientOpts))
 	return command
 }
 
 func NewAccountUpdatePasswordCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
-		account         string
 		currentPassword string
 		newPassword     string
 	)
@@ -60,20 +49,14 @@ func NewAccountUpdatePasswordCommand(clientOpts *argocdclient.ClientOptions) *co
 				c.HelpFunc()(c, args)
 				os.Exit(1)
 			}
-			acdClient := argocdclient.NewClientOrDie(clientOpts)
-			conn, usrIf := acdClient.NewAccountClientOrDie()
-			defer util.Close(conn)
 
-			userInfo := getCurrentAccount(acdClient)
-
-			if userInfo.Iss == sessionutil.SessionManagerClaimsIssuer && currentPassword == "" {
+			if currentPassword == "" {
 				fmt.Print("*** Enter current password: ")
-				password, err := terminal.ReadPassword(int(os.Stdin.Fd()))
+				password, err := terminal.ReadPassword(syscall.Stdin)
 				errors.CheckError(err)
 				currentPassword = string(password)
 				fmt.Print("\n")
 			}
-
 			if newPassword == "" {
 				var err error
 				newPassword, err = cli.ReadAndConfirmPassword()
@@ -83,37 +66,37 @@ func NewAccountUpdatePasswordCommand(clientOpts *argocdclient.ClientOptions) *co
 			updatePasswordRequest := accountpkg.UpdatePasswordRequest{
 				NewPassword:     newPassword,
 				CurrentPassword: currentPassword,
-				Name:            account,
 			}
 
+			acdClient := argocdclient.NewClientOrDie(clientOpts)
+			conn, usrIf := acdClient.NewAccountClientOrDie()
+			defer util.Close(conn)
+
 			ctx := context.Background()
 			_, err := usrIf.UpdatePassword(ctx, &updatePasswordRequest)
 			errors.CheckError(err)
 			fmt.Printf("Password updated\n")
 
-			if account == "" || account == userInfo.Username {
-				// Get a new JWT token after updating the password
-				localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath)
-				errors.CheckError(err)
-				configCtx, err := localCfg.ResolveContext(clientOpts.Context)
-				errors.CheckError(err)
-				claims, err := configCtx.User.Claims()
-				errors.CheckError(err)
-				tokenString := passwordLogin(acdClient, claims.Subject, newPassword)
-				localCfg.UpsertUser(localconfig.User{
-					Name:      localCfg.CurrentContext,
-					AuthToken: tokenString,
-				})
-				err = localconfig.WriteLocalConfig(*localCfg, clientOpts.ConfigPath)
-				errors.CheckError(err)
-				fmt.Printf("Context '%s' updated\n", localCfg.CurrentContext)
-			}
+			// Get a new JWT token after updating the password
+			localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath)
+			errors.CheckError(err)
+			configCtx, err := localCfg.ResolveContext(clientOpts.Context)
+			errors.CheckError(err)
+			claims, err := configCtx.User.Claims()
+			errors.CheckError(err)
+			tokenString := passwordLogin(acdClient, claims.Subject, newPassword)
+			localCfg.UpsertUser(localconfig.User{
+				Name:      localCfg.CurrentContext,
+				AuthToken: tokenString,
+			})
+			err = localconfig.WriteLocalConfig(*localCfg, clientOpts.ConfigPath)
+			errors.CheckError(err)
+			fmt.Printf("Context '%s' updated\n", localCfg.CurrentContext)
 		},
 	}
 
 	command.Flags().StringVar(&currentPassword, "current-password", "", "current password you wish to change")
 	command.Flags().StringVar(&newPassword, "new-password", "", "new password you want to update to")
-	command.Flags().StringVar(&account, "account", "", "an account name that should be updated. Defaults to current user account")
 	return command
 }
 
@@ -161,240 +144,3 @@ func NewAccountGetUserInfoCommand(clientOpts *argocdclient.ClientOptions) *cobra
 	command.Flags().StringVarP(&output, "output", "o", "", "Output format. One of: yaml, json")
 	return command
 }
-
-func NewAccountCanICommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	return &cobra.Command{
-		Use:   "can-i ACTION RESOURCE SUBRESOURCE",
-		Short: "Can I",
-		Example: fmt.Sprintf(`
-# Can I sync any app?
-argocd account can-i sync applications '*'
-
-# Can I update a project?
-argocd account can-i update projects 'default'
-
-# Can I create a cluster?
-argocd account can-i create clusters '*'
-
-Actions: %v
-Resources: %v
-`, rbacpolicy.Resources, rbacpolicy.Actions),
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 3 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-
-			conn, client := argocdclient.NewClientOrDie(clientOpts).NewAccountClientOrDie()
-			defer util.Close(conn)
-
-			ctx := context.Background()
-			response, err := client.CanI(ctx, &accountpkg.CanIRequest{
-				Action:      args[0],
-				Resource:    args[1],
-				Subresource: args[2],
-			})
-			errors.CheckError(err)
-			fmt.Println(response.Value)
-		},
-	}
-}
-
-func printAccountNames(accounts []*accountpkg.Account) {
-	for _, p := range accounts {
-		fmt.Println(p.Name)
-	}
-}
-
-func printAccountsTable(items []*accountpkg.Account) {
-	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-	fmt.Fprintf(w, "NAME\tENABLED\tCAPABILITIES\n")
-	for _, a := range items {
-		fmt.Fprintf(w, "%s\t%v\t%s\n", a.Name, a.Enabled, strings.Join(a.Capabilities, ", "))
-	}
-	_ = w.Flush()
-}
-
-func NewAccountListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		output string
-	)
-	cmd := &cobra.Command{
-		Use:     "list",
-		Short:   "List accounts",
-		Example: "argocd account list",
-		Run: func(c *cobra.Command, args []string) {
-
-			conn, client := argocdclient.NewClientOrDie(clientOpts).NewAccountClientOrDie()
-			defer util.Close(conn)
-
-			ctx := context.Background()
-			response, err := client.ListAccounts(ctx, &accountpkg.ListAccountRequest{})
-
-			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(response.Items, output, false)
-				errors.CheckError(err)
-			case "name":
-				printAccountNames(response.Items)
-			case "wide", "":
-				printAccountsTable(response.Items)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
-			}
-		},
-	}
-	cmd.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|name")
-	return cmd
-}
-
-func getCurrentAccount(clientset argocdclient.Client) session.GetUserInfoResponse {
-	conn, client := clientset.NewSessionClientOrDie()
-	defer util.Close(conn)
-	userInfo, err := client.GetUserInfo(context.Background(), &session.GetUserInfoRequest{})
-	errors.CheckError(err)
-	return *userInfo
-}
-
-func NewAccountGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		output  string
-		account string
-	)
-	cmd := &cobra.Command{
-		Use:   "get",
-		Short: "Get account details",
-		Example: `# Get the currently logged in account details
-argocd account get
-
-# Get details for an account by name
-argocd account get --account <account-name>`,
-		Run: func(c *cobra.Command, args []string) {
-			clientset := argocdclient.NewClientOrDie(clientOpts)
-
-			if account == "" {
-				account = getCurrentAccount(clientset).Username
-			}
-
-			conn, client := clientset.NewAccountClientOrDie()
-			defer util.Close(conn)
-
-			acc, err := client.GetAccount(context.Background(), &accountpkg.GetAccountRequest{Name: account})
-
-			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(acc, output, true)
-				errors.CheckError(err)
-			case "name":
-				fmt.Println(acc.Name)
-			case "wide", "":
-				printAccountDetails(acc)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
-			}
-		},
-	}
-	cmd.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|name")
-	cmd.Flags().StringVarP(&account, "account", "a", "", "Account name. Defaults to the current account.")
-	return cmd
-}
-
-func printAccountDetails(acc *accountpkg.Account) {
-	fmt.Printf(printOpFmtStr, "Name:", acc.Name)
-	fmt.Printf(printOpFmtStr, "Enabled:", strconv.FormatBool(acc.Enabled))
-	fmt.Printf(printOpFmtStr, "Capabilities:", strings.Join(acc.Capabilities, ", "))
-	fmt.Println("\nTokens:")
-	if len(acc.Tokens) == 0 {
-		fmt.Println("NONE")
-	} else {
-		w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-		fmt.Fprintf(w, "ID\tISSUED AT\tEXPIRING AT\n")
-		for _, t := range acc.Tokens {
-			expiresAtFormatted := "never"
-			if t.ExpiresAt > 0 {
-				expiresAt := time.Unix(t.ExpiresAt, 0)
-				expiresAtFormatted = expiresAt.Format(time.RFC3339)
-				if expiresAt.Before(time.Now()) {
-					expiresAtFormatted = fmt.Sprintf("%s (expired)", expiresAtFormatted)
-				}
-			}
-
-			fmt.Fprintf(w, "%s\t%s\t%s\n", t.Id, time.Unix(t.IssuedAt, 0).Format(time.RFC3339), expiresAtFormatted)
-		}
-		_ = w.Flush()
-	}
-}
-
-func NewAccountGenerateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		account   string
-		expiresIn string
-		id        string
-	)
-	cmd := &cobra.Command{
-		Use:   "generate-token",
-		Short: "Generate account token",
-		Example: `# Generate token for the currently logged in account
-argocd account generate-token
-
-# Generate token for the account with the specified name
-argocd account generate-token --account <account-name>`,
-		Run: func(c *cobra.Command, args []string) {
-
-			clientset := argocdclient.NewClientOrDie(clientOpts)
-			conn, client := clientset.NewAccountClientOrDie()
-			defer util.Close(conn)
-			if account == "" {
-				account = getCurrentAccount(clientset).Username
-			}
-			expiresIn, err := timeutil.ParseDuration(expiresIn)
-			errors.CheckError(err)
-			response, err := client.CreateToken(context.Background(), &accountpkg.CreateTokenRequest{
-				Name:      account,
-				ExpiresIn: int64(expiresIn.Seconds()),
-				Id:        id,
-			})
-			errors.CheckError(err)
-			fmt.Println(response.Token)
-		},
-	}
-	cmd.Flags().StringVarP(&account, "account", "a", "", "Account name. Defaults to the current account.")
-	cmd.Flags().StringVarP(&expiresIn, "expires-in", "e", "0s", "Duration before the token will expire. (Default: No expiration)")
-	cmd.Flags().StringVar(&id, "id", "", "Optional token id. Fallback to uuid if not value specified.")
-	return cmd
-}
-
-func NewAccountDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		account string
-	)
-	cmd := &cobra.Command{
-		Use:   "delete-token",
-		Short: "Deletes account token",
-		Example: `# Delete token of the currently logged in account
-argocd account delete-token ID
-
-# Delete token of the account with the specified name
-argocd account generate-token --account <account-name>`,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 1 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			id := args[0]
-
-			clientset := argocdclient.NewClientOrDie(clientOpts)
-			conn, client := clientset.NewAccountClientOrDie()
-			defer util.Close(conn)
-			if account == "" {
-				account = getCurrentAccount(clientset).Username
-			}
-			_, err := client.DeleteToken(context.Background(), &accountpkg.DeleteTokenRequest{Name: account, Id: id})
-			errors.CheckError(err)
-		},
-	}
-	cmd.Flags().StringVarP(&account, "account", "a", "", "Account name. Defaults to the current account.")
-	return cmd
-}

cmd/argocd/commands/app_test.go

@@ -3,12 +3,29 @@ package commands
 import (
 	"testing"
 
-	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 )
 
+func TestParseLabels(t *testing.T) {
+	validLabels := []string{"key=value", "foo=bar", "intuit=inc"}
+
+	result, err := parseLabels(validLabels)
+	assert.NoError(t, err)
+	assert.Len(t, result, 3)
+
+	invalidLabels := []string{"key=value", "too=many=equals"}
+	_, err = parseLabels(invalidLabels)
+	assert.Error(t, err)
+
+	emptyLabels := []string{}
+	result, err = parseLabels(emptyLabels)
+	assert.NoError(t, err)
+	assert.Len(t, result, 0)
+
+}
+
 func Test_setHelmOpt(t *testing.T) {
 	t.Run("Zero", func(t *testing.T) {
 		src := v1alpha1.ApplicationSource{}
@@ -35,70 +52,4 @@ func Test_setHelmOpt(t *testing.T) {
 		setHelmOpt(&src, helmOpts{helmSetStrings: []string{"foo=bar"}})
 		assert.Equal(t, []v1alpha1.HelmParameter{{Name: "foo", Value: "bar", ForceString: true}}, src.Helm.Parameters)
 	})
-	t.Run("HelmSetFiles", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		setHelmOpt(&src, helmOpts{helmSetFiles: []string{"foo=bar"}})
-		assert.Equal(t, []v1alpha1.HelmFileParameter{{Name: "foo", Path: "bar"}}, src.Helm.FileParameters)
-	})
-}
-
-func Test_setJsonnetOpt(t *testing.T) {
-	t.Run("TlaSets", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		setJsonnetOpt(&src, []string{"foo=bar"}, false)
-		assert.Equal(t, []v1alpha1.JsonnetVar{{Name: "foo", Value: "bar"}}, src.Directory.Jsonnet.TLAs)
-		setJsonnetOpt(&src, []string{"bar=baz"}, false)
-		assert.Equal(t, []v1alpha1.JsonnetVar{{Name: "foo", Value: "bar"}, {Name: "bar", Value: "baz"}}, src.Directory.Jsonnet.TLAs)
-	})
-	t.Run("ExtSets", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		setJsonnetOptExtVar(&src, []string{"foo=bar"}, false)
-		assert.Equal(t, []v1alpha1.JsonnetVar{{Name: "foo", Value: "bar"}}, src.Directory.Jsonnet.ExtVars)
-		setJsonnetOptExtVar(&src, []string{"bar=baz"}, false)
-		assert.Equal(t, []v1alpha1.JsonnetVar{{Name: "foo", Value: "bar"}, {Name: "bar", Value: "baz"}}, src.Directory.Jsonnet.ExtVars)
-	})
-}
-
-type appOptionsFixture struct {
-	spec    *v1alpha1.ApplicationSpec
-	command *cobra.Command
-	options *appOptions
-}
-
-func (f *appOptionsFixture) SetFlag(key, value string) error {
-	err := f.command.Flags().Set(key, value)
-	if err != nil {
-		return err
-	}
-	_ = setAppSpecOptions(f.command.Flags(), f.spec, f.options)
-	return err
-}
-
-func newAppOptionsFixture() *appOptionsFixture {
-	fixture := &appOptionsFixture{
-		spec:    &v1alpha1.ApplicationSpec{},
-		command: &cobra.Command{},
-		options: &appOptions{},
-	}
-	addAppFlags(fixture.command, fixture.options)
-	return fixture
-}
-
-func Test_setAppSpecOptions(t *testing.T) {
-	f := newAppOptionsFixture()
-	t.Run("SyncPolicy", func(t *testing.T) {
-		assert.NoError(t, f.SetFlag("sync-policy", "automated"))
-		assert.NotNil(t, f.spec.SyncPolicy.Automated)
-
-		assert.NoError(t, f.SetFlag("sync-policy", "none"))
-		assert.Nil(t, f.spec.SyncPolicy)
-	})
-	t.Run("SyncOptions", func(t *testing.T) {
-		assert.NoError(t, f.SetFlag("sync-option", "a=1"))
-		assert.True(t, f.spec.SyncPolicy.SyncOptions.HasOption("a=1"))
-
-		// remove the options using !
-		assert.NoError(t, f.SetFlag("sync-option", "!a=1"))
-		assert.Nil(t, f.spec.SyncPolicy)
-	})
 }

cmd/argocd/commands/cert.go

@@ -29,24 +29,6 @@ func NewCertCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			c.HelpFunc()(c, args)
 			os.Exit(1)
 		},
-		Example: `  # Add a TLS certificate for cd.example.com to ArgoCD cert store from a file
-  argocd cert add-tls --from ~/mycert.pem cd.example.com
-
-  # Add a TLS certificate for cd.example.com to ArgoCD via stdin
-  cat ~/mycert.pem | argocd cert add-tls cd.example.com
-
-  # Add SSH known host entries for cd.example.com to ArgoCD by scanning host
-  ssh-keyscan cd.example.com | argocd cert add-ssh --batch
-
-  # List all known TLS certificates
-  argocd cert list --cert-type https
-
-  # Remove all TLS certificates for cd.example.com
-  argocd cert rm --cert-type https cd.example.com
-
-  # Remove all certificates and SSH known host entries for cd.example.com
-  argocd cert rm cd.example.com
-`,
 	}
 
 	command.AddCommand(NewCertAddSSHCommand(clientOpts))
@@ -174,20 +156,18 @@ func NewCertAddSSHCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 			}
 
 			for _, knownHostsEntry := range sshKnownHostsLists {
-				_, certSubType, certData, err := certutil.TokenizeSSHKnownHostsEntry(knownHostsEntry)
+				hostname, certSubType, certData, err := certutil.TokenizeSSHKnownHostsEntry(knownHostsEntry)
 				errors.CheckError(err)
-				hostnameList, _, err := certutil.KnownHostsLineToPublicKey(knownHostsEntry)
+				_, _, err = certutil.KnownHostsLineToPublicKey(knownHostsEntry)
 				errors.CheckError(err)
-				// Each key could be valid for multiple hostnames
-				for _, hostname := range hostnameList {
-					certificate := appsv1.RepositoryCertificate{
-						ServerName:  hostname,
-						CertType:    "ssh",
-						CertSubType: certSubType,
-						CertData:    certData,
-					}
-					certificates = append(certificates, certificate)
+				certificate := appsv1.RepositoryCertificate{
+					ServerName:  hostname,
+					CertType:    "ssh",
+					CertSubType: certSubType,
+					CertData:    certData,
 				}
+
+				certificates = append(certificates, certificate)
 			}
 
 			certList := &appsv1.RepositoryCertificateList{Items: certificates}
@@ -259,7 +239,6 @@ func NewCertListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		certType        string
 		hostNamePattern string
 		sortOrder       string
-		output          string
 	)
 	var command = &cobra.Command{
 		Use:   "list",
@@ -279,22 +258,11 @@ func NewCertListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			defer util.Close(conn)
 			certificates, err := certIf.ListCertificates(context.Background(), &certificatepkg.RepositoryCertificateQuery{HostNamePattern: hostNamePattern, CertType: certType})
 			errors.CheckError(err)
-
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(certificates.Items, output, false)
-				errors.CheckError(err)
-			case "wide", "":
-				printCertTable(certificates.Items, sortOrder)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
-			}
-
+			printCertTable(certificates.Items, sortOrder)
 		},
 	}
 
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide")
-	command.Flags().StringVar(&sortOrder, "sort", "", "set display sort order for output format wide. One of: hostname|type")
+	command.Flags().StringVar(&sortOrder, "sort", "", "set display sort order, valid: 'hostname', 'type'")
 	command.Flags().StringVar(&certType, "cert-type", "", "only list certificates of given type, valid: 'ssh','https'")
 	command.Flags().StringVar(&hostNamePattern, "hostname-pattern", "", "only list certificates for hosts matching given glob-pattern")
 	return command

cmd/argocd/commands/cluster.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 	"text/tabwriter"
 
+	"github.com/ghodss/yaml"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
@@ -33,18 +34,6 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc
 			c.HelpFunc()(c, args)
 			os.Exit(1)
 		},
-		Example: `  # List all known clusters in JSON format:
-  argocd cluster list -o json
-
-  # Add a target cluster configuration to ArgoCD. The context must exist in your kubectl config:
-  argocd cluster add example-cluster
-
-  # Get specific details about a cluster in plain text (wide) format:
-  argocd cluster get example-cluster -o wide
-
-  #	Remove a target cluster context from ArgoCD
-  argocd cluster rm example-cluster
-`,
 	}
 
 	command.AddCommand(NewClusterAddCommand(clientOpts, pathOpts))
@@ -60,14 +49,12 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 	var (
 		inCluster       bool
 		upsert          bool
-		serviceAccount  string
 		awsRoleArn      string
 		awsClusterName  string
 		systemNamespace string
-		namespaces      []string
 	)
 	var command = &cobra.Command{
-		Use:   "add CONTEXT",
+		Use:   "add",
 		Short: fmt.Sprintf("%s cluster add CONTEXT", cliName),
 		Run: func(c *cobra.Command, args []string) {
 			var configAccess clientcmd.ConfigAccess = pathOpts
@@ -78,10 +65,9 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 			}
 			config, err := configAccess.GetStartingConfig()
 			errors.CheckError(err)
-			contextName := args[0]
-			clstContext := config.Contexts[contextName]
+			clstContext := config.Contexts[args[0]]
 			if clstContext == nil {
-				log.Fatalf("Context %s does not exist in kubeconfig", contextName)
+				log.Fatalf("Context %s does not exist in kubeconfig", args[0])
 			}
 
 			overrides := clientcmd.ConfigOverrides{
@@ -102,16 +88,12 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				// Install RBAC resources for managing the cluster
 				clientset, err := kubernetes.NewForConfig(conf)
 				errors.CheckError(err)
-				if serviceAccount != "" {
-					managerBearerToken, err = clusterauth.GetServiceAccountBearerToken(clientset, systemNamespace, serviceAccount)
-				} else {
-					managerBearerToken, err = clusterauth.InstallClusterManagerRBAC(clientset, systemNamespace, namespaces)
-				}
+				managerBearerToken, err = clusterauth.InstallClusterManagerRBAC(clientset, systemNamespace)
 				errors.CheckError(err)
 			}
 			conn, clusterIf := argocdclient.NewClientOrDie(clientOpts).NewClusterClientOrDie()
 			defer util.Close(conn)
-			clst := newCluster(contextName, namespaces, conf, managerBearerToken, awsAuthConf)
+			clst := NewCluster(args[0], conf, managerBearerToken, awsAuthConf)
 			if inCluster {
 				clst.Server = common.KubernetesInternalAPIServerAddr
 			}
@@ -119,19 +101,17 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				Cluster: clst,
 				Upsert:  upsert,
 			}
-			_, err = clusterIf.Create(context.Background(), &clstCreateReq)
+			clst, err = clusterIf.Create(context.Background(), &clstCreateReq)
 			errors.CheckError(err)
-			fmt.Printf("Cluster '%s' added\n", clst.Server)
+			fmt.Printf("Cluster '%s' added\n", clst.Name)
 		},
 	}
 	command.PersistentFlags().StringVar(&pathOpts.LoadingRules.ExplicitPath, pathOpts.ExplicitFileFlag, pathOpts.LoadingRules.ExplicitPath, "use a particular kubeconfig file")
 	command.Flags().BoolVar(&inCluster, "in-cluster", false, "Indicates Argo CD resides inside this cluster and should connect using the internal k8s hostname (kubernetes.default.svc)")
 	command.Flags().BoolVar(&upsert, "upsert", false, "Override an existing cluster with the same name even if the spec differs")
-	command.Flags().StringVar(&serviceAccount, "service-account", "", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default \"%s\" SA will be created", clusterauth.ArgoCDManagerServiceAccount))
-	command.Flags().StringVar(&awsClusterName, "aws-cluster-name", "", "AWS Cluster name if set then aws cli eks token command will be used to access cluster")
+	command.Flags().StringVar(&awsClusterName, "aws-cluster-name", "", "AWS Cluster name if set then aws-iam-authenticator will be used to access cluster")
 	command.Flags().StringVar(&awsRoleArn, "aws-role-arn", "", "Optional AWS role arn. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.")
 	command.Flags().StringVar(&systemNamespace, "system-namespace", common.DefaultSystemNamespace, "Use different system namespace")
-	command.Flags().StringArrayVar(&namespaces, "namespace", nil, "List of namespaces which are allowed to manage")
 	return command
 }
 
@@ -174,7 +154,7 @@ func printKubeContexts(ca clientcmd.ConfigAccess) {
 	}
 }
 
-func newCluster(name string, namespaces []string, conf *rest.Config, managerBearerToken string, awsAuthConf *argoappv1.AWSAuthConfig) *argoappv1.Cluster {
+func NewCluster(name string, conf *rest.Config, managerBearerToken string, awsAuthConf *argoappv1.AWSAuthConfig) *argoappv1.Cluster {
 	tlsClientConfig := argoappv1.TLSClientConfig{
 		Insecure:   conf.TLSClientConfig.Insecure,
 		ServerName: conf.TLSClientConfig.ServerName,
@@ -186,9 +166,8 @@ func newCluster(name string, namespaces []string, conf *rest.Config, managerBear
 		tlsClientConfig.CAData = data
 	}
 	clst := argoappv1.Cluster{
-		Server:     conf.Host,
-		Name:       name,
-		Namespaces: namespaces,
+		Server: conf.Host,
+		Name:   name,
 		Config: argoappv1.ClusterConfig{
 			BearerToken:     managerBearerToken,
 			TLSClientConfig: tlsClientConfig,
@@ -200,13 +179,9 @@ func newCluster(name string, namespaces []string, conf *rest.Config, managerBear
 
 // NewClusterGetCommand returns a new instance of an `argocd cluster get` command
 func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		output string
-	)
 	var command = &cobra.Command{
-		Use:     "get SERVER",
-		Short:   "Get cluster information",
-		Example: `argocd cluster get https://12.34.567.89`,
+		Use:   "get CLUSTER",
+		Short: "Get cluster information",
 		Run: func(c *cobra.Command, args []string) {
 			if len(args) == 0 {
 				c.HelpFunc()(c, args)
@@ -214,68 +189,23 @@ func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 			}
 			conn, clusterIf := argocdclient.NewClientOrDie(clientOpts).NewClusterClientOrDie()
 			defer util.Close(conn)
-			clusters := make([]argoappv1.Cluster, 0)
 			for _, clusterName := range args {
 				clst, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Server: clusterName})
 				errors.CheckError(err)
-				clusters = append(clusters, *clst)
-			}
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(clusters, output, true)
+				yamlBytes, err := yaml.Marshal(clst)
 				errors.CheckError(err)
-			case "wide", "":
-				printClusterDetails(clusters)
-			case "server":
-				printClusterServers(clusters)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
+				fmt.Printf("%v", string(yamlBytes))
 			}
 		},
 	}
-	// we have yaml as default to not break backwards-compatibility
-	command.Flags().StringVarP(&output, "output", "o", "yaml", "Output format. One of: json|yaml|wide|server")
 	return command
 }
 
-func strWithDefault(value string, def string) string {
-	if value == "" {
-		return def
-	}
-	return value
-}
-
-func formatNamespaces(cluster argoappv1.Cluster) string {
-	if len(cluster.Namespaces) == 0 {
-		return "all namespaces"
-	}
-	return strings.Join(cluster.Namespaces, ", ")
-}
-
-func printClusterDetails(clusters []argoappv1.Cluster) {
-	for _, cluster := range clusters {
-		fmt.Printf("Cluster information\n\n")
-		fmt.Printf("  Server URL:            %s\n", cluster.Server)
-		fmt.Printf("  Server Name:           %s\n", strWithDefault(cluster.Name, "-"))
-		fmt.Printf("  Server Version:        %s\n", cluster.ServerVersion)
-		fmt.Printf("  Namespaces:        	 %s\n", formatNamespaces(cluster))
-		fmt.Printf("\nTLS configuration\n\n")
-		fmt.Printf("  Client cert:           %v\n", string(cluster.Config.TLSClientConfig.CertData) != "")
-		fmt.Printf("  Cert validation:       %v\n", !cluster.Config.TLSClientConfig.Insecure)
-		fmt.Printf("\nAuthentication\n\n")
-		fmt.Printf("  Basic authentication:  %v\n", cluster.Config.Username != "")
-		fmt.Printf("  oAuth authentication:  %v\n", cluster.Config.BearerToken != "")
-		fmt.Printf("  AWS authentication:    %v\n", cluster.Config.AWSAuthConfig != nil)
-		fmt.Println()
-	}
-}
-
 // NewClusterRemoveCommand returns a new instance of an `argocd cluster list` command
 func NewClusterRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var command = &cobra.Command{
-		Use:     "rm SERVER",
-		Short:   "Remove cluster credentials",
-		Example: `argocd cluster rm https://12.34.567.89`,
+		Use:   "rm CLUSTER",
+		Short: "Remove cluster credentials",
 		Run: func(c *cobra.Command, args []string) {
 			if len(args) == 0 {
 				c.HelpFunc()(c, args)
@@ -304,11 +234,7 @@ func printClusterTable(clusters []argoappv1.Cluster) {
 	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
 	_, _ = fmt.Fprintf(w, "SERVER\tNAME\tVERSION\tSTATUS\tMESSAGE\n")
 	for _, c := range clusters {
-		server := c.Server
-		if len(c.Namespaces) > 0 {
-			server = fmt.Sprintf("%s (%d namespaces)", c.Server, len(c.Namespaces))
-		}
-		_, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", server, c.Name, c.ServerVersion, c.ConnectionState.Status, c.ConnectionState.Message)
+		_, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", c.Server, c.Name, c.ServerVersion, c.ConnectionState.Status, c.ConnectionState.Message)
 	}
 	_ = w.Flush()
 }
@@ -333,29 +259,22 @@ func NewClusterListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman
 			defer util.Close(conn)
 			clusters, err := clusterIf.List(context.Background(), &clusterpkg.ClusterQuery{})
 			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(clusters.Items, output, false)
-				errors.CheckError(err)
-			case "server":
+			if output == "server" {
 				printClusterServers(clusters.Items)
-			case "wide", "":
+			} else {
 				printClusterTable(clusters.Items)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
 			}
 		},
 	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|server")
+	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: wide|server")
 	return command
 }
 
 // NewClusterRotateAuthCommand returns a new instance of an `argocd cluster rotate-auth` command
 func NewClusterRotateAuthCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var command = &cobra.Command{
-		Use:     "rotate-auth SERVER",
-		Short:   fmt.Sprintf("%s cluster rotate-auth SERVER", cliName),
-		Example: fmt.Sprintf("%s cluster rotate-auth https://12.34.567.89", cliName),
+		Use:   "rotate-auth CLUSTER",
+		Short: fmt.Sprintf("%s cluster rotate-auth CLUSTER", cliName),
 		Run: func(c *cobra.Command, args []string) {
 			if len(args) != 1 {
 				c.HelpFunc()(c, args)

cmd/argocd/commands/common.go

@@ -1,13 +1,5 @@
 package commands
 
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-
-	"github.com/ghodss/yaml"
-)
-
 const (
 	cliName = "argocd"
 
@@ -15,58 +7,3 @@ const (
 	// the OAuth2 login flow.
 	DefaultSSOLocalPort = 8085
 )
-
-// PrintResource prints a single resource in YAML or JSON format to stdout according to the output format
-func PrintResource(resource interface{}, output string) error {
-	switch output {
-	case "json":
-		jsonBytes, err := json.MarshalIndent(resource, "", "  ")
-		if err != nil {
-			return err
-		}
-		fmt.Println(string(jsonBytes))
-	case "yaml":
-		yamlBytes, err := yaml.Marshal(resource)
-		if err != nil {
-			return err
-		}
-		fmt.Print(string(yamlBytes))
-	default:
-		return fmt.Errorf("unknown output format: %s", output)
-	}
-	return nil
-}
-
-// PrintResourceList marshals & prints a list of resources to stdout according to the output format
-func PrintResourceList(resources interface{}, output string, single bool) error {
-	kt := reflect.ValueOf(resources)
-	// Sometimes, we want to marshal the first resource of a slice or array as single item
-	if kt.Kind() == reflect.Slice || kt.Kind() == reflect.Array {
-		if single && kt.Len() == 1 {
-			return PrintResource(kt.Index(0).Interface(), output)
-		}
-
-		// If we have a zero len list, prevent printing "null"
-		if kt.Len() == 0 {
-			return PrintResource([]string{}, output)
-		}
-	}
-
-	switch output {
-	case "json":
-		jsonBytes, err := json.MarshalIndent(resources, "", "  ")
-		if err != nil {
-			return err
-		}
-		fmt.Println(string(jsonBytes))
-	case "yaml":
-		yamlBytes, err := yaml.Marshal(resources)
-		if err != nil {
-			return err
-		}
-		fmt.Print(string(yamlBytes))
-	default:
-		return fmt.Errorf("unknown output format: %s", output)
-	}
-	return nil
-}

cmd/argocd/commands/common_test.go

@@ -1,142 +0,0 @@
-package commands
-
-import (
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-// Be careful with tabs vs. spaces in the following expected formats. Indents
-// should all be spaces, no tabs.
-const expectYamlSingle = `bar: ""
-baz: foo
-foo: bar
-`
-
-const expectJsonSingle = `{
-  "bar": "",
-  "baz": "foo",
-  "foo": "bar"
-}
-`
-const expectYamlList = `one:
-  bar: ""
-  baz: foo
-  foo: bar
-two:
-  bar: ""
-  baz: foo
-  foo: bar
-`
-
-const expectJsonList = `{
-  "one": {
-    "bar": "",
-    "baz": "foo",
-    "foo": "bar"
-  },
-  "two": {
-    "bar": "",
-    "baz": "foo",
-    "foo": "bar"
-  }
-}
-`
-
-// Rather dirty hack to capture stdout from PrintResource() and PrintResourceList()
-func captureOutput(f func() error) (string, error) {
-	stdout := os.Stdout
-	r, w, err := os.Pipe()
-	if err != nil {
-		return "", err
-	}
-	os.Stdout = w
-	err = f()
-	w.Close()
-	if err != nil {
-		os.Stdout = stdout
-		return "", err
-	}
-	str, err := ioutil.ReadAll(r)
-	os.Stdout = stdout
-	if err != nil {
-		return "", err
-	}
-	return string(str), err
-}
-
-func Test_PrintResource(t *testing.T) {
-	testResource := map[string]string{
-		"foo": "bar",
-		"bar": "",
-		"baz": "foo",
-	}
-
-	str, err := captureOutput(func() error {
-		err := PrintResource(testResource, "yaml")
-		return err
-	})
-	assert.NoError(t, err)
-	assert.Equal(t, str, expectYamlSingle)
-
-	str, err = captureOutput(func() error {
-		err := PrintResource(testResource, "json")
-		return err
-	})
-	assert.NoError(t, err)
-	assert.Equal(t, str, expectJsonSingle)
-
-	err = PrintResource(testResource, "unknown")
-	assert.Error(t, err)
-}
-
-func Test_PrintResourceList(t *testing.T) {
-	testResource := map[string]map[string]string{
-		"one": {
-			"foo": "bar",
-			"bar": "",
-			"baz": "foo",
-		},
-		"two": {
-			"foo": "bar",
-			"bar": "",
-			"baz": "foo",
-		},
-	}
-
-	testResource2 := make([]map[string]string, 0)
-	testResource2 = append(testResource2, testResource["one"])
-
-	str, err := captureOutput(func() error {
-		err := PrintResourceList(testResource, "yaml", false)
-		return err
-	})
-	assert.NoError(t, err)
-	assert.Equal(t, str, expectYamlList)
-
-	str, err = captureOutput(func() error {
-		err := PrintResourceList(testResource, "json", false)
-		return err
-	})
-	assert.NoError(t, err)
-	assert.Equal(t, str, expectJsonList)
-
-	str, err = captureOutput(func() error {
-		err := PrintResourceList(testResource2, "yaml", true)
-		return err
-	})
-	assert.NoError(t, err)
-	assert.Equal(t, str, expectYamlSingle)
-
-	str, err = captureOutput(func() error {
-		err := PrintResourceList(testResource2, "json", true)
-		return err
-	})
-	assert.NoError(t, err)
-	assert.Equal(t, str, expectJsonSingle)
-
-	err = PrintResourceList(testResource, "unknown", false)
-	assert.Error(t, err)
-}

cmd/argocd/commands/context.go

@@ -8,6 +8,8 @@ import (
 	"strings"
 	"text/tabwriter"
 
