Bump version to 2.1.1

* fix: password reset meet requirement

Signed-off-by: May Zhang <may_zhang@intuit.com>

Dockerfile

@@ -62,6 +62,8 @@ COPY --from=builder /usr/local/bin/helm2 /usr/local/bin/helm2
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+# keep uid_entrypoint.sh for backward compatibility
+RUN ln -s /usr/local/bin/entrypoint.sh /usr/local/bin/uid_entrypoint.sh
 
 # support for mounting configuration from a configmap
 RUN mkdir -p /app/config/ssh && \

VERSION

@@ -1 +1 @@
-2.1.0
+2.1.1

assets/swagger.json

@@ -3605,6 +3605,9 @@
         "oidcConfig": {
           "$ref": "#/definitions/clusterOIDCConfig"
         },
+        "passwordPattern": {
+          "type": "string"
+        },
         "plugins": {
           "type": "array",
           "items": {

cmd/argocd-server/commands/argocd_server.go

@@ -63,6 +63,7 @@ func NewCommand() *cobra.Command {
 		frameOptions             string
 		repoServerPlaintext      bool
 		repoServerStrictTLS      bool
+		staticAssetsDir          string
 	)
 	var command = &cobra.Command{
 		Use:               cliName,
@@ -139,6 +140,7 @@ func NewCommand() *cobra.Command {
 				Cache:               cache,
 				XFrameOptions:       frameOptions,
 				RedisClient:         redisClient,
+				StaticAssetsDir:     staticAssetsDir,
 			}
 
 			stats.RegisterStackDumper()
@@ -157,9 +159,7 @@ func NewCommand() *cobra.Command {
 
 	clientConfig = cli.AddKubectlFlagsToCmd(command)
 	command.Flags().BoolVar(&insecure, "insecure", env.ParseBoolFromEnv("ARGOCD_SERVER_INSECURE", false), "Run server without TLS")
-	var staticAssetsDir string
-	command.Flags().StringVar(&staticAssetsDir, "staticassets", "", "Static assets directory path")
-	_ = command.Flags().MarkDeprecated("staticassets", "The --staticassets flag is not longer supported. Static assets are embedded into binary.")
+	command.Flags().StringVar(&staticAssetsDir, "staticassets", env.StringFromEnv("ARGOCD_SERVER_STATIC_ASSETS", "/shared/app"), "Directory path that contains additional static assets")
 	command.Flags().StringVar(&baseHRef, "basehref", env.StringFromEnv("ARGOCD_SERVER_BASEHREF", "/"), "Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /")
 	command.Flags().StringVar(&rootPath, "rootpath", env.StringFromEnv("ARGOCD_SERVER_ROOTPATH", ""), "Used if Argo CD is running behind reverse proxy under subpath different from /")
 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")

common/common.go

@@ -70,6 +70,9 @@ const (
 	ChangePasswordSSOTokenMaxAge = time.Minute * 5
 	// GithubAppCredsExpirationDuration is the default time used to cache the GitHub app credentials
 	GithubAppCredsExpirationDuration = time.Minute * 60
+
+	// PasswordPatten is the default password patten
+	PasswordPatten = `^.{8,32}$`
 )
 
 // Dex related constants

docs/operator-manual/argocd-cm.yaml

@@ -18,6 +18,9 @@ data:
   # Specifies token expiration duration
   users.session.duration: "24h"
 
+  # Specifies regex expression for password
+  passwordPattern: "^.{8,32}$"
+
   # Enables google analytics tracking is specified
   ga.trackingid: "UA-12345-1"
   # Unless set to 'false' then user ids are hashed before sending to google analytics

docs/operator-manual/argocd-cmd-params-cm.yaml

@@ -48,6 +48,8 @@ data:
   server.basehref: "/"
   # Used if Argo CD is running behind reverse proxy under subpath different from /
   server.rootpath: "/"
+  # Directory path that contains additional static assets
+  server.staticassets: "/shared/app"
 