+	"github.com/spf13/pflag"
+
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
@@ -20,7 +22,7 @@ import (
 func NewContextCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var delete bool
 	var command = &cobra.Command{
-		Use:     "context [CONTEXT]",
+		Use:     "context",
 		Aliases: []string{"ctx"},
 		Short:   "Switch between contexts",
 		Run: func(c *cobra.Command, args []string) {
@@ -28,19 +30,22 @@ func NewContextCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath)
 			errors.CheckError(err)
 
-			if delete {
-				if len(args) == 0 {
-					c.HelpFunc()(c, args)
-					os.Exit(1)
+			deletePresentContext := false
+			c.Flags().Visit(func(f *pflag.Flag) {
+				if f.Name == "delete" {
+					deletePresentContext = true
 				}
-				err := deleteContext(args[0], clientOpts.ConfigPath)
-				errors.CheckError(err)
-				return
-			}
+			})
 
 			if len(args) == 0 {
-				printArgoCDContexts(clientOpts.ConfigPath)
-				return
+				if deletePresentContext {
+					err := deleteContext(localCfg.CurrentContext, clientOpts.ConfigPath)
+					errors.CheckError(err)
+					return
+				} else {
+					printArgoCDContexts(clientOpts.ConfigPath)
+					return
+				}
 			}
 
 			ctxName := args[0]
@@ -95,7 +100,7 @@ func deleteContext(context, configPath string) error {
 		errors.CheckError(err)
 	} else {
 		if localCfg.CurrentContext == context {
-			localCfg.CurrentContext = ""
+			localCfg.CurrentContext = localCfg.Contexts[0].Name
 		}
 		err = localconfig.ValidateLocalConfig(*localCfg)
 		if err != nil {

cmd/argocd/commands/context_test.go

@@ -11,27 +11,20 @@ import (
 )
 
 const testConfig = `contexts:
-- name: argocd1.example.com:443
-  server: argocd1.example.com:443
-  user: argocd1.example.com:443
-- name: argocd2.example.com:443
-  server: argocd2.example.com:443
-  user: argocd2.example.com:443
+- name: argocd.example.com:443
+  server: argocd.example.com:443
+  user: argocd.example.com:443
 - name: localhost:8080
   server: localhost:8080
   user: localhost:8080
 current-context: localhost:8080
 servers:
-- server: argocd1.example.com:443
-- server: argocd2.example.com:443
+- server: argocd.example.com:443
 - plain-text: true
   server: localhost:8080
 users:
 - auth-token: vErrYS3c3tReFRe$hToken
-  name: argocd1.example.com:443
-  refresh-token: vErrYS3c3tReFRe$hToken
-- auth-token: vErrYS3c3tReFRe$hToken
-  name: argocd2.example.com:443
+  name: argocd.example.com:443
   refresh-token: vErrYS3c3tReFRe$hToken
 - auth-token: vErrYS3c3tReFRe$hToken
   name: localhost:8080`
@@ -49,30 +42,16 @@ func TestContextDelete(t *testing.T) {
 	assert.Equal(t, localConfig.CurrentContext, "localhost:8080")
 	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"})
 
-	// Delete a non-current context
-	err = deleteContext("argocd1.example.com:443", testConfigFilePath)
-	assert.NoError(t, err)
-
-	localConfig, err = localconfig.ReadLocalConfig(testConfigFilePath)
-	assert.NoError(t, err)
-	assert.Equal(t, localConfig.CurrentContext, "localhost:8080")
-	assert.NotContains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd1.example.com:443", Server: "argocd1.example.com:443", User: "argocd1.example.com:443"})
-	assert.NotContains(t, localConfig.Servers, localconfig.Server{Server: "argocd1.example.com:443"})
-	assert.NotContains(t, localConfig.Users, localconfig.User{AuthToken: "vErrYS3c3tReFRe$hToken", Name: "argocd1.example.com:443"})
-	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd2.example.com:443", Server: "argocd2.example.com:443", User: "argocd2.example.com:443"})
-	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"})
-
-	// Delete the current context
 	err = deleteContext("localhost:8080", testConfigFilePath)
 	assert.NoError(t, err)
 
 	localConfig, err = localconfig.ReadLocalConfig(testConfigFilePath)
 	assert.NoError(t, err)
-	assert.Equal(t, localConfig.CurrentContext, "")
+	assert.Equal(t, localConfig.CurrentContext, "argocd.example.com:443")
 	assert.NotContains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"})
 	assert.NotContains(t, localConfig.Servers, localconfig.Server{PlainText: true, Server: "localhost:8080"})
 	assert.NotContains(t, localConfig.Users, localconfig.User{AuthToken: "vErrYS3c3tReFRe$hToken", Name: "localhost:8080"})
-	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd2.example.com:443", Server: "argocd2.example.com:443", User: "argocd2.example.com:443"})
+	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd.example.com:443", Server: "argocd.example.com:443", User: "argocd.example.com:443"})
 
 	// Write the file again so that no conflicts are made in git
 	err = ioutil.WriteFile(testConfigFilePath, []byte(testConfig), os.ModePerm)

cmd/argocd/commands/login.go

@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"os"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/coreos/go-oidc"
@@ -65,12 +64,11 @@ func NewLoginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comman
 				}
 			}
 			clientOpts := argocdclient.ClientOptions{
-				ConfigPath:      "",
-				ServerAddr:      server,
-				Insecure:        globalClientOpts.Insecure,
-				PlainText:       globalClientOpts.PlainText,
-				GRPCWeb:         globalClientOpts.GRPCWeb,
-				GRPCWebRootPath: globalClientOpts.GRPCWebRootPath,
+				ConfigPath: "",
+				ServerAddr: server,
+				Insecure:   globalClientOpts.Insecure,
+				PlainText:  globalClientOpts.PlainText,
+				GRPCWeb:    globalClientOpts.GRPCWeb,
 			}
 			acdClient := argocdclient.NewClientOrDie(&clientOpts)
 			setConn, setIf := acdClient.NewSettingsClientOrDie()
@@ -78,10 +76,6 @@ func NewLoginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comman
 
 			if ctxName == "" {
 				ctxName = server
-				if globalClientOpts.GRPCWebRootPath != "" {
-					rootPath := strings.TrimRight(strings.TrimLeft(globalClientOpts.GRPCWebRootPath, "/"), "/")
-					ctxName = fmt.Sprintf("%s/%s", server, rootPath)
-				}
 			}
 
 			// Perform the login
@@ -116,11 +110,10 @@ func NewLoginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comman
 				localCfg = &localconfig.LocalConfig{}
 			}
 			localCfg.UpsertServer(localconfig.Server{
-				Server:          server,
-				PlainText:       globalClientOpts.PlainText,
-				Insecure:        globalClientOpts.Insecure,
-				GRPCWeb:         globalClientOpts.GRPCWeb,
-				GRPCWebRootPath: globalClientOpts.GRPCWebRootPath,
+				Server:    server,
+				PlainText: globalClientOpts.PlainText,
+				Insecure:  globalClientOpts.Insecure,
+				GRPCWeb:   globalClientOpts.GRPCWeb,
 			})
 			localCfg.UpsertUser(localconfig.User{
 				Name:         ctxName,
@@ -266,12 +259,11 @@ func oauth2Login(ctx context.Context, port int, oidcSettings *settingspkg.OIDCCo
 	}
 	fmt.Printf("Performing %s flow login: %s\n", grantType, url)
 	time.Sleep(1 * time.Second)
-	err = open.Start(url)
+	err = open.Run(url)
 	errors.CheckError(err)
 	go func() {
-		log.Debugf("Listen: %s", srv.Addr)
 		if err := srv.ListenAndServe(); err != http.ErrServerClosed {
-			log.Fatalf("Temporary HTTP server failed: %s", err)
+			log.Fatalf("listen: %s\n", err)
 		}
 	}()
 	errMsg := <-completionChan

cmd/argocd/commands/logout_test.go

@@ -30,9 +30,7 @@ func TestLogout(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, localConfig.CurrentContext, "localhost:8080")
 	assert.NotContains(t, localConfig.Users, localconfig.User{AuthToken: "vErrYS3c3tReFRe$hToken", Name: "localhost:8080"})
-	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd1.example.com:443", Server: "argocd1.example.com:443", User: "argocd1.example.com:443"})
-	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd2.example.com:443", Server: "argocd2.example.com:443", User: "argocd2.example.com:443"})
-	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"})
+	assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd.example.com:443", Server: "argocd.example.com:443", User: "argocd.example.com:443"})
 
 	// Write the file again so that no conflicts are made in git
 	err = ioutil.WriteFile(testConfigFilePath, []byte(testConfig), os.ModePerm)

cmd/argocd/commands/project.go

@@ -340,12 +340,11 @@ func NewProjectAddSourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 	return command
 }
 
-func modifyClusterResourceCmd(cmdUse, cmdDesc string, clientOpts *argocdclient.ClientOptions, action func(proj *v1alpha1.AppProject, group string, kind string) bool) *cobra.Command {
+func modifyProjectResourceCmd(cmdUse, cmdDesc string, clientOpts *argocdclient.ClientOptions, action func(proj *v1alpha1.AppProject, group string, kind string) bool) *cobra.Command {
 	return &cobra.Command{
 		Use:   cmdUse,
 		Short: cmdDesc,
 		Run: func(c *cobra.Command, args []string) {
-
 			if len(args) != 3 {
 				c.HelpFunc()(c, args)
 				os.Exit(1)
@@ -365,55 +364,11 @@ func modifyClusterResourceCmd(cmdUse, cmdDesc string, clientOpts *argocdclient.C
 	}
 }
 
-func modifyNamespaceResourceCmd(cmdUse, cmdDesc string, clientOpts *argocdclient.ClientOptions, action func(proj *v1alpha1.AppProject, group string, kind string, useWhitelist bool) bool) *cobra.Command {
-	var (
-		list string
-	)
-	var command = &cobra.Command{
-		Use:   cmdUse,
-		Short: cmdDesc,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 3 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName, group, kind := args[0], args[1], args[2]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			proj, err := projIf.Get(context.Background(), &projectpkg.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-			var useWhitelist = false
-			if list == "white" {
-				useWhitelist = true
-			}
-			if action(proj, group, kind, useWhitelist) {
-				_, err = projIf.Update(context.Background(), &projectpkg.ProjectUpdateRequest{Project: proj})
-				errors.CheckError(err)
-			}
-		},
-	}
-	command.Flags().StringVarP(&list, "list", "l", "black", "Use blacklist or whitelist. This can only be 'white' or 'black'")
-	return command
-}
-
 // NewProjectAllowNamespaceResourceCommand returns a new instance of an `deny-cluster-resources` command
 func NewProjectAllowNamespaceResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	use := "allow-namespace-resource PROJECT GROUP KIND"
-	desc := "Removes a namespaced API resource from the blacklist or add a namespaced API resource to the whitelist"
-
-	return modifyNamespaceResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string, useWhitelist bool) bool {
-		if useWhitelist {
-			for _, item := range proj.Spec.NamespaceResourceWhitelist {
-				if item.Group == group && item.Kind == kind {
-					fmt.Printf("Group '%s' and kind '%s' already present in whitelisted namespaced resources\n", group, kind)
-					return false
-				}
-			}
-			proj.Spec.NamespaceResourceWhitelist = append(proj.Spec.NamespaceResourceWhitelist, v1.GroupKind{Group: group, Kind: kind})
-			fmt.Printf("Group '%s' and kind '%s' is added to whitelisted namespaced resources\n", group, kind)
-			return true
-		}
+	desc := "Removes a namespaced API resource from the blacklist"
+	return modifyProjectResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string) bool {
 		index := -1
 		for i, item := range proj.Spec.NamespaceResourceBlacklist {
 			if item.Group == group && item.Kind == kind {
@@ -426,7 +381,6 @@ func NewProjectAllowNamespaceResourceCommand(clientOpts *argocdclient.ClientOpti
 			return false
 		}
 		proj.Spec.NamespaceResourceBlacklist = append(proj.Spec.NamespaceResourceBlacklist[:index], proj.Spec.NamespaceResourceBlacklist[index+1:]...)
-		fmt.Printf("Group '%s' and kind '%s' is removed from blacklisted namespaced resources\n", group, kind)
 		return true
 	})
 }
@@ -434,25 +388,8 @@ func NewProjectAllowNamespaceResourceCommand(clientOpts *argocdclient.ClientOpti
 // NewProjectDenyNamespaceResourceCommand returns a new instance of an `argocd proj deny-namespace-resource` command
 func NewProjectDenyNamespaceResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	use := "deny-namespace-resource PROJECT GROUP KIND"
-	desc := "Adds a namespaced API resource to the blacklist or removes a namespaced API resource from the whitelist"
-	return modifyNamespaceResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string, useWhitelist bool) bool {
-		if useWhitelist {
-			index := -1
-			for i, item := range proj.Spec.NamespaceResourceWhitelist {
-				if item.Group == group && item.Kind == kind {
-					index = i
-					break
-				}
-			}
-			if index == -1 {
-				fmt.Printf("Group '%s' and kind '%s' not in whitelisted namespaced resources\n", group, kind)
-				return false
-			}
-			proj.Spec.NamespaceResourceWhitelist = append(proj.Spec.NamespaceResourceWhitelist[:index], proj.Spec.NamespaceResourceWhitelist[index+1:]...)
-			fmt.Printf("Group '%s' and kind '%s' is removed from whitelisted namespaced resources\n", group, kind)
-			return true
-		}
-
+	desc := "Adds a namespaced API resource to the blacklist"
+	return modifyProjectResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string) bool {
 		for _, item := range proj.Spec.NamespaceResourceBlacklist {
 			if item.Group == group && item.Kind == kind {
 				fmt.Printf("Group '%s' and kind '%s' already present in blacklisted namespaced resources\n", group, kind)
@@ -460,7 +397,6 @@ func NewProjectDenyNamespaceResourceCommand(clientOpts *argocdclient.ClientOptio
 			}
 		}
 		proj.Spec.NamespaceResourceBlacklist = append(proj.Spec.NamespaceResourceBlacklist, v1.GroupKind{Group: group, Kind: kind})
-		fmt.Printf("Group '%s' and kind '%s' is added to blacklisted namespaced resources\n", group, kind)
 		return true
 	})
 }
@@ -469,7 +405,7 @@ func NewProjectDenyNamespaceResourceCommand(clientOpts *argocdclient.ClientOptio
 func NewProjectDenyClusterResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	use := "deny-cluster-resource PROJECT GROUP KIND"
 	desc := "Removes a cluster-scoped API resource from the whitelist"
-	return modifyClusterResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string) bool {
+	return modifyProjectResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string) bool {
 		index := -1
 		for i, item := range proj.Spec.ClusterResourceWhitelist {
 			if item.Group == group && item.Kind == kind {
@@ -490,7 +426,7 @@ func NewProjectDenyClusterResourceCommand(clientOpts *argocdclient.ClientOptions
 func NewProjectAllowClusterResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	use := "allow-cluster-resource PROJECT GROUP KIND"
 	desc := "Adds a cluster-scoped API resource to the whitelist"
-	return modifyClusterResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string) bool {
+	return modifyProjectResourceCmd(use, desc, clientOpts, func(proj *v1alpha1.AppProject, group string, kind string) bool {
 		for _, item := range proj.Spec.ClusterResourceWhitelist {
 			if item.Group == group && item.Kind == kind {
 				fmt.Printf("Group '%s' and kind '%s' already present in whitelisted cluster resources\n", group, kind)
@@ -591,20 +527,14 @@ func NewProjectListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman
 			defer util.Close(conn)
 			projects, err := projIf.List(context.Background(), &projectpkg.ProjectQuery{})
 			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(projects.Items, output, false)
-				errors.CheckError(err)
-			case "name":
+			if output == "name" {
 				printProjectNames(projects.Items)
-			case "wide", "":
+			} else {
 				printProjectTable(projects.Items)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
 			}
 		},
 	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|name")
+	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: wide|name")
 	return command
 }
 
@@ -650,60 +580,9 @@ func printProjectLine(w io.Writer, p *v1alpha1.AppProject) {
 	fmt.Fprintf(w, "%s\t%s\t%v\t%v\t%v\t%v\t%v\n", p.Name, p.Spec.Description, destinations, sourceRepos, clusterWhitelist, namespaceBlacklist, formatOrphanedResources(p))
 }
 
-func printProject(p *v1alpha1.AppProject) {
-	const printProjFmtStr = "%-34s%s\n"
-
-	fmt.Printf(printProjFmtStr, "Name:", p.Name)
-	fmt.Printf(printProjFmtStr, "Description:", p.Spec.Description)
-
-	// Print destinations
-	dest0 := "<none>"
-	if len(p.Spec.Destinations) > 0 {
-		dest0 = fmt.Sprintf("%s,%s", p.Spec.Destinations[0].Server, p.Spec.Destinations[0].Namespace)
-	}
-	fmt.Printf(printProjFmtStr, "Destinations:", dest0)
-	for i := 1; i < len(p.Spec.Destinations); i++ {
-		fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s,%s", p.Spec.Destinations[i].Server, p.Spec.Destinations[i].Namespace))
-	}
-
-	// Print sources
-	src0 := "<none>"
-	if len(p.Spec.SourceRepos) > 0 {
-		src0 = p.Spec.SourceRepos[0]
-	}
-	fmt.Printf(printProjFmtStr, "Repositories:", src0)
-	for i := 1; i < len(p.Spec.SourceRepos); i++ {
-		fmt.Printf(printProjFmtStr, "", p.Spec.SourceRepos[i])
-	}
-
-	// Print whitelisted cluster resources
-	cwl0 := "<none>"
-	if len(p.Spec.ClusterResourceWhitelist) > 0 {
-		cwl0 = fmt.Sprintf("%s/%s", p.Spec.ClusterResourceWhitelist[0].Group, p.Spec.ClusterResourceWhitelist[0].Kind)
-	}
-	fmt.Printf(printProjFmtStr, "Whitelisted Cluster Resources:", cwl0)
-	for i := 1; i < len(p.Spec.ClusterResourceWhitelist); i++ {
-		fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s/%s", p.Spec.ClusterResourceWhitelist[i].Group, p.Spec.ClusterResourceWhitelist[i].Kind))
-	}
-
-	// Print blacklisted namespaced resources
-	rbl0 := "<none>"
-	if len(p.Spec.NamespaceResourceBlacklist) > 0 {
-		rbl0 = fmt.Sprintf("%s/%s", p.Spec.NamespaceResourceBlacklist[0].Group, p.Spec.NamespaceResourceBlacklist[0].Kind)
-	}
-	fmt.Printf(printProjFmtStr, "Blacklisted Namespaced Resources:", rbl0)
-	for i := 1; i < len(p.Spec.NamespaceResourceBlacklist); i++ {
-		fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s/%s", p.Spec.NamespaceResourceBlacklist[i].Group, p.Spec.NamespaceResourceBlacklist[i].Kind))
-	}
-	fmt.Printf(printProjFmtStr, "Orphaned Resources:", formatOrphanedResources(p))
-
-}
-
 // NewProjectGetCommand returns a new instance of an `argocd proj get` command
 func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		output string
-	)
+	const printProjFmtStr = "%-34s%s\n"
 	var command = &cobra.Command{
 		Use:   "get PROJECT",
 		Short: "Get project details",
@@ -717,19 +596,51 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 			defer util.Close(conn)
 			p, err := projIf.Get(context.Background(), &projectpkg.ProjectQuery{Name: projName})
 			errors.CheckError(err)
+			fmt.Printf(printProjFmtStr, "Name:", p.Name)
+			fmt.Printf(printProjFmtStr, "Description:", p.Spec.Description)
 
-			switch output {
-			case "yaml", "json":
-				err := PrintResource(p, output)
-				errors.CheckError(err)
-			case "wide", "":
-				printProject(p)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
+			// Print destinations
+			dest0 := "<none>"
+			if len(p.Spec.Destinations) > 0 {
+				dest0 = fmt.Sprintf("%s,%s", p.Spec.Destinations[0].Server, p.Spec.Destinations[0].Namespace)
 			}
+			fmt.Printf(printProjFmtStr, "Destinations:", dest0)
+			for i := 1; i < len(p.Spec.Destinations); i++ {
+				fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s,%s", p.Spec.Destinations[i].Server, p.Spec.Destinations[i].Namespace))
+			}
+
+			// Print sources
+			src0 := "<none>"
+			if len(p.Spec.SourceRepos) > 0 {
+				src0 = p.Spec.SourceRepos[0]
+			}
+			fmt.Printf(printProjFmtStr, "Repositories:", src0)
+			for i := 1; i < len(p.Spec.SourceRepos); i++ {
+				fmt.Printf(printProjFmtStr, "", p.Spec.SourceRepos[i])
+			}
+
+			// Print whitelisted cluster resources
+			cwl0 := "<none>"
+			if len(p.Spec.ClusterResourceWhitelist) > 0 {
+				cwl0 = fmt.Sprintf("%s/%s", p.Spec.ClusterResourceWhitelist[0].Group, p.Spec.ClusterResourceWhitelist[0].Kind)
+			}
+			fmt.Printf(printProjFmtStr, "Whitelisted Cluster Resources:", cwl0)
+			for i := 1; i < len(p.Spec.ClusterResourceWhitelist); i++ {
+				fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s/%s", p.Spec.ClusterResourceWhitelist[i].Group, p.Spec.ClusterResourceWhitelist[i].Kind))
+			}
+
+			// Print blacklisted namespaced resources
+			rbl0 := "<none>"
+			if len(p.Spec.NamespaceResourceBlacklist) > 0 {
+				rbl0 = fmt.Sprintf("%s/%s", p.Spec.NamespaceResourceBlacklist[0].Group, p.Spec.NamespaceResourceBlacklist[0].Kind)
+			}
+			fmt.Printf(printProjFmtStr, "Blacklisted Namespaced Resources:", rbl0)
+			for i := 1; i < len(p.Spec.NamespaceResourceBlacklist); i++ {
+				fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s/%s", p.Spec.NamespaceResourceBlacklist[i].Group, p.Spec.NamespaceResourceBlacklist[i].Kind))
+			}
+			fmt.Printf(printProjFmtStr, "Orphaned Resources:", formatOrphanedResources(p))
 		},
 	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide")
 	return command
 }
 

cmd/argocd/commands/project_role.go

@@ -285,20 +285,14 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 
 			project, err := projIf.Get(context.Background(), &projectpkg.ProjectQuery{Name: projName})
 			errors.CheckError(err)
-			switch output {
-			case "json", "yaml":
-				err := PrintResourceList(project.Spec.Roles, output, false)
-				errors.CheckError(err)
-			case "name":
+			if output == "name" {
 				printProjectRoleListName(project.Spec.Roles)
-			case "wide", "":
+			} else {
 				printProjectRoleListTable(project.Spec.Roles)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
 			}
 		},
 	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|name")
+	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: wide|name")
 	return command
 }
 

cmd/argocd/commands/projectwindows.go

@@ -235,9 +235,6 @@ func NewProjectWindowsUpdateCommand(clientOpts *argocdclient.ClientOptions) *cob
 
 // NewProjectWindowsListCommand returns a new instance of an `argocd proj windows list` command
 func NewProjectWindowsListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		output string
-	)
 	var command = &cobra.Command{
 		Use:   "list PROJECT",
 		Short: "List project sync windows",
@@ -252,18 +249,10 @@ func NewProjectWindowsListCommand(clientOpts *argocdclient.ClientOptions) *cobra
 
 			proj, err := projIf.Get(context.Background(), &projectpkg.ProjectQuery{Name: projName})
 			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(proj.Spec.SyncWindows, output, false)
-				errors.CheckError(err)
-			case "wide", "":
-				printSyncWindows(proj)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
-			}
+
+			printSyncWindows(proj)
 		},
 	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide")
 	return command
 }
 

cmd/argocd/commands/relogin.go

@@ -43,12 +43,11 @@ func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comm
 			var tokenString string
 			var refreshToken string
 			clientOpts := argocdclient.ClientOptions{
-				ConfigPath:      "",
-				ServerAddr:      configCtx.Server.Server,
-				Insecure:        configCtx.Server.Insecure,
-				GRPCWeb:         globalClientOpts.GRPCWeb,
-				GRPCWebRootPath: globalClientOpts.GRPCWebRootPath,
-				PlainText:       configCtx.Server.PlainText,
+				ConfigPath: "",
+				ServerAddr: configCtx.Server.Server,
+				Insecure:   configCtx.Server.Insecure,
+				GRPCWeb:    globalClientOpts.GRPCWeb,
+				PlainText:  configCtx.Server.PlainText,
 			}
 			acdClient := argocdclient.NewClientOrDie(&clientOpts)
 			claims, err := configCtx.User.Claims()

cmd/argocd/commands/repo.go

@@ -52,10 +52,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 
 	// For better readability and easier formatting
 	var repoAddExamples = `  # Add a Git repository via SSH using a private key for authentication, ignoring the server's host key:
-	argocd repo add git@git.example.com:repos/repo --insecure-ignore-host-key --ssh-private-key-path ~/id_rsa
-
-	# Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
-	argocd repo add ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa
+  argocd repo add git@git.example.com:repos/repo --insecure-ignore-host-key --ssh-private-key-path ~/id_rsa
 
   # Add a private Git repository via HTTPS using username/password and TLS client certificates:
   argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key
@@ -119,8 +116,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 				}
 			}
 
-			// Set repository connection properties only when creating repository, not
-			// when creating repository credentials.
 			// InsecureIgnoreHostKey is deprecated and only here for backwards compat
 			repo.InsecureIgnoreHostKey = insecureIgnoreHostKey
 			repo.Insecure = insecureSkipServerVerification
@@ -142,10 +137,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			// We let the server check access to the repository before adding it. If
 			// it is a private repo, but we cannot access with with the credentials
 			// that were supplied, we bail out.
-			//
-			// Skip validation if we are just adding credentials template, chances
-			// are high that we do not have the given URL pointing to a valid Git
-			// repo anyway.
 			repoAccessReq := repositorypkg.RepoAccessQuery{
 				Repo:              repo.Repo,
 				Type:              repo.Type,
@@ -164,7 +155,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 				Repo:   &repo,
 				Upsert: upsert,
 			}
-
 			createdRepo, err := repoIf.Create(context.Background(), &repoCreateReq)
 			errors.CheckError(err)
 			fmt.Printf("repository '%s' added\n", createdRepo.Repo)
@@ -177,7 +167,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	command.Flags().StringVar(&sshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)")
 	command.Flags().StringVar(&tlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)")
 	command.Flags().StringVar(&tlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)")
-	command.Flags().BoolVar(&insecureIgnoreHostKey, "insecure-ignore-host-key", false, "disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead)")
+	command.Flags().BoolVar(&insecureIgnoreHostKey, "insecure-ignore-host-key", false, "disables SSH strict host key checking (deprecated, use --insecure-skip-server-validation instead)")
 	command.Flags().BoolVar(&insecureSkipServerVerification, "insecure-skip-server-verification", false, "disables server certificate and host key checks")
 	command.Flags().BoolVar(&enableLfs, "enable-lfs", false, "enable git-lfs (Large File Support) on this repository")
 	command.Flags().BoolVar(&upsert, "upsert", false, "Override an existing repository with the same name even if the spec differs")
@@ -208,24 +198,20 @@ func NewRepoRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 // Print table of repo info
 func printRepoTable(repos appsv1.Repositories) {
 	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-	_, _ = fmt.Fprintf(w, "TYPE\tNAME\tREPO\tINSECURE\tLFS\tCREDS\tSTATUS\tMESSAGE\n")
+	_, _ = fmt.Fprintf(w, "TYPE\tNAME\tREPO\tINSECURE\tLFS\tUSER\tSTATUS\tMESSAGE\n")
 	for _, r := range repos {
-		var hasCreds string
-		if !r.HasCredentials() {
-			hasCreds = "false"
+		var username string
+		if r.Username == "" {
+			username = "-"
 		} else {
-			if r.InheritedCreds {
-				hasCreds = "inherited"
-			} else {
-				hasCreds = "true"
-			}
+			username = r.Username
 		}
-		_, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%v\t%v\t%s\t%s\t%s\n", r.Type, r.Name, r.Repo, r.IsInsecure(), r.EnableLFS, hasCreds, r.ConnectionState.Status, r.ConnectionState.Message)
+		_, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%v\t%v\t%s\t%s\t%s\n", r.Type, r.Name, r.Repo, r.IsInsecure(), r.EnableLFS, username, r.ConnectionState.Status, r.ConnectionState.Message)
 	}
 	_ = w.Flush()
 }
 
-// Print list of repo urls or url patterns for repository credentials
+// Print list of repo urls
 func printRepoUrls(repos appsv1.Repositories) {
 	for _, r := range repos {
 		fmt.Println(r.Repo)
@@ -235,8 +221,7 @@ func printRepoUrls(repos appsv1.Repositories) {
 // NewRepoListCommand returns a new instance of an `argocd repo rm` command
 func NewRepoListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
-		output  string
-		refresh string
+		output string
 	)
 	var command = &cobra.Command{
 		Use:   "list",
@@ -244,32 +229,15 @@ func NewRepoListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		Run: func(c *cobra.Command, args []string) {
 			conn, repoIf := argocdclient.NewClientOrDie(clientOpts).NewRepoClientOrDie()
 			defer util.Close(conn)
-			forceRefresh := false
-			switch refresh {
-			case "":
-			case "hard":
-				forceRefresh = true
-			default:
-				err := fmt.Errorf("--refresh must be one of: 'hard'")
-				errors.CheckError(err)
-			}
-			repos, err := repoIf.List(context.Background(), &repositorypkg.RepoQuery{ForceRefresh: forceRefresh})
+			repos, err := repoIf.List(context.Background(), &repositorypkg.RepoQuery{})
 			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(repos.Items, output, false)
-				errors.CheckError(err)
-			case "url":
+			if output == "url" {
 				printRepoUrls(repos.Items)
-				// wide is the default
-			case "wide", "":
+			} else {
 				printRepoTable(repos.Items)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
 			}
 		},
 	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|url")
-	command.Flags().StringVar(&refresh, "refresh", "", "Force a cache refresh on connection status")
+	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: wide|url")
 	return command
 }

cmd/argocd/commands/repocreds.go

@@ -1,203 +0,0 @@
-package commands
-
-import (
-	"context"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"text/tabwriter"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-
-	"github.com/argoproj/argo-cd/errors"
-	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
-	repocredspkg "github.com/argoproj/argo-cd/pkg/apiclient/repocreds"
-	appsv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/util"
-	"github.com/argoproj/argo-cd/util/cli"
-	"github.com/argoproj/argo-cd/util/git"
-)
-
-// NewRepoCredsCommand returns a new instance of an `argocd repocreds` command
-func NewRepoCredsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "repocreds",
-		Short: "Manage repository connection parameters",
-		Run: func(c *cobra.Command, args []string) {
-			c.HelpFunc()(c, args)
-			os.Exit(1)
-		},
-	}
-
-	command.AddCommand(NewRepoCredsAddCommand(clientOpts))
-	command.AddCommand(NewRepoCredsListCommand(clientOpts))
-	command.AddCommand(NewRepoCredsRemoveCommand(clientOpts))
-	return command
-}
-
-// NewRepoCredsAddCommand returns a new instance of an `argocd repocreds add` command
-func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		repo                 appsv1.RepoCreds
-		upsert               bool
-		sshPrivateKeyPath    string
-		tlsClientCertPath    string
-		tlsClientCertKeyPath string
-	)
-
-	// For better readability and easier formatting
-	var repocredsAddExamples = `  # Add credentials with user/pass authentication to use for all repositories under https://git.example.com/repos
-  argocd repocreds add https://git.example.com/repos/ --username git --password secret
-
-  # Add credentials with SSH private key authentication to use for all repositories under ssh://git@git.example.com/repos
-  argocd repocreds add ssh://git@git.example.com/repos/ --ssh-private-key-path ~/.ssh/id_rsa
-`
-
-	var command = &cobra.Command{
-		Use:     "add REPOURL",
-		Short:   "Add git repository connection parameters",
-		Example: repocredsAddExamples,
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 1 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-
-			// Repository URL
-			repo.URL = args[0]
-
-			// Specifying ssh-private-key-path is only valid for SSH repositories
-			if sshPrivateKeyPath != "" {
-				if ok, _ := git.IsSSHURL(repo.URL); ok {
-					keyData, err := ioutil.ReadFile(sshPrivateKeyPath)
-					if err != nil {
-						log.Fatal(err)
-					}
-					repo.SSHPrivateKey = string(keyData)
-				} else {
-					err := fmt.Errorf("--ssh-private-key-path is only supported for SSH repositories.")
-					errors.CheckError(err)
-				}
-			}
-
-			// tls-client-cert-path and tls-client-cert-key-key-path must always be
-			// specified together
-			if (tlsClientCertPath != "" && tlsClientCertKeyPath == "") || (tlsClientCertPath == "" && tlsClientCertKeyPath != "") {
-				err := fmt.Errorf("--tls-client-cert-path and --tls-client-cert-key-path must be specified together")
-				errors.CheckError(err)
-			}
-
-			// Specifying tls-client-cert-path is only valid for HTTPS repositories
-			if tlsClientCertPath != "" {
-				if git.IsHTTPSURL(repo.URL) {
-					tlsCertData, err := ioutil.ReadFile(tlsClientCertPath)
-					errors.CheckError(err)
-					tlsCertKey, err := ioutil.ReadFile(tlsClientCertKeyPath)
-					errors.CheckError(err)
-					repo.TLSClientCertData = string(tlsCertData)
-					repo.TLSClientCertKey = string(tlsCertKey)
-				} else {
-					err := fmt.Errorf("--tls-client-cert-path is only supported for HTTPS repositories")
-					errors.CheckError(err)
-				}
-			}
-
-			conn, repoIf := argocdclient.NewClientOrDie(clientOpts).NewRepoCredsClientOrDie()
-			defer util.Close(conn)
-
-			// If the user set a username, but didn't supply password via --password,
-			// then we prompt for it
-			if repo.Username != "" && repo.Password == "" {
-				repo.Password = cli.PromptPassword(repo.Password)
-			}
-
-			repoCreateReq := repocredspkg.RepoCredsCreateRequest{
-				Creds:  &repo,
-				Upsert: upsert,
-			}
-
-			createdRepo, err := repoIf.CreateRepositoryCredentials(context.Background(), &repoCreateReq)
-			errors.CheckError(err)
-			fmt.Printf("repository credentials for '%s' added\n", createdRepo.URL)
-		},
-	}
-	command.Flags().StringVar(&repo.Username, "username", "", "username to the repository")
-	command.Flags().StringVar(&repo.Password, "password", "", "password to the repository")
-	command.Flags().StringVar(&sshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)")
-	command.Flags().StringVar(&tlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)")
-	command.Flags().StringVar(&tlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)")
-	command.Flags().BoolVar(&upsert, "upsert", false, "Override an existing repository with the same name even if the spec differs")
-	return command
-}
-
-// NewRepoCredsRemoveCommand returns a new instance of an `argocd repocreds rm` command
-func NewRepoCredsRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "rm CREDSURL",
-		Short: "Remove repository credentials",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) == 0 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			conn, repoIf := argocdclient.NewClientOrDie(clientOpts).NewRepoCredsClientOrDie()
-			defer util.Close(conn)
-			for _, repoURL := range args {
-				_, err := repoIf.DeleteRepositoryCredentials(context.Background(), &repocredspkg.RepoCredsDeleteRequest{Url: repoURL})
-				errors.CheckError(err)
-			}
-		},
-	}
-	return command
-}
-
-// Print the repository credentials as table
-func printRepoCredsTable(repos []appsv1.RepoCreds) {
-	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-	fmt.Fprintf(w, "URL PATTERN\tUSERNAME\tSSH_CREDS\tTLS_CREDS\n")
-	for _, r := range repos {
-		if r.Username == "" {
-			r.Username = "-"
-		}
-		fmt.Fprintf(w, "%s\t%s\t%v\t%v\n", r.URL, r.Username, r.SSHPrivateKey != "", r.TLSClientCertData != "")
-	}
-	_ = w.Flush()
-}
-
-// Print list of repo urls or url patterns for repository credentials
-func printRepoCredsUrls(repos []appsv1.RepoCreds) {
-	for _, r := range repos {
-		fmt.Println(r.URL)
-	}
-}
-
-// NewRepoCredsListCommand returns a new instance of an `argocd repo list` command
-func NewRepoCredsListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		output string
-	)
-	var command = &cobra.Command{
-		Use:   "list",
-		Short: "List configured repository credentials",
-		Run: func(c *cobra.Command, args []string) {
-			conn, repoIf := argocdclient.NewClientOrDie(clientOpts).NewRepoCredsClientOrDie()
-			defer util.Close(conn)
-			repos, err := repoIf.ListRepositoryCredentials(context.Background(), &repocredspkg.RepoCredsQuery{})
-			errors.CheckError(err)
-			switch output {
-			case "yaml", "json":
-				err := PrintResourceList(repos.Items, output, false)
-				errors.CheckError(err)
-			case "url":
-				printRepoCredsUrls(repos.Items)
-			case "wide", "":
-				printRepoCredsTable(repos.Items)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
-			}
-		},
-	}
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|url")
-	return command
-}