   # Set the logging format. One of: text|json (default "text")
   server.log.format: "text"

docs/operator-manual/custom-styles.md

@@ -88,9 +88,10 @@ spec:
         name: styles
 ```
 
-Note that the CSS file should be mounted within a subdirectory of the existing "/shared/app" directory
+Note that the CSS file should be mounted within a subdirectory of the "/shared/app" directory
 (e.g. "/shared/app/custom").  Otherwise, the file will likely fail to be imported by the browser with an
-"incorrect MIME type" error.
+"incorrect MIME type" error. The subdirectory can be changed using `server.staticassets` key of the
+[argocd-cmd-params-cm.yaml](./argocd-cmd-params-cm.yaml) ConfigMap.
 
 ## Developing Style Overlays
 The styles specified in the injected CSS file should be specific to components and classes defined in [argo-ui](https://github.com/argoproj/argo-ui).

docs/operator-manual/server-commands/argocd-server.md

@@ -56,6 +56,7 @@ argocd-server [flags]
       --sentinel stringArray                          Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
       --sentinelmaster string                         Redis sentinel master group name. (default "master")
       --server string                                 The address and port of the Kubernetes API server
+      --staticassets string                           Directory path that contains additional static assets (default "/shared/app")
       --tls-server-name string                        If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
       --tlsciphers string                             The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
       --tlsmaxversion string                          The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")

manifests/base/kustomization.yaml

@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: v2.1.0
+  newTag: v2.1.1
 resources:
 - ./application-controller
 - ./dex

manifests/base/server/argocd-server-deployment.yaml

@@ -136,6 +136,12 @@ spec:
                 name: argocd-cmd-params-cm
                 key: server.login.attempts.expiration
                 optional: true
+        - name: ARGOCD_SERVER_STATIC_ASSETS
+          valueFrom:
+            configMapKeyRef:
+              name: argocd-cmd-params-cm
+              key: server.staticassets
+              optional: true
         - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
           valueFrom:
               configMapKeyRef:

manifests/ha/base/kustomization.yaml

@@ -11,7 +11,7 @@ patchesStrategicMerge:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: v2.1.0
+  newTag: v2.1.1
 resources:
 - ../../base/application-controller
 - ../../base/dex

manifests/ha/install.yaml

@@ -3684,7 +3684,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -3895,7 +3895,7 @@ spec:
               key: reposerver.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -4114,6 +4114,12 @@ spec:
               key: server.login.attempts.expiration
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_SERVER_STATIC_ASSETS
+          valueFrom:
+            configMapKeyRef:
+              key: server.staticassets
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
           valueFrom:
             configMapKeyRef:
@@ -4138,7 +4144,7 @@ spec:
               key: server.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -4334,7 +4340,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/ha/namespace-install.yaml

@@ -1071,7 +1071,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -1282,7 +1282,7 @@ spec:
               key: reposerver.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -1501,6 +1501,12 @@ spec:
               key: server.login.attempts.expiration
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_SERVER_STATIC_ASSETS
+          valueFrom:
+            configMapKeyRef:
+              key: server.staticassets
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
           valueFrom:
             configMapKeyRef:
@@ -1525,7 +1531,7 @@ spec:
               key: server.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -1721,7 +1727,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/install.yaml

@@ -3049,7 +3049,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -3224,7 +3224,7 @@ spec:
               key: reposerver.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -3439,6 +3439,12 @@ spec:
               key: server.login.attempts.expiration
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_SERVER_STATIC_ASSETS
+          valueFrom:
+            configMapKeyRef:
+              key: server.staticassets
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
           valueFrom:
             configMapKeyRef:
@@ -3463,7 +3469,7 @@ spec:
               key: server.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -3653,7 +3659,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/namespace-install.yaml

@@ -436,7 +436,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -611,7 +611,7 @@ spec:
               key: reposerver.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -826,6 +826,12 @@ spec:
               key: server.login.attempts.expiration
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_SERVER_STATIC_ASSETS
+          valueFrom:
+            configMapKeyRef:
+              key: server.staticassets
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
           valueFrom:
             configMapKeyRef:
@@ -850,7 +856,7 @@ spec:
               key: server.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -1040,7 +1046,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.1.0
+        image: quay.io/argoproj/argocd:v2.1.1
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

pkg/apiclient/settings/settings.pb.go

@@ -92,6 +92,7 @@ type Settings struct {
 	UiCssURL                string                             `protobuf:"bytes,14,opt,name=uiCssURL,proto3" json:"uiCssURL,omitempty"`