cmd/argocd/commands/root.go

@@ -43,7 +43,6 @@ func NewCommand() *cobra.Command {
 	command.AddCommand(NewLoginCommand(&clientOpts))
 	command.AddCommand(NewReloginCommand(&clientOpts))
 	command.AddCommand(NewRepoCommand(&clientOpts))
-	command.AddCommand(NewRepoCredsCommand(&clientOpts))
 	command.AddCommand(NewContextCommand(&clientOpts))
 	command.AddCommand(NewProjectCommand(&clientOpts))
 	command.AddCommand(NewAccountCommand(&clientOpts))
@@ -59,10 +58,7 @@ func NewCommand() *cobra.Command {
 	command.PersistentFlags().StringVar(&clientOpts.CertFile, "server-crt", config.GetFlag("server-crt", ""), "Server certificate file")
 	command.PersistentFlags().StringVar(&clientOpts.AuthToken, "auth-token", config.GetFlag("auth-token", ""), "Authentication token")
 	command.PersistentFlags().BoolVar(&clientOpts.GRPCWeb, "grpc-web", config.GetBoolFlag("grpc-web"), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.")
-	command.PersistentFlags().StringVar(&clientOpts.GRPCWebRootPath, "grpc-web-root-path", config.GetFlag("grpc-web-root-path", ""), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.")
 	command.PersistentFlags().StringVar(&logLevel, "loglevel", config.GetFlag("loglevel", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", []string{}, "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)")
-	command.PersistentFlags().BoolVar(&clientOpts.PortForward, "port-forward", config.GetBoolFlag("port-forward"), "Connect to a random argocd-server port using port forwarding")
-	command.PersistentFlags().StringVar(&clientOpts.PortForwardNamespace, "port-forward-namespace", config.GetFlag("port-forward-namespace", ""), "Namespace name which should be used for port forwarding")
 	return command
 }

cmd/argocd/commands/testdata/config

@@ -1,25 +1,18 @@
 contexts:
-- name: argocd1.example.com:443
-  server: argocd1.example.com:443
-  user: argocd1.example.com:443
-- name: argocd2.example.com:443
-  server: argocd2.example.com:443
-  user: argocd2.example.com:443
+- name: argocd.example.com:443
+  server: argocd.example.com:443
+  user: argocd.example.com:443
 - name: localhost:8080
   server: localhost:8080
   user: localhost:8080
 current-context: localhost:8080
 servers:
-- server: argocd1.example.com:443
-- server: argocd2.example.com:443
+- server: argocd.example.com:443
 - plain-text: true
   server: localhost:8080
 users:
 - auth-token: vErrYS3c3tReFRe$hToken
-  name: argocd1.example.com:443
-  refresh-token: vErrYS3c3tReFRe$hToken
-- auth-token: vErrYS3c3tReFRe$hToken
-  name: argocd2.example.com:443
+  name: argocd.example.com:443
   refresh-token: vErrYS3c3tReFRe$hToken
 - auth-token: vErrYS3c3tReFRe$hToken
   name: localhost:8080

cmd/argocd/commands/version.go

@@ -3,7 +3,6 @@ package commands
 import (
 	"context"
 	"fmt"
-	"io"
 
 	"github.com/golang/protobuf/ptypes/empty"
 	"github.com/spf13/cobra"
@@ -11,113 +10,60 @@ import (
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
 	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
-	"github.com/argoproj/argo-cd/pkg/apiclient/version"
 	"github.com/argoproj/argo-cd/util"
 )
 
 // NewVersionCmd returns a new `version` command to be used as a sub-command to root
 func NewVersionCmd(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		short  bool
-		client bool
-		output string
-	)
+	var short bool
+	var client bool
 
 	versionCmd := cobra.Command{
 		Use:   "version",
 		Short: fmt.Sprintf("Print version information"),
-		Example: `  # Print the full version of client and server to stdout
-  argocd version
-
-  # Print only full version of the client - no connection to server will be made
-  argocd version --client
-
-  # Print the full version of client and server in JSON format
-  argocd version -o json
-
-  # Print only client and server core version strings in YAML format
-  argocd version --short -o yaml
-`,
 		Run: func(cmd *cobra.Command, args []string) {
-			var (
-				versionIf  version.VersionServiceClient
-				serverVers *version.VersionMessage
-				conn       io.Closer
-				err        error
-			)
-			if !client {
-				// Get Server version
-				conn, versionIf = argocdclient.NewClientOrDie(clientOpts).NewVersionClientOrDie()
-				defer util.Close(conn)
-				serverVers, err = versionIf.Version(context.Background(), &empty.Empty{})
-				errors.CheckError(err)
-			}
-			switch output {
-			case "yaml", "json":
-				clientVers := common.GetVersion()
-				version := make(map[string]interface{})
-				if !short {
-					version["client"] = clientVers
-				} else {
-					version["client"] = map[string]string{cliName: clientVers.Version}
+			version := common.GetVersion()
+			fmt.Printf("%s: %s\n", cliName, version)
+			if !short {
+				fmt.Printf("  BuildDate: %s\n", version.BuildDate)
+				fmt.Printf("  GitCommit: %s\n", version.GitCommit)
+				fmt.Printf("  GitTreeState: %s\n", version.GitTreeState)
+				if version.GitTag != "" {
+					fmt.Printf("  GitTag: %s\n", version.GitTag)
 				}
-				if !client {
-					if !short {
-						version["server"] = serverVers
-					} else {
-						version["server"] = map[string]string{"argocd-server": serverVers.Version}
-					}
-				}
-				err := PrintResource(version, output)
-				errors.CheckError(err)
-			case "short":
-				printVersion(serverVers, client, true)
-			case "wide", "":
-				// we use value of short for backward compatibility
-				printVersion(serverVers, client, short)
-			default:
-				errors.CheckError(fmt.Errorf("unknown output format: %s", output))
+				fmt.Printf("  GoVersion: %s\n", version.GoVersion)
+				fmt.Printf("  Compiler: %s\n", version.Compiler)
+				fmt.Printf("  Platform: %s\n", version.Platform)
 			}
+			if client {
+				return
+			}
+
+			// Get Server version
+			conn, versionIf := argocdclient.NewClientOrDie(clientOpts).NewVersionClientOrDie()
+			defer util.Close(conn)
+			serverVers, err := versionIf.Version(context.Background(), &empty.Empty{})
+			errors.CheckError(err)
+			fmt.Printf("%s: %s\n", "argocd-server", serverVers.Version)
+			if !short {
+				fmt.Printf("  BuildDate: %s\n", serverVers.BuildDate)
+				fmt.Printf("  GitCommit: %s\n", serverVers.GitCommit)
+				fmt.Printf("  GitTreeState: %s\n", serverVers.GitTreeState)
+				if version.GitTag != "" {
+					fmt.Printf("  GitTag: %s\n", serverVers.GitTag)
+				}
+				fmt.Printf("  GoVersion: %s\n", serverVers.GoVersion)
+				fmt.Printf("  Compiler: %s\n", serverVers.Compiler)
+				fmt.Printf("  Platform: %s\n", serverVers.Platform)
+				fmt.Printf("  Ksonnet Version: %s\n", serverVers.KsonnetVersion)
+				fmt.Printf("  Kustomize Version: %s\n", serverVers.KustomizeVersion)
+				fmt.Printf("  Helm Version: %s\n", serverVers.HelmVersion)
+				fmt.Printf("  Kubectl Version: %s\n", serverVers.KubectlVersion)
+			}
+
 		},
 	}
-	versionCmd.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|short")
 	versionCmd.Flags().BoolVar(&short, "short", false, "print just the version number")
 	versionCmd.Flags().BoolVar(&client, "client", false, "client version only (no server required)")
 	return &versionCmd
 }
-
-func printVersion(serverVers *version.VersionMessage, client bool, short bool) {
-	version := common.GetVersion()
-	fmt.Printf("%s: %s\n", cliName, version)
-	if !short {
-		fmt.Printf("  BuildDate: %s\n", version.BuildDate)
-		fmt.Printf("  GitCommit: %s\n", version.GitCommit)
-		fmt.Printf("  GitTreeState: %s\n", version.GitTreeState)
-		if version.GitTag != "" {
-			fmt.Printf("  GitTag: %s\n", version.GitTag)
-		}
-		fmt.Printf("  GoVersion: %s\n", version.GoVersion)
-		fmt.Printf("  Compiler: %s\n", version.Compiler)
-		fmt.Printf("  Platform: %s\n", version.Platform)
-	}
-	if client {
-		return
-	}
-
-	fmt.Printf("%s: %s\n", "argocd-server", serverVers.Version)
-	if !short {
-		fmt.Printf("  BuildDate: %s\n", serverVers.BuildDate)
-		fmt.Printf("  GitCommit: %s\n", serverVers.GitCommit)
-		fmt.Printf("  GitTreeState: %s\n", serverVers.GitTreeState)
-		if version.GitTag != "" {
-			fmt.Printf("  GitTag: %s\n", serverVers.GitTag)
-		}
-		fmt.Printf("  GoVersion: %s\n", serverVers.GoVersion)
-		fmt.Printf("  Compiler: %s\n", serverVers.Compiler)
-		fmt.Printf("  Platform: %s\n", serverVers.Platform)
-		fmt.Printf("  Ksonnet Version: %s\n", serverVers.KsonnetVersion)
-		fmt.Printf("  Kustomize Version: %s\n", serverVers.KustomizeVersion)
-		fmt.Printf("  Helm Version: %s\n", serverVers.HelmVersion)
-		fmt.Printf("  Kubectl Version: %s\n", serverVers.KubectlVersion)
-	}
-}

common/common.go

@@ -1,11 +1,5 @@
 package common
 
-import (
-	"os"
-	"strconv"
-	"time"
-)
-
 // Default service addresses and URLS of Argo CD internal services
 const (
 	// DefaultRepoServerAddr is the gRPC address of the Argo CD repo server
@@ -44,6 +38,8 @@ const (
 
 // Default paths on the pod's file system
 const (
+	// The default base path where application config is located
+	DefaultPathAppConfig = "/app/config"
 	// The default path where TLS certificates for repositories are located
 	DefaultPathTLSConfig = "/app/config/tls"
 	// The default path where SSH known hosts are stored
@@ -66,8 +62,10 @@ const (
 	AuthCookieName = "argocd.token"
 	// RevisionHistoryLimit is the max number of successful sync to keep in history
 	RevisionHistoryLimit = 10
-	// ChangePasswordSSOTokenMaxAge is the max token age for password change operation
-	ChangePasswordSSOTokenMaxAge = time.Minute * 5
+	// K8sClientConfigQPS controls the QPS to be used in K8s REST client configs
+	K8sClientConfigQPS = 25
+	// K8sClientConfigBurst controls the burst to be used in K8s REST client configs
+	K8sClientConfigBurst = 50
 )
 
 // Dex related constants
@@ -138,52 +136,14 @@ const (
 	EnvVarTLSDataPath = "ARGOCD_TLS_DATA_PATH"
 	// Specifies number of git remote operations attempts count
 	EnvGitAttemptsCount = "ARGOCD_GIT_ATTEMPTS_COUNT"
-	// Overrides git submodule support, true by default
-	EnvGitSubmoduleEnabled = "ARGOCD_GIT_MODULES_ENABLED"
-	// EnvK8sClientQPS is the QPS value used for the kubernetes client (default: 50)
-	EnvK8sClientQPS = "ARGOCD_K8S_CLIENT_QPS"
-	// EnvK8sClientBurst is the burst value used for the kubernetes client (default: twice the client QPS)
-	EnvK8sClientBurst = "ARGOCD_K8S_CLIENT_BURST"
-	// EnvK8sClientMaxIdleConnections is the number of max idle connections in K8s REST client HTTP transport (default: 500)
-	EnvK8sClientMaxIdleConnections = "ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS"
 )
 
 const (
 	// MinClientVersion is the minimum client version that can interface with this API server.
 	// When introducing breaking changes to the API or datastructures, this number should be bumped.
 	// The value here may be lower than the current value in VERSION
-	MinClientVersion = "1.4.0"
+	MinClientVersion = "1.3.0"
 	// CacheVersion is a objects version cached using util/cache/cache.go.
 	// Number should be bumped in case of backward incompatible change to make sure cache is invalidated after upgrade.
 	CacheVersion = "1.0.0"
 )
-
-var (
-	// K8sClientConfigQPS controls the QPS to be used in K8s REST client configs
-	K8sClientConfigQPS float32 = 50
-	// K8sClientConfigBurst controls the burst to be used in K8s REST client configs
-	K8sClientConfigBurst int = 100
-	// K8sMaxIdleConnections controls the number of max idle connections in K8s REST client HTTP transport
-	K8sMaxIdleConnections = 500
-)
-
-func init() {
-	if envQPS := os.Getenv(EnvK8sClientQPS); envQPS != "" {
-		if qps, err := strconv.ParseFloat(envQPS, 32); err != nil {
-			K8sClientConfigQPS = float32(qps)
-		}
-	}
-	if envBurst := os.Getenv(EnvK8sClientBurst); envBurst != "" {
-		if burst, err := strconv.Atoi(envBurst); err != nil {
-			K8sClientConfigBurst = burst
-		}
-	} else {
-		K8sClientConfigBurst = 2 * int(K8sClientConfigQPS)
-	}
-
-	if envMaxConn := os.Getenv(EnvK8sClientMaxIdleConnections); envMaxConn != "" {
-		if maxConn, err := strconv.Atoi(envMaxConn); err != nil {
-			K8sMaxIdleConnections = maxConn
-		}
-	}
-}

controller/appcontroller.go

@@ -7,7 +7,6 @@ import (
 	"math"
 	"reflect"
 	"runtime/debug"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -25,9 +24,6 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/workqueue"
 
-	// make sure to register workqueue prometheus metrics
-	_ "k8s.io/kubernetes/pkg/util/workqueue/prometheus"
-
 	"github.com/argoproj/argo-cd/common"
 	statecache "github.com/argoproj/argo-cd/controller/cache"
 	"github.com/argoproj/argo-cd/controller/metrics"
@@ -41,7 +37,7 @@ import (
 	"github.com/argoproj/argo-cd/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/util"
 	"github.com/argoproj/argo-cd/util/argo"
-	appstatecache "github.com/argoproj/argo-cd/util/cache/appstate"
+	argocache "github.com/argoproj/argo-cd/util/cache"
 	"github.com/argoproj/argo-cd/util/db"
 	"github.com/argoproj/argo-cd/util/diff"
 	"github.com/argoproj/argo-cd/util/kube"
@@ -69,37 +65,30 @@ func (a CompareWith) Max(b CompareWith) CompareWith {
 	return CompareWith(math.Max(float64(a), float64(b)))
 }
 
-func (a CompareWith) Pointer() *CompareWith {
-	return &a
-}
-
 // ApplicationController is the controller for application resources.
 type ApplicationController struct {
-	cache                *appstatecache.Cache
-	namespace            string
-	kubeClientset        kubernetes.Interface
-	kubectl              kube.Kubectl
-	applicationClientset appclientset.Interface
-	auditLogger          *argo.AuditLogger
-	// queue contains app namespace/name
-	appRefreshQueue workqueue.RateLimitingInterface
-	// queue contains app namespace/name/comparisonType and used to request app refresh with the predefined comparison type
-	appComparisonTypeRefreshQueue workqueue.RateLimitingInterface
-	appOperationQueue             workqueue.RateLimitingInterface
-	appInformer                   cache.SharedIndexInformer
-	appLister                     applisters.ApplicationLister
-	projInformer                  cache.SharedIndexInformer
-	appStateManager               AppStateManager
-	stateCache                    statecache.LiveStateCache
-	statusRefreshTimeout          time.Duration
-	selfHealTimeout               time.Duration
-	repoClientset                 apiclient.Clientset
-	db                            db.ArgoDB
-	settingsMgr                   *settings_util.SettingsManager
-	refreshRequestedApps          map[string]CompareWith
-	refreshRequestedAppsMutex     *sync.Mutex
-	metricsServer                 *metrics.MetricsServer
-	kubectlSemaphore              *semaphore.Weighted
+	cache                     *argocache.Cache
+	namespace                 string
+	kubeClientset             kubernetes.Interface
+	kubectl                   kube.Kubectl
+	applicationClientset      appclientset.Interface
+	auditLogger               *argo.AuditLogger
+	appRefreshQueue           workqueue.RateLimitingInterface
+	appOperationQueue         workqueue.RateLimitingInterface
+	appInformer               cache.SharedIndexInformer
+	appLister                 applisters.ApplicationLister
+	projInformer              cache.SharedIndexInformer
+	appStateManager           AppStateManager
+	stateCache                statecache.LiveStateCache
+	statusRefreshTimeout      time.Duration
+	selfHealTimeout           time.Duration
+	repoClientset             apiclient.Clientset
+	db                        db.ArgoDB
+	settingsMgr               *settings_util.SettingsManager
+	refreshRequestedApps      map[string]CompareWith
+	refreshRequestedAppsMutex *sync.Mutex
+	metricsServer             *metrics.MetricsServer
+	kubectlSemaphore          *semaphore.Weighted
 }
 
 type ApplicationControllerConfig struct {
@@ -114,32 +103,30 @@ func NewApplicationController(
 	kubeClientset kubernetes.Interface,
 	applicationClientset appclientset.Interface,
 	repoClientset apiclient.Clientset,
-	argoCache *appstatecache.Cache,
+	argoCache *argocache.Cache,
 	kubectl kube.Kubectl,
 	appResyncPeriod time.Duration,
 	selfHealTimeout time.Duration,
 	metricsPort int,
 	kubectlParallelismLimit int64,
 ) (*ApplicationController, error) {
-	log.Infof("appResyncPeriod=%v", appResyncPeriod)
 	db := db.NewDB(namespace, settingsMgr, kubeClientset)
 	ctrl := ApplicationController{
-		cache:                         argoCache,
-		namespace:                     namespace,
-		kubeClientset:                 kubeClientset,
-		kubectl:                       kubectl,
-		applicationClientset:          applicationClientset,
-		repoClientset:                 repoClientset,
-		appRefreshQueue:               workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "app_reconciliation_queue"),
-		appOperationQueue:             workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "app_operation_processing_queue"),
-		appComparisonTypeRefreshQueue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()),
-		db:                            db,
-		statusRefreshTimeout:          appResyncPeriod,
-		refreshRequestedApps:          make(map[string]CompareWith),
-		refreshRequestedAppsMutex:     &sync.Mutex{},
-		auditLogger:                   argo.NewAuditLogger(namespace, kubeClientset, "argocd-application-controller"),
-		settingsMgr:                   settingsMgr,
-		selfHealTimeout:               selfHealTimeout,
+		cache:                     argoCache,
+		namespace:                 namespace,
+		kubeClientset:             kubeClientset,
+		kubectl:                   kubectl,
+		applicationClientset:      applicationClientset,
+		repoClientset:             repoClientset,
+		appRefreshQueue:           workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()),
+		appOperationQueue:         workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()),
+		db:                        db,
+		statusRefreshTimeout:      appResyncPeriod,
+		refreshRequestedApps:      make(map[string]CompareWith),
+		refreshRequestedAppsMutex: &sync.Mutex{},
+		auditLogger:               argo.NewAuditLogger(namespace, kubeClientset, "argocd-application-controller"),
+		settingsMgr:               settingsMgr,
+		selfHealTimeout:           selfHealTimeout,
 	}
 	if kubectlParallelismLimit > 0 {
 		ctrl.kubectlSemaphore = semaphore.NewWeighted(kubectlParallelismLimit)
@@ -167,10 +154,6 @@ func NewApplicationController(
 	return &ctrl, nil
 }
 
-func (ctrl *ApplicationController) GetMetricsServer() *metrics.MetricsServer {
-	return ctrl.metricsServer
-}
-
 func (ctrl *ApplicationController) onKubectlRun(command string) (util.Closer, error) {
 	ctrl.metricsServer.IncKubectlExec(command)
 	if ctrl.kubectlSemaphore != nil {
@@ -212,7 +195,7 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b
 					continue
 				}
 				// exclude resource unless it is permitted in the app project. If project is not permitted then it is not controlled by the user and there is no point showing the warning.
-				if proj, err := ctrl.getAppProj(app); err == nil && proj.IsGroupKindPermitted(ref.GroupVersionKind().GroupKind(), true) &&
+				if proj, err := ctrl.getAppProj(app); err == nil && proj.IsResourcePermitted(metav1.GroupKind{Group: ref.GroupVersionKind().Group, Kind: ref.Kind}, true) &&
 					!isKnownOrphanedResourceExclusion(kube.NewResourceKey(ref.GroupVersionKind().Group, ref.GroupVersionKind().Kind, ref.Namespace, ref.Name)) {
 
 					managedByApp[app.Name] = false
@@ -221,17 +204,22 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b
 		}
 	}
 	for appName, isManagedResource := range managedByApp {
+		skipForceRefresh := false
+
 		obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(ctrl.namespace + "/" + appName)
 		if app, ok := obj.(*appv1.Application); exists && err == nil && ok && isSelfReferencedApp(app, ref) {
 			// Don't force refresh app if related resource is application itself. This prevents infinite reconciliation loop.
-			continue
+			skipForceRefresh = true
 		}
 
-		level := ComparisonWithNothing
-		if isManagedResource {
-			level = CompareWithRecent
+		if !skipForceRefresh {
+			level := ComparisonWithNothing
+			if isManagedResource {
+				level = CompareWithRecent
+			}
+			ctrl.requestAppRefresh(appName, level)
 		}
-		ctrl.requestAppRefresh(appName, &level, nil)
+		ctrl.appRefreshQueue.Add(fmt.Sprintf("%s/%s", ctrl.namespace, appName))
 	}
 }
 
@@ -314,7 +302,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 	}
 	orphanedNodes := make([]appv1.ResourceNode, 0)
 	for k := range orphanedNodesMap {
-		if k.Namespace != "" && proj.IsGroupKindPermitted(k.GroupKind(), true) && !isKnownOrphanedResourceExclusion(k) {
+		if k.Namespace != "" && proj.IsResourcePermitted(metav1.GroupKind{Group: k.Group, Kind: k.Kind}, true) && !isKnownOrphanedResourceExclusion(k) {
 			err := ctrl.stateCache.IterateHierarchy(a.Spec.Destination.Server, k, func(child appv1.ResourceNode, appName string) {
 				belongToAnotherApp := false
 				if appName != "" {
@@ -363,11 +351,7 @@ func (ctrl *ApplicationController) managedResources(comparisonResult *comparison
 			if err != nil {
 				return nil, err
 			}
-			resDiffPtr, err := diff.Diff(target, live, comparisonResult.diffNormalizer)
-			if err != nil {
-				return nil, err
-			}
-			resDiff = *resDiffPtr
+			resDiff = *diff.Diff(target, live, comparisonResult.diffNormalizer)
 		}
 
 		if live != nil {
@@ -394,8 +378,6 @@ func (ctrl *ApplicationController) managedResources(comparisonResult *comparison
 			return nil, err
 		}
 		item.Diff = jsonDiff
-		item.PredictedLiveState = string(resDiff.PredictedLive)
-		item.NormalizedLiveState = string(resDiff.NormalizedLive)
 
 		items[i] = &item
 	}
@@ -406,10 +388,7 @@ func (ctrl *ApplicationController) managedResources(comparisonResult *comparison
 func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int, operationProcessors int) {
 	defer runtime.HandleCrash()
 	defer ctrl.appRefreshQueue.ShutDown()
-	defer ctrl.appComparisonTypeRefreshQueue.ShutDown()
-	defer ctrl.appOperationQueue.ShutDown()
 
-	ctrl.metricsServer.RegisterClustersInfoSource(ctx, ctrl.stateCache)
 	go ctrl.appInformer.Run(ctx.Done())
 	go ctrl.projInformer.Run(ctx.Done())
 
@@ -435,30 +414,13 @@ func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int
 		}, time.Second, ctx.Done())
 	}
 
-	go wait.Until(func() {
-		for ctrl.processAppComparisonTypeQueueItem() {
-		}
-	}, time.Second, ctx.Done())
 	<-ctx.Done()
 }
 
-func (ctrl *ApplicationController) requestAppRefresh(appName string, compareWith *CompareWith, after *time.Duration) {
-	key := fmt.Sprintf("%s/%s", ctrl.namespace, appName)
-
-	if compareWith != nil && after != nil {
-		ctrl.appComparisonTypeRefreshQueue.AddAfter(fmt.Sprintf("%s/%d", key, compareWith), *after)
-	} else {
-		if compareWith != nil {
-			ctrl.refreshRequestedAppsMutex.Lock()
-			ctrl.refreshRequestedApps[appName] = compareWith.Max(ctrl.refreshRequestedApps[appName])
-			ctrl.refreshRequestedAppsMutex.Unlock()
-		}
-		if after != nil {
-			ctrl.appRefreshQueue.AddAfter(key, *after)
-		} else {
-			ctrl.appRefreshQueue.Add(key)
-		}
-	}
+func (ctrl *ApplicationController) requestAppRefresh(appName string, compareWith CompareWith) {
+	ctrl.refreshRequestedAppsMutex.Lock()
+	defer ctrl.refreshRequestedAppsMutex.Unlock()
+	ctrl.refreshRequestedApps[appName] = compareWith.Max(ctrl.refreshRequestedApps[appName])
 }
 
 func (ctrl *ApplicationController) isRefreshRequested(appName string) (bool, CompareWith) {
@@ -502,7 +464,7 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b
 	if app.Operation != nil {
 		ctrl.processRequestedAppOperation(app)
 	} else if app.DeletionTimestamp != nil && app.CascadedDeletion() {
-		_, err = ctrl.finalizeApplicationDeletion(app)
+		err = ctrl.finalizeApplicationDeletion(app)
 		if err != nil {
 			ctrl.setAppCondition(app, appv1.ApplicationCondition{
 				Type:    appv1.ApplicationConditionDeletionError,
@@ -515,54 +477,11 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b
 	return
 }
 
-func (ctrl *ApplicationController) processAppComparisonTypeQueueItem() (processNext bool) {
-	key, shutdown := ctrl.appComparisonTypeRefreshQueue.Get()
-	processNext = true
-
-	defer func() {
-		if r := recover(); r != nil {
-			log.Errorf("Recovered from panic: %+v\n%s", r, debug.Stack())
-		}
-		ctrl.appComparisonTypeRefreshQueue.Done(key)
-	}()
-	if shutdown {
-		processNext = false
-		return
-	}
-
-	if parts := strings.Split(key.(string), "/"); len(parts) != 3 {
-		log.Warnf("Unexpected key format in appComparisonTypeRefreshTypeQueue. Key should consists of namespace/name/comparisonType but got: %s", key.(string))
-	} else {
-		if compareWith, err := strconv.Atoi(parts[2]); err != nil {
-			log.Warnf("Unable to parse comparison type: %v", err)
-			return
-		} else {
-			ctrl.requestAppRefresh(parts[1], CompareWith(compareWith).Pointer(), nil)
-		}
-	}
-	return
-}
-
-// shouldbeDeleted returns whether a given resource obj should be deleted on cascade delete of application app
-func (ctrl *ApplicationController) shouldBeDeleted(app *appv1.Application, obj *unstructured.Unstructured) bool {
+func shouldBeDeleted(app *appv1.Application, obj *unstructured.Unstructured) bool {
 	return !kube.IsCRD(obj) && !isSelfReferencedApp(app, kube.GetObjectRef(obj))
 }
 
-func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Application, proj *appv1.AppProject) (map[kube.ResourceKey]*unstructured.Unstructured, error) {
-	objsMap, err := ctrl.stateCache.GetManagedLiveObjs(app, []*unstructured.Unstructured{})
-	if err != nil {
-		return nil, err
-	}
-	// Don't delete live resources which are not permitted in the app project
-	for k, v := range objsMap {
-		if !proj.IsLiveResourcePermitted(v, app.Spec.Destination.Server) {
-			delete(objsMap, k)
-		}
-	}
-	return objsMap, nil
-}
-
-func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Application) ([]*unstructured.Unstructured, error) {
+func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Application) error {
 	logCtx := log.WithField("application", app.Name)
 	logCtx.Infof("Deleting resources")
 	// Get refreshed application info, since informer app copy might be stale
@@ -571,28 +490,23 @@ func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Applic
 		if !apierr.IsNotFound(err) {
 			logCtx.Errorf("Unable to get refreshed application info prior deleting resources: %v", err)
 		}
-		return nil, nil
-	}
-	proj, err := ctrl.getAppProj(app)
-	if err != nil {
-		return nil, err
+		return nil
 	}
 
-	objsMap, err := ctrl.getPermittedAppLiveObjects(app, proj)
+	objsMap, err := ctrl.stateCache.GetManagedLiveObjs(app, []*unstructured.Unstructured{})
 	if err != nil {
-		return nil, err
+		return err
 	}
-
 	objs := make([]*unstructured.Unstructured, 0)
 	for k := range objsMap {
-		if ctrl.shouldBeDeleted(app, objsMap[k]) && objsMap[k].GetDeletionTimestamp() == nil {
+		if objsMap[k].GetDeletionTimestamp() == nil && shouldBeDeleted(app, objsMap[k]) {
 			objs = append(objs, objsMap[k])
 		}
 	}
 
 	cluster, err := ctrl.db.GetCluster(context.Background(), app.Spec.Destination.Server)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	config := metrics.AddMetricsTransportWrapper(ctrl.metricsServer, app, cluster.RESTConfig())
 
@@ -601,30 +515,29 @@ func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Applic
 		return ctrl.kubectl.DeleteResource(config, obj.GroupVersionKind(), obj.GetName(), obj.GetNamespace(), false)
 	})
 	if err != nil {
-		return objs, err
+		return err
 	}
 
-	objsMap, err = ctrl.getPermittedAppLiveObjects(app, proj)
+	objsMap, err = ctrl.stateCache.GetManagedLiveObjs(app, []*unstructured.Unstructured{})
 	if err != nil {
-		return nil, err
+		return err
 	}
-
 	for k, obj := range objsMap {
-		if !ctrl.shouldBeDeleted(app, obj) {
+		if !shouldBeDeleted(app, obj) {
 			delete(objsMap, k)
 		}
 	}
 	if len(objsMap) > 0 {
 		logCtx.Infof("%d objects remaining for deletion", len(objsMap))
-		return objs, nil
+		return nil
 	}
 	err = ctrl.cache.SetAppManagedResources(app.Name, nil)
 	if err != nil {
-		return objs, err
+		return err
 	}
 	err = ctrl.cache.SetAppResourcesTree(app.Name, nil)
 	if err != nil {
-		return objs, err
+		return err
 	}
 	app.SetCascadedDeletion(false)
 	var patch []byte
@@ -635,16 +548,26 @@ func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Applic
 	})
 	_, err = ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Patch(app.Name, types.MergePatchType, patch)
 	if err != nil {
-		return objs, err
+		return err
 	}
 
-	logCtx.Infof("Successfully deleted %d resources", len(objs))
-	return objs, nil
+	logCtx.Info("Successfully deleted resources")
+	return nil
 }
 
 func (ctrl *ApplicationController) setAppCondition(app *appv1.Application, condition appv1.ApplicationCondition) {
-	app.Status.SetConditions([]appv1.ApplicationCondition{condition}, map[appv1.ApplicationConditionType]bool{condition.Type: true})
-
+	index := -1
+	for i, exiting := range app.Status.Conditions {
+		if exiting.Type == condition.Type {
+			index = i
+			break
+		}
+	}
+	if index > -1 {
+		app.Status.Conditions[index] = condition
+	} else {
+		app.Status.Conditions = append(app.Status.Conditions, condition)
+	}
 	var patch []byte
 	patch, err := json.Marshal(map[string]interface{}{
 		"status": map[string]interface{}{
@@ -719,9 +642,10 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 	if state.Phase.Completed() {
 		// if we just completed an operation, force a refresh so that UI will report up-to-date
 		// sync/health information
-		if _, err := cache.MetaNamespaceKeyFunc(app); err == nil {
+		if key, err := cache.MetaNamespaceKeyFunc(app); err == nil {
 			// force app refresh with using CompareWithLatest comparison type and trigger app reconciliation loop
-			ctrl.requestAppRefresh(app.Name, CompareWithLatest.Pointer(), nil)
+			ctrl.requestAppRefresh(app.Name, CompareWithLatest)
+			ctrl.appRefreshQueue.Add(key)
 		} else {
 			logCtx.Warnf("Fails to requeue application: %v", err)
 		}
@@ -825,37 +749,29 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		return
 	}
 
-	app := origApp.DeepCopy()
-	logCtx := log.WithFields(log.Fields{"application": app.Name})
 	startTime := time.Now()
 	defer func() {
 		reconcileDuration := time.Since(startTime)
 		ctrl.metricsServer.IncReconcile(origApp, reconcileDuration)
-		logCtx.WithFields(log.Fields{
-			"time_ms":        reconcileDuration.Milliseconds(),
+		logCtx := log.WithFields(log.Fields{
+			"application":    origApp.Name,
+			"time_ms":        reconcileDuration.Seconds() * 1e3,
 			"level":          comparisonLevel,
 			"dest-server":    origApp.Spec.Destination.Server,
 			"dest-namespace": origApp.Spec.Destination.Namespace,
-		}).Info("Reconciliation completed")
+		})
+		logCtx.Info("Reconciliation completed")
 	}()
 
+	app := origApp.DeepCopy()
+	logCtx := log.WithFields(log.Fields{"application": app.Name})
 	if comparisonLevel == ComparisonWithNothing {
 		managedResources := make([]*appv1.ResourceDiff, 0)
 		if err := ctrl.cache.GetAppManagedResources(app.Name, &managedResources); err != nil {
 			logCtx.Warnf("Failed to get cached managed resources for tree reconciliation, fallback to full reconciliation")
 		} else {
 			if tree, err := ctrl.getResourceTree(app, managedResources); err != nil {
-				app.Status.SetConditions(
-					[]appv1.ApplicationCondition{
-						{
-							Type:    appv1.ApplicationConditionComparisonError,
-							Message: err.Error(),
-						},
-					},
-					map[appv1.ApplicationConditionType]bool{
-						appv1.ApplicationConditionComparisonError: true,
-					},
-				)
+				app.Status.Conditions = []appv1.ApplicationCondition{{Type: appv1.ApplicationConditionComparisonError, Message: err.Error()}}
 			} else {
 				app.Status.Summary = tree.GetSummary()
 				if err = ctrl.cache.SetAppResourcesTree(app.Name, tree); err != nil {
@@ -870,7 +786,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		}
 	}
 
-	project, hasErrors := ctrl.refreshAppConditions(app)
+	hasErrors := ctrl.refreshAppConditions(app)
 	if hasErrors {
 		app.Status.Sync.Status = appv1.SyncStatusCodeUnknown
 		app.Status.Health.Status = appv1.HealthStatusUnknown
@@ -889,10 +805,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 	}
 
 	observedAt := metav1.Now()
-	compareResult := ctrl.appStateManager.CompareAppState(app, project, revision, app.Spec.Source, refreshType == appv1.RefreshTypeHard, localManifests)
-	for k, v := range compareResult.timings {
-		logCtx = logCtx.WithField(k, v.Milliseconds())
-	}
+	compareResult := ctrl.appStateManager.CompareAppState(app, revision, app.Spec.Source, refreshType == appv1.RefreshTypeHard, localManifests)
 
 	ctrl.normalizeApplication(origApp, app)
 
@@ -903,21 +816,20 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		app.Status.Summary = tree.GetSummary()
 	}
 
-	if project.Spec.SyncWindows.Matches(app).CanSync(false) {
-		syncErrCond := ctrl.autoSync(app, compareResult.syncStatus, compareResult.resources)
-		if syncErrCond != nil {
-			app.Status.SetConditions(
-				[]appv1.ApplicationCondition{*syncErrCond},
-				map[appv1.ApplicationConditionType]bool{appv1.ApplicationConditionSyncError: true},
-			)
-		} else {
-			app.Status.SetConditions(
-				[]appv1.ApplicationCondition{},
-				map[appv1.ApplicationConditionType]bool{appv1.ApplicationConditionSyncError: true},
-			)
-		}
+	project, err := ctrl.getAppProj(app)
+	if err != nil {
+		logCtx.Infof("Could not lookup project for %s in order to check schedules state", app.Name)
 	} else {
-		logCtx.Info("Sync prevented by sync window")
+		if project.Spec.SyncWindows.Matches(app).CanSync(false) {
+			syncErrCond := ctrl.autoSync(app, compareResult.syncStatus, compareResult.resources)
+			if syncErrCond != nil {
+				app.Status.SetConditions([]appv1.ApplicationCondition{*syncErrCond}, map[appv1.ApplicationConditionType]bool{appv1.ApplicationConditionSyncError: true})
+			} else {
+				app.Status.SetConditions([]appv1.ApplicationCondition{}, map[appv1.ApplicationConditionType]bool{appv1.ApplicationConditionSyncError: true})
+			}
+		} else {
+			logCtx.Infof("Sync prevented by sync window")
+		}
 	}
 
 	if app.Status.ReconciledAt == nil || comparisonLevel == CompareWithLatest {
@@ -948,14 +860,7 @@ func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application,
 		refreshType = requestedType
 		reason = fmt.Sprintf("%s refresh requested", refreshType)
 	} else if expired {
-		// The commented line below mysteriously crashes if app.Status.ReconciledAt is nil
-		// reason = fmt.Sprintf("comparison expired. reconciledAt: %v, expiry: %v", app.Status.ReconciledAt, statusRefreshTimeout)
-		//TODO: find existing Golang bug or create a new one
-		reconciledAtStr := "never"
-		if app.Status.ReconciledAt != nil {
-			reconciledAtStr = app.Status.ReconciledAt.String()
-		}
-		reason = fmt.Sprintf("comparison expired. reconciledAt: %v, expiry: %v", reconciledAtStr, statusRefreshTimeout)
+		reason = fmt.Sprintf("comparison expired. reconciledAt: %v, expiry: %v", app.Status.ReconciledAt, statusRefreshTimeout)
 	} else if !app.Spec.Source.Equals(app.Status.Sync.ComparedTo.Source) {
 		reason = "spec.source differs"
 	} else if !app.Spec.Destination.Equals(app.Status.Sync.ComparedTo.Destination) {
@@ -972,7 +877,7 @@ func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application,
 	return false, refreshType, compareWith
 }
 
-func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application) (*appv1.AppProject, bool) {
+func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application) bool {
 	errorConditions := make([]appv1.ApplicationCondition, 0)
 	proj, err := ctrl.getAppProj(app)
 	if err != nil {
@@ -1002,7 +907,7 @@ func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application)
 		appv1.ApplicationConditionInvalidSpecError: true,
 		appv1.ApplicationConditionUnknownError:     true,
 	})
-	return proj, len(errorConditions) > 0
+	return len(errorConditions) > 0
 }
 
 // normalizeApplication normalizes an application.spec and additionally persists updates if it changed
@@ -1085,30 +990,14 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 		return nil
 	}
 
-	if !app.Spec.SyncPolicy.Automated.Prune {
-		requirePruneOnly := true
-		for _, r := range resources {
-			if r.Status != appv1.SyncStatusCodeSynced && !r.RequiresPruning {
-				requirePruneOnly = false
-				break
-			}
-		}
-		if requirePruneOnly {
-			logCtx.Infof("Skipping auto-sync: need to prune extra resources only but automated prune is disabled")
-			return nil
-		}
-	}
-
 	desiredCommitSHA := syncStatus.Revision
 	alreadyAttempted, attemptPhase := alreadyAttemptedSync(app, desiredCommitSHA)
 	selfHeal := app.Spec.SyncPolicy.Automated.SelfHeal
 	op := appv1.Operation{
 		Sync: &appv1.SyncOperation{
-			Revision:    desiredCommitSHA,
-			Prune:       app.Spec.SyncPolicy.Automated.Prune,
-			SyncOptions: app.Spec.SyncPolicy.SyncOptions,
+			Revision: desiredCommitSHA,
+			Prune:    app.Spec.SyncPolicy.Automated.Prune,
 		},
-		InitiatedBy: appv1.OperationInitiator{Automated: true},
 	}
 	// It is possible for manifests to remain OutOfSync even after a sync/kubectl apply (e.g.
 	// auto-sync with pruning disabled). We need to ensure that we do not keep Syncing an
@@ -1135,7 +1024,12 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 			}
 		} else {
 			logCtx.Infof("Skipping auto-sync: already attempted sync to %s with timeout %v (retrying in %v)", desiredCommitSHA, ctrl.selfHealTimeout, retryAfter)
-			ctrl.requestAppRefresh(app.Name, CompareWithLatest.Pointer(), &retryAfter)
+			if key, err := cache.MetaNamespaceKeyFunc(app); err == nil {
+				ctrl.requestAppRefresh(app.Name, CompareWithLatest)
+				ctrl.appRefreshQueue.AddAfter(key, retryAfter)
+			} else {
+				logCtx.Warnf("Fails to requeue application: %v", err)
+			}
 			return nil
 		}
 
@@ -1208,14 +1102,15 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar
 				if err != nil {
 					return
 				}
-				var compareWith *CompareWith
 				oldApp, oldOK := old.(*appv1.Application)
 				newApp, newOK := new.(*appv1.Application)
-				if oldOK && newOK && automatedSyncEnabled(oldApp, newApp) {
-					log.WithField("application", newApp.Name).Info("Enabled automated sync")
-					compareWith = CompareWithLatest.Pointer()
+				if oldOK && newOK {
+					if toggledAutomatedSync(oldApp, newApp) {
+						log.WithField("application", newApp.Name).Info("Enabled automated sync")
+						ctrl.requestAppRefresh(newApp.Name, CompareWithLatest)
+					}
 				}
-				ctrl.requestAppRefresh(newApp.Name, compareWith, nil)
+				ctrl.appRefreshQueue.Add(key)
 				ctrl.appOperationQueue.Add(key)
 			},
 			DeleteFunc: func(obj interface{}) {
@@ -1252,26 +1147,14 @@ func isOperationInProgress(app *appv1.Application) bool {
 	return app.Status.OperationState != nil && !app.Status.OperationState.Phase.Completed()
 }
 
-// automatedSyncEnabled tests if an app went from auto-sync disabled to enabled.
+// toggledAutomatedSync tests if an app went from auto-sync disabled to enabled.
 // if it was toggled to be enabled, the informer handler will force a refresh
-func automatedSyncEnabled(oldApp *appv1.Application, newApp *appv1.Application) bool {
-	oldEnabled := false
-	oldSelfHealEnabled := false
-	if oldApp.Spec.SyncPolicy != nil && oldApp.Spec.SyncPolicy.Automated != nil {
-		oldEnabled = true
-		oldSelfHealEnabled = oldApp.Spec.SyncPolicy.Automated.SelfHeal
+func toggledAutomatedSync(old *appv1.Application, new *appv1.Application) bool {
+	if new.Spec.SyncPolicy == nil || new.Spec.SyncPolicy.Automated == nil {
+		return false
 	}
-
-	newEnabled := false
-	newSelfHealEnabled := false
-	if newApp.Spec.SyncPolicy != nil && newApp.Spec.SyncPolicy.Automated != nil {
-		newEnabled = true
-		newSelfHealEnabled = newApp.Spec.SyncPolicy.Automated.SelfHeal
-	}
-	if !oldEnabled && newEnabled {
-		return true
-	}
-	if !oldSelfHealEnabled && newSelfHealEnabled {
+	// auto-sync is enabled. check if it was previously disabled
+	if old.Spec.SyncPolicy == nil || old.Spec.SyncPolicy.Automated == nil {
 		return true
 	}
 	// nothing changed

controller/appcontroller_test.go

@@ -27,8 +27,7 @@ import (
 	mockrepoclient "github.com/argoproj/argo-cd/reposerver/apiclient/mocks"
 	mockreposerver "github.com/argoproj/argo-cd/reposerver/mocks"
 	"github.com/argoproj/argo-cd/test"
-	cacheutil "github.com/argoproj/argo-cd/util/cache"
-	appstatecache "github.com/argoproj/argo-cd/util/cache/appstate"
+	utilcache "github.com/argoproj/argo-cd/util/cache"
 	"github.com/argoproj/argo-cd/util/kube"
 	"github.com/argoproj/argo-cd/util/kube/kubetest"
 	"github.com/argoproj/argo-cd/util/settings"
@@ -89,10 +88,7 @@ func newFakeController(data *fakeData) *ApplicationController {
 		kubeClient,
 		appclientset.NewSimpleClientset(data.apps...),
 		&mockRepoClientset,
-		appstatecache.NewCache(
-			cacheutil.NewCache(cacheutil.NewInMemoryCache(1*time.Minute)),
-			1*time.Minute,
-		),
+		utilcache.NewCache(utilcache.NewInMemoryCache(1*time.Hour)),
 		kubectl,
 		time.Minute,
 		time.Minute,
@@ -111,7 +107,6 @@ func newFakeController(data *fakeData) *ApplicationController {
 	ctrl.stateCache = &mockStateCache
 	mockStateCache.On("IsNamespaced", mock.Anything, mock.Anything).Return(true, nil)
 	mockStateCache.On("GetManagedLiveObjs", mock.Anything, mock.Anything).Return(data.managedLiveObjs, nil)
-	mockStateCache.On("GetVersionsInfo", mock.Anything).Return("v1.2.3", nil, nil)
 	response := make(map[kube.ResourceKey]argoappv1.ResourceNode)
 	for k, v := range data.namespacedResources {
 		response[k] = v.ResourceNode
@@ -192,17 +187,6 @@ status:
         repoURL: https://github.com/argoproj/argocd-example-apps.git
 `
 
-var fakeStrayResource = `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: test-cm
-  namespace: invalid
-  labels:
-    app.kubernetes.io/instance: my-app
-data:
-`
-
 func newFakeApp() *argoappv1.Application {
 	var app argoappv1.Application
 	err := yaml.Unmarshal([]byte(fakeApp), &app)
@@ -212,15 +196,6 @@ func newFakeApp() *argoappv1.Application {
 	return &app
 }
 
-func newFakeCM() map[string]interface{} {
-	var cm map[string]interface{}
-	err := yaml.Unmarshal([]byte(fakeStrayResource), &cm)
-	if err != nil {
-		panic(err)
-	}
-	return cm
-}
-
 func TestAutoSync(t *testing.T) {
 	app := newFakeApp()
 	ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}})
@@ -228,7 +203,7 @@ func TestAutoSync(t *testing.T) {
 		Status:   argoappv1.SyncStatusCodeOutOfSync,
 		Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
 	}
-	cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}})
+	cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{})
 	assert.Nil(t, cond)
 	app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 	assert.NoError(t, err)
@@ -240,7 +215,7 @@ func TestAutoSync(t *testing.T) {
 func TestSkipAutoSync(t *testing.T) {
 	// Verify we skip when we previously synced to it in our most recent history
 	// Set current to 'aaaaa', desired to 'aaaa' and mark system OutOfSync
-	t.Run("PreviouslySyncedToRevision", func(t *testing.T) {
+	{
 		app := newFakeApp()
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}})
 		syncStatus := argoappv1.SyncStatus{
@@ -252,10 +227,10 @@ func TestSkipAutoSync(t *testing.T) {
 		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 		assert.NoError(t, err)
 		assert.Nil(t, app.Operation)
-	})
+	}
 
 	// Verify we skip when we are already Synced (even if revision is different)
-	t.Run("AlreadyInSyncedState", func(t *testing.T) {
+	{
 		app := newFakeApp()
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}})
 		syncStatus := argoappv1.SyncStatus{
@@ -267,10 +242,10 @@ func TestSkipAutoSync(t *testing.T) {
 		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 		assert.NoError(t, err)
 		assert.Nil(t, app.Operation)
-	})
+	}
 
 	// Verify we skip when auto-sync is disabled
-	t.Run("AutoSyncIsDisabled", func(t *testing.T) {
+	{
 		app := newFakeApp()
 		app.Spec.SyncPolicy = nil
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}})
@@ -283,10 +258,10 @@ func TestSkipAutoSync(t *testing.T) {
 		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 		assert.NoError(t, err)
 		assert.Nil(t, app.Operation)
-	})
+	}
 
 	// Verify we skip when application is marked for deletion
-	t.Run("ApplicationIsMarkedForDeletion", func(t *testing.T) {
+	{
 		app := newFakeApp()
 		now := metav1.Now()
 		app.DeletionTimestamp = &now
@@ -300,11 +275,11 @@ func TestSkipAutoSync(t *testing.T) {
 		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 		assert.NoError(t, err)
 		assert.Nil(t, app.Operation)
-	})
+	}
 
 	// Verify we skip when previous sync attempt failed and return error condition
 	// Set current to 'aaaaa', desired to 'bbbbb' and add 'bbbbb' to failure history
-	t.Run("PreviousSyncAttemptFailed", func(t *testing.T) {
+	{
 		app := newFakeApp()
 		app.Status.OperationState = &argoappv1.OperationState{
 			Operation: argoappv1.Operation{
@@ -321,28 +296,12 @@ func TestSkipAutoSync(t *testing.T) {
 			Status:   argoappv1.SyncStatusCodeOutOfSync,
 			Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
 		}
-		cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}})
+		cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{})
 		assert.NotNil(t, cond)
 		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 		assert.NoError(t, err)
 		assert.Nil(t, app.Operation)
-	})
-
-	t.Run("NeedsToPruneResourcesOnlyButAutomatedPruneDisabled", func(t *testing.T) {
-		app := newFakeApp()
-		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}})
-		syncStatus := argoappv1.SyncStatus{
-			Status:   argoappv1.SyncStatusCodeOutOfSync,
-			Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
-		}
-		cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{
-			{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync, RequiresPruning: true},
-		})
-		assert.Nil(t, cond)
-		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
-		assert.NoError(t, err)
-		assert.Nil(t, app.Operation)
-	})
+	}
 }
 
 // TestAutoSyncIndicateError verifies we skip auto-sync and return error condition if previous sync failed
@@ -373,7 +332,7 @@ func TestAutoSyncIndicateError(t *testing.T) {
 			Source:   *app.Spec.Source.DeepCopy(),
 		},
 	}
-	cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}})
+	cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{})
 	assert.NotNil(t, cond)
 	app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 	assert.NoError(t, err)
@@ -416,7 +375,7 @@ func TestAutoSyncParameterOverrides(t *testing.T) {
 			Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 		},
 	}
-	cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}})
+	cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{})
 	assert.Nil(t, cond)
 	app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get("my-app", metav1.GetOptions{})
 	assert.NoError(t, err)
@@ -425,118 +384,27 @@ func TestAutoSyncParameterOverrides(t *testing.T) {
 
 // TestFinalizeAppDeletion verifies application deletion
 func TestFinalizeAppDeletion(t *testing.T) {
-	// Ensure app can be deleted cascading
-	{
-		defaultProj := argoappv1.AppProject{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "default",
-				Namespace: test.FakeArgoCDNamespace,
-			},
-			Spec: argoappv1.AppProjectSpec{
-				SourceRepos: []string{"*"},
-				Destinations: []argoappv1.ApplicationDestination{
-					{
-						Server:    "*",
-						Namespace: "*",
-					},
-				},
-			},
-		}
-		app := newFakeApp()
-		app.Spec.Destination.Namespace = test.FakeArgoCDNamespace
-		appObj := kube.MustToUnstructured(&app)
-		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}, managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
-			kube.GetResourceKey(appObj): appObj,
-		}})
+	app := newFakeApp()
+	app.Spec.Destination.Namespace = test.FakeArgoCDNamespace
+	appObj := kube.MustToUnstructured(&app)
+	ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}, managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
+		kube.GetResourceKey(appObj): appObj,
+	}})
 
-		patched := false
-		fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset)
-		defaultReactor := fakeAppCs.ReactionChain[0]
-		fakeAppCs.ReactionChain = nil
-		fakeAppCs.AddReactor("get", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
-			return defaultReactor.React(action)
-		})
-		fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
-			patched = true
-			return true, nil, nil
-		})
-		_, err := ctrl.finalizeApplicationDeletion(app)
-		assert.NoError(t, err)
-		assert.True(t, patched)
-	}
-
-	// Ensure any stray resources irregulary labeled with instance label of app are not deleted upon deleting,
-	// when app project restriction is in place
-	{
-		defaultProj := argoappv1.AppProject{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "default",
-				Namespace: test.FakeArgoCDNamespace,
-			},
-			Spec: argoappv1.AppProjectSpec{
-				SourceRepos: []string{"*"},
-				Destinations: []argoappv1.ApplicationDestination{
-					{
-						Server:    "*",
-						Namespace: "*",
-					},
-				},
-			},
-		}
-		restrictedProj := argoappv1.AppProject{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "restricted",
-				Namespace: test.FakeArgoCDNamespace,
-			},
-			Spec: argoappv1.AppProjectSpec{
-				SourceRepos: []string{"*"},
-				Destinations: []argoappv1.ApplicationDestination{
-					{
-						Server:    "*",
-						Namespace: "my-app",
-					},
-				},
-			},
-		}
-		app := newFakeApp()
-		app.Spec.Destination.Namespace = test.FakeArgoCDNamespace
-		app.Spec.Project = "restricted"
-		appObj := kube.MustToUnstructured(&app)
-		cm := newFakeCM()
-		strayObj := kube.MustToUnstructured(&cm)
-		ctrl := newFakeController(&fakeData{
-			apps: []runtime.Object{app, &defaultProj, &restrictedProj},
-			managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
-				kube.GetResourceKey(appObj):   appObj,
-				kube.GetResourceKey(strayObj): strayObj,
-			},
-		})
-
-		patched := false
-		fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset)
-		defaultReactor := fakeAppCs.ReactionChain[0]
-		fakeAppCs.ReactionChain = nil
-		fakeAppCs.AddReactor("get", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
-			return defaultReactor.React(action)
-		})
-		fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
-			patched = true
-			return true, nil, nil
-		})
-		objs, err := ctrl.finalizeApplicationDeletion(app)
-		assert.NoError(t, err)
-		assert.True(t, patched)
-		objsMap, err := ctrl.stateCache.GetManagedLiveObjs(app, []*unstructured.Unstructured{})
-		if err != nil {
-			assert.NoError(t, err)
-		}
-		// Managed objects must be empty
-		assert.Empty(t, objsMap)
-		// Loop through all deleted objects, ensure that test-cm is none of them
-		for _, o := range objs {
-			assert.NotEqual(t, "test-cm", o.GetName())
-		}
-	}
+	patched := false
+	fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset)
+	defaultReactor := fakeAppCs.ReactionChain[0]
+	fakeAppCs.ReactionChain = nil
+	fakeAppCs.AddReactor("get", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
+		return defaultReactor.React(action)
+	})
+	fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
+		patched = true
+		return true, nil, nil
+	})
+	err := ctrl.finalizeApplicationDeletion(app)
+	assert.NoError(t, err)
+	assert.True(t, patched)
 }
 
 // TestNormalizeApplication verifies we normalize an application during reconciliation
@@ -689,8 +557,8 @@ func TestNeedRefreshAppStatus(t *testing.T) {
 	assert.False(t, needRefresh)
 
 	// refresh app using the 'deepest' requested comparison level
-	ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
-	ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil)
+	ctrl.requestAppRefresh(app.Name, CompareWithRecent)
+	ctrl.requestAppRefresh(app.Name, ComparisonWithNothing)
 
 	needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 1*time.Hour)
 	assert.True(t, needRefresh)
@@ -708,7 +576,7 @@ func TestNeedRefreshAppStatus(t *testing.T) {
 	{
 		// refresh app using the 'latest' level if comparison expired
 		app := app.DeepCopy()
-		ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
+		ctrl.requestAppRefresh(app.Name, CompareWithRecent)
 		reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
 		app.Status.ReconciledAt = &reconciledAt
 		needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Minute)
@@ -734,7 +602,7 @@ func TestNeedRefreshAppStatus(t *testing.T) {
 	{
 		app := app.DeepCopy()
 		// ensure that CompareWithLatest level is used if application source has changed
-		ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil)
+		ctrl.requestAppRefresh(app.Name, ComparisonWithNothing)
 		// sample app source change
 		app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{
 			Parameters: []argoappv1.HelmParameter{{
@@ -771,7 +639,7 @@ func TestRefreshAppConditions(t *testing.T) {
 		app := newFakeApp()
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}})
 
-		_, hasErrors := ctrl.refreshAppConditions(app)
+		hasErrors := ctrl.refreshAppConditions(app)
 		assert.False(t, hasErrors)
 		assert.Len(t, app.Status.Conditions, 0)
 	})
@@ -782,7 +650,7 @@ func TestRefreshAppConditions(t *testing.T) {
 
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}})
 
-		_, hasErrors := ctrl.refreshAppConditions(app)
+		hasErrors := ctrl.refreshAppConditions(app)
 		assert.False(t, hasErrors)
 		assert.Len(t, app.Status.Conditions, 1)
 		assert.Equal(t, argoappv1.ApplicationConditionExcludedResourceWarning, app.Status.Conditions[0].Type)
@@ -795,7 +663,7 @@ func TestRefreshAppConditions(t *testing.T) {
 
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}})
 
-		_, hasErrors := ctrl.refreshAppConditions(app)
+		hasErrors := ctrl.refreshAppConditions(app)
 		assert.True(t, hasErrors)
 		assert.Len(t, app.Status.Conditions, 1)
 		assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, app.Status.Conditions[0].Type)
@@ -831,7 +699,7 @@ func TestUpdateReconciledAt(t *testing.T) {
 
 	t.Run("UpdatedOnFullReconciliation", func(t *testing.T) {
 		receivedPatch = map[string]interface{}{}
-		ctrl.requestAppRefresh(app.Name, CompareWithLatest.Pointer(), nil)
+		ctrl.requestAppRefresh(app.Name, CompareWithLatest)
 		ctrl.appRefreshQueue.Add(key)
 
 		ctrl.processAppRefreshQueueItem()
@@ -848,7 +716,7 @@ func TestUpdateReconciledAt(t *testing.T) {
 	t.Run("NotUpdatedOnPartialReconciliation", func(t *testing.T) {
 		receivedPatch = map[string]interface{}{}
 		ctrl.appRefreshQueue.Add(key)
-		ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
+		ctrl.requestAppRefresh(app.Name, CompareWithRecent)
 
 		ctrl.processAppRefreshQueueItem()
 

controller/cache/cache.go

@@ -7,7 +7,6 @@ import (
 
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/watch"
@@ -28,9 +27,6 @@ type cacheSettings struct {
 }
 
 type LiveStateCache interface {
-	// Returns k8s server version
-	GetVersionsInfo(serverURL string) (string, []metav1.APIGroup, error)
-	// Returns true of given group kind is a namespaced resource
 	IsNamespaced(server string, gk schema.GroupKind) (bool, error)
 	// Executes give callback against resource specified by the key and all its children
 	IterateHierarchy(server string, key kube.ResourceKey, action func(child appv1.ResourceNode, appName string)) error
@@ -42,8 +38,6 @@ type LiveStateCache interface {
 	Run(ctx context.Context) error
 	// Invalidate invalidates the entire cluster state cache
 	Invalidate()
-	// Returns information about monitored clusters
-	GetClustersInfo() []metrics.ClusterInfo
 }
 
 type ObjectUpdatedHandler = func(managedByApp map[string]bool, ref v1.ObjectReference)
@@ -71,7 +65,7 @@ func NewLiveStateCache(
 		appInformer:       appInformer,
 		db:                db,
 		clusters:          make(map[string]*clusterInfo),
-		lock:              &sync.RWMutex{},
+		lock:              &sync.Mutex{},
 		onObjectUpdated:   onObjectUpdated,
 		kubectl:           kubectl,
 		settingsMgr:       settingsMgr,
@@ -83,7 +77,7 @@ func NewLiveStateCache(
 type liveStateCache struct {
 	db                db.ArgoDB
 	clusters          map[string]*clusterInfo
-	lock              *sync.RWMutex
+	lock              *sync.Mutex
 	appInformer       cache.SharedIndexInformer
 	onObjectUpdated   ObjectUpdatedHandler
 	kubectl           kube.Kubectl
@@ -110,47 +104,30 @@ func (c *liveStateCache) loadCacheSettings() (*cacheSettings, error) {
 }
 
 func (c *liveStateCache) getCluster(server string) (*clusterInfo, error) {
-	c.lock.RLock()
-	info, ok := c.clusters[server]
-	c.lock.RUnlock()
-
-	if ok {
-		return info, nil
-	}
-
 	c.lock.Lock()
 	defer c.lock.Unlock()
+	info, ok := c.clusters[server]
+	if !ok {
+		cluster, err := c.db.GetCluster(context.Background(), server)
+		if err != nil {
+			return nil, err
+		}
+		info = &clusterInfo{
+			apisMeta:         make(map[schema.GroupKind]*apiMeta),
+			lock:             &sync.Mutex{},
+			nodes:            make(map[kube.ResourceKey]*node),
+			nsIndex:          make(map[string]map[kube.ResourceKey]*node),
+			onObjectUpdated:  c.onObjectUpdated,
+			kubectl:          c.kubectl,
+			cluster:          cluster,
+			syncTime:         nil,
+			syncLock:         &sync.Mutex{},
+			log:              log.WithField("server", cluster.Server),
+			cacheSettingsSrc: c.getCacheSettings,
+		}
 
-	info, ok = c.clusters[server]
-	if ok {
-		return info, nil
+		c.clusters[cluster.Server] = info
 	}
-
-	logCtx := log.WithField("server", server)
-	logCtx.Info("initializing cluster")
-	cluster, err := c.db.GetCluster(context.Background(), server)
-	if err != nil {
-		return nil, err
-	}
-	info = &clusterInfo{
-		apisMeta:         make(map[schema.GroupKind]*apiMeta),
-		lock:             &sync.RWMutex{},
-		nodes:            make(map[kube.ResourceKey]*node),
-		nsIndex:          make(map[string]map[kube.ResourceKey]*node),
-		onObjectUpdated:  c.onObjectUpdated,
-		kubectl:          c.kubectl,
-		cluster:          cluster,
-		syncTime:         nil,
-		log:              logCtx,
-		cacheSettingsSrc: c.getCacheSettings,
-		onEventReceived: func(event watch.EventType, un *unstructured.Unstructured) {
-			gvk := un.GroupVersionKind()
-			c.metricsServer.IncClusterEventsCount(cluster.Server, gvk.Group, gvk.Kind)
-		},
-		metricsServer: c.metricsServer,
-	}
-	c.clusters[cluster.Server] = info
-
 	return info, nil
 }
 
@@ -168,10 +145,12 @@ func (c *liveStateCache) getSyncedCluster(server string) (*clusterInfo, error) {
 
 func (c *liveStateCache) Invalidate() {
 	log.Info("invalidating live state cache")
-	c.lock.RLock()
-	defer c.lock.RLock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 	for _, clust := range c.clusters {
+		clust.lock.Lock()
 		clust.invalidate()
+		clust.lock.Unlock()
 	}
 	log.Info("live state cache invalidated")
 }
@@ -206,15 +185,7 @@ func (c *liveStateCache) GetManagedLiveObjs(a *appv1.Application, targetObjs []*
 	if err != nil {
 		return nil, err
 	}
-	return clusterInfo.getManagedLiveObjs(a, targetObjs)
-}
-
-func (c *liveStateCache) GetVersionsInfo(serverURL string) (string, []metav1.APIGroup, error) {
-	clusterInfo, err := c.getSyncedCluster(serverURL)
-	if err != nil {
-		return "", nil, err
-	}
-	return clusterInfo.serverVersion, clusterInfo.apiGroups, nil
+	return clusterInfo.getManagedLiveObjs(a, targetObjs, c.metricsServer)
 }
 
 func isClusterHasApps(apps []interface{}, cluster *appv1.Cluster) bool {
@@ -227,6 +198,8 @@ func isClusterHasApps(apps []interface{}, cluster *appv1.Cluster) bool {
 }
 
 func (c *liveStateCache) getCacheSettings() *cacheSettings {
+	c.cacheSettingsLock.Lock()
+	defer c.cacheSettingsLock.Unlock()
 	return c.cacheSettings
 }
 
@@ -276,9 +249,8 @@ func (c *liveStateCache) Run(ctx context.Context) error {
 	util.RetryUntilSucceed(func() error {
 		clusterEventCallback := func(event *db.ClusterEvent) {
 			c.lock.Lock()
-			cluster, ok := c.clusters[event.Cluster.Server]
-			if ok {
-				defer c.lock.Unlock()
+			defer c.lock.Unlock()
+			if cluster, ok := c.clusters[event.Cluster.Server]; ok {
 				if event.Type == watch.Deleted {
 					cluster.invalidate()
 					delete(c.clusters, event.Cluster.Server)
@@ -286,14 +258,11 @@ func (c *liveStateCache) Run(ctx context.Context) error {
 					cluster.cluster = event.Cluster
 					cluster.invalidate()
 				}
-			} else {
-				c.lock.Unlock()
-				if event.Type == watch.Added && isClusterHasApps(c.appInformer.GetStore().List(), event.Cluster) {
-					go func() {
-						// warm up cache for cluster with apps
-						_, _ = c.getSyncedCluster(event.Cluster.Server)
-					}()
-				}
+			} else if event.Type == watch.Added && isClusterHasApps(c.appInformer.GetStore().List(), event.Cluster) {
+				go func() {
+					// warm up cache for cluster with apps
+					_, _ = c.getSyncedCluster(event.Cluster.Server)
+				}()
 			}
 		}
 
@@ -304,13 +273,3 @@ func (c *liveStateCache) Run(ctx context.Context) error {
 	<-ctx.Done()
 	return nil
 }
-
-func (c *liveStateCache) GetClustersInfo() []metrics.ClusterInfo {
-	c.lock.RLock()
-	defer c.lock.RUnlock()
-	res := make([]metrics.ClusterInfo, 0)
-	for _, info := range c.clusters {
-		res = append(res, info.getClusterInfo())
-	}
-	return res
-}

controller/cache/cache_test.go

@@ -1,26 +0,0 @@
-package cache
-
-import (
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetServerVersion(t *testing.T) {
-	now := time.Now()
-	cache := &liveStateCache{
-		lock: &sync.RWMutex{},
-		clusters: map[string]*clusterInfo{
-			"http://localhost": {
-				syncTime:      &now,
-				lock:          &sync.RWMutex{},
-				serverVersion: "123",
-			},
-		}}
-
-	version, _, err := cache.GetVersionsInfo("http://localhost")
-	assert.NoError(t, err)
-	assert.Equal(t, "123", version)
-}

controller/cache/cluster.go

@@ -9,19 +9,17 @@ import (
 	"sync"
 	"time"
 
+	"k8s.io/apimachinery/pkg/types"
+
+	"github.com/argoproj/argo-cd/controller/metrics"
+
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/dynamic"
 