 	UiBannerContent         string                             `protobuf:"bytes,15,opt,name=uiBannerContent,proto3" json:"uiBannerContent,omitempty"`
 	UiBannerURL             string                             `protobuf:"bytes,16,opt,name=uiBannerURL,proto3" json:"uiBannerURL,omitempty"`
+	PasswordPattern         string                             `protobuf:"bytes,17,opt,name=passwordPattern,proto3" json:"passwordPattern,omitempty"`
 	XXX_NoUnkeyedLiteral    struct{}                           `json:"-"`
 	XXX_unrecognized        []byte                             `json:"-"`
 	XXX_sizecache           int32                              `json:"-"`
@@ -242,6 +243,13 @@ func (m *Settings) GetUiBannerURL() string {
 	return ""
 }
 
+func (m *Settings) GetPasswordPattern() string {
+	if m != nil {
+		return m.PasswordPattern
+	}
+	return ""
+}
+
 type GoogleAnalyticsConfig struct {
 	TrackingID           string   `protobuf:"bytes,1,opt,name=trackingID,proto3" json:"trackingID,omitempty"`
 	AnonymizeUsers       bool     `protobuf:"varint,2,opt,name=anonymizeUsers,proto3" json:"anonymizeUsers,omitempty"`
@@ -609,68 +617,70 @@ func init() {
 func init() { proto.RegisterFile("server/settings/settings.proto", fileDescriptor_a480d494da040caa) }
 
 var fileDescriptor_a480d494da040caa = []byte{
-	// 976 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0xcf, 0x6f, 0x1b, 0xc5,
-	0x17, 0xd7, 0xc6, 0x69, 0x62, 0x3f, 0x37, 0x71, 0x32, 0xdf, 0x2f, 0x61, 0xb1, 0x2a, 0xc7, 0xf8,
-	0x50, 0x19, 0x09, 0x76, 0x89, 0x2b, 0x04, 0x42, 0x48, 0x80, 0xd7, 0x55, 0x6b, 0xea, 0x92, 0x32,
-	0x4d, 0x7a, 0x40, 0x42, 0xd1, 0x64, 0x77, 0xd8, 0x0c, 0xde, 0xcc, 0xac, 0x66, 0x66, 0xad, 0xba,
-	0x47, 0x6e, 0x5c, 0xb8, 0xc0, 0x1f, 0xd5, 0x23, 0x12, 0x77, 0x0b, 0x59, 0xfc, 0x21, 0x68, 0x67,
-	0x7f, 0x64, 0x63, 0x9b, 0x1f, 0x52, 0x6f, 0x6f, 0xde, 0xe7, 0xfd, 0x9a, 0x37, 0x9f, 0x7d, 0x6f,
-	0xa1, 0xa3, 0xa8, 0x9c, 0x51, 0xe9, 0x2a, 0xaa, 0x35, 0xe3, 0xa1, 0x2a, 0x05, 0x27, 0x96, 0x42,
-	0x0b, 0xb4, 0xeb, 0x47, 0x89, 0xd2, 0x54, 0xb6, 0xff, 0x1f, 0x8a, 0x50, 0x18, 0x9d, 0x9b, 0x4a,
-	0x19, 0xdc, 0xbe, 0x17, 0x0a, 0x11, 0x46, 0xd4, 0x25, 0x31, 0x73, 0x09, 0xe7, 0x42, 0x13, 0xcd,
-	0x04, 0xcf, 0x9d, 0xdb, 0x93, 0x90, 0xe9, 0xab, 0xe4, 0xd2, 0xf1, 0xc5, 0xb5, 0x4b, 0xa4, 0x71,
-	0xff, 0xc1, 0x08, 0x1f, 0xf8, 0x81, 0x3b, 0x1b, 0xb8, 0xf1, 0x34, 0x4c, 0x3d, 0x95, 0x4b, 0xe2,
-	0x38, 0x62, 0xbe, 0xf1, 0x75, 0x67, 0x27, 0x24, 0x8a, 0xaf, 0xc8, 0x89, 0x1b, 0x52, 0x4e, 0x25,
-	0xd1, 0x34, 0xc8, 0xa3, 0x7d, 0xf1, 0x2f, 0xd1, 0x56, 0x6f, 0x22, 0x58, 0xe0, 0xbb, 0x7e, 0x44,
-	0xd8, 0x75, 0x5e, 0x4f, 0xaf, 0x05, 0x7b, 0xcf, 0x73, 0xf4, 0x9b, 0x84, 0xca, 0x79, 0xef, 0x75,
-	0x1d, 0xea, 0x85, 0x06, 0xbd, 0x03, 0xb5, 0x44, 0x46, 0xb6, 0xd5, 0xb5, 0xfa, 0x8d, 0xe1, 0xee,
-	0x72, 0x71, 0x5c, 0x3b, 0xc7, 0x13, 0x9c, 0xea, 0xd0, 0x87, 0xd0, 0x08, 0xe8, 0x4b, 0x4f, 0xf0,
-	0xef, 0x59, 0x68, 0x6f, 0x75, 0xad, 0x7e, 0x73, 0x80, 0x9c, 0xbc, 0x33, 0xce, 0xa8, 0x40, 0xf0,
-	0x8d, 0x11, 0xf2, 0x00, 0xd2, 0xfc, 0xb9, 0x4b, 0xcd, 0xb8, 0xfc, 0xaf, 0x74, 0x39, 0x1d, 0x8f,
-	0xbc, 0x0c, 0x1a, 0xee, 0x2f, 0x17, 0xc7, 0x70, 0x73, 0xc6, 0x15, 0x37, 0xd4, 0x85, 0x26, 0x89,
-	0xe3, 0x09, 0xb9, 0xa4, 0xd1, 0x13, 0x3a, 0xb7, 0xb7, 0xd3, 0xca, 0x70, 0x55, 0x85, 0x5e, 0xc0,
-	0xa1, 0xa4, 0x4a, 0x24, 0xd2, 0xa7, 0xa7, 0x33, 0x2a, 0x25, 0x0b, 0xa8, 0xb2, 0xef, 0x74, 0x6b,
-	0xfd, 0xe6, 0xa0, 0x5f, 0x66, 0x2b, 0x6e, 0xe8, 0xe0, 0x55, 0xd3, 0x87, 0x5c, 0xcb, 0x39, 0x5e,
-	0x0f, 0x81, 0x1c, 0x40, 0x4a, 0x13, 0x9d, 0xa8, 0x21, 0x09, 0x42, 0xfa, 0x90, 0x93, 0xcb, 0x88,
-	0x06, 0xf6, 0x4e, 0xd7, 0xea, 0xd7, 0xf1, 0x06, 0x04, 0x3d, 0x86, 0x56, 0xc6, 0x84, 0x2f, 0x39,
-	0x89, 0xe6, 0x9a, 0xf9, 0xca, 0xde, 0x35, 0x77, 0xee, 0x94, 0x55, 0x3c, 0xba, 0x8d, 0xe7, 0xd7,
-	0x5d, 0x75, 0x43, 0xaf, 0xe0, 0x60, 0x9a, 0x28, 0x2d, 0xae, 0xd9, 0x2b, 0x7a, 0x1a, 0x1b, 0x36,
-	0xd9, 0x75, 0x13, 0xea, 0x6b, 0xe7, 0x86, 0x00, 0x4e, 0x41, 0x00, 0x23, 0x5c, 0xf8, 0x81, 0x33,
-	0x1b, 0x38, 0xf1, 0x34, 0x74, 0x52, 0x3a, 0x39, 0x15, 0x3a, 0x39, 0x05, 0x9d, 0x9c, 0x27, 0x2b,
-	0x51, 0xf1, 0x5a, 0x1e, 0xf4, 0x2e, 0x6c, 0x5f, 0xd1, 0x28, 0xb6, 0x1b, 0x26, 0xdf, 0x5e, 0x59,
-	0xfa, 0x63, 0x1a, 0xc5, 0xd8, 0x40, 0xe8, 0x3d, 0xd8, 0x8d, 0xa3, 0x24, 0x64, 0x5c, 0xd9, 0x60,
-	0xda, 0xdc, 0x2a, 0xad, 0x9e, 0x19, 0x3d, 0x2e, 0xf0, 0xb4, 0x87, 0x89, 0xa2, 0x72, 0x22, 0xd2,
-	0xd3, 0x88, 0xa9, 0xac, 0x87, 0xcd, 0xac, 0x87, 0xeb, 0x08, 0xfa, 0xd9, 0x82, 0xb7, 0x7d, 0xd3,
-	0x95, 0xa7, 0x84, 0x93, 0x90, 0x5e, 0x53, 0xae, 0x9f, 0xe5, 0xb9, 0xee, 0x9a, 0x5c, 0x67, 0x6f,
-	0xd6, 0x01, 0x6f, 0x63, 0x70, 0xfc, 0x77, 0x49, 0xd1, 0xfb, 0x70, 0x58, 0xb6, 0xe8, 0x05, 0x95,
-	0xca, 0xbc, 0xc5, 0x5e, 0xb7, 0xd6, 0x6f, 0xe0, 0x75, 0x00, 0xb5, 0xa1, 0x9e, 0x30, 0x4f, 0xa9,
-	0x73, 0x3c, 0xb1, 0xf7, 0x0d, 0x53, 0xcb, 0x33, 0xea, 0x43, 0x2b, 0x61, 0x43, 0xc2, 0x39, 0x95,
-	0x9e, 0xe0, 0x9a, 0x72, 0x6d, 0xb7, 0x8c, 0xc9, 0xaa, 0x3a, 0xa5, 0x7c, 0xa1, 0x4a, 0x03, 0x1d,
-	0x64, 0x94, 0xaf, 0xa8, 0xda, 0xbf, 0x5a, 0x70, 0xb4, 0x99, 0xc8, 0xe8, 0x00, 0x6a, 0x53, 0x3a,
-	0xcf, 0xbe, 0x60, 0x9c, 0x8a, 0x28, 0x80, 0x3b, 0x33, 0x12, 0x25, 0x34, 0xff, 0x68, 0xdf, 0x90,
-	0x42, 0xab, 0x69, 0x71, 0x16, 0xfc, 0xd3, 0xad, 0x4f, 0xac, 0xde, 0x05, 0xbc, 0xb5, 0x91, 0xe1,
-	0xa8, 0x03, 0xa0, 0x25, 0xf1, 0xa7, 0x8c, 0x87, 0xe3, 0x51, 0x5e, 0x5b, 0x45, 0x83, 0xee, 0xc3,
-	0x3e, 0xe1, 0x82, 0xcf, 0xd3, 0x66, 0x9e, 0x2b, 0x2a, 0x95, 0xa9, 0xb5, 0x8e, 0x57, 0xb4, 0xbd,
-	0xcf, 0x60, 0x3b, 0xe5, 0x21, 0xb2, 0x61, 0xd7, 0xbf, 0x22, 0xfa, 0xbc, 0x18, 0x55, 0xb8, 0x38,
-	0xa6, 0x2f, 0x90, 0x8a, 0x67, 0xf4, 0xa5, 0x36, 0x31, 0x1a, 0xb8, 0x3c, 0xf7, 0xee, 0xc1, 0x4e,
-	0xf6, 0xac, 0x08, 0xc1, 0x36, 0x27, 0xd7, 0x34, 0x77, 0x36, 0x72, 0xef, 0x73, 0x68, 0x94, 0x53,
-	0x0c, 0x0d, 0x00, 0x7c, 0xc1, 0x39, 0xf5, 0xb5, 0x90, 0xca, 0xb6, 0x0c, 0xf3, 0x6e, 0xa6, 0x9d,
-	0x57, 0x40, 0xb8, 0x62, 0xd5, 0x7b, 0x00, 0x8d, 0x12, 0xd8, 0x94, 0x21, 0xd5, 0xe9, 0x79, 0x4c,
-	0xf3, 0xba, 0x8c, 0xdc, 0xfb, 0xa9, 0x06, 0x95, 0xc9, 0xb7, 0xd1, 0xed, 0x08, 0x76, 0x98, 0x52,