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/tools/pager"
-
-	"github.com/argoproj/argo-cd/controller/metrics"
 	appv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/util"
 	"github.com/argoproj/argo-cd/util/health"
@@ -41,51 +39,45 @@ type apiMeta struct {
 }
 
 type clusterInfo struct {
-	syncTime      *time.Time
-	syncError     error
-	apisMeta      map[schema.GroupKind]*apiMeta
-	serverVersion string
-	apiGroups     []metav1.APIGroup
-	// namespacedResources is a simple map which indicates a groupKind is namespaced
-	namespacedResources map[schema.GroupKind]bool
+	syncLock  *sync.Mutex
+	syncTime  *time.Time
+	syncError error
+	apisMeta  map[schema.GroupKind]*apiMeta
 
-	// lock is a rw lock which protects the fields of clusterInfo
-	lock    *sync.RWMutex
+	lock    *sync.Mutex
 	nodes   map[kube.ResourceKey]*node
 	nsIndex map[string]map[kube.ResourceKey]*node
 
 	onObjectUpdated  ObjectUpdatedHandler
-	onEventReceived  func(event watch.EventType, un *unstructured.Unstructured)
 	kubectl          kube.Kubectl
 	cluster          *appv1.Cluster
 	log              *log.Entry
 	cacheSettingsSrc func() *cacheSettings
-	metricsServer    *metrics.MetricsServer
 }
 
-func (c *clusterInfo) replaceResourceCache(gk schema.GroupKind, resourceVersion string, objs []unstructured.Unstructured, ns string) {
+func (c *clusterInfo) replaceResourceCache(gk schema.GroupKind, resourceVersion string, objs []unstructured.Unstructured) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
 	info, ok := c.apisMeta[gk]
 	if ok {
-		objByKey := make(map[kube.ResourceKey]*unstructured.Unstructured)
+		objByKind := make(map[kube.ResourceKey]*unstructured.Unstructured)
 		for i := range objs {
-			objByKey[kube.GetResourceKey(&objs[i])] = &objs[i]
+			objByKind[kube.GetResourceKey(&objs[i])] = &objs[i]
 		}
 
-		// update existing nodes
 		for i := range objs {
 			obj := &objs[i]
 			key := kube.GetResourceKey(&objs[i])
 			existingNode, exists := c.nodes[key]
-			c.onNodeUpdated(exists, existingNode, obj)
+			c.onNodeUpdated(exists, existingNode, obj, key)
 		}
 
-		// remove existing nodes that a no longer exist
 		for key, existingNode := range c.nodes {
-			if key.Kind != gk.Kind || key.Group != gk.Group || ns != "" && key.Namespace != ns {
+			if key.Kind != gk.Kind || key.Group != gk.Group {
 				continue
 			}
 
-			if _, ok := objByKey[key]; !ok {
+			if _, ok := objByKind[key]; !ok {
 				c.onNodeRemoved(key, existingNode)
 			}
 		}
@@ -122,9 +114,8 @@ func isServiceAccountTokenSecret(un *unstructured.Unstructured) (bool, metav1.Ow
 
 func (c *clusterInfo) createObjInfo(un *unstructured.Unstructured, appInstanceLabel string) *node {
 	ownerRefs := un.GetOwnerReferences()
-	gvk := un.GroupVersionKind()
 	// Special case for endpoint. Remove after https://github.com/kubernetes/kubernetes/issues/28483 is fixed
-	if gvk.Group == "" && gvk.Kind == kube.EndpointsKind && len(un.GetOwnerReferences()) == 0 {
+	if un.GroupVersionKind().Group == "" && un.GetKind() == kube.EndpointsKind && len(un.GetOwnerReferences()) == 0 {
 		ownerRefs = append(ownerRefs, metav1.OwnerReference{
 			Name:       un.GetName(),
 			Kind:       kube.ServiceKind,
@@ -132,17 +123,6 @@ func (c *clusterInfo) createObjInfo(un *unstructured.Unstructured, appInstanceLa
 		})
 	}
 
-	// Special case for Operator Lifecycle Manager ClusterServiceVersion:
-	if un.GroupVersionKind().Group == "operators.coreos.com" && un.GetKind() == "ClusterServiceVersion" {
-		if un.GetAnnotations()["olm.operatorGroup"] != "" {
-			ownerRefs = append(ownerRefs, metav1.OwnerReference{
-				Name:       un.GetAnnotations()["olm.operatorGroup"],
-				Kind:       "OperatorGroup",
-				APIVersion: "operators.coreos.com/v1",
-			})
-		}
-	}
-
 	// edge case. Consider auto-created service account tokens as a child of service account objects
 	if yes, ref := isServiceAccountTokenSecret(un); yes {
 		ownerRefs = append(ownerRefs, ref)
@@ -159,15 +139,7 @@ func (c *clusterInfo) createObjInfo(un *unstructured.Unstructured, appInstanceLa
 	if len(ownerRefs) == 0 && appName != "" {
 		nodeInfo.appName = appName
 		nodeInfo.resource = un
-	} else {
-		// edge case. we do not label CRDs, so they miss the tracking label we inject. But we still
-		// want the full resource to be available in our cache (to diff), so we store all CRDs
-		switch gvk.Kind {
-		case kube.CustomResourceDefinitionKind:
-			nodeInfo.resource = un
-		}
 	}
-
 	nodeInfo.health, _ = health.GetResourceHealth(un, c.cacheSettingsSrc().ResourceOverrides)
 	return nodeInfo
 }
@@ -194,80 +166,63 @@ func (c *clusterInfo) removeNode(key kube.ResourceKey) {
 }
 
 func (c *clusterInfo) invalidate() {
-	c.lock.Lock()
-	defer c.lock.Unlock()
+	c.syncLock.Lock()
+	defer c.syncLock.Unlock()
 	c.syncTime = nil
 	for i := range c.apisMeta {
 		c.apisMeta[i].watchCancel()
 	}
 	c.apisMeta = nil
-	c.namespacedResources = nil
-	c.log.Warnf("invalidated cluster")
 }
 
 func (c *clusterInfo) synced() bool {
-	syncTime := c.syncTime
-	if syncTime == nil {
+	if c.syncTime == nil {
 		return false
 	}
 	if c.syncError != nil {
-		return time.Now().Before(syncTime.Add(clusterRetryTimeout))
+		return time.Now().Before(c.syncTime.Add(clusterRetryTimeout))
 	}
-	return time.Now().Before(syncTime.Add(clusterSyncTimeout))
+	return time.Now().Before(c.syncTime.Add(clusterSyncTimeout))
 }
 
-func (c *clusterInfo) stopWatching(gk schema.GroupKind, ns string) {
-	c.lock.Lock()
-	defer c.lock.Unlock()
+func (c *clusterInfo) stopWatching(gk schema.GroupKind) {
+	c.syncLock.Lock()
+	defer c.syncLock.Unlock()
 	if info, ok := c.apisMeta[gk]; ok {
 		info.watchCancel()
 		delete(c.apisMeta, gk)
-		c.replaceResourceCache(gk, "", []unstructured.Unstructured{}, ns)
-		c.log.Warnf("Stop watching: %s not found", gk)
+		c.replaceResourceCache(gk, "", []unstructured.Unstructured{})
+		log.Warnf("Stop watching %s not found on %s.", gk, c.cluster.Server)
 	}
 }
 
 // startMissingWatches lists supported cluster resources and start watching for changes unless watch is already running
 func (c *clusterInfo) startMissingWatches() error {
-	config := c.cluster.RESTConfig()
 
-	apis, err := c.kubectl.GetAPIResources(config, c.cacheSettingsSrc().ResourcesFilter)
+	apis, err := c.kubectl.GetAPIResources(c.cluster.RESTConfig(), c.cacheSettingsSrc().ResourcesFilter)
 	if err != nil {
 		return err
 	}
-	client, err := c.kubectl.NewDynamicClient(config)
-	if err != nil {
-		return err
-	}
-	namespacedResources := make(map[schema.GroupKind]bool)
+
 	for i := range apis {
 		api := apis[i]
-		namespacedResources[api.GroupKind] = api.Meta.Namespaced
 		if _, ok := c.apisMeta[api.GroupKind]; !ok {
 			ctx, cancel := context.WithCancel(context.Background())
 			info := &apiMeta{namespaced: api.Meta.Namespaced, watchCancel: cancel}
 			c.apisMeta[api.GroupKind] = info
-
-			err = c.processApi(client, api, func(resClient dynamic.ResourceInterface, ns string) error {
-				go c.watchEvents(ctx, api, info, resClient, ns)
-				return nil
-			})
-			if err != nil {
-				return err
-			}
+			go c.watchEvents(ctx, api, info)
 		}
 	}
-	c.namespacedResources = namespacedResources
 	return nil
 }
 
-func runSynced(lock sync.Locker, action func() error) error {
+func runSynced(lock *sync.Mutex, action func() error) error {
 	lock.Lock()
 	defer lock.Unlock()
 	return action()
 }
 
-func (c *clusterInfo) watchEvents(ctx context.Context, api kube.APIResourceInfo, info *apiMeta, resClient dynamic.ResourceInterface, ns string) {
+func (c *clusterInfo) watchEvents(ctx context.Context, api kube.APIResourceInfo, info *apiMeta) {
 	util.RetryUntilSucceed(func() (err error) {
 		defer func() {
 			if r := recover(); r != nil {
@@ -275,28 +230,13 @@ func (c *clusterInfo) watchEvents(ctx context.Context, api kube.APIResourceInfo,
 			}
 		}()
 
-		err = runSynced(c.lock, func() error {
+		err = runSynced(c.syncLock, func() error {
 			if info.resourceVersion == "" {
-				listPager := pager.New(func(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
-					res, err := resClient.List(opts)
-					if err == nil {
-						info.resourceVersion = res.GetResourceVersion()
-					}
-					return res, err
-				})
-				var items []unstructured.Unstructured
-				err = listPager.EachListItem(ctx, metav1.ListOptions{}, func(obj runtime.Object) error {
-					if un, ok := obj.(*unstructured.Unstructured); !ok {
-						return fmt.Errorf("object %s/%s has an unexpected type", un.GroupVersionKind().String(), un.GetName())
-					} else {
-						items = append(items, *un)
-					}
-					return nil
-				})
+				list, err := api.Interface.List(metav1.ListOptions{})
 				if err != nil {
-					return fmt.Errorf("failed to load initial state of resource %s: %v", api.GroupKind.String(), err)
+					return err
 				}
-				c.replaceResourceCache(api.GroupKind, info.resourceVersion, items, ns)
+				c.replaceResourceCache(api.GroupKind, list.GetResourceVersion(), list.Items)
 			}
 			return nil
 		})
@@ -305,15 +245,20 @@ func (c *clusterInfo) watchEvents(ctx context.Context, api kube.APIResourceInfo,
 			return err
 		}
 
-		w, err := resClient.Watch(metav1.ListOptions{ResourceVersion: info.resourceVersion})
+		w, err := api.Interface.Watch(metav1.ListOptions{ResourceVersion: info.resourceVersion})
 		if errors.IsNotFound(err) {
-			c.stopWatching(api.GroupKind, ns)
+			c.stopWatching(api.GroupKind)
 			return nil
 		}
-		if errors.IsGone(err) {
-			info.resourceVersion = ""
-			c.log.Warnf("Resource version of %s is too old", api.GroupKind)
-		}
+
+		err = runSynced(c.syncLock, func() error {
+			if errors.IsGone(err) {
+				info.resourceVersion = ""
+				log.Warnf("Resource version of %s on %s is too old.", api.GroupKind, c.cluster.Server)
+			}
+			return err
+		})
+
 		if err != nil {
 			return err
 		}
@@ -334,17 +279,17 @@ func (c *clusterInfo) watchEvents(ctx context.Context, api kube.APIResourceInfo,
 
 							if groupOk && groupErr == nil && kindOk && kindErr == nil {
 								gk := schema.GroupKind{Group: group, Kind: kind}
-								c.stopWatching(gk, ns)
+								c.stopWatching(gk)
 							}
 						} else {
-							err = runSynced(c.lock, func() error {
+							err = runSynced(c.syncLock, func() error {
 								return c.startMissingWatches()
 							})
 
 						}
 					}
 					if err != nil {
-						c.log.Warnf("Failed to start missing watch: %v", err)
+						log.Warnf("Failed to start missing watch: %v", err)
 					}
 				} else {
 					return fmt.Errorf("Watch %s on %s has closed", api.GroupKind, c.cluster.Server)
@@ -355,25 +300,6 @@ func (c *clusterInfo) watchEvents(ctx context.Context, api kube.APIResourceInfo,
 	}, fmt.Sprintf("watch %s on %s", api.GroupKind, c.cluster.Server), ctx, watchResourcesRetryTimeout)
 }
 
-func (c *clusterInfo) processApi(client dynamic.Interface, api kube.APIResourceInfo, callback func(resClient dynamic.ResourceInterface, ns string) error) error {
-	resClient := client.Resource(api.GroupVersionResource)
-	if len(c.cluster.Namespaces) == 0 {
-		return callback(resClient, "")
-	}
-
-	if !api.Meta.Namespaced {
-		return nil
-	}
-
-	for _, ns := range c.cluster.Namespaces {
-		err := callback(resClient.Namespace(ns), ns)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func (c *clusterInfo) sync() (err error) {
 
 	c.log.Info("Start syncing cluster")
@@ -383,70 +309,31 @@ func (c *clusterInfo) sync() (err error) {
 	}
 	c.apisMeta = make(map[schema.GroupKind]*apiMeta)
 	c.nodes = make(map[kube.ResourceKey]*node)
-	c.namespacedResources = make(map[schema.GroupKind]bool)
-	config := c.cluster.RESTConfig()
-	version, err := c.kubectl.GetServerVersion(config)
-	if err != nil {
-		return err
-	}
-	c.serverVersion = version
-	groups, err := c.kubectl.GetAPIGroups(config)
-	if err != nil {
-		return err
-	}
-	c.apiGroups = groups
 
-	apis, err := c.kubectl.GetAPIResources(config, c.cacheSettingsSrc().ResourcesFilter)
-	if err != nil {
-		return err
-	}
-	client, err := c.kubectl.NewDynamicClient(config)
+	apis, err := c.kubectl.GetAPIResources(c.cluster.RESTConfig(), c.cacheSettingsSrc().ResourcesFilter)
 	if err != nil {
 		return err
 	}
 	lock := sync.Mutex{}
 	err = util.RunAllAsync(len(apis), func(i int) error {
 		api := apis[i]
+		list, err := api.Interface.List(metav1.ListOptions{})
+		if err != nil {
+			return err
+		}
 
 		lock.Lock()
-		ctx, cancel := context.WithCancel(context.Background())
-		info := &apiMeta{namespaced: api.Meta.Namespaced, watchCancel: cancel}
-		c.apisMeta[api.GroupKind] = info
-		c.namespacedResources[api.GroupKind] = api.Meta.Namespaced
+		for i := range list.Items {
+			c.setNode(c.createObjInfo(&list.Items[i], c.cacheSettingsSrc().AppInstanceLabelKey))
+		}
 		lock.Unlock()
-
-		return c.processApi(client, api, func(resClient dynamic.ResourceInterface, ns string) error {
-
-			listPager := pager.New(func(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
-				res, err := resClient.List(opts)
-				if err == nil {
-					lock.Lock()
-					info.resourceVersion = res.GetResourceVersion()
-					lock.Unlock()
-				}
-				return res, err
-			})
-
-			err = listPager.EachListItem(context.Background(), metav1.ListOptions{}, func(obj runtime.Object) error {
-				if un, ok := obj.(*unstructured.Unstructured); !ok {
-					return fmt.Errorf("object %s/%s has an unexpected type", un.GroupVersionKind().String(), un.GetName())
-				} else {
-					lock.Lock()
-					c.setNode(c.createObjInfo(un, c.cacheSettingsSrc().AppInstanceLabelKey))
-					lock.Unlock()
-				}
-				return nil
-			})
-
-			if err != nil {
-				return fmt.Errorf("failed to load initial state of resource %s: %v", api.GroupKind.String(), err)
-			}
-
-			go c.watchEvents(ctx, api, info, resClient, ns)
-			return nil
-		})
+		return nil
 	})
 
+	if err == nil {
+		err = c.startMissingWatches()
+	}
+
 	if err != nil {
 		log.Errorf("Failed to sync cluster %s: %v", c.cluster.Server, err)
 		return err
@@ -457,17 +344,12 @@ func (c *clusterInfo) sync() (err error) {
 }
 
 func (c *clusterInfo) ensureSynced() error {
-	// first check if cluster is synced *without lock*
-	if c.synced() {
-		return c.syncError
-	}
-	c.lock.Lock()
-	defer c.lock.Unlock()
-	// before doing any work, check once again now that we have the lock, to see if it got
-	// synced between the first check and now
+	c.syncLock.Lock()
+	defer c.syncLock.Unlock()
 	if c.synced() {
 		return c.syncError
 	}
+
 	err := c.sync()
 	syncTime := time.Now()
 	c.syncTime = &syncTime
@@ -476,8 +358,8 @@ func (c *clusterInfo) ensureSynced() error {
 }
 
 func (c *clusterInfo) getNamespaceTopLevelResources(namespace string) map[kube.ResourceKey]appv1.ResourceNode {
-	c.lock.RLock()
-	defer c.lock.RUnlock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 	nodes := make(map[kube.ResourceKey]appv1.ResourceNode)
 	for _, node := range c.nsIndex[namespace] {
 		if len(node.ownerRefs) == 0 {
@@ -518,17 +400,15 @@ func (c *clusterInfo) iterateHierarchy(key kube.ResourceKey, action func(child a
 }
 
 func (c *clusterInfo) isNamespaced(gk schema.GroupKind) bool {
-	// this is safe to access without a lock since we always replace the entire map instead of mutating keys
-	if isNamespaced, ok := c.namespacedResources[gk]; ok {
-		return isNamespaced
+	if api, ok := c.apisMeta[gk]; ok && !api.namespaced {
+		return false
 	}
-	log.Warnf("group/kind %s scope is unknown (known objects: %d). assuming namespaced object", gk, len(c.namespacedResources))
 	return true
 }
 
-func (c *clusterInfo) getManagedLiveObjs(a *appv1.Application, targetObjs []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error) {
-	c.lock.RLock()
-	defer c.lock.RUnlock()
+func (c *clusterInfo) getManagedLiveObjs(a *appv1.Application, targetObjs []*unstructured.Unstructured, metricsServer *metrics.MetricsServer) (map[kube.ResourceKey]*unstructured.Unstructured, error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
 	managedObjs := make(map[kube.ResourceKey]*unstructured.Unstructured)
 	// iterate all objects in live state cache to find ones associated with app
@@ -537,8 +417,8 @@ func (c *clusterInfo) getManagedLiveObjs(a *appv1.Application, targetObjs []*uns
 			managedObjs[key] = o.resource
 		}
 	}
-	config := metrics.AddMetricsTransportWrapper(c.metricsServer, a, c.cluster.RESTConfig())
-	// iterate target objects and identify ones that already exist in the cluster,
+	config := metrics.AddMetricsTransportWrapper(metricsServer, a, c.cluster.RESTConfig())
+	// iterate target objects and identify ones that already exist in the cluster,\
 	// but are simply missing our label
 	lock := &sync.Mutex{}
 	err := util.RunAllAsync(len(targetObjs), func(i int) error {
@@ -603,26 +483,20 @@ func (c *clusterInfo) getManagedLiveObjs(a *appv1.Application, targetObjs []*uns
 }
 
 func (c *clusterInfo) processEvent(event watch.EventType, un *unstructured.Unstructured) {
-	if c.onEventReceived != nil {
-		c.onEventReceived(event, un)
-	}
-	key := kube.GetResourceKey(un)
-	if event == watch.Modified && skipAppRequeing(key) {
-		return
-	}
 	c.lock.Lock()
 	defer c.lock.Unlock()
+	key := kube.GetResourceKey(un)
 	existingNode, exists := c.nodes[key]
 	if event == watch.Deleted {
 		if exists {
 			c.onNodeRemoved(key, existingNode)
 		}
 	} else if event != watch.Deleted {
-		c.onNodeUpdated(exists, existingNode, un)
+		c.onNodeUpdated(exists, existingNode, un, key)
 	}
 }
 
-func (c *clusterInfo) onNodeUpdated(exists bool, existingNode *node, un *unstructured.Unstructured) {
+func (c *clusterInfo) onNodeUpdated(exists bool, existingNode *node, un *unstructured.Unstructured, key kube.ResourceKey) {
 	nodes := make([]*node, 0)
 	if exists {
 		nodes = append(nodes, existingNode)
@@ -635,7 +509,7 @@ func (c *clusterInfo) onNodeUpdated(exists bool, existingNode *node, un *unstruc
 		n := nodes[i]
 		if ns, ok := c.nsIndex[n.ref.Namespace]; ok {
 			app := n.getApp(ns)
-			if app == "" {
+			if app == "" || skipAppRequeing(key) {
 				continue
 			}
 			toNotify[app] = n.isRootAppNode() || toNotify[app]
@@ -664,18 +538,6 @@ var (
 	}
 )
 
-func (c *clusterInfo) getClusterInfo() metrics.ClusterInfo {
-	c.lock.RLock()
-	defer c.lock.RUnlock()
-	return metrics.ClusterInfo{
-		APIsCount:         len(c.apisMeta),
-		K8SVersion:        c.serverVersion,
-		ResourcesCount:    len(c.nodes),
-		Server:            c.cluster.Server,
-		LastCacheSyncTime: c.syncTime,
-	}
-}
-
 // skipAppRequeing checks if the object is an API type which we want to skip requeuing against.
 // We ignore API types which have a high churn rate, and/or whose updates are irrelevant to the app
 func skipAppRequeing(key kube.ResourceKey) bool {

controller/cache/cluster_test.go

@@ -135,31 +135,32 @@ func newCluster(objs ...*unstructured.Unstructured) *clusterInfo {
 	client := fake.NewSimpleDynamicClient(scheme, runtimeObjs...)
 
 	apiResources := []kube.APIResourceInfo{{
-		GroupKind:            schema.GroupKind{Group: "", Kind: "Pod"},
-		GroupVersionResource: schema.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"},
-		Meta:                 metav1.APIResource{Namespaced: true},
+		GroupKind: schema.GroupKind{Group: "", Kind: "Pod"},
+		Interface: client.Resource(schema.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}),
+		Meta:      metav1.APIResource{Namespaced: true},
 	}, {
-		GroupKind:            schema.GroupKind{Group: "apps", Kind: "ReplicaSet"},
-		GroupVersionResource: schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "replicasets"},
-		Meta:                 metav1.APIResource{Namespaced: true},
+		GroupKind: schema.GroupKind{Group: "apps", Kind: "ReplicaSet"},
+		Interface: client.Resource(schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "replicasets"}),
+		Meta:      metav1.APIResource{Namespaced: true},
 	}, {
-		GroupKind:            schema.GroupKind{Group: "apps", Kind: "Deployment"},
-		GroupVersionResource: schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "deployments"},
-		Meta:                 metav1.APIResource{Namespaced: true},
+		GroupKind: schema.GroupKind{Group: "apps", Kind: "Deployment"},
+		Interface: client.Resource(schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "deployments"}),
+		Meta:      metav1.APIResource{Namespaced: true},
 	}}
 
-	return newClusterExt(&kubetest.MockKubectlCmd{APIResources: apiResources, DynamicClient: client})
+	return newClusterExt(&kubetest.MockKubectlCmd{APIResources: apiResources})
 }
 
 func newClusterExt(kubectl kube.Kubectl) *clusterInfo {
 	return &clusterInfo{
-		lock:            &sync.RWMutex{},
+		lock:            &sync.Mutex{},
 		nodes:           make(map[kube.ResourceKey]*node),
 		onObjectUpdated: func(managedByApp map[string]bool, reference corev1.ObjectReference) {},
 		kubectl:         kubectl,
 		nsIndex:         make(map[string]map[kube.ResourceKey]*node),
 		cluster:         &appv1.Cluster{},
 		syncTime:        nil,
+		syncLock:        &sync.Mutex{},
 		apisMeta:        make(map[schema.GroupKind]*apiMeta),
 		log:             log.WithField("cluster", "test"),
 		cacheSettingsSrc: func() *cacheSettings {
@@ -176,55 +177,6 @@ func getChildren(cluster *clusterInfo, un *unstructured.Unstructured) []appv1.Re
 	return hierarchy[1:]
 }
 
-func TestEnsureSynced(t *testing.T) {
-	obj1 := strToUnstructured(`
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata: {"name": "helm-guestbook1", "namespace": "default1"}
-`)
-	obj2 := strToUnstructured(`
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata: {"name": "helm-guestbook2", "namespace": "default2"}
-`)
-
-	cluster := newCluster(obj1, obj2)
-	err := cluster.ensureSynced()
-	assert.Nil(t, err)
-
-	assert.Len(t, cluster.nodes, 2)
-	var names []string
-	for k := range cluster.nodes {
-		names = append(names, k.Name)
-	}
-	assert.ElementsMatch(t, []string{"helm-guestbook1", "helm-guestbook2"}, names)
-}
-
-func TestEnsureSyncedSingleNamespace(t *testing.T) {
-	obj1 := strToUnstructured(`
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata: {"name": "helm-guestbook1", "namespace": "default1"}
-`)
-	obj2 := strToUnstructured(`
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata: {"name": "helm-guestbook2", "namespace": "default2"}
-`)
-
-	cluster := newCluster(obj1, obj2)
-	cluster.cluster.Namespaces = []string{"default1"}
-	err := cluster.ensureSynced()
-	assert.Nil(t, err)
-
-	assert.Len(t, cluster.nodes, 1)
-	var names []string
-	for k := range cluster.nodes {
-		names = append(names, k.Name)
-	}
-	assert.ElementsMatch(t, []string{"helm-guestbook1"}, names)
-}
-
 func TestGetNamespaceResources(t *testing.T) {
 	defaultNamespaceTopLevel1 := strToUnstructured(`
   apiVersion: apps/v1
@@ -322,7 +274,7 @@ metadata:
 				Namespace: "default",
 			},
 		},
-	}, []*unstructured.Unstructured{targetDeploy})
+	}, []*unstructured.Unstructured{targetDeploy}, nil)
 	assert.Nil(t, err)
 	assert.Equal(t, managedObjs, map[kube.ResourceKey]*unstructured.Unstructured{
 		kube.NewResourceKey("apps", "Deployment", "default", "helm-guestbook"): testDeploy,
@@ -504,8 +456,7 @@ func TestWatchCacheUpdated(t *testing.T) {
 
 	podGroupKind := testPod.GroupVersionKind().GroupKind()
 
-	cluster.lock.Lock()
-	cluster.replaceResourceCache(podGroupKind, "updated-list-version", []unstructured.Unstructured{*updated, *added}, "")
+	cluster.replaceResourceCache(podGroupKind, "updated-list-version", []unstructured.Unstructured{*updated, *added})
 
 	_, ok := cluster.nodes[kube.GetResourceKey(removed)]
 	assert.False(t, ok)
@@ -516,29 +467,6 @@ func TestWatchCacheUpdated(t *testing.T) {
 
 	_, ok = cluster.nodes[kube.GetResourceKey(added)]
 	assert.True(t, ok)
-	cluster.lock.Unlock()
-}
-
-func TestNamespaceModeReplace(t *testing.T) {
-	ns1Pod := testPod.DeepCopy()
-	ns1Pod.SetNamespace("ns1")
-	ns1Pod.SetName("pod1")
-
-	ns2Pod := testPod.DeepCopy()
-	ns2Pod.SetNamespace("ns2")
-	podGroupKind := testPod.GroupVersionKind().GroupKind()
-
-	cluster := newCluster(ns1Pod, ns2Pod)
-	err := cluster.ensureSynced()
-	assert.Nil(t, err)
-
-	cluster.replaceResourceCache(podGroupKind, "", nil, "ns1")
-
-	_, ok := cluster.nodes[kube.GetResourceKey(ns1Pod)]
-	assert.False(t, ok)
-
-	_, ok = cluster.nodes[kube.GetResourceKey(ns2Pod)]
-	assert.True(t, ok)
 }
 
 func TestGetDuplicatedChildren(t *testing.T) {

controller/cache/mocks/LiveStateCache.go

@@ -5,17 +5,14 @@ package mocks
 import (
 	context "context"
 
-	metrics "github.com/argoproj/argo-cd/controller/metrics"
-	kube "github.com/argoproj/argo-cd/util/kube"
-
 	mock "github.com/stretchr/testify/mock"
 
+	kube "github.com/argoproj/argo-cd/util/kube"
+
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 
 	unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
 	v1alpha1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 )
 
@@ -24,22 +21,6 @@ type LiveStateCache struct {
 	mock.Mock
 }
 
-// GetClustersInfo provides a mock function with given fields:
-func (_m *LiveStateCache) GetClustersInfo() []metrics.ClusterInfo {
-	ret := _m.Called()
-
-	var r0 []metrics.ClusterInfo
-	if rf, ok := ret.Get(0).(func() []metrics.ClusterInfo); ok {
-		r0 = rf()
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).([]metrics.ClusterInfo)
-		}
-	}
-
-	return r0
-}
-
 // GetManagedLiveObjs provides a mock function with given fields: a, targetObjs
 func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error) {
 	ret := _m.Called(a, targetObjs)
@@ -86,36 +67,6 @@ func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace
 	return r0, r1
 }
 
-// GetVersionsInfo provides a mock function with given fields: serverURL
-func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []v1.APIGroup, error) {
-	ret := _m.Called(serverURL)
-
-	var r0 string
-	if rf, ok := ret.Get(0).(func(string) string); ok {
-		r0 = rf(serverURL)
-	} else {
-		r0 = ret.Get(0).(string)
-	}
-
-	var r1 []v1.APIGroup
-	if rf, ok := ret.Get(1).(func(string) []v1.APIGroup); ok {
-		r1 = rf(serverURL)
-	} else {
-		if ret.Get(1) != nil {
-			r1 = ret.Get(1).([]v1.APIGroup)
-		}
-	}
-
-	var r2 error
-	if rf, ok := ret.Get(2).(func(string) error); ok {
-		r2 = rf(serverURL)
-	} else {
-		r2 = ret.Error(2)
-	}
-
-	return r0, r1, r2
-}
-
 // Invalidate provides a mock function with given fields:
 func (_m *LiveStateCache) Invalidate() {
 	_m.Called()

controller/metrics/clustercollector.go

@@ -1,99 +0,0 @@
-package metrics
-
-import (
-	"context"
-	"sync"
-	"time"
-
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-const (
-	metricsCollectionInterval = 30 * time.Second
-)
-
-var (
-	descClusterDefaultLabels = []string{"server"}
-
-	descClusterInfo = prometheus.NewDesc(
-		"argocd_cluster_info",
-		"Information about cluster.",
-		append(descClusterDefaultLabels, "k8s_version"),
-		nil,
-	)
-	descClusterCacheResources = prometheus.NewDesc(
-		"argocd_cluster_api_resource_objects",
-		"Number of k8s resource objects in the cache.",
-		descClusterDefaultLabels,
-		nil,
-	)
-	descClusterAPIs = prometheus.NewDesc(
-		"argocd_cluster_api_resources",
-		"Number of monitored kubernetes API resources.",
-		descClusterDefaultLabels,
-		nil,
-	)
-	descClusterCacheAgeSeconds = prometheus.NewDesc(
-		"argocd_cluster_cache_age_seconds",
-		"Cluster cache age in seconds.",
-		descClusterDefaultLabels,
-		nil,
-	)
-)
-
-type ClusterInfo struct {
-	Server            string
-	K8SVersion        string
-	ResourcesCount    int
-	APIsCount         int
-	LastCacheSyncTime *time.Time
-}
-
-type HasClustersInfo interface {
-	GetClustersInfo() []ClusterInfo
-}
-
-type clusterCollector struct {
-	infoSource HasClustersInfo
-	info       []ClusterInfo
-	lock       sync.Mutex
-}
-
-func (c *clusterCollector) Run(ctx context.Context) {
-	tick := time.Tick(metricsCollectionInterval)
-	for {
-		select {
-		case <-ctx.Done():
-			break
-		case <-tick:
-			info := c.infoSource.GetClustersInfo()
-
-			c.lock.Lock()
-			c.info = info
-			c.lock.Unlock()
-		}
-	}
-}
-
-// Describe implements the prometheus.Collector interface
-func (c *clusterCollector) Describe(ch chan<- *prometheus.Desc) {
-	ch <- descClusterInfo
-	ch <- descClusterCacheResources
-	ch <- descClusterAPIs
-	ch <- descClusterCacheAgeSeconds
-}
-
-func (c *clusterCollector) Collect(ch chan<- prometheus.Metric) {
-	now := time.Now()
-	for _, c := range c.info {
-		defaultValues := []string{c.Server}
-		ch <- prometheus.MustNewConstMetric(descClusterInfo, prometheus.GaugeValue, 1, append(defaultValues, c.K8SVersion)...)
-		ch <- prometheus.MustNewConstMetric(descClusterCacheResources, prometheus.GaugeValue, float64(c.ResourcesCount), defaultValues...)
-		ch <- prometheus.MustNewConstMetric(descClusterAPIs, prometheus.GaugeValue, float64(c.APIsCount), defaultValues...)
-		cacheAgeSeconds := -1
-		if c.LastCacheSyncTime != nil {
-			cacheAgeSeconds = int(now.Sub(*c.LastCacheSyncTime).Seconds())
-		}
-		ch <- prometheus.MustNewConstMetric(descClusterCacheAgeSeconds, prometheus.GaugeValue, float64(cacheAgeSeconds), defaultValues...)
-	}
-}

controller/metrics/metrics.go

@@ -1,9 +1,7 @@
 package metrics
 
 import (
-	"context"
 	"net/http"
-	"os"
 	"strconv"
 	"time"
 
@@ -21,21 +19,15 @@ import (
 type MetricsServer struct {
 	*http.Server
 	syncCounter             *prometheus.CounterVec
+	k8sRequestCounter       *prometheus.CounterVec
 	kubectlExecCounter      *prometheus.CounterVec
 	kubectlExecPendingGauge *prometheus.GaugeVec
-	k8sRequestCounter       *prometheus.CounterVec
-	clusterEventsCounter    *prometheus.CounterVec
-	redisRequestCounter     *prometheus.CounterVec
 	reconcileHistogram      *prometheus.HistogramVec
-	redisRequestHistogram   *prometheus.HistogramVec
-	registry                *prometheus.Registry
 }
 
 const (
 	// MetricsPath is the endpoint to collect application metrics
 	MetricsPath = "/metrics"
-	// EnvVarLegacyControllerMetrics is a env var to re-enable deprecated prometheus metrics
-	EnvVarLegacyControllerMetrics = "ARGOCD_LEGACY_CONTROLLER_METRICS"
 )
 