-	0x09, 0x95, 0xb9, 0x63, 0x7e, 0x42, 0x7d, 0xa8, 0xfb, 0x11, 0xa3, 0x5c, 0x8f, 0x47, 0x66, 0xb8,
-	0x36, 0x86, 0x77, 0x97, 0x8b, 0xe3, 0xba, 0x97, 0xeb, 0x70, 0x89, 0xa2, 0x13, 0x68, 0xfa, 0x11,
-	0x2b, 0x80, 0x6c, 0x86, 0x0e, 0x5b, 0xcb, 0xc5, 0x71, 0xd3, 0x9b, 0x8c, 0x4b, 0xfb, 0xaa, 0x4d,
-	0x9a, 0x54, 0xf9, 0x22, 0xce, 0x27, 0x69, 0x03, 0xe7, 0x27, 0x74, 0x01, 0x7b, 0x2c, 0x38, 0x13,
-	0x53, 0xca, 0x3d, 0xb3, 0x55, 0xec, 0x1d, 0xd3, 0x9b, 0xfb, 0x1b, 0xc6, 0xba, 0x33, 0xae, 0x1a,
-	0x1a, 0x76, 0x0e, 0x0f, 0x97, 0x8b, 0xe3, 0xbd, 0xf1, 0xa8, 0xa2, 0xc7, 0xb7, 0xe3, 0xb5, 0xe7,
-	0x80, 0xd6, 0xfd, 0x36, 0xb0, 0xfa, 0xe9, 0x6d, 0x56, 0x7f, 0xfc, 0x8f, 0xac, 0xce, 0xd6, 0xa2,
-	0x53, 0xee, 0xf5, 0x74, 0xbf, 0x38, 0x26, 0x7e, 0x85, 0xbe, 0x83, 0xef, 0xa0, 0x55, 0xac, 0x89,
-	0xe7, 0x54, 0xce, 0x98, 0x4f, 0xd1, 0x57, 0x50, 0x7b, 0x44, 0x35, 0x3a, 0x5a, 0xdb, 0x23, 0x66,
-	0x77, 0xb6, 0x0f, 0xd7, 0xf4, 0x3d, 0xfb, 0xc7, 0xdf, 0xff, 0xfc, 0x65, 0x0b, 0xa1, 0x03, 0xf3,
-	0x3f, 0x30, 0x3b, 0x29, 0x77, 0xf1, 0xd0, 0x7b, 0xbd, 0xec, 0x58, 0xbf, 0x2d, 0x3b, 0xd6, 0x1f,
-	0xcb, 0x8e, 0xf5, 0xed, 0x47, 0xff, 0xed, 0xbf, 0x20, 0x7b, 0xc3, 0x32, 0xc8, 0xe5, 0x8e, 0xd9,
-	0xe2, 0x0f, 0xfe, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x71, 0x4d, 0xb0, 0xe8, 0xb4, 0x08, 0x00, 0x00,
+	// 996 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0x4f, 0x6f, 0xe3, 0x44,
+	0x14, 0x97, 0x9b, 0x6e, 0x9b, 0xbc, 0x6c, 0x9b, 0x76, 0x80, 0x62, 0xa2, 0x55, 0x1a, 0x72, 0x58,
+	0x05, 0x09, 0x6c, 0x9a, 0x15, 0x02, 0x21, 0x24, 0x20, 0xce, 0x6a, 0x37, 0x6c, 0x96, 0x96, 0xd9,
+	0x76, 0x0f, 0x48, 0xa8, 0x9a, 0xda, 0x83, 0x3b, 0xc4, 0x9d, 0xb1, 0x66, 0xc6, 0x61, 0xb3, 0x47,
+	0x6e, 0x5c, 0xb8, 0xc0, 0x87, 0xe2, 0x88, 0xc4, 0xbd, 0x42, 0x11, 0x9f, 0x80, 0x4f, 0x80, 0x3c,
+	0xfe, 0x53, 0x37, 0x09, 0x7f, 0xa4, 0xbd, 0xbd, 0xf9, 0xbd, 0xf7, 0x7e, 0x6f, 0xfc, 0xfc, 0xf3,
+	0x7b, 0x86, 0x8e, 0xa2, 0x72, 0x46, 0xa5, 0xab, 0xa8, 0xd6, 0x8c, 0x87, 0xaa, 0x34, 0x9c, 0x58,
+	0x0a, 0x2d, 0xd0, 0xb6, 0x1f, 0x25, 0x4a, 0x53, 0xd9, 0x7e, 0x3d, 0x14, 0xa1, 0x30, 0x98, 0x9b,
+	0x5a, 0x99, 0xbb, 0x7d, 0x2f, 0x14, 0x22, 0x8c, 0xa8, 0x4b, 0x62, 0xe6, 0x12, 0xce, 0x85, 0x26,
+	0x9a, 0x09, 0x9e, 0x27, 0xb7, 0x27, 0x21, 0xd3, 0x97, 0xc9, 0x85, 0xe3, 0x8b, 0x2b, 0x97, 0x48,
+	0x93, 0xfe, 0x9d, 0x31, 0xde, 0xf3, 0x03, 0x77, 0x36, 0x70, 0xe3, 0x69, 0x98, 0x66, 0x2a, 0x97,
+	0xc4, 0x71, 0xc4, 0x7c, 0x93, 0xeb, 0xce, 0x8e, 0x48, 0x14, 0x5f, 0x92, 0x23, 0x37, 0xa4, 0x9c,
+	0x4a, 0xa2, 0x69, 0x90, 0xb3, 0x7d, 0xf6, 0x1f, 0x6c, 0xcb, 0x4f, 0x22, 0x58, 0xe0, 0xbb, 0x7e,
+	0x44, 0xd8, 0x55, 0x7e, 0x9f, 0x5e, 0x0b, 0x76, 0x9e, 0xe5, 0xde, 0xaf, 0x12, 0x2a, 0xe7, 0xbd,
+	0xbf, 0xea, 0x50, 0x2f, 0x10, 0xf4, 0x16, 0xd4, 0x12, 0x19, 0xd9, 0x56, 0xd7, 0xea, 0x37, 0x86,
+	0xdb, 0x8b, 0xeb, 0xc3, 0xda, 0x19, 0x9e, 0xe0, 0x14, 0x43, 0xef, 0x43, 0x23, 0xa0, 0x2f, 0x3c,
+	0xc1, 0xbf, 0x65, 0xa1, 0xbd, 0xd1, 0xb5, 0xfa, 0xcd, 0x01, 0x72, 0xf2, 0xce, 0x38, 0xa3, 0xc2,
+	0x83, 0x6f, 0x82, 0x90, 0x07, 0x90, 0xd6, 0xcf, 0x53, 0x6a, 0x26, 0xe5, 0xb5, 0x32, 0xe5, 0x78,
+	0x3c, 0xf2, 0x32, 0xd7, 0x70, 0x77, 0x71, 0x7d, 0x08, 0x37, 0x67, 0x5c, 0x49, 0x43, 0x5d, 0x68,
+	0x92, 0x38, 0x9e, 0x90, 0x0b, 0x1a, 0x3d, 0xa1, 0x73, 0x7b, 0x33, 0xbd, 0x19, 0xae, 0x42, 0xe8,
+	0x39, 0xec, 0x4b, 0xaa, 0x44, 0x22, 0x7d, 0x7a, 0x3c, 0xa3, 0x52, 0xb2, 0x80, 0x2a, 0xfb, 0x4e,
+	0xb7, 0xd6, 0x6f, 0x0e, 0xfa, 0x65, 0xb5, 0xe2, 0x09, 0x1d, 0xbc, 0x1c, 0xfa, 0x90, 0x6b, 0x39,
+	0xc7, 0xab, 0x14, 0xc8, 0x01, 0xa4, 0x34, 0xd1, 0x89, 0x1a, 0x92, 0x20, 0xa4, 0x0f, 0x39, 0xb9,
+	0x88, 0x68, 0x60, 0x6f, 0x75, 0xad, 0x7e, 0x1d, 0xaf, 0xf1, 0xa0, 0xc7, 0xd0, 0xca, 0x94, 0xf0,
+	0x39, 0x27, 0xd1, 0x5c, 0x33, 0x5f, 0xd9, 0xdb, 0xe6, 0x99, 0x3b, 0xe5, 0x2d, 0x1e, 0xdd, 0xf6,
+	0xe7, 0x8f, 0xbb, 0x9c, 0x86, 0x5e, 0xc2, 0xde, 0x34, 0x51, 0x5a, 0x5c, 0xb1, 0x97, 0xf4, 0x38,
+	0x36, 0x6a, 0xb2, 0xeb, 0x86, 0xea, 0x4b, 0xe7, 0x46, 0x00, 0x4e, 0x21, 0x00, 0x63, 0x9c, 0xfb,
+	0x81, 0x33, 0x1b, 0x38, 0xf1, 0x34, 0x74, 0x52, 0x39, 0x39, 0x15, 0x39, 0x39, 0x85, 0x9c, 0x9c,
+	0x27, 0x4b, 0xac, 0x78, 0xa5, 0x0e, 0x7a, 0x1b, 0x36, 0x2f, 0x69, 0x14, 0xdb, 0x0d, 0x53, 0x6f,
+	0xa7, 0xbc, 0xfa, 0x63, 0x1a, 0xc5, 0xd8, 0xb8, 0xd0, 0x3b, 0xb0, 0x1d, 0x47, 0x49, 0xc8, 0xb8,
+	0xb2, 0xc1, 0xb4, 0xb9, 0x55, 0x46, 0x9d, 0x18, 0x1c, 0x17, 0xfe, 0xb4, 0x87, 0x89, 0xa2, 0x72,
+	0x22, 0xd2, 0xd3, 0x88, 0xa9, 0xac, 0x87, 0xcd, 0xac, 0x87, 0xab, 0x1e, 0xf4, 0x93, 0x05, 0x6f,
+	0xfa, 0xa6, 0x2b, 0x4f, 0x09, 0x27, 0x21, 0xbd, 0xa2, 0x5c, 0x9f, 0xe4, 0xb5, 0xee, 0x9a, 0x5a,
+	0xa7, 0xaf, 0xd6, 0x01, 0x6f, 0x2d, 0x39, 0xfe, 0xa7, 0xa2, 0xe8, 0x5d, 0xd8, 0x2f, 0x5b, 0xf4,
+	0x9c, 0x4a, 0x65, 0xde, 0xc5, 0x4e, 0xb7, 0xd6, 0x6f, 0xe0, 0x55, 0x07, 0x6a, 0x43, 0x3d, 0x61,
+	0x9e, 0x52, 0x67, 0x78, 0x62, 0xef, 0x1a, 0xa5, 0x96, 0x67, 0xd4, 0x87, 0x56, 0xc2, 0x86, 0x84,
+	0x73, 0x2a, 0x3d, 0xc1, 0x35, 0xe5, 0xda, 0x6e, 0x99, 0x90, 0x65, 0x38, 0x95, 0x7c, 0x01, 0xa5,
+	0x44, 0x7b, 0x99, 0xe4, 0x2b, 0x50, 0xca, 0x15, 0x13, 0xa5, 0xbe, 0x17, 0x32, 0x38, 0x21, 0x5a,
+	0x53, 0xc9, 0xed, 0xfd, 0x8c, 0x6b, 0x09, 0x6e, 0xff, 0x62, 0xc1, 0xc1, 0x7a, 0xc9, 0xa3, 0x3d,
+	0xa8, 0x4d, 0xe9, 0x3c, 0xfb, 0xd6, 0x71, 0x6a, 0xa2, 0x00, 0xee, 0xcc, 0x48, 0x94, 0xd0, 0xfc,
+	0xf3, 0x7e, 0x45, 0xb1, 0x2d, 0x97, 0xc5, 0x19, 0xf9, 0xc7, 0x1b, 0x1f, 0x59, 0xbd, 0x73, 0x78,
+	0x63, 0xed, 0xb7, 0x80, 0x3a, 0x00, 0x5a, 0x12, 0x7f, 0xca, 0x78, 0x38, 0x1e, 0xe5, 0x77, 0xab,
+	0x20, 0xe8, 0x3e, 0xec, 0x12, 0x2e, 0xf8, 0x3c, 0x6d, 0xfb, 0x99, 0xa2, 0x52, 0x99, 0xbb, 0xd6,
+	0xf1, 0x12, 0xda, 0xfb, 0x04, 0x36, 0x53, 0xc5, 0x22, 0x1b, 0xb6, 0xfd, 0x4b, 0xa2, 0xcf, 0x8a,
+	0xa1, 0x86, 0x8b, 0x63, 0xfa, 0xae, 0x52, 0xf3, 0x94, 0xbe, 0xd0, 0x86, 0xa3, 0x81, 0xcb, 0x73,
+	0xef, 0x1e, 0x6c, 0x65, 0x02, 0x40, 0x08, 0x36, 0x39, 0xb9, 0xa2, 0x79, 0xb2, 0xb1, 0x7b, 0x9f,
+	0x42, 0xa3, 0x9c, 0x77, 0x68, 0x00, 0xe0, 0x0b, 0xce, 0xa9, 0xaf, 0x85, 0x54, 0xb6, 0x65, 0x34,
+	0x7a, 0x33, 0x17, 0xbd, 0xc2, 0x85, 0x2b, 0x51, 0xbd, 0x07, 0xd0, 0x28, 0x1d, 0xeb, 0x2a, 0xa4,