 // Follow Prometheus naming practices
@@ -46,140 +38,106 @@ var (
 	descAppInfo = prometheus.NewDesc(
 		"argocd_app_info",
 		"Information about application.",
-		append(descAppDefaultLabels, "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"),
+		append(descAppDefaultLabels, "repo", "dest_server", "dest_namespace"),
 		nil,
 	)
-	// DEPRECATED
 	descAppCreated = prometheus.NewDesc(
 		"argocd_app_created_time",
 		"Creation time in unix timestamp for an application.",
 		descAppDefaultLabels,
 		nil,
 	)
-	// DEPRECATED: superceded by sync_status label in argocd_app_info
 	descAppSyncStatusCode = prometheus.NewDesc(
 		"argocd_app_sync_status",
 		"The application current sync status.",
 		append(descAppDefaultLabels, "sync_status"),
 		nil,
 	)
-	// DEPRECATED: superceded by health_status label in argocd_app_info
 	descAppHealthStatus = prometheus.NewDesc(
 		"argocd_app_health_status",
 		"The application current health status.",
 		append(descAppDefaultLabels, "health_status"),
 		nil,
 	)
+)
 
-	syncCounter = prometheus.NewCounterVec(
+// NewMetricsServer returns a new prometheus server which collects application metrics
+func NewMetricsServer(addr string, appLister applister.ApplicationLister, healthCheck func() error) *MetricsServer {
+	mux := http.NewServeMux()
+	appRegistry := NewAppRegistry(appLister)
+	appRegistry.MustRegister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{}))
+	appRegistry.MustRegister(prometheus.NewGoCollector())
+	mux.Handle(MetricsPath, promhttp.HandlerFor(appRegistry, promhttp.HandlerOpts{}))
+	healthz.ServeHealthCheck(mux, healthCheck)
+
+	syncCounter := prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "argocd_app_sync_total",
 			Help: "Number of application syncs.",
 		},
-		append(descAppDefaultLabels, "dest_server", "phase"),
+		append(descAppDefaultLabels, "phase"),
 	)
-
-	k8sRequestCounter = prometheus.NewCounterVec(
+	appRegistry.MustRegister(syncCounter)
+	kubectlExecCounter := prometheus.NewCounterVec(prometheus.CounterOpts{
+		Name: "argocd_kubectl_exec_total",
+		Help: "Number of kubectl executions",
+	}, []string{"command"})
+	appRegistry.MustRegister(kubectlExecCounter)
+	kubectlExecPendingGauge := prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Name: "argocd_kubectl_exec_pending",
+		Help: "Number of pending kubectl executions",
+	}, []string{"command"})
+	appRegistry.MustRegister(kubectlExecPendingGauge)
+	k8sRequestCounter := prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "argocd_app_k8s_request_total",
 			Help: "Number of kubernetes requests executed during application reconciliation.",
 		},
-		append(descAppDefaultLabels, "server", "response_code", "verb", "resource_kind", "resource_namespace"),
+		append(descAppDefaultLabels, "response_code"),
 	)
+	appRegistry.MustRegister(k8sRequestCounter)
 
-	kubectlExecCounter = prometheus.NewCounterVec(prometheus.CounterOpts{
-		Name: "argocd_kubectl_exec_total",
-		Help: "Number of kubectl executions",
-	}, []string{"command"})
-
-	kubectlExecPendingGauge = prometheus.NewGaugeVec(prometheus.GaugeOpts{
-		Name: "argocd_kubectl_exec_pending",
-		Help: "Number of pending kubectl executions",
-	}, []string{"command"})
-
-	reconcileHistogram = prometheus.NewHistogramVec(
+	reconcileHistogram := prometheus.NewHistogramVec(
 		prometheus.HistogramOpts{
 			Name: "argocd_app_reconcile",
 			Help: "Application reconciliation performance.",
 			// Buckets chosen after observing a ~2100ms mean reconcile time
 			Buckets: []float64{0.25, .5, 1, 2, 4, 8, 16},
 		},
-		[]string{"namespace", "dest_server"},
+		descAppDefaultLabels,
 	)
 
-	clusterEventsCounter = prometheus.NewCounterVec(prometheus.CounterOpts{
-		Name: "argocd_cluster_events_total",
-		Help: "Number of processes k8s resource events.",
-	}, append(descClusterDefaultLabels, "group", "kind"))
-
-	redisRequestCounter = prometheus.NewCounterVec(
-		prometheus.CounterOpts{
-			Name: "argocd_redis_request_total",
-			Help: "Number of kubernetes requests executed during application reconciliation.",
-		},
-		[]string{"initiator", "failed"},
-	)
-
-	redisRequestHistogram = prometheus.NewHistogramVec(
-		prometheus.HistogramOpts{
-			Name:    "argocd_redis_request_duration",
-			Help:    "Redis requests duration.",
-			Buckets: []float64{0.01, 0.05, 0.10, 0.25, .5, 1},
-		},
-		[]string{"initiator"},
-	)
-)
-
-// NewMetricsServer returns a new prometheus server which collects application metrics
-func NewMetricsServer(addr string, appLister applister.ApplicationLister, healthCheck func() error) *MetricsServer {
-	mux := http.NewServeMux()
-	registry := NewAppRegistry(appLister)
-	mux.Handle(MetricsPath, promhttp.HandlerFor(prometheus.Gatherers{
-		// contains app controller specific metrics
-		registry,
-		// contains process, golang and controller workqueues metrics
-		prometheus.DefaultGatherer,
-	}, promhttp.HandlerOpts{}))
-	healthz.ServeHealthCheck(mux, healthCheck)
-
-	registry.MustRegister(syncCounter)
-	registry.MustRegister(k8sRequestCounter)
-	registry.MustRegister(kubectlExecCounter)
-	registry.MustRegister(kubectlExecPendingGauge)
-	registry.MustRegister(reconcileHistogram)
-	registry.MustRegister(clusterEventsCounter)
-	registry.MustRegister(redisRequestCounter)
-	registry.MustRegister(redisRequestHistogram)
+	appRegistry.MustRegister(reconcileHistogram)
 
 	return &MetricsServer{
-		registry: registry,
 		Server: &http.Server{
 			Addr:    addr,
 			Handler: mux,
 		},
 		syncCounter:             syncCounter,
 		k8sRequestCounter:       k8sRequestCounter,
+		reconcileHistogram:      reconcileHistogram,
 		kubectlExecCounter:      kubectlExecCounter,
 		kubectlExecPendingGauge: kubectlExecPendingGauge,
-		reconcileHistogram:      reconcileHistogram,
-		clusterEventsCounter:    clusterEventsCounter,
-		redisRequestCounter:     redisRequestCounter,
-		redisRequestHistogram:   redisRequestHistogram,
 	}
 }
 
-func (m *MetricsServer) RegisterClustersInfoSource(ctx context.Context, source HasClustersInfo) {
-	collector := &clusterCollector{infoSource: source}
-	go collector.Run(ctx)
-	m.registry.MustRegister(collector)
-}
-
 // IncSync increments the sync counter for an application
 func (m *MetricsServer) IncSync(app *argoappv1.Application, state *argoappv1.OperationState) {
 	if !state.Phase.Completed() {
 		return
 	}
-	m.syncCounter.WithLabelValues(app.Namespace, app.Name, app.Spec.GetProject(), app.Spec.Destination.Server, string(state.Phase)).Inc()
+	m.syncCounter.WithLabelValues(app.Namespace, app.Name, app.Spec.GetProject(), string(state.Phase)).Inc()
+}
+
+// IncKubernetesRequest increments the kubernetes requests counter for an application
+func (m *MetricsServer) IncKubernetesRequest(app *argoappv1.Application, statusCode int) {
+	m.k8sRequestCounter.WithLabelValues(app.Namespace, app.Name, app.Spec.GetProject(), strconv.Itoa(statusCode)).Inc()
+}
+
+// IncReconcile increments the reconcile counter for an application
+func (m *MetricsServer) IncReconcile(app *argoappv1.Application, duration time.Duration) {
+	m.reconcileHistogram.WithLabelValues(app.Namespace, app.Name, app.Spec.GetProject()).Observe(duration.Seconds())
 }
 
 func (m *MetricsServer) IncKubectlExec(command string) {
@@ -194,39 +152,6 @@ func (m *MetricsServer) DecKubectlExecPending(command string) {
 	m.kubectlExecPendingGauge.WithLabelValues(command).Dec()
 }
 
-// IncClusterEventsCount increments the number of cluster events
-func (m *MetricsServer) IncClusterEventsCount(server, group, kind string) {
-	m.clusterEventsCounter.WithLabelValues(server, group, kind).Inc()
-}
-
-// IncKubernetesRequest increments the kubernetes requests counter for an application
-func (m *MetricsServer) IncKubernetesRequest(app *argoappv1.Application, server, statusCode, verb, resourceKind, resourceNamespace string) {
-	var namespace, name, project string
-	if app != nil {
-		namespace = app.Namespace
-		name = app.Name
-		project = app.Spec.GetProject()
-	}
-	m.k8sRequestCounter.WithLabelValues(
-		namespace, name, project, server, statusCode,
-		verb, resourceKind, resourceNamespace,
-	).Inc()
-}
-
-func (m *MetricsServer) IncRedisRequest(failed bool) {
-	m.redisRequestCounter.WithLabelValues("argocd-application-controller", strconv.FormatBool(failed)).Inc()
-}
-
-// ObserveRedisRequestDuration observes redis request duration
-func (m *MetricsServer) ObserveRedisRequestDuration(duration time.Duration) {
-	m.redisRequestHistogram.WithLabelValues("argocd-application-controller").Observe(duration.Seconds())
-}
-
-// IncReconcile increments the reconcile counter for an application
-func (m *MetricsServer) IncReconcile(app *argoappv1.Application, duration time.Duration) {
-	m.reconcileHistogram.WithLabelValues(app.Namespace, app.Spec.Destination.Server).Observe(duration.Seconds())
-}
-
 type appCollector struct {
 	store applister.ApplicationLister
 }
@@ -248,6 +173,7 @@ func NewAppRegistry(appLister applister.ApplicationLister) *prometheus.Registry
 // Describe implements the prometheus.Collector interface
 func (c *appCollector) Describe(ch chan<- *prometheus.Desc) {
 	ch <- descAppInfo
+	ch <- descAppCreated
 	ch <- descAppSyncStatusCode
 	ch <- descAppHealthStatus
 }
@@ -281,36 +207,20 @@ func collectApps(ch chan<- prometheus.Metric, app *argoappv1.Application) {
 		addConstMetric(desc, prometheus.GaugeValue, v, lv...)
 	}
 
-	var operation string
-	if app.DeletionTimestamp != nil {
-		operation = "delete"
-	} else if app.Operation != nil && app.Operation.Sync != nil {
-		operation = "sync"
-	}
+	addGauge(descAppInfo, 1, git.NormalizeGitURL(app.Spec.Source.RepoURL), app.Spec.Destination.Server, app.Spec.Destination.Namespace)
+
+	addGauge(descAppCreated, float64(app.CreationTimestamp.Unix()))
+
 	syncStatus := app.Status.Sync.Status
-	if syncStatus == "" {
-		syncStatus = argoappv1.SyncStatusCodeUnknown
-	}
+	addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeSynced), string(argoappv1.SyncStatusCodeSynced))
+	addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeOutOfSync), string(argoappv1.SyncStatusCodeOutOfSync))
+	addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeUnknown || syncStatus == ""), string(argoappv1.SyncStatusCodeUnknown))
+
 	healthStatus := app.Status.Health.Status
-	if healthStatus == "" {
-		healthStatus = argoappv1.HealthStatusUnknown
-	}
-
-	addGauge(descAppInfo, 1, git.NormalizeGitURL(app.Spec.Source.RepoURL), app.Spec.Destination.Server, app.Spec.Destination.Namespace, string(syncStatus), healthStatus, operation)
-
-	// Deprecated controller metrics
-	if os.Getenv(EnvVarLegacyControllerMetrics) == "true" {
-		addGauge(descAppCreated, float64(app.CreationTimestamp.Unix()))
-
-		addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeSynced), string(argoappv1.SyncStatusCodeSynced))
-		addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeOutOfSync), string(argoappv1.SyncStatusCodeOutOfSync))
-		addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeUnknown || syncStatus == ""), string(argoappv1.SyncStatusCodeUnknown))
-
-		addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusUnknown || healthStatus == ""), argoappv1.HealthStatusUnknown)
-		addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusProgressing), argoappv1.HealthStatusProgressing)
-		addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusSuspended), argoappv1.HealthStatusSuspended)
-		addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusHealthy), argoappv1.HealthStatusHealthy)
-		addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusDegraded), argoappv1.HealthStatusDegraded)
-		addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusMissing), argoappv1.HealthStatusMissing)
-	}
+	addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusUnknown || healthStatus == ""), argoappv1.HealthStatusUnknown)
+	addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusProgressing), argoappv1.HealthStatusProgressing)
+	addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusSuspended), argoappv1.HealthStatusSuspended)
+	addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusHealthy), argoappv1.HealthStatusHealthy)
+	addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusDegraded), argoappv1.HealthStatusDegraded)
+	addGauge(descAppHealthStatus, boolFloat64(healthStatus == argoappv1.HealthStatusMissing), argoappv1.HealthStatusMissing)
 }

controller/metrics/metrics_test.go

@@ -5,7 +5,6 @@ import (
 	"log"
 	"net/http"
 	"net/http/httptest"
-	"os"
 	"strings"
 	"testing"
 	"time"
@@ -43,52 +42,25 @@ status:
     status: Healthy
 `
 
-const fakeApp2 = `
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: my-app-2
-  namespace: argocd
-spec:
-  destination:
-    namespace: dummy-namespace
-    server: https://localhost:6443
-  project: important-project
-  source:
-    path: some/path
-    repoURL: https://github.com/argoproj/argocd-example-apps.git
-status:
-  sync:
-    status: Synced
-  health:
-    status: Healthy
-operation:
-  sync:
-    revision: 041eab7439ece92c99b043f0e171788185b8fc1d
-    syncStrategy:
-      hook: {}
-`
-
-const fakeApp3 = `
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: my-app-3
-  namespace: argocd
-  deletionTimestamp: "2020-03-16T09:17:45Z"
-spec:
-  destination:
-    namespace: dummy-namespace
-    server: https://localhost:6443
-  project: important-project
-  source:
-    path: some/path
-    repoURL: https://github.com/argoproj/argocd-example-apps.git
-status:
-  sync:
-    status: OutOfSync
-  health:
-    status: Degraded
+const expectedResponse = `# HELP argocd_app_created_time Creation time in unix timestamp for an application.
+# TYPE argocd_app_created_time gauge
+argocd_app_created_time{name="my-app",namespace="argocd",project="important-project"} -6.21355968e+10
+# HELP argocd_app_health_status The application current health status.
+# TYPE argocd_app_health_status gauge
+argocd_app_health_status{health_status="Degraded",name="my-app",namespace="argocd",project="important-project"} 0
+argocd_app_health_status{health_status="Healthy",name="my-app",namespace="argocd",project="important-project"} 1
+argocd_app_health_status{health_status="Missing",name="my-app",namespace="argocd",project="important-project"} 0
+argocd_app_health_status{health_status="Progressing",name="my-app",namespace="argocd",project="important-project"} 0
+argocd_app_health_status{health_status="Suspended",name="my-app",namespace="argocd",project="important-project"} 0
+argocd_app_health_status{health_status="Unknown",name="my-app",namespace="argocd",project="important-project"} 0
+# HELP argocd_app_info Information about application.
+# TYPE argocd_app_info gauge
+argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",name="my-app",namespace="argocd",project="important-project",repo="https://github.com/argoproj/argocd-example-apps"} 1
+# HELP argocd_app_sync_status The application current sync status.
+# TYPE argocd_app_sync_status gauge
+argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="OutOfSync"} 0
+argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="Synced"} 1
+argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="Unknown"} 0
 `
 
 const fakeDefaultApp = `
@@ -111,26 +83,46 @@ status:
     status: Healthy
 `
 
+const expectedDefaultResponse = `# HELP argocd_app_created_time Creation time in unix timestamp for an application.
+# TYPE argocd_app_created_time gauge
+argocd_app_created_time{name="my-app",namespace="argocd",project="default"} -6.21355968e+10
+# HELP argocd_app_health_status The application current health status.
+# TYPE argocd_app_health_status gauge
+argocd_app_health_status{health_status="Degraded",name="my-app",namespace="argocd",project="default"} 0
+argocd_app_health_status{health_status="Healthy",name="my-app",namespace="argocd",project="default"} 1
+argocd_app_health_status{health_status="Missing",name="my-app",namespace="argocd",project="default"} 0
+argocd_app_health_status{health_status="Progressing",name="my-app",namespace="argocd",project="default"} 0
+argocd_app_health_status{health_status="Suspended",name="my-app",namespace="argocd",project="default"} 0
+argocd_app_health_status{health_status="Unknown",name="my-app",namespace="argocd",project="default"} 0
+# HELP argocd_app_info Information about application.
+# TYPE argocd_app_info gauge
+argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",name="my-app",namespace="argocd",project="default",repo="https://github.com/argoproj/argocd-example-apps"} 1
+# HELP argocd_app_sync_status The application current sync status.
+# TYPE argocd_app_sync_status gauge
+argocd_app_sync_status{name="my-app",namespace="argocd",project="default",sync_status="OutOfSync"} 0
+argocd_app_sync_status{name="my-app",namespace="argocd",project="default",sync_status="Synced"} 1
+argocd_app_sync_status{name="my-app",namespace="argocd",project="default",sync_status="Unknown"} 0
+`
+
 var noOpHealthCheck = func() error {
 	return nil
 }
 
-func newFakeApp(fakeAppYAML string) *argoappv1.Application {
+func newFakeApp(fakeApp string) *argoappv1.Application {
 	var app argoappv1.Application
-	err := yaml.Unmarshal([]byte(fakeAppYAML), &app)
+	err := yaml.Unmarshal([]byte(fakeApp), &app)
 	if err != nil {
 		panic(err)
 	}
 	return &app
 }
 
-func newFakeLister(fakeAppYAMLs ...string) (context.CancelFunc, applister.ApplicationLister) {
+func newFakeLister(fakeApp ...string) (context.CancelFunc, applister.ApplicationLister) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 	var fakeApps []runtime.Object
-	for _, appYAML := range fakeAppYAMLs {
-		a := newFakeApp(appYAML)
-		fakeApps = append(fakeApps, a)
+	for _, name := range fakeApp {
+		fakeApps = append(fakeApps, newFakeApp(name))
 	}
 	appClientset := appclientset.NewSimpleClientset(fakeApps...)
 	factory := appinformer.NewFilteredSharedInformerFactory(appClientset, 0, "argocd", func(options *metav1.ListOptions) {})
@@ -142,8 +134,8 @@ func newFakeLister(fakeAppYAMLs ...string) (context.CancelFunc, applister.Applic
 	return cancel, factory.Argoproj().V1alpha1().Applications().Lister()
 }
 
-func testApp(t *testing.T, fakeAppYAMLs []string, expectedResponse string) {
-	cancel, appLister := newFakeLister(fakeAppYAMLs...)
+func testApp(t *testing.T, fakeApp string, expectedResponse string) {
+	cancel, appLister := newFakeLister(fakeApp)
 	defer cancel()
 	metricsServ := NewMetricsServer("localhost:8082", appLister, noOpHealthCheck)
 	req, err := http.NewRequest("GET", "/metrics", nil)
@@ -157,75 +149,39 @@ func testApp(t *testing.T, fakeAppYAMLs []string, expectedResponse string) {
 }
 
 type testCombination struct {
-	applications     []string
+	application      string
 	expectedResponse string
 }
 
 func TestMetrics(t *testing.T) {
 	combinations := []testCombination{
 		{
-			applications: []string{fakeApp, fakeApp2, fakeApp3},
-			expectedResponse: `
-# HELP argocd_app_info Information about application.
-# TYPE argocd_app_info gauge
-argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Degraded",name="my-app-3",namespace="argocd",operation="delete",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="OutOfSync"} 1
-argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1
-argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app-2",namespace="argocd",operation="sync",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1
-`,
+			application:      fakeApp,
+			expectedResponse: expectedResponse,
 		},
 		{
-			applications: []string{fakeDefaultApp},
-			expectedResponse: `
-# HELP argocd_app_info Information about application.
-# TYPE argocd_app_info gauge
-argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="default",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1
-`,
+			application:      fakeDefaultApp,
+			expectedResponse: expectedDefaultResponse,
 		},
 	}
 
 	for _, combination := range combinations {
-		testApp(t, combination.applications, combination.expectedResponse)
+		testApp(t, combination.application, combination.expectedResponse)
 	}
 }
 
-func TestLegacyMetrics(t *testing.T) {
-	os.Setenv(EnvVarLegacyControllerMetrics, "true")
-	defer os.Unsetenv(EnvVarLegacyControllerMetrics)
-
-	expectedResponse := `
-# HELP argocd_app_created_time Creation time in unix timestamp for an application.
-# TYPE argocd_app_created_time gauge
-argocd_app_created_time{name="my-app",namespace="argocd",project="important-project"} -6.21355968e+10
-# HELP argocd_app_health_status The application current health status.
-# TYPE argocd_app_health_status gauge
-argocd_app_health_status{health_status="Degraded",name="my-app",namespace="argocd",project="important-project"} 0
-argocd_app_health_status{health_status="Healthy",name="my-app",namespace="argocd",project="important-project"} 1
-argocd_app_health_status{health_status="Missing",name="my-app",namespace="argocd",project="important-project"} 0
-argocd_app_health_status{health_status="Progressing",name="my-app",namespace="argocd",project="important-project"} 0
-argocd_app_health_status{health_status="Suspended",name="my-app",namespace="argocd",project="important-project"} 0
-argocd_app_health_status{health_status="Unknown",name="my-app",namespace="argocd",project="important-project"} 0
-# HELP argocd_app_sync_status The application current sync status.
-# TYPE argocd_app_sync_status gauge
-argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="OutOfSync"} 0
-argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="Synced"} 1
-argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="Unknown"} 0
+const appSyncTotal = `# HELP argocd_app_sync_total Number of application syncs.
+# TYPE argocd_app_sync_total counter
+argocd_app_sync_total{name="my-app",namespace="argocd",phase="Error",project="important-project"} 1
+argocd_app_sync_total{name="my-app",namespace="argocd",phase="Failed",project="important-project"} 1
+argocd_app_sync_total{name="my-app",namespace="argocd",phase="Succeeded",project="important-project"} 2
 `
-	testApp(t, []string{fakeApp}, expectedResponse)
-}
 
 func TestMetricsSyncCounter(t *testing.T) {
 	cancel, appLister := newFakeLister()
 	defer cancel()
 	metricsServ := NewMetricsServer("localhost:8082", appLister, noOpHealthCheck)
 
-	appSyncTotal := `
-# HELP argocd_app_sync_total Number of application syncs.
-# TYPE argocd_app_sync_total counter
-argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespace="argocd",phase="Error",project="important-project"} 1
-argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespace="argocd",phase="Failed",project="important-project"} 1
-argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespace="argocd",phase="Succeeded",project="important-project"} 2
-`
-
 	fakeApp := newFakeApp(fakeApp)
 	metricsServ.IncSync(fakeApp, &argoappv1.OperationState{Phase: argoappv1.OperationRunning})
 	metricsServ.IncSync(fakeApp, &argoappv1.OperationState{Phase: argoappv1.OperationFailed})
@@ -246,31 +202,27 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa
 // assertMetricsPrinted asserts every line in the expected lines appears in the body
 func assertMetricsPrinted(t *testing.T, expectedLines, body string) {
 	for _, line := range strings.Split(expectedLines, "\n") {
-		if line == "" {
-			continue
-		}
 		assert.Contains(t, body, line)
 	}
 }
 
+const appReconcileMetrics = `argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="0.25"} 0
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="0.5"} 0
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="1"} 0
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="2"} 0
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="4"} 0
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="8"} 1
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="16"} 1
+argocd_app_reconcile_bucket{name="my-app",namespace="argocd",project="important-project",le="+Inf"} 1
+argocd_app_reconcile_sum{name="my-app",namespace="argocd",project="important-project"} 5
+argocd_app_reconcile_count{name="my-app",namespace="argocd",project="important-project"} 1
+`
+
 func TestReconcileMetrics(t *testing.T) {
 	cancel, appLister := newFakeLister()
 	defer cancel()
 	metricsServ := NewMetricsServer("localhost:8082", appLister, noOpHealthCheck)
-	appReconcileMetrics := `
-# HELP argocd_app_reconcile Application reconciliation performance.
-# TYPE argocd_app_reconcile histogram
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.25"} 0
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.5"} 0
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="1"} 0
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="2"} 0
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="4"} 0
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="8"} 1
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="16"} 1
-argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="+Inf"} 1
-argocd_app_reconcile_sum{dest_server="https://localhost:6443",namespace="argocd"} 5
-argocd_app_reconcile_count{dest_server="https://localhost:6443",namespace="argocd"} 1
-`
+
 	fakeApp := newFakeApp(fakeApp)
 	metricsServ.IncReconcile(fakeApp, 5*time.Second)
 

controller/metrics/transportwrapper.go

@@ -1,24 +1,37 @@
 package metrics
 
 import (
-	"strconv"
+	"net/http"
 
-	"github.com/argoproj/pkg/kubeclientmetrics"
 	"k8s.io/client-go/rest"
 
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 )
 
+type metricsRoundTripper struct {
+	roundTripper  http.RoundTripper
+	app           *v1alpha1.Application
+	metricsServer *MetricsServer
+}
+
+func (mrt *metricsRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) {
+	resp, err := mrt.roundTripper.RoundTrip(r)
+	statusCode := 0
+	if resp != nil {
+		statusCode = resp.StatusCode
+	}
+	mrt.metricsServer.IncKubernetesRequest(mrt.app, statusCode)
+	return resp, err
+}
+
 // AddMetricsTransportWrapper adds a transport wrapper which increments 'argocd_app_k8s_request_total' counter on each kubernetes request
 func AddMetricsTransportWrapper(server *MetricsServer, app *v1alpha1.Application, config *rest.Config) *rest.Config {
-	inc := func(resourceInfo kubeclientmetrics.ResourceInfo) error {
-		namespace := resourceInfo.Namespace
-		kind := resourceInfo.Kind
-		statusCode := strconv.Itoa(resourceInfo.StatusCode)
-		server.IncKubernetesRequest(app, resourceInfo.Server, statusCode, string(resourceInfo.Verb), kind, namespace)
-		return nil
+	wrap := config.WrapTransport
+	config.WrapTransport = func(rt http.RoundTripper) http.RoundTripper {
+		if wrap != nil {
+			rt = wrap(rt)
+		}
+		return &metricsRoundTripper{roundTripper: rt, metricsServer: server, app: app}
 	}
-
-	newConfig := kubeclientmetrics.AddMetricsTransportWrapper(config, inc)
-	return newConfig
+	return config
 }

controller/state.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	log "github.com/sirupsen/logrus"
-	"github.com/yudai/gojsondiff"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -31,7 +30,6 @@ import (
 	"github.com/argoproj/argo-cd/util/resource"
 	"github.com/argoproj/argo-cd/util/resource/ignore"
 	"github.com/argoproj/argo-cd/util/settings"
-	"github.com/argoproj/argo-cd/util/stats"
 )
 
 type managedResource struct {
@@ -60,7 +58,7 @@ type ResourceInfoProvider interface {
 
 // AppStateManager defines methods which allow to compare application spec and actual application state.
 type AppStateManager interface {
-	CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revision string, source v1alpha1.ApplicationSource, noCache bool, localObjects []string) *comparisonResult
+	CompareAppState(app *v1alpha1.Application, revision string, source v1alpha1.ApplicationSource, noCache bool, localObjects []string) *comparisonResult
 	SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState)
 }
 
@@ -72,8 +70,6 @@ type comparisonResult struct {
 	hooks            []*unstructured.Unstructured
 	diffNormalizer   diff.Normalizer
 	appSourceType    v1alpha1.ApplicationSourceType
-	// timings maps phases of comparison to the duration it took to complete (for statistical purposes)
-	timings map[string]time.Duration
 }
 
 func (cr *comparisonResult) targetObjs() []*unstructured.Unstructured {
@@ -100,17 +96,14 @@ type appStateManager struct {
 }
 
 func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, source v1alpha1.ApplicationSource, appLabelKey, revision string, noCache bool) ([]*unstructured.Unstructured, []*unstructured.Unstructured, *apiclient.ManifestResponse, error) {
-	ts := stats.NewTimingStats()
 	helmRepos, err := m.db.ListHelmRepositories(context.Background())
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("helm_ms")
 	repo, err := m.db.GetRepository(context.Background(), source.RepoURL)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("repo_ms")
 	conn, repoClient, err := m.repoClientset.NewRepoServerClient()
 	if err != nil {
 		return nil, nil, nil, err
@@ -125,26 +118,24 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, source v1alpha1
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("plugins_ms")
+
 	tools := make([]*appv1.ConfigManagementPlugin, len(plugins))
 	for i := range plugins {
 		tools[i] = &plugins[i]
 	}
 
-	kustomizeSettings, err := m.settingsMgr.GetKustomizeSettings()
+	buildOptions, err := m.settingsMgr.GetKustomizeBuildOptions()
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	kustomizeOptions, err := kustomizeSettings.GetOptions(app.Spec.Source)
+	cluster, err := m.db.GetCluster(context.Background(), app.Spec.Destination.Server)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("build_options_ms")
-	serverVersion, apiGroups, err := m.liveStateCache.GetVersionsInfo(app.Spec.Destination.Server)
+	cluster.ServerVersion, err = m.kubectl.GetServerVersion(cluster.RESTConfig())
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("version_ms")
 	manifestInfo, err := repoClient.GenerateManifest(context.Background(), &apiclient.ManifestRequest{
 		Repo:              repo,
 		Repos:             helmRepos,
@@ -155,25 +146,18 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, source v1alpha1
 		Namespace:         app.Spec.Destination.Namespace,
 		ApplicationSource: &source,
 		Plugins:           tools,
-		KustomizeOptions:  kustomizeOptions,
-		KubeVersion:       serverVersion,
-		ApiVersions:       argo.APIGroupsToVersions(apiGroups),
+		KustomizeOptions: &appv1.KustomizeOptions{
+			BuildOptions: buildOptions,
+		},
+		KubeVersion: cluster.ServerVersion,
 	})
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("manifests_ms")
 	targetObjs, hooks, err := unmarshalManifests(manifestInfo.Manifests)
 	if err != nil {
 		return nil, nil, nil, err
 	}
-	ts.AddCheckpoint("unmarshal_ms")
-	logCtx := log.WithField("application", app.Name)
-	for k, v := range ts.Timings() {
-		logCtx = logCtx.WithField(k, v.Milliseconds())
-	}
-	logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds())
-	logCtx.Info("getRepoObjs stats")
 	return targetObjs, hooks, manifestInfo, nil
 }
 
@@ -185,7 +169,7 @@ func unmarshalManifests(manifests []string) ([]*unstructured.Unstructured, []*un
 		if err != nil {
 			return nil, nil, err
 		}
-		if obj == nil || ignore.Ignore(obj) {
+		if ignore.Ignore(obj) {
 			continue
 		}
 		if hookutil.IsHook(obj) {
@@ -223,11 +207,9 @@ func DeduplicateTargetObjects(
 	result := make([]*unstructured.Unstructured, 0)
 	for key, targets := range targetByKey {
 		if len(targets) > 1 {
-			now := metav1.Now()
 			conditions = append(conditions, appv1.ApplicationCondition{
-				Type:               appv1.ApplicationConditionRepeatedResourceWarning,
-				Message:            fmt.Sprintf("Resource %s appeared %d times among application resources.", key.String(), len(targets)),
-				LastTransitionTime: &now,
+				Type:    appv1.ApplicationConditionRepeatedResourceWarning,
+				Message: fmt.Sprintf("Resource %s appeared %d times among application resources.", key.String(), len(targets)),
 			})
 		}
 		result = append(result, targets[len(targets)-1])
@@ -272,33 +254,27 @@ func dedupLiveResources(targetObjs []*unstructured.Unstructured, liveObjsByKey m
 	}
 }
 
-func (m *appStateManager) getComparisonSettings(app *appv1.Application) (string, map[string]v1alpha1.ResourceOverride, diff.Normalizer, *settings.ResourcesFilter, error) {
+func (m *appStateManager) getComparisonSettings(app *appv1.Application) (string, map[string]v1alpha1.ResourceOverride, diff.Normalizer, error) {
 	resourceOverrides, err := m.settingsMgr.GetResourceOverrides()
 	if err != nil {
-		return "", nil, nil, nil, err
+		return "", nil, nil, err
 	}
 	appLabelKey, err := m.settingsMgr.GetAppInstanceLabelKey()
 	if err != nil {
-		return "", nil, nil, nil, err
+		return "", nil, nil, err
 	}
 	diffNormalizer, err := argo.NewDiffNormalizer(app.Spec.IgnoreDifferences, resourceOverrides)
 	if err != nil {
-		return "", nil, nil, nil, err
+		return "", nil, nil, err
 	}
-	resFilter, err := m.settingsMgr.GetResourcesFilter()
-	if err != nil {
-		return "", nil, nil, nil, err
-	}
-	return appLabelKey, resourceOverrides, diffNormalizer, resFilter, nil
+	return appLabelKey, resourceOverrides, diffNormalizer, nil
 }
 
 // CompareAppState compares application git state to the live app state, using the specified
 // revision and supplied source. If revision or overrides are empty, then compares against
 // revision and overrides in the app spec.
-func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revision string, source v1alpha1.ApplicationSource, noCache bool, localManifests []string) *comparisonResult {
-	ts := stats.NewTimingStats()
-	appLabelKey, resourceOverrides, diffNormalizer, resFilter, err := m.getComparisonSettings(app)
-	ts.AddCheckpoint("settings_ms")
+func (m *appStateManager) CompareAppState(app *v1alpha1.Application, revision string, source v1alpha1.ApplicationSource, noCache bool, localManifests []string) *comparisonResult {
+	appLabelKey, resourceOverrides, diffNormalizer, err := m.getComparisonSettings(app)
 
 	// return unknown comparison result if basic comparison settings cannot be loaded
 	if err != nil {
@@ -321,67 +297,63 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 	var targetObjs []*unstructured.Unstructured
 	var hooks []*unstructured.Unstructured
 	var manifestInfo *apiclient.ManifestResponse
-	now := metav1.Now()
 
 	if len(localManifests) == 0 {
 		targetObjs, hooks, manifestInfo, err = m.getRepoObjs(app, source, appLabelKey, revision, noCache)
 		if err != nil {
 			targetObjs = make([]*unstructured.Unstructured, 0)
-			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
 			failedToLoadObjs = true
 		}
 	} else {
 		targetObjs, hooks, err = unmarshalManifests(localManifests)
 		if err != nil {
 			targetObjs = make([]*unstructured.Unstructured, 0)
-			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
 			failedToLoadObjs = true
 		}
 		manifestInfo = nil
 	}
-	ts.AddCheckpoint("git_ms")
 
 	targetObjs, dedupConditions, err := DeduplicateTargetObjects(app.Spec.Destination.Server, app.Spec.Destination.Namespace, targetObjs, m.liveStateCache)
 	if err != nil {
-		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
 	}
 	conditions = append(conditions, dedupConditions...)
-	for i := len(targetObjs) - 1; i >= 0; i-- {
-		targetObj := targetObjs[i]
-		gvk := targetObj.GroupVersionKind()
-		if resFilter.IsExcludedResource(gvk.Group, gvk.Kind, app.Spec.Destination.Server) {
-			targetObjs = append(targetObjs[:i], targetObjs[i+1:]...)
-			conditions = append(conditions, v1alpha1.ApplicationCondition{
-				Type:               v1alpha1.ApplicationConditionExcludedResourceWarning,
-				Message:            fmt.Sprintf("Resource %s/%s %s is excluded in the settings", gvk.Group, gvk.Kind, targetObj.GetName()),
-				LastTransitionTime: &now,
-			})
+
+	resFilter, err := m.settingsMgr.GetResourcesFilter()
+	if err != nil {
+		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
+	} else {
+		for i := len(targetObjs) - 1; i >= 0; i-- {
+			targetObj := targetObjs[i]
+			gvk := targetObj.GroupVersionKind()
+			if resFilter.IsExcludedResource(gvk.Group, gvk.Kind, app.Spec.Destination.Server) {
+				targetObjs = append(targetObjs[:i], targetObjs[i+1:]...)
+				conditions = append(conditions, v1alpha1.ApplicationCondition{
+					Type:    v1alpha1.ApplicationConditionExcludedResourceWarning,
+					Message: fmt.Sprintf("Resource %s/%s %s is excluded in the settings", gvk.Group, gvk.Kind, targetObj.GetName()),
+				})
+			}
 		}
 	}
-	ts.AddCheckpoint("dedup_ms")
 
+	logCtx.Debugf("Generated config manifests")
 	liveObjByKey, err := m.liveStateCache.GetManagedLiveObjs(app, targetObjs)
+	dedupLiveResources(targetObjs, liveObjByKey)
 	if err != nil {
 		liveObjByKey = make(map[kubeutil.ResourceKey]*unstructured.Unstructured)
-		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
 		failedToLoadObjs = true
 	}
-	dedupLiveResources(targetObjs, liveObjByKey)
-	// filter out all resources which are not permitted in the application project
-	for k, v := range liveObjByKey {
-		if !project.IsLiveResourcePermitted(v, app.Spec.Destination.Server) {
-			delete(liveObjByKey, k)
-		}
-	}
-
+	logCtx.Debugf("Retrieved lived manifests")
 	for _, liveObj := range liveObjByKey {
 		if liveObj != nil {
 			appInstanceName := kubeutil.GetAppInstanceLabel(liveObj, appLabelKey)
 			if appInstanceName != "" && appInstanceName != app.Name {
 				conditions = append(conditions, v1alpha1.ApplicationCondition{
-					Type:               v1alpha1.ApplicationConditionSharedResourceWarning,
-					Message:            fmt.Sprintf("%s/%s is part of a different application: %s", liveObj.GetKind(), liveObj.GetName(), appInstanceName),
-					LastTransitionTime: &now,
+					Type:    v1alpha1.ApplicationConditionSharedResourceWarning,
+					Message: fmt.Sprintf("%s/%s is part of a different application: %s", liveObj.GetKind(), liveObj.GetName(), appInstanceName),
 				})
 			}
 		}
@@ -402,8 +374,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 			managedLiveObj[i] = nil
 		}
 	}
-	ts.AddCheckpoint("live_ms")
-
+	logCtx.Debugf("built managed objects list")
 	// Everything remaining in liveObjByKey are "extra" resources that aren't tracked in git.
 	// The following adds all the extras to the managedLiveObj list and backfills the targetObj
 	// list with nils, so that the lists are of equal lengths for comparison purposes.
@@ -417,9 +388,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 	if err != nil {
 		diffResults = &diff.DiffResultList{}
 		failedToLoadObjs = true
-		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
 	}
-	ts.AddCheckpoint("diff_ms")
 
 	syncCode := v1alpha1.SyncStatusCodeSynced
 	managedResources := make([]managedResource, len(targetObjs))
@@ -445,17 +415,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 			RequiresPruning: targetObj == nil && liveObj != nil,
 		}
 
-		var diffResult diff.DiffResult
-		if i < len(diffResults.Diffs) {
-			diffResult = diffResults.Diffs[i]
-		} else {
-			diffResult = diff.DiffResult{
-				Diff:           gojsondiff.New().CompareObjects(map[string]interface{}{}, map[string]interface{}{}),
-				Modified:       false,
-				NormalizedLive: []byte("{}"),
-				PredictedLive:  []byte("{}"),
-			}
-		}
+		diffResult := diffResults.Diffs[i]
 		if resState.Hook || ignore.Ignore(obj) {
 			// For resource hooks, don't store sync status, and do not affect overall sync status
 		} else if diffResult.Modified || targetObj == nil || liveObj == nil {
@@ -472,12 +432,6 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 		} else {
 			resState.Status = v1alpha1.SyncStatusCodeSynced
 		}
-		// set unknown status to all resource that are not permitted in the app project
-		isNamespaced, err := m.liveStateCache.IsNamespaced(app.Spec.Destination.Server, gvk.GroupKind())
-		if !project.IsGroupKindPermitted(gvk.GroupKind(), isNamespaced && err == nil) {
-			resState.Status = v1alpha1.SyncStatusCodeUnknown
-		}
-
 		// we can't say anything about the status if we were unable to get the target objects
 		if failedToLoadObjs {
 			resState.Status = v1alpha1.SyncStatusCodeUnknown
@@ -509,14 +463,13 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 	if manifestInfo != nil {
 		syncStatus.Revision = manifestInfo.Revision
 	}
-	ts.AddCheckpoint("sync_ms")
 
 	healthStatus, err := health.SetApplicationHealth(resourceSummaries, GetLiveObjs(managedResources), resourceOverrides, func(obj *unstructured.Unstructured) bool {
 		return !isSelfReferencedApp(app, kubeutil.GetObjectRef(obj))
 	})
 
 	if err != nil {
-		conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+		conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error()})
 	}
 
 	compRes := comparisonResult{
@@ -536,8 +489,6 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 		appv1.ApplicationConditionRepeatedResourceWarning: true,
 		appv1.ApplicationConditionExcludedResourceWarning: true,
 	})
-	ts.AddCheckpoint("health_ms")
-	compRes.timings = ts.Timings()
 	return &compRes
 }
 
@@ -546,18 +497,20 @@ func (m *appStateManager) persistRevisionHistory(app *v1alpha1.Application, revi
 	if len(app.Status.History) > 0 {
 		nextID = app.Status.History[len(app.Status.History)-1].ID + 1
 	}
-	app.Status.History = append(app.Status.History, v1alpha1.RevisionHistory{
+	history := append(app.Status.History, v1alpha1.RevisionHistory{
 		Revision:   revision,
 		DeployedAt: metav1.NewTime(time.Now().UTC()),
 		ID:         nextID,
 		Source:     source,
 	})
 
-	app.Status.History = app.Status.History.Trunc(app.Spec.GetRevisionHistoryLimit())
+	if len(history) > common.RevisionHistoryLimit {
+		history = history[1 : common.RevisionHistoryLimit+1]
+	}
 
 	patch, err := json.Marshal(map[string]map[string][]v1alpha1.RevisionHistory{
 		"status": {
-			"history": app.Status.History,
+			"history": history,
 		},
 	})
 	if err != nil {

controller/state_test.go

@@ -30,7 +30,7 @@ func TestCompareAppStateEmpty(t *testing.T) {
 		managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
 	}
 	ctrl := newFakeController(&data)
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
 	assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
@@ -45,7 +45,7 @@ func TestCompareAppStateMissing(t *testing.T) {
 	data := fakeData{
 		apps: []runtime.Object{app},
 		manifestResponse: &apiclient.ManifestResponse{
-			Manifests: []string{test.PodManifest},
+			Manifests: []string{string(test.PodManifest)},
 			Namespace: test.FakeDestNamespace,
 			Server:    test.FakeClusterURL,
 			Revision:  "abc123",
@@ -53,7 +53,7 @@ func TestCompareAppStateMissing(t *testing.T) {
 		managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
 	}
 	ctrl := newFakeController(&data)
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
 	assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status)
@@ -80,7 +80,7 @@ func TestCompareAppStateExtra(t *testing.T) {
 		},
 	}
 	ctrl := newFakeController(&data)
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 	assert.NotNil(t, compRes)
 	assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status)
 	assert.Equal(t, 1, len(compRes.resources))
@@ -106,7 +106,7 @@ func TestCompareAppStateHook(t *testing.T) {
 		managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
 	}
 	ctrl := newFakeController(&data)
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 	assert.NotNil(t, compRes)
 	assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
 	assert.Equal(t, 0, len(compRes.resources))
@@ -132,7 +132,7 @@ func TestCompareAppStateCompareOptionIgnoreExtraneous(t *testing.T) {
 	}
 	ctrl := newFakeController(&data)
 
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 
 	assert.NotNil(t, compRes)
 	assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
@@ -160,7 +160,7 @@ func TestCompareAppStateExtraHook(t *testing.T) {
 		},
 	}
 	ctrl := newFakeController(&data)
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 
 	assert.NotNil(t, compRes)
 	assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
@@ -197,13 +197,13 @@ func TestCompareAppStateDuplicatedNamespacedResources(t *testing.T) {
 		},
 	}
 	ctrl := newFakeController(&data)
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 
 	assert.NotNil(t, compRes)
-	assert.Equal(t, 1, len(app.Status.Conditions))
-	assert.NotNil(t, app.Status.Conditions[0].LastTransitionTime)
-	assert.Equal(t, argoappv1.ApplicationConditionRepeatedResourceWarning, app.Status.Conditions[0].Type)
-	assert.Equal(t, "Resource /Pod/fake-dest-ns/my-pod appeared 2 times among application resources.", app.Status.Conditions[0].Message)
+	assert.Contains(t, app.Status.Conditions, argoappv1.ApplicationCondition{
+		Message: "Resource /Pod/fake-dest-ns/my-pod appeared 2 times among application resources.",
+		Type:    argoappv1.ApplicationConditionRepeatedResourceWarning,
+	})
 	assert.Equal(t, 2, len(compRes.resources))
 }
 
@@ -248,7 +248,7 @@ func TestSetHealth(t *testing.T) {
 		},
 	})
 
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 
 	assert.Equal(t, compRes.healthStatus.Status, argoappv1.HealthStatusHealthy)
 }
@@ -280,7 +280,7 @@ func TestSetHealthSelfReferencedApp(t *testing.T) {
 		},
 	})
 
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 
 	assert.Equal(t, compRes.healthStatus.Status, argoappv1.HealthStatusHealthy)
 }
@@ -350,7 +350,7 @@ func TestReturnUnknownComparisonStateOnSettingLoadError(t *testing.T) {
 		},
 	})
 
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, nil)
+	compRes := ctrl.appStateManager.CompareAppState(app, "", app.Spec.Source, false, nil)
 
 	assert.Equal(t, argoappv1.HealthStatusUnknown, compRes.healthStatus.Status)
 	assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status)
@@ -391,50 +391,3 @@ func Test_comparisonResult_obs(t *testing.T) {
 	assert.Len(t, (&comparisonResult{managedResources: []managedResource{{Target: test.NewPod()}}}).targetObjs(), 1)
 	assert.Len(t, (&comparisonResult{hooks: []*unstructured.Unstructured{{}}}).targetObjs(), 1)
 }
-
-func Test_appStateManager_persistRevisionHistory(t *testing.T) {
-	app := newFakeApp()
-	ctrl := newFakeController(&fakeData{
-		apps: []runtime.Object{app},
-	})
-	manager := ctrl.appStateManager.(*appStateManager)
-	setRevisionHistoryLimit := func(value int) {
-		i := int64(value)
-		app.Spec.RevisionHistoryLimit = &i
-	}
-	addHistory := func() {
-		err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{})
-		assert.NoError(t, err)
-	}
-	addHistory()
-	assert.Len(t, app.Status.History, 1)
-	addHistory()
-	assert.Len(t, app.Status.History, 2)
-	addHistory()
-	assert.Len(t, app.Status.History, 3)
-	addHistory()
-	assert.Len(t, app.Status.History, 4)
-	addHistory()
-	assert.Len(t, app.Status.History, 5)
-	addHistory()
-	assert.Len(t, app.Status.History, 6)
-	addHistory()
-	assert.Len(t, app.Status.History, 7)
-	addHistory()
-	assert.Len(t, app.Status.History, 8)
-	addHistory()
-	assert.Len(t, app.Status.History, 9)
-	addHistory()
-	assert.Len(t, app.Status.History, 10)
-	// default limit is 10
-	addHistory()
-	assert.Len(t, app.Status.History, 10)
-	// increase limit
-	setRevisionHistoryLimit(11)
-	addHistory()
-	assert.Len(t, app.Status.History, 11)
-	// decrease limit
-	setRevisionHistoryLimit(9)
-	addHistory()
-	assert.Len(t, app.Status.History, 9)
-}

controller/sync.go

@@ -17,7 +17,6 @@ import (
 	apierr "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/dynamic"
@@ -47,7 +46,6 @@ type syncContext struct {
 	proj                *v1alpha1.AppProject
 	compareResult       *comparisonResult
 	config              *rest.Config
-	rawConfig           *rest.Config
 	dynamicIf           dynamic.Interface
 	disco               discovery.DiscoveryInterface
 	extensionsclientset *clientset.Clientset
@@ -108,14 +106,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		revision = syncOp.Revision
 	}
 
-	proj, err := argo.GetAppProject(&app.Spec, listersv1alpha1.NewAppProjectLister(m.projInformer.GetIndexer()), m.namespace)
-	if err != nil {
-		state.Phase = v1alpha1.OperationError
-		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
-		return
-	}
-
-	compareResult := m.CompareAppState(app, proj, revision, source, false, syncOp.Manifests)
+	compareResult := m.CompareAppState(app, revision, source, false, syncOp.Manifests)
 
 	// If there are any comparison or spec errors error conditions do not perform the operation
 	if errConditions := app.Status.GetConditions(map[v1alpha1.ApplicationConditionType]bool{
@@ -159,6 +150,13 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		return
 	}
 
+	proj, err := argo.GetAppProject(&app.Spec, listersv1alpha1.NewAppProjectLister(m.projInformer.GetIndexer()), m.namespace)
+	if err != nil {
+		state.Phase = v1alpha1.OperationError
+		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
+		return
+	}
+
 	resourceOverrides, err := m.settingsMgr.GetResourceOverrides()
 	if err != nil {
 		state.Phase = v1alpha1.OperationError
@@ -174,7 +172,6 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		proj:                proj,
 		compareResult:       compareResult,
 		config:              restConfig,
-		rawConfig:           clst.RawRestConfig(),
 		dynamicIf:           dynamicIf,
 		disco:               disco,
 		extensionsclientset: extensionsclientset,
@@ -238,21 +235,16 @@ func (sc *syncContext) sync() {
 	}) {
 		if task.isHook() {
 			// update the hook's result
-			operationState, message, err := sc.getOperationPhase(task.liveObj)
-			if err != nil {
-				sc.setResourceResult(task, "", v1alpha1.OperationError, fmt.Sprintf("failed to get resource health: %v", err))
-			} else {
-				sc.setResourceResult(task, "", operationState, message)
+			operationState, message := getOperationPhase(task.liveObj)
+			sc.setResourceResult(task, "", operationState, message)
 
-				// maybe delete the hook
-				if task.needsDeleting() {
-					err := sc.deleteResource(task)
-					if err != nil && !errors.IsNotFound(err) {
-						sc.setResourceResult(task, "", v1alpha1.OperationError, fmt.Sprintf("failed to delete resource: %v", err))
-					}
+			// maybe delete the hook
+			if task.needsDeleting() {
+				err := sc.deleteResource(task)
+				if err != nil && !errors.IsNotFound(err) {
+					sc.setResourceResult(task, "", v1alpha1.OperationError, fmt.Sprintf("failed to delete resource: %v", err))
 				}
 			}
-
 		} else {
 			// this must be calculated on the live object
 			healthStatus, err := health.GetResourceHealth(task.liveObj, sc.resourceOverrides)
@@ -424,13 +416,7 @@ func (sc *syncContext) getSyncTasks() (_ syncTasks, successful bool) {
 				// metadata.generateName, then we will generate a formulated metadata.name before submission.
 				targetObj := obj.DeepCopy()
 				if targetObj.GetName() == "" {
-					var syncRevision string
-					if len(sc.syncRes.Revision) >= 8 {
-						syncRevision = sc.syncRes.Revision[0:7]
-					} else {
-						syncRevision = sc.syncRes.Revision
-					}
-					postfix := strings.ToLower(fmt.Sprintf("%s-%s-%d", syncRevision, phase, sc.opState.StartedAt.UTC().Unix()))
+					postfix := strings.ToLower(fmt.Sprintf("%s-%s-%d", sc.syncRes.Revision[0:7], phase, sc.opState.StartedAt.UTC().Unix()))
 					generateName := obj.GetGenerateName()
 					targetObj.SetName(fmt.Sprintf("%s%s", generateName, postfix))
 				}
@@ -484,11 +470,9 @@ func (sc *syncContext) getSyncTasks() (_ syncTasks, successful bool) {
 		serverRes, err := kube.ServerResourceForGroupVersionKind(sc.disco, task.groupVersionKind())
 		if err != nil {
 			// Special case for custom resources: if CRD is not yet known by the K8s API server,
-			// and the CRD is part of this sync or the resource is annotated with SkipDryRunOnMissingResource=true,
-			// then skip verification during `kubectl apply --dry-run` since we expect the CRD
+			// skip verification during `kubectl apply --dry-run` since we expect the CRD
 			// to be created during app synchronization.
-			skipDryRunOnMissingResource := resource.HasAnnotationOption(task.targetObj, common.AnnotationSyncOptions, "SkipDryRunOnMissingResource=true")
-			if apierr.IsNotFound(err) && (skipDryRunOnMissingResource || sc.hasCRDOfGroupKind(task.group(), task.kind())) {
+			if apierr.IsNotFound(err) && sc.hasCRDOfGroupKind(task.group(), task.kind()) {
 				sc.log.WithFields(log.Fields{"task": task}).Debug("skip dry-run for custom resource")
 				task.skipDryRun = true
 			} else {
@@ -496,7 +480,7 @@ func (sc *syncContext) getSyncTasks() (_ syncTasks, successful bool) {
 				successful = false
 			}
 		} else {
-			if !sc.proj.IsGroupKindPermitted(schema.GroupKind{Group: task.group(), Kind: task.kind()}, serverRes.Namespaced) {
+			if !sc.proj.IsResourcePermitted(metav1.GroupKind{Group: task.group(), Kind: task.kind()}, serverRes.Namespaced) {
 				sc.setResourceResult(task, v1alpha1.ResultCodeSyncFailed, "", fmt.Sprintf("Resource %s:%s is not permitted in project %s.", task.group(), task.kind(), sc.proj.Name))
 				successful = false
 			}
@@ -558,8 +542,9 @@ func (sc *syncContext) ensureCRDReady(name string) {
 }
 
 // applyObject performs a `kubectl apply` of a single resource
-func (sc *syncContext) applyObject(targetObj *unstructured.Unstructured, dryRun, force, validate bool) (v1alpha1.ResultCode, string) {
-	message, err := sc.kubectl.ApplyResource(sc.rawConfig, targetObj, targetObj.GetNamespace(), dryRun, force, validate)
+func (sc *syncContext) applyObject(targetObj *unstructured.Unstructured, dryRun bool, force bool) (v1alpha1.ResultCode, string) {
+	validate := !resource.HasAnnotationOption(targetObj, common.AnnotationSyncOptions, "Validate=false")
+	message, err := sc.kubectl.ApplyResource(sc.config, targetObj, targetObj.GetNamespace(), dryRun, force, validate)
 	if err != nil {
 		return v1alpha1.ResultCodeSyncFailed, err.Error()
 	}
@@ -571,10 +556,10 @@ func (sc *syncContext) applyObject(targetObj *unstructured.Unstructured, dryRun,
 
 // pruneObject deletes the object if both prune is true and dryRun is false. Otherwise appropriate message
 func (sc *syncContext) pruneObject(liveObj *unstructured.Unstructured, prune, dryRun bool) (v1alpha1.ResultCode, string) {
-	if resource.HasAnnotationOption(liveObj, common.AnnotationSyncOptions, "Prune=false") {
-		return v1alpha1.ResultCodePruneSkipped, "ignored (no prune)"
-	} else if !prune {
+	if !prune {
 		return v1alpha1.ResultCodePruneSkipped, "ignored (requires pruning)"
+	} else if resource.HasAnnotationOption(liveObj, common.AnnotationSyncOptions, "Prune=false") {
+		return v1alpha1.ResultCodePruneSkipped, "ignored (no prune)"
 	} else {
 		if dryRun {
 			return v1alpha1.ResultCodePruned, "pruned (dry run)"
@@ -617,15 +602,10 @@ func (sc *syncContext) terminate() {
 	sc.log.Debug("terminating")
 	tasks, _ := sc.getSyncTasks()
 	for _, task := range tasks {
-		if !task.isHook() || task.liveObj == nil {
+		if !task.isHook() || !task.completed() {
 			continue
 		}
-		phase, msg, err := sc.getOperationPhase(task.liveObj)
-		if err != nil {
-			sc.setOperationPhase(v1alpha1.OperationError, fmt.Sprintf("Failed to get hook health: %v", err))
-			return
-		}
-		if phase == v1alpha1.OperationRunning {
+		if isRunnable(task.groupVersionKind()) {
 			err := sc.deleteResource(task)
 			if err != nil {
 				sc.setResourceResult(task, "", v1alpha1.OperationFailed, fmt.Sprintf("Failed to delete: %v", err))
@@ -633,8 +613,6 @@ func (sc *syncContext) terminate() {
 			} else {
 				sc.setResourceResult(task, "", v1alpha1.OperationSucceeded, fmt.Sprintf("Deleted"))
 			}
-		} else {
-			sc.setResourceResult(task, "", phase, msg)
 		}
 	}
 	if terminateSuccessful {
@@ -704,14 +682,12 @@ func (sc *syncContext) runTasks(tasks syncTasks, dryRun bool) runState {
 			wg.Add(1)
 			go func(t *syncTask) {
 				defer wg.Done()
-				logCtx := sc.log.WithFields(log.Fields{"dryRun": dryRun, "task": t})
-				logCtx.Debug("pruning")
+				sc.log.WithFields(log.Fields{"dryRun": dryRun, "task": t}).Debug("pruning")
 				result, message := sc.pruneObject(t.liveObj, sc.syncOp.Prune, dryRun)
 				if result == v1alpha1.ResultCodeSyncFailed {
 					runState = failed
-					logCtx.WithField("message", message).Info("pruning failed")
 				}
-				if !dryRun || sc.syncOp.DryRun || result == v1alpha1.ResultCodeSyncFailed {
+				if !dryRun || result == v1alpha1.ResultCodeSyncFailed {
 					sc.setResourceResult(t, result, operationPhases[result], message)
 				}
 			}(task)
@@ -757,15 +733,12 @@ func (sc *syncContext) runTasks(tasks syncTasks, dryRun bool) runState {
 				createWg.Add(1)
 				go func(t *syncTask) {
 					defer createWg.Done()
-					logCtx := sc.log.WithFields(log.Fields{"dryRun": dryRun, "task": t})
-					logCtx.Debug("applying")
-					validate := !(sc.syncOp.SyncOptions.HasOption("Validate=false") || resource.HasAnnotationOption(t.targetObj, common.AnnotationSyncOptions, "Validate=false"))
-					result, message := sc.applyObject(t.targetObj, dryRun, sc.syncOp.SyncStrategy.Force(), validate)
+					sc.log.WithFields(log.Fields{"dryRun": dryRun, "task": t}).Debug("applying")
+					result, message := sc.applyObject(t.targetObj, dryRun, sc.syncOp.SyncStrategy.Force())
 					if result == v1alpha1.ResultCodeSyncFailed {
-						logCtx.WithField("message", message).Info("apply failed")
 						runState = failed
 					}
-					if !dryRun || sc.syncOp.DryRun || result == v1alpha1.ResultCodeSyncFailed {
+					if !dryRun || result == v1alpha1.ResultCodeSyncFailed {
 						sc.setResourceResult(t, result, operationPhases[result], message)
 					}
 				}(task)

controller/sync_hooks.go

@@ -3,33 +3,118 @@ package controller
 import (
 	"fmt"
 
+	"github.com/argoproj/argo-cd/util/health"
+
+	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/kubernetes/pkg/apis/batch"
 
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/util/health"
 )
 
 // getOperationPhase returns a hook status from an _live_ unstructured object
-func (sc *syncContext) getOperationPhase(hook *unstructured.Unstructured) (v1alpha1.OperationPhase, string, error) {
-	phase := v1alpha1.OperationSucceeded
-	message := fmt.Sprintf("%s created", hook.GetName())
-
-	resHealth, err := health.GetResourceHealth(hook, sc.resourceOverrides)
-	if err != nil {
-		return "", "", err
+func getOperationPhase(hook *unstructured.Unstructured) (operation v1alpha1.OperationPhase, message string) {
+	gvk := hook.GroupVersionKind()
+	if isBatchJob(gvk) {
+		return getStatusFromBatchJob(hook)
+	} else if isArgoWorkflow(gvk) {
+		return health.GetStatusFromArgoWorkflow(hook)
+	} else if isPod(gvk) {
+		return getStatusFromPod(hook)
+	} else {
+		return v1alpha1.OperationSucceeded, fmt.Sprintf("%s created", hook.GetName())
 	}
-	if resHealth != nil {
-		switch resHealth.Status {
-		case v1alpha1.HealthStatusUnknown, v1alpha1.HealthStatusDegraded:
-			phase = v1alpha1.OperationFailed
-			message = resHealth.Message
-		case v1alpha1.HealthStatusProgressing, v1alpha1.HealthStatusSuspended:
-			phase = v1alpha1.OperationRunning
-			message = resHealth.Message
-		case v1alpha1.HealthStatusHealthy:
-			phase = v1alpha1.OperationSucceeded
-			message = resHealth.Message
+}
+
+// isRunnable returns if the resource object is a runnable type which needs to be terminated
+func isRunnable(gvk schema.GroupVersionKind) bool {
+	return isBatchJob(gvk) || isArgoWorkflow(gvk) || isPod(gvk)
+}
+
+func isBatchJob(gvk schema.GroupVersionKind) bool {
+	return gvk.Group == "batch" && gvk.Kind == "Job"
+}
+
+// TODO this is a copy-and-paste of health.getJobHealth(), refactor out?
+func getStatusFromBatchJob(hook *unstructured.Unstructured) (operation v1alpha1.OperationPhase, message string) {
+	var job batch.Job
+	err := runtime.DefaultUnstructuredConverter.FromUnstructured(hook.Object, &job)
+	if err != nil {
+		return v1alpha1.OperationError, err.Error()
+	}
+	failed := false
+	var failMsg string
+	complete := false
+	for _, condition := range job.Status.Conditions {
+		switch condition.Type {
+		case batch.JobFailed:
+			failed = true
+			complete = true
+			failMsg = condition.Message
+		case batch.JobComplete:
+			complete = true
+			message = condition.Message
 		}
 	}
-	return phase, message, nil
+	if !complete {
+		return v1alpha1.OperationRunning, message
+	} else if failed {
+		return v1alpha1.OperationFailed, failMsg
+	} else {
+		return v1alpha1.OperationSucceeded, message
+	}
+}
+
+func isArgoWorkflow(gvk schema.GroupVersionKind) bool {
+	return gvk.Group == "argoproj.io" && gvk.Kind == "Workflow"
+}
+
+func isPod(gvk schema.GroupVersionKind) bool {
+	return gvk.Group == "" && gvk.Kind == "Pod"
+}
+
+// TODO - this is very similar to health.getPodHealth() should we use that instead?
+func getStatusFromPod(hook *unstructured.Unstructured) (v1alpha1.OperationPhase, string) {
+	var pod apiv1.Pod
+	err := runtime.DefaultUnstructuredConverter.FromUnstructured(hook.Object, &pod)
+	if err != nil {
+		return v1alpha1.OperationError, err.Error()
+	}
+	getFailMessage := func(ctr *apiv1.ContainerStatus) string {
+		if ctr.State.Terminated != nil {
+			if ctr.State.Terminated.Message != "" {
+				return ctr.State.Terminated.Message
+			}
+			if ctr.State.Terminated.Reason == "OOMKilled" {
+				return ctr.State.Terminated.Reason
+			}
+			if ctr.State.Terminated.ExitCode != 0 {
+				return fmt.Sprintf("container %q failed with exit code %d", ctr.Name, ctr.State.Terminated.ExitCode)
+			}
+		}
+		return ""
+	}
+
+	switch pod.Status.Phase {
+	case apiv1.PodPending, apiv1.PodRunning:
+		return v1alpha1.OperationRunning, ""
+	case apiv1.PodSucceeded:
+		return v1alpha1.OperationSucceeded, ""
+	case apiv1.PodFailed:
+		if pod.Status.Message != "" {
+			// Pod has a nice error message. Use that.
+			return v1alpha1.OperationFailed, pod.Status.Message
+		}
+		for _, ctr := range append(pod.Status.InitContainerStatuses, pod.Status.ContainerStatuses...) {
+			if msg := getFailMessage(&ctr); msg != "" {
+				return v1alpha1.OperationFailed, msg
+			}
+		}
+		return v1alpha1.OperationFailed, ""
+	case apiv1.PodUnknown:
+		return v1alpha1.OperationError, ""
+	}
+	return v1alpha1.OperationRunning, ""
 }

controller/sync_test.go

@@ -44,7 +44,6 @@ func newTestSyncCtx(resources ...*v1.APIResourceList) *syncContext {
 		})
 	sc := syncContext{
 		config:    &rest.Config{},
-		rawConfig: &rest.Config{},
 		namespace: test.FakeArgoCDNamespace,
 		server:    test.FakeClusterURL,
 		syncRes: &v1alpha1.SyncOperationResult{
@@ -366,20 +365,6 @@ func TestSyncOptionValidate(t *testing.T) {
 	}
 }
 
-// make sure Validate means we don't validate
-func TestSyncValidate(t *testing.T) {
-	syncCtx := newTestSyncCtx()
-	pod := test.NewPod()
-	pod.SetNamespace(test.FakeArgoCDNamespace)
-	syncCtx.compareResult = &comparisonResult{managedResources: []managedResource{{Target: pod, Live: pod}}}
-	syncCtx.syncOp.SyncOptions = SyncOptions{"Validate=false"}
-
-	syncCtx.sync()
-
-	kubectl := syncCtx.kubectl.(*kubetest.MockKubectlCmd)
-	assert.False(t, kubectl.LastValidate)
-}
-
 func TestSelectiveSyncOnly(t *testing.T) {
 	syncCtx := newTestSyncCtx()
 	pod1 := test.NewPod()
@@ -399,40 +384,20 @@ func TestSelectiveSyncOnly(t *testing.T) {
 }
 
 func TestUnnamedHooksGetUniqueNames(t *testing.T) {
-	t.Run("Truncated revision", func(t *testing.T) {
-		syncCtx := newTestSyncCtx()
-		syncCtx.syncOp.SyncStrategy.Apply = nil
-		pod := test.NewPod()
-		pod.SetName("")
-		pod.SetAnnotations(map[string]string{common.AnnotationKeyHook: "PreSync,PostSync"})
-		syncCtx.compareResult = &comparisonResult{hooks: []*unstructured.Unstructured{pod}}
+	syncCtx := newTestSyncCtx()
+	syncCtx.syncOp.SyncStrategy.Apply = nil
+	pod := test.NewPod()
+	pod.SetName("")
+	pod.SetAnnotations(map[string]string{common.AnnotationKeyHook: "PreSync,PostSync"})
+	syncCtx.compareResult = &comparisonResult{hooks: []*unstructured.Unstructured{pod}}
 
-		tasks, successful := syncCtx.getSyncTasks()
-
-		assert.True(t, successful)
-		assert.Len(t, tasks, 2)
-		assert.Contains(t, tasks[0].name(), "foobarb-presync-")
-		assert.Contains(t, tasks[1].name(), "foobarb-postsync-")
-		assert.Equal(t, "", pod.GetName())
-	})
-
-	t.Run("Short revision", func(t *testing.T) {
-		syncCtx := newTestSyncCtx()
-		syncCtx.syncOp.SyncStrategy.Apply = nil
-		pod := test.NewPod()
-		pod.SetName("")
-		pod.SetAnnotations(map[string]string{common.AnnotationKeyHook: "PreSync,PostSync"})
-		syncCtx.compareResult = &comparisonResult{hooks: []*unstructured.Unstructured{pod}}
-		syncCtx.syncRes.Revision = "foobar"
-		tasks, successful := syncCtx.getSyncTasks()
-
-		assert.True(t, successful)
-		assert.Len(t, tasks, 2)
-		assert.Contains(t, tasks[0].name(), "foobar-presync-")
-		assert.Contains(t, tasks[1].name(), "foobar-postsync-")
-		assert.Equal(t, "", pod.GetName())
-	})
+	tasks, successful := syncCtx.getSyncTasks()
 
+	assert.True(t, successful)
+	assert.Len(t, tasks, 2)
+	assert.Contains(t, tasks[0].name(), "foobarb-presync-")
+	assert.Contains(t, tasks[1].name(), "foobarb-postsync-")
+	assert.Equal(t, "", pod.GetName())
 }
 
 func TestManagedResourceAreNotNamed(t *testing.T) {
@@ -478,101 +443,6 @@ func TestObjectsGetANamespace(t *testing.T) {
 	assert.Equal(t, "", pod.GetNamespace())
 }
 
-func TestSyncCustomResources(t *testing.T) {
-	type fields struct {
-		skipDryRunAnnotationPresent bool
-		crdAlreadyPresent           bool
-		crdInSameSync               bool
-	}
-
-	tests := []struct {
-		name        string
-		fields      fields
-		wantDryRun  bool
-		wantSuccess bool
-	}{
-
-		{"unknown crd", fields{
-			skipDryRunAnnotationPresent: false, crdAlreadyPresent: false, crdInSameSync: false,
-		}, true, false},
-		{"crd present in same sync", fields{
-			skipDryRunAnnotationPresent: false, crdAlreadyPresent: false, crdInSameSync: true,
-		}, false, true},
-		{"crd is already present in cluster", fields{
-			skipDryRunAnnotationPresent: false, crdAlreadyPresent: true, crdInSameSync: false,
-		}, true, true},
-		{"crd is already present in cluster, skip dry run annotated", fields{
-			skipDryRunAnnotationPresent: true, crdAlreadyPresent: true, crdInSameSync: false,
-		}, true, true},
-		{"unknown crd, skip dry run annotated", fields{
-			skipDryRunAnnotationPresent: true, crdAlreadyPresent: false, crdInSameSync: false,
-		}, false, true},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-
-			knownCustomResourceTypes := []v1.APIResource{}
-			if tt.fields.crdAlreadyPresent {
-				knownCustomResourceTypes = append(knownCustomResourceTypes, v1.APIResource{Kind: "TestCrd", Group: "argoproj.io", Version: "v1", Namespaced: true})
-			}
-
-			syncCtx := newTestSyncCtx(
-				&v1.APIResourceList{
-					GroupVersion: "argoproj.io/v1",
-					APIResources: knownCustomResourceTypes,
-				},
-				&v1.APIResourceList{
-					GroupVersion: "apiextensions.k8s.io/v1beta1",
-					APIResources: []v1.APIResource{
-						{Kind: "CustomResourceDefinition", Group: "apiextensions.k8s.io", Version: "v1beta1", Namespaced: true},
-					},
-				},
-			)
-
-			cr := test.Unstructured(`
-{
-  "apiVersion": "argoproj.io/v1",
-  "kind": "TestCrd",
-  "metadata": {
-    "name": "my-resource"
-  }
-}
-`)
-
-			if tt.fields.skipDryRunAnnotationPresent {
-				cr.SetAnnotations(map[string]string{common.AnnotationSyncOptions: "SkipDryRunOnMissingResource=true"})
-			}
-
-			resources := []managedResource{{Target: cr}}
-			if tt.fields.crdInSameSync {
-				resources = append(resources, managedResource{Target: test.NewCRD()})
-			}
-
-			syncCtx.compareResult = &comparisonResult{managedResources: resources}
-
-			tasks, successful := syncCtx.getSyncTasks()
-
-			if successful != tt.wantSuccess {
-				t.Errorf("successful = %v, want: %v", successful, tt.wantSuccess)
-				return
-			}
-
-			skipDryRun := false
-			for _, task := range tasks {
-				if task.targetObj.GetKind() == cr.GetKind() {
-					skipDryRun = task.skipDryRun
-					break
-				}
-			}
-
-			if tt.wantDryRun != !skipDryRun {
-				t.Errorf("dryRun = %v, want: %v", !skipDryRun, tt.wantDryRun)
-			}
-		})
-	}
-
-}
-
 func TestPersistRevisionHistory(t *testing.T) {
 	app := newFakeApp()
 	app.Status.OperationState = nil

docs/CONTRIBUTING.md

@@ -1 +1,166 @@
-Please refer to [the Contribution Guide](https://argoproj.github.io/argo-cd/developer-guide/contributing/)
+# Contributing
+## Before You Start
+
+You must install and run the ArgoCD using a local Kubernetes (e.g. Docker for Desktop or Minikube) first. This will help you understand the application, but also get your local environment set-up.
+
+Then, to get a good grounding in Go, try out [the tutorial](https://tour.golang.org/).
+
+## Pre-requisites
+
+Install:
+
+* [docker](https://docs.docker.com/install/#supported-platforms)
+* [git](https://git-scm.com/) and [git-lfs](https://git-lfs.github.com/)
+* [golang](https://golang.org/)
+* [dep](https://github.com/golang/dep)
+* [ksonnet](https://github.com/ksonnet/ksonnet#install)
+* [helm](https://github.com/helm/helm/releases)
+* [kustomize](https://github.com/kubernetes-sigs/kustomize/releases)
+* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+* [kubectx](https://kubectx.dev)
+* [minikube](https://kubernetes.io/docs/setup/minikube/) or Docker for Desktop
+
+Brew users can quickly install the lot:
+    
+```bash
+brew install go git-lfs kubectl kubectx dep ksonnet/tap/ks kubernetes-helm kustomize kustomize
+```
+
+Check the versions:
+
+```
+go version ;# must be v1.12.x
+helm version ;# must be v2.13.x
+kustomize version ;# must be v3.10.x
+```
+
+Set up environment variables (e.g. is `~/.bashrc`):
+
+```bash
+export GOPATH=~/go
+export PATH=$PATH:$GOPATH/bin
+```
+
+Checkout the code:
+
+```bash
+go get -u github.com/argoproj/argo-cd
+cd ~/go/src/github.com/argoproj/argo-cd
+```
+
+## Building
+
+Ensure dependencies are up to date first:
+
+```shell
+dep ensure
+make dev-builder-image
+make install-lint-tools
+go get github.com/mattn/goreman
+go get github.com/jstemmer/go-junit-report
+```
+
+Common make targets:
+
+* `make codegen` - Run code generation
+* `make lint` - Lint code
+* `make test` - Run unit tests
+* `make cli` - Make the `argocd` CLI tool
+
+Check out the following [documentation](https://github.com/argoproj/argo-cd/blob/master/docs/developer-guide/test-e2e.md) for instructions on running the e2e tests.
+
+## Running Locally
+
+It is much easier to run and debug if you run ArgoCD on your local machine than in the Kubernetes cluster.
+
+You should scale the deployments to zero:
+
+```bash
+kubectl -n argocd scale deployment/argocd-application-controller --replicas 0
+kubectl -n argocd scale deployment/argocd-dex-server --replicas 0
+kubectl -n argocd scale deployment/argocd-repo-server --replicas 0
+kubectl -n argocd scale deployment/argocd-server --replicas 0
+kubectl -n argocd scale deployment/argocd-redis --replicas 0
+```
+
+Download Yarn dependencies and Compile:
+
+```bash
+~/go/src/github.com/argoproj/argo-cd/ui 
+yarn install
+yarn build
+```
+
+Then start the services:
+
+```bash
+cd ~/go/src/github.com/argoproj/argo-cd
+make start
+```
+
+You can now execute `argocd` command against your locally running ArgoCD by appending `--server localhost:8080 --plaintext --insecure`, e.g.:
+
+```bash
+argocd app create guestbook --path guestbook --repo https://github.com/argoproj/argocd-example-apps.git --dest-server https://kubernetes.default.svc  --dest-namespace default --server localhost:8080 --plaintext --insecure
+```
+
+You can open the UI: http://localhost:4000
+
+As an alternative to using the above command line parameters each time you call `argocd` CLI, you can set the following environment variables:
+
+```bash
+export ARGOCD_SERVER=127.0.0.1:8080
+export ARGOCD_OPTS="--plaintext --insecure"
+```
+
+## Running Local Containers
+
+You may need to run containers locally, so here's how:
+
+Create login to Docker Hub, then login.
+
+```bash
+docker login
+```
+
+Add your username as the environment variable, e.g. to your `~/.bash_profile`:
+
+```bash
+export IMAGE_NAMESPACE=alexcollinsintuit
+```
+
+If you don't want to use `latest` as the image's tag (the default), you can set it from the environment too:
+
+```bash
+export IMAGE_TAG=yourtag
+```
+
+Build the image:
+
+```bash
+DOCKER_PUSH=true make image
+```
+
+Update the manifests (be sure to do that from a shell that has above environment variables set)
+
+```bash
+make manifests
+```
+
+Install the manifests:
+
+```bash
+kubectl -n argocd apply --force -f manifests/install.yaml
+```
+
+Scale your deployments up:
+
+```bash
+kubectl -n argocd scale deployment/argocd-application-controller --replicas 1
+kubectl -n argocd scale deployment/argocd-dex-server --replicas 1
+kubectl -n argocd scale deployment/argocd-repo-server --replicas 1
+kubectl -n argocd scale deployment/argocd-server --replicas 1
+kubectl -n argocd scale deployment/argocd-redis --replicas 1
+```
+
+Now you can set-up the port-forwarding and open the UI or CLI.

docs/bug_triage.md

@@ -1,175 +0,0 @@
-# Bug triage proposal for ArgoCD
-
-## Situation
-
-Lots of issues on our issue tracker. Many of them not bugs, but questions,
-or very environment related. It's easy to lose oversight.
-
-Also, it's not obvous which bugs are important. Which bugs should be fixed
-first? Can we make a new release with the current inventory of open bugs?
-Is there still a bug that should make it to the new release?
-
-## Proposal
-
-We should agree upon a common issue triage process. The process must be lean
-and efficient, and should support us and the community looking into the GH
-issue tracker at making the following decisions:
-
-* Is it even a real bug?
-* If it is a real bug, what is the current status of the bug (next to "open" or "closed")?
-* How important is it to fix the bug?
-* How urgent is it to fix the bug?
-* Who will be working to fix the bug?
-
-We need new methods to classify our bugs, at least into these categories:
-
-* validity: Does the issue indeed represent a true bug
-* severity: Denominates what impact the bug has
-* priority: Denominates the urgency of the fix
-
-## Triage process
-
-GH issue tracker provides us with the possibility to label issues. Using these
-labels is not perfect, but should give a good start. Each new issue created in
-our issue tracker should be correctly labeled during its lifecycle, so keeping
-an overview would be simplified by the ability to filter for labels.
-
-The triage process could be as follows:
-
-1. A new bug issue is created by someone on the tracker
-
-1. The first person of the core team to see it will start the triage by classifying
-   the issue (see below). This will indicate the creator that we have noticed the
-   issue, and that it's not "fire & forget" tracker.
-
-1. Initial classification should be possible even when much of the information is
-   missing yet. In this case, the issue would be classified as such (see below).
-   Again, this indicates that someone has noticed the issue, and there is activity
-   in progress to get the required information.
-
-1. Classification of the issue can change over its life-cycle. However, once the
-   issue has been initially classified correctly (that is, with something else than
-   the "placeholder" classification discussed above), changes to the classification
-   should be discussed first with the person who initially classified the issue.
-
-## Classification
-
-We have introduced some new labels in the GH issue tracker for classifying the
-bug issues. These labels are prefixed with the string `bug/`, and should be
-applied to all new issues in our tracker.
-
-### Classification requires more information
-
-If it is not yet possible to classify the bug, i.e. because more information is
-required to correctly classify the bug, you should always set the label
-`bug/in-triage` to make it clear that triage process has started but could not
-yet be completed.
-
-### Issue type
-
-If it's clear that a bug issue is not a bug, but a question or reach for support,
-it should be marked as such:
-
-* Remove any of the labels prefixed `bug/` that might be attached to the issue
-* Remove the label `bug` from the issue
-* Add the label `inquiry` to the issue
-
-If the inquiry turns out to be something that should be covered by the docs, but
-is not, the following actions should be taken:
-
-* The title of the issue should be adapted that it will be clear that the bug
-  affects the docs, not the code
-* The label `documentation` should be attached to the issue
-
-If the issue is too confusing (can happen), another possibility is to close the
-issue and create a new one as described in above (with a meaningful title and
-the label `documentation` attached to it).
-
-### Validity
-
-Some reported bugs may be invalid. It could be a user error, a misconfiguration
-or something along these lines. If it is clear that the bug falls into one of
-these categories:
-
-* Remove any of the labels prefixed `bug/` that might be attached to the issue
-* Add the label `invalid` to the issue
-* Retain the `bug` label to the issue
-* Close the issue
-
-When closing the issue, it is important to let requester know why the issue
-has been closed. The optimum would be to provide a solution to his request
-in the comments of the issue, or at least pointers to possible solutions.
-
-### Regressions
-
-Sometimes it happens that something that worked in a previous release does
-not work now when it should still work. If this is the case, the following
-actions should be done
-
-* Add the label `regression` to the issue
-* Continue with triage
-
-### Severity
-
-It is important to find out how severe the impact of a bug is, and to label
-the bug with this information. For this purpose, the following labels exist
-in our tracker:
-
-* `bug/severity:minor`: Bug has limited impact and maybe affects only an
-  edge-case. Core functionality is not affected, and there is no data loss
-  involved. Something might not work as expected. Example of these kind of
-  bugs could be a CLI command that is not working as expected, a glitch in
-  the UI, wrong documentation, etc.
-
-* `bug/severity:major`: Malfunction in one of the core components, impacting
-  a majority of users or one of the core functionalities in ArgoCD. There is
-  no data loss involved, but for example a sync is not working due to a bug
-  in ArgoCD (and not due to user error), manifests fail to render, etc.
-
-* `bug/severity:critical`: A critical bug in ArgoCD, possibly resulting in
-  data loss, integrity breach or severe degraded overall functionality.
-
-### Priority
-
-The priority of an issue indicates how quickly the issue should be fixed and
-released. This information should help us in deciding the target release for
-the fix, and whether a bug would even justify a dedicated patch release. The
-following labels can be used to classify bugs into their priority:
-
-* `bug/priority:low`: Will be fixed without any specific target release.
-
-* `bug/priority:medium`: Should be fixed in the minor or major release, which
-  ever comes first.
-
-* `bug/priority:high`: Should be fixed with the next patch release.
-
-* `bug/priority:urgent`: Should be fixed immediately and might even justify a
-  dedicated patch release.
-
-The priority should be set according to the value of the fix and the attached
-severity. This means. a bug with a severity of `minor` could still be classified
-with priority `high`, when it is a *low hanging fruit* (i.e. the bug is easy to
-fix with low effort) and contributes to overall user experience of ArgoCD.
-
-Likewise, a bug classified with a severity of `major` could still have a
-priority of `medium`, if there is a workaround available for the bug which
-mitigates the effects of the bug to a bearable extend.
-
-Bugs classified with a severity of `critical` most likely belong to either
-the `urgent` priority, or to the `high` category when there is a workaround
-available.
-
-Bugs that have a `regression`label attached (see Regression above) should
-usually be handled with higher priority, so those kind of issues will most
-likely have a priority of `high` or `urgent` attached to it.
-
-## Summary
-
-Applying a little discipline when working with our issue tracker could greatly
-help us in making informed decision about which bugs to fix when. Also, it
-would help us to get a clear view whether we can do for example a new minor
-release without having forgot any outstanding issues that should make it into
-that release.
-
-If we are able to work with classification of bug issues, we might want to
-extend the triage for enhancement proposals and PRs as well.

docs/cli_installation.md

@@ -1,56 +0,0 @@
-# Installation
-
-You can download the latest Argo CD version from [the latest release page of this repository](https://github.com/argoproj/argo-cd/releases/latest), which will include the `argocd` CLI.
-
-## Linux
-
-You can view the latest version of Argo CD at the link above or run the following command to grab the version:
-
-```bash
-VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
-```
-
-Replace `VERSION` in the command below with the version of Argo CD you would like to download:
-
-```bash
-curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
-```
-
-Make the `argocd` CLI executable:
-
-```bash
-chmod +x /usr/local/bin/argocd
-```
-
-You should now be able to run `argocd` commands.
-
-## Mac
-
-### Homebrew
-
-```bash
-brew tap argoproj/tap
-brew install argoproj/tap/argocd
-```
-
-### Download With Curl
-
-You can view the latest version of Argo CD at the link above or run the following command to grab the version:
-
-```bash
-VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
-```
-
-Replace `VERSION` in the command below with the version of Argo CD you would like to download:
-
-```bash
-curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-darwin-amd64
-```
-
-Make the `argocd` CLI executable:
-
-```bash
-chmod +x /usr/local/bin/argocd
-```
-
-After finishing either of the instructions above, you should now be able to run `argocd` commands.

docs/core_concepts.md

@@ -4,13 +4,13 @@ Let's assume you're familiar with core Git, Docker, Kubernetes, Continuous Deliv
 
 * **Application** A group of Kubernetes resources as defined by a manifest. This is a Custom Resource Definition (CRD).
 * **Application source type** Which **Tool** is used to build the application.
-* **Target state** The desired state of an application, as represented by files in a Git repository.
+* **Target state** The desired state of an application, as represented by files in a Git repository. 
 * **Live state** The live state of that application. What pods etc are deployed.
-* **Sync status** Whether or not the live state matches the target state. Is the deployed application the same as Git says it should be?
-* **Sync** The process of making an application move to its target state. E.g. by applying changes to a Kubernetes cluster.
+* **Sync status** Whether or not the live state matches the target state. Is the deployed application the same as Git says it should be? 
+* **Sync** The process of making an application move to its target state. E.g. by applying changes to a Kubernetes cluster. 
 * **Sync operation status** Whether or not a sync succeeded.
 * **Refresh** Compare the latest code in Git with the live state. Figure out what is different.
-* **Health** The health of the application, is it running correctly? Can it serve requests?
+* **Health** The health the application, is it running correctly? Can it serve requests? 
 * **Tool** A tool to create manifests from a directory of files. E.g. Kustomize or Ksonnet. See **Application Source Type**.
 * **Configuration management tool** See **Tool**.
 * **Configuration management plugin** A custom tool.

docs/developer-guide/api-docs.md

@@ -20,7 +20,7 @@ $ curl $ARGOCD_SERVER/api/v1/applications --cookie "argocd.token=$ARGOCD_TOKEN"
 {"metadata":{"selfLink":"/apis/argoproj.io/v1alpha1/namespaces/argocd/applications","resourceVersion":"37755"},"items":...}
 ```
 
-> v1.3
+> >v1.3
 
 Then pass using the HTTP `Authorization` header, prefixing with `Bearer `:
 
@@ -28,4 +28,5 @@ Then pass using the HTTP `Authorization` header, prefixing with `Bearer `:
 $ curl $ARGOCD_SERVER/api/v1/applications -H "Authorization: Bearer $ARGOCD_TOKEN" 
 {"metadata":{"selfLink":"/apis/argoproj.io/v1alpha1/namespaces/argocd/applications","resourceVersion":"37755"},"items":...}
 ```
- 
+ 
+ You sh

docs/developer-guide/ci.md

@@ -1,9 +1,5 @@
 # CI
 
-!!!warning
-    This documentation is out-of-date. Please bear with us while we work to
-    update the documentation to reflect reality!
-
 ## Troubleshooting Builds
 
 ### "Check nothing has changed" step fails
@@ -42,12 +38,4 @@ make builder-image IMAGE_NAMESPACE=argoproj IMAGE_TAG=v1.0.0
 
 ## Public CD
 
-Every commit to master is built and published to `docker.pkg.github.com/argoproj/argo-cd/argocd:<version>-<short-sha>`. The list of images is available at
-https://github.com/argoproj/argo-cd/packages.
-
-!!! note
-    Github docker registry [requires](https://github.community/t5/GitHub-Actions/docker-pull-from-public-GitHub-Package-Registry-fail-with-quot/m-p/32888#M1294) authentication to read
-    even publicly available packages. Follow the steps from Kubernetes [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry)
-    to configure image pull secret if you want to use `docker.pkg.github.com/argoproj/argo-cd/argocd` image.
-
-The image is automatically deployed to the dev Argo CD instance: [https://cd.apps.argoproj.io/](https://cd.apps.argoproj.io/)
+[https://cd.apps.argoproj.io/](https://cd.apps.argoproj.io/)

docs/developer-guide/contributing.md

@@ -1,258 +0,0 @@
-# Contribution guide
-
-## Preface
-
-We want to make contributing to ArgoCD as simple and smooth as possible.
-
-This guide shall help you in setting up your build & test environment, so that you can start developing and testing bug fixes and feature enhancements without having to make too much effort in setting up a local toolchain.
-
-If you want to to submit a PR, please read this document carefully, as it contains important information guiding you through our PR quality gates.
-
-As is the case with the development process, this document is under constant change. If you notice any error, or if you think this document is out-of-date, or if you think it is missing something: Feel free to submit a PR or submit a bug to our GitHub issue tracker.
-
-If you need guidance with submitting a PR, or have any other questions regarding development of ArgoCD, do not hestitate to [join our Slack](https://argoproj.github.io/community/join-slack) and get in touch with us in the `#argo-dev` channel!
-
-## Before you start
-
-You will need at least the following things in your toolchain in order to develop and test ArgoCD locally:
-
-* A Kubernetes cluster. You won't need a fully blown multi-master, multi-node cluster, but you will need something like K3S, Minikube or microk8s. You will also need a working Kubernetes client (`kubectl`) configuration in your development environment. The configuration must reside in `~/.kube/config` and the API server URL must point to the IP address of your local machine (or VM), and **not** to `localhost` or `127.0.0.1` if you are using the virtualized development toolchain (see below)
-
-* You will also need a working Docker runtime environment, to be able to build and run images.
-The Docker version must be fairly recent, and support multi-stage builds. You should not work as root. Make your local user a member of the `docker` group to be able to control the Docker service on your machine.
-
-* Obviously, you will need a `git` client for pulling source code and pushing back your changes.
-
-* Last but not least, you will need a Go SDK and related tools (such as GNU `make`) installed and working on your development environment.
-
-* We will assume that your Go workspace is at `~/go`
-
-!!! note
-    **Attention minikube users**: By default, minikube will create Kubernetes client configuration that uses authentication data from files. This is incompatible with the virtualized toolchain. So if you intend to use the virtualized toolchain, you have to embed this authentication data into the client configuration. To do so, issue `minikube config set embed-certs true` and restart your minikube. Please also note that minikube using the Docker driver is currently not supported with the virtualized toolchain, because the Docker driver exposes the API server on 127.0.0.1 hard-coded. If in doubt, run `make verify-kube-connect` to find out.
-
-## Submitting PRs
-
-When you submit a PR against ArgoCD's GitHub repository, a couple of CI checks will be run automatically to ensure your changes will build fine and meet certain quality standards. Your contribution needs to pass those checks in order to be merged into the repository.
-
-In general, it might be benefical to only submit a PR for an existing issue. Especially for larger changes, an Enhancement Proposal should exist before.
-
-!!!note
-
-    Please make sure that you always create PRs from a branch that is up-to-date with the latest changes from ArgoCD's master branch. Depending on how long it takes for the maintainers to review and merge your PR, it might be necessary to pull in latest changes into your branch again.
-
-Please understand that we, as an Open Source project, have limited capacities for reviewing and merging PRs to ArgoCD. We will do our best to review your PR and give you feedback as soon as possible, but please bear with us if it takes a little longer as expected.
-
-The following read will help you to submit a PR that meets the standards of our CI tests:
-
-### Title of the PR
-
-Please use a meaningful and consise title for your PR. This will help us to pick PRs for review quickly, and the PR title will also end up in the Changelog.
-
-We use the [Semantic PR title checker](https://github.com/zeke/semantic-pull-requests) to categorize your PR into one of the following categories:
-
-* `fix` - Your PR contains one or more code bug fixes
-* `feat` - Your PR contains a new feature
-* `docs` - Your PR improves the documentation
-* `chore` - Your PR improves any internals of ArgoCD, such as the build process, unit tests, etc
-
-Please prefix the title of your PR with one of the valid categories. For example, if you chose the title your PR `Add documentation for GitHub SSO integration`, please use `docs: Add documentation for GitHub SSO integration` instead.
-
-### Contributor License Agreement
-
-Every contributor to ArgoCD must have signed the current Contributor License Agreement (CLA). You only have to sign the CLA when you are a first time contributor, or when the agreement has changed since your last time signing it. The main purpose of the CLA is to ensure that you hold the required rights for your contribution. The CLA signing is an automated process.
-
-You can read the current version of the CLA [here](https://cla-assistant.io/argoproj/argo-cd).
-
-### PR template checklist
-
-Upon opening a PR, the details will contain a checklist from a template. Please read the checklist, and tick those marks that apply to you.
-
-### Automated builds & tests
-
-After you have submitted your PR, and whenever you push new commits to that branch, GitHub will run a number of Continuous Integration checks against your code. It will execute the following actions, and each of them has to pass:
-
-* Build the Go code (`make build`)
-* Generate API glue code and manifests (`make codegen`)
-* Run a Go linter on the code (`make lint`)
-* Run the unit tests (`make test`)
-* Run the End-to-End tests (`make test-e2e`)
-* Build and lint the UI code (`make ui`)
-* Build the `argocd` CLI (`make cli`)
-
-If any of these tests in the CI pipeline fail, it means that some of your contribution is considered faulty (or a test might be flaky, see below).
-
-### Code test coverage
-
-We use [CodeCov](https://codecov.io) in our CI pipeline to check for test coverage, and once you submit your PR, it will run and report on the coverage difference as a comment within your PR. If the difference is too high in the negative, i.e. your submission introduced a significant drop in code coverage, the CI check will fail.
-
-Whenever you develop a new feature or submit a bug fix, please also write appropriate unit tests for it. If you write a completely new module, please aim for at least 80% of coverage.
-If you want to see how much coverage just a specific module (i.e. your new one) has, you can set the `TEST_MODULE` to the (fully qualified) name of that module with `make test`, i.e.
-
-```bash
- make test TEST_MODULE=github.com/argoproj/argo-cd/server/cache
-...
-ok      github.com/argoproj/argo-cd/server/cache        0.029s  coverage: 89.3% of statements
-```
-
-## Local vs Virtualized toolchain
-
-ArgoCD provides a fully virtualized development and testing toolchain using Docker images. It is recommended to use those images, as they provide the same runtime environment as the final product and it is much easier to keep up-to-date with changes to the toolchain and dependencies. But as using Docker comes with a slight performance penalty, you might want to setup a local toolchain.
-
-Most relevant targets for the build & test cycles in the `Makefile` provide two variants, one of them suffixed with `-local`. For example, `make test` will run unit tests in the Docker container, `make test-local` will run it natively on your local system.
-
-If you are going to use the virtualized toolchain, please bear in mind the following things:
-
-* Your Kubernetes API server must listen on the interface of your local machine or VM, and not on `127.0.0.1` only.
-* Your Kubernetes client configuration (`~/.kube/config`) must not use an API URL that points to `localhost` or `127.0.0.1`.
-
-You can test whether the virtualized toolchain has access to your Kubernetes cluster by running `make verify-kube-connect` (*after* you have setup your development environment, as described below), which will run `kubectl version` inside the Docker container used for running all tests.
-
-The Docker container for the virtualized toolchain will use the following local mounts from your workstation, and possibly modify its contents:
-
-* `~/go/src` - Your Go workspace's source directory (modifications expected)
-* `~/.cache/go-build` - Your Go build cache (modifications expected)
-* `~/.kube` - Your Kubernetes client configuration (no modifications)
-* `/tmp` - Your system's temp directory (modifications expected)
-
-## Setting up your development environment
-
-The following steps are required no matter whether you chose to use a virtualized or a local toolchain.
-
-### Clone the ArgoCD repository from your personal fork on GitHub
-
-* `mkdir -p ~/go/src/github.com/argoproj`
-* `cd ~/go/src/github.com/argoproj`
-* `git clone https://github.com/yourghuser/argo-cd`
-* `cd argo-cd`
-
-### Optional: Setup an additional Git remote
-
-While everyone has their own Git workflow, the author of this document recommends to create a remote called `upstream` in your local copy pointing to the original ArgoCD repository. This way, you can easily keep your local branches up-to-date by merging in latest changes from the ArgoCD repository, i.e. by doing a `git pull upstream master` in your locally checked out branch. To create the remote, run `git remote add upstream https://github.com/argoproj/argo-cd`
-
-### Install the must-have requirements
-
-Make sure you fulfill the pre-requisites above and run some preliminary tests. Neither of them should report an error.
-
-* Run `kubectl version`
-* Run `docker version`
-* Run `go version`
-
-### Build (or pull) the required Docker image
-
-Build the required Docker image by running `make test-tools-image` or pull the latest version by issuing `docker pull argoproj/argocd-test-tools`.
-
-The `Dockerfile` used to build these images can be found at `test/container/Dockerfile`.
-
-### Test connection from build container to your K8s cluster
-
-Run `make verify-kube-connect`, it should execute without error.
-
-If you receive an error similar to the following:
-
-```
-The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
-make: *** [Makefile:386: verify-kube-connect] Error 1
-```
-
-you should edit your `~/.kube/config` and modify the `server` option to point to your correct K8s API (as described above).
-
-## The development cycle
-
-When you have developed and possibly manually tested the code you want to contribute, you should ensure that everything will build correctly. Commit your changes to the local copy of your Git branch and perform the following steps:
-
-### Pull in all build dependencies
-
-As build dependencies change over time, you have to synchronize your development environment with the current specification. In order to pull in all required depencies, issue:
-
-* `make dep`
-* `make dep-ensure`
-* `make dep-ui`
-
-### Generate API glue code and other assets
-
-ArgoCD relies on Google's [Protocol Buffers](https://developers.google.com/protocol-buffers) for its API, and this makes heavy use of auto-generated glue code and stubs. Whenever you touched parts of the API code, you must re-generate the auto generated code.
-
-* Run `make codegen`, this might take a while
-* Check if something has changed by running `git status` or `git diff`
-* Commit any possible changes to your local Git branch, an appropriate commit message would be `Changes from codegen`, for example.
-
-!!!note
-    There are a few non-obvious assets that are auto-generated. You should not change the autogenerated assets, as they will be overwritten by a subsequent run of `make codegen`. Instead, change their source files. Prominent examples of non-obvious auto-generated code are `swagger.json` or the installation manifest YAMLs.
-
-### Build your code and run unit tests
-
-After the code glue has been generated, your code should build and the unit tests should run without any errors. Execute the following statements:
-
-* `make build`
-* `make test`
-
-These steps are non-modifying, so there's no need to check for changes afterwards.
-
-### Lint your code base
-
-In order to keep a consistent code style in our source tree, your code must be well-formed in accordance to some widely accepted rules, which are applied by a Linter.
-
-The Linter might make some automatic changes to your code, such as indentation fixes. Some other errors reported by the Linter have to be fixed manually.
-
-* Run `make lint` and observe any errors reported by the Linter
-* Fix any of the errors reported and commit to your local branch
-* Finally, after the Linter reports no errors anymore, run `git status` or `git diff` to check for any changes made automatically by Lint
-* If there were automatic changes, commit them to your local branch
-
-If you touched UI code, you should also run the Yarn linter on it:
-
-* Run `make lint-ui`
-* Fix any of the errors reported by it
-
-## Setting up a local toolchain
-
-For development, you can either use the fully virtualized toolchain provided as Docker images, or you can set up the toolchain on your local development machine. Due to the dynamic nature of requirements, you might want to stay with the virtualized environment.
-
-### Install required dependencies and build-tools
-
-!!!note
-    The installations instructions are valid for Linux hosts only. Mac instructions will follow shortly.
-
-For installing the tools required to build and test ArgoCD on your local system, we provide convinient installer scripts. By default, they will install binaries to `/usr/local/bin` on your system, which might require `root` privileges.
-
-You can change the target location by setting the `BIN` environment before running the installer scripts. For example, you can install the binaries into `~/go/bin` (which should then be the first component in your `PATH` environment, i.e. `export PATH=~/go/bin:$PATH`):
-
-```shell
-make BIN=~/go/bin install-tools-local
-```
-
-Additionally, you have to install at least the following tools via your OS's package manager (this list might not be always up-to-date):
-
-* Git LFS plugin
-* GnuPG version 2
-
-### Install Go dependencies
-
-You need to pull in all required Go dependencies. To do so, run
-
-* `make dep-ensure-local`
-* `make dep-local`
-
-### Test your build toolchain
-
-The first thing you can do whether your build toolchain is setup correctly is by generating the glue code for the API and after that, run a normal build:
-
-* `make codegen-local`
-* `make build-local`
-
-This should return without any error.
-
-### Run unit-tests
-
-The next thing is to make sure that unit tests are running correctly on your system. These will require that all dependencies, such as Helm, Kustomize, Git, GnuPG, etc are correctly installed and fully functioning:
-
-* `make test-local`
-
-### Run end-to-end tests
-
-The final step is running the End-to-End testsuite, which makes sure that your Kubernetes dependencies are working properly. This will involve starting all of the ArgoCD components locally on your computer. The end-to-end tests consists of two parts: a server component, and a client component.
-
-* First, start the End-to-End server: `make start-e2e-local`. This will spawn a number of processes and services on your system.
-* When all components have started, run `make test-e2e-local` to run the end-to-end tests against your local services.
-
-For more information about End-to-End tests, refer to the [End-to-End test documentation](test-e2e.md).

docs/developer-guide/faq.md

@@ -1,65 +0,0 @@
-# Contribution FAQ
-
-## General
-
-### Can I discuss my contribution ideas somewhere?
-
-Sure thing! You can either open an Enhancement Proposal in our GitHub issue tracker or you can [join us on Slack](https://argoproj.github.io/community/join-slack) in channel #argo-dev to discuss your ideas and get guidance for submitting a PR.
-
-### Noone has looked at my PR yet. Why?
-
-As we have limited man power, it can sometimes take a while for someone to respond to your PR. Especially, when your PR contains complex or non-obvious changes. Please bear with us, we try to look at every PR that we receive.
-
-### Why has my PR been declined? I put much work in it!
-
-We appreciate that you have put your valuable time and know how into a contribution. Alas, some changes do not fit into the overall ArgoCD philosophy, and therefore can't be merged into the official ArgoCD source tree.
-
-To be on the safe side, make sure that you have created an Enhancement Proposal for your change before starting to work on your PR and have gathered enough feedback from the community and the maintainers.
-
-## Failing CI checks 
-
-### One of the CI checks failed. Why?
-
-You can click on the "Details" link next to the failed step to get more details about the failure. This will take you to CircleCI website.
-
-![CircleCI pipeline](ci-pipeline-failed.png)
-
-### Can I retrigger the checks without pushing a new commit?
-
-Since the CI pipeline is triggered on Git commits, there is currently no (known) way on how to retrigger the CI checks without pushing a new commit to your branch.
-
-If you are absolutely sure that the failure was due to a failure in the pipeline, and not an error within the changes you commited, you can push an empty commit to your branch, thus retriggering the pipeline without any code changes. To do so, issue
-
-```bash
-git commit --allow-empty -m "Retrigger CI pipeline"
-git push origin <yourbranch>
-```
-
-### Why does the build step fail?
-
-Chances are that it fails for two of the following reasons in the CI while running fine on your machine:
-
-* Sometimes, CircleCI kills the build step due to excessive memory usage. This happens rarely, but it has happened in the past. If you see a message like "killed" in the log output of CircleCI, you should retrigger the pipeline as described above. If the issue persists, please let us know.
-
-* If the build is failing at the `Ensuring Gopkg.lock is up-to-date` step, you need to update the dependencies before you push your commits. Run `make dep-ensure` and `make dep` and commit the changes to `Gopkg.lock` to your branch.
-
-### Why does the codegen step fail?
-
-If the codegen step fails with "Check nothing has changed...", chances are high that you did not run `make codegen`, or did not commit the changes it made. You should double check by running `make codegen` followed by `git status` in the local working copy of your branch. Commit any changes and push them to your GH branch to have the CI check it again.
-
-A second common case for this is, when you modified any of the auto generated assets, as these will be overwritten upon `make codegen`.
-
-Generally, this step runs `codegen` and compares the outcome against the Git branch it has checked out. If there are differences, the step will fail.
-
-### Why does the lint step fail?
-
-The lint step is most likely to fail for two reasons:
-
-* The `golangci-lint` process was OOM killed by CircleCI. This happens sometimes, and is annoying. This is indicated by a `Killed.` message in the CircleCI output.
-  If this is the case, please re-trigger the CI process as described above and see if it runs through.
-
-* Your code failed to lint correctly, or modifications were performed by the `golangci-lint` process. You should run `make lint` on your local branch and fix all the issues.
-
-### Why does the test or e2e steps fail?
-
-You should check for the cause of the failure on the CircleCI web site, as described above. This will give you the name of the test that has failed, and details about why. If your test are passing locally (using the virtualized toolchain), chances are that the test might be flaky and will pass the next time it is run. Please retrigger the CI pipeline as described above and see if the test step now passes.