+	0x98, 0x9e, 0xc7, 0x34, 0xbf, 0x97, 0xb1, 0x7b, 0x3f, 0xd6, 0xa0, 0x32, 0x23, 0xd7, 0xa6, 0x1d,
+	0xc0, 0x16, 0x53, 0x2a, 0xa1, 0x32, 0x4f, 0xcc, 0x4f, 0xa8, 0x0f, 0x75, 0x3f, 0x62, 0x94, 0xeb,
+	0xf1, 0xc8, 0x8c, 0xe1, 0xc6, 0xf0, 0xee, 0xe2, 0xfa, 0xb0, 0xee, 0xe5, 0x18, 0x2e, 0xbd, 0xe8,
+	0x08, 0x9a, 0x7e, 0xc4, 0x0a, 0x47, 0x36, 0x6d, 0x87, 0xad, 0xc5, 0xf5, 0x61, 0xd3, 0x9b, 0x8c,
+	0xcb, 0xf8, 0x6a, 0x4c, 0x5a, 0x54, 0xf9, 0x22, 0xce, 0x67, 0x6e, 0x03, 0xe7, 0x27, 0x74, 0x0e,
+	0x3b, 0x2c, 0x38, 0x15, 0x53, 0xca, 0x3d, 0xb3, 0x7f, 0xec, 0x2d, 0xd3, 0x9b, 0xfb, 0x6b, 0x16,
+	0x80, 0x33, 0xae, 0x06, 0x1a, 0x75, 0x0e, 0xf7, 0x17, 0xd7, 0x87, 0x3b, 0xe3, 0x51, 0x05, 0xc7,
+	0xb7, 0xf9, 0xda, 0x73, 0x40, 0xab, 0x79, 0x6b, 0x54, 0xfd, 0xf4, 0xb6, 0xaa, 0x3f, 0xfc, 0x57,
+	0x55, 0x67, 0x0b, 0xd4, 0x29, 0xff, 0x00, 0xd2, 0x4d, 0xe4, 0x18, 0xfe, 0x8a, 0x7c, 0x07, 0xdf,
+	0x40, 0xab, 0x58, 0x28, 0xcf, 0xa8, 0x9c, 0x31, 0x9f, 0xa2, 0x2f, 0xa0, 0xf6, 0x88, 0x6a, 0x74,
+	0xb0, 0xb2, 0x71, 0xcc, 0x96, 0x6d, 0xef, 0xaf, 0xe0, 0x3d, 0xfb, 0x87, 0xdf, 0xff, 0xfc, 0x79,
+	0x03, 0xa1, 0x3d, 0xf3, 0xe7, 0x30, 0x3b, 0x2a, 0xb7, 0xf6, 0xd0, 0xfb, 0x75, 0xd1, 0xb1, 0x7e,
+	0x5b, 0x74, 0xac, 0x3f, 0x16, 0x1d, 0xeb, 0xeb, 0x0f, 0xfe, 0xdf, 0x1f, 0x44, 0xf6, 0x0e, 0x4b,
+	0x92, 0x8b, 0x2d, 0xb3, 0xef, 0x1f, 0xfc, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xcc, 0x31, 0x2c, 0x49,
+	0xde, 0x08, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -806,6 +816,15 @@ func (m *Settings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
+	if len(m.PasswordPattern) > 0 {
+		i -= len(m.PasswordPattern)
+		copy(dAtA[i:], m.PasswordPattern)
+		i = encodeVarintSettings(dAtA, i, uint64(len(m.PasswordPattern)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x8a
+	}
 	if len(m.UiBannerURL) > 0 {
 		i -= len(m.UiBannerURL)
 		copy(dAtA[i:], m.UiBannerURL)
@@ -1386,6 +1405,10 @@ func (m *Settings) Size() (n int) {
 	if l > 0 {
 		n += 2 + l + sovSettings(uint64(l))
 	}
+	l = len(m.PasswordPattern)
+	if l > 0 {
+		n += 2 + l + sovSettings(uint64(l))
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -2227,6 +2250,38 @@ func (m *Settings) Unmarshal(dAtA []byte) error {
 			}
 			m.UiBannerURL = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 17:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PasswordPattern", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSettings
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthSettings
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthSettings
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.PasswordPattern = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSettings(dAtA[iNdEx:])

server/account/account.go

@@ -3,6 +3,7 @@ package account
 import (
 	"errors"
 	"fmt"
+	"regexp"
 	"sort"
 	"time"
 
@@ -76,6 +77,22 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe
 		}
 	}
 
+	//Need to validate password complexity with regular expression
+	passwordPattern, err := s.settingsMgr.GetPasswordPattern()
+	if err != nil {
+		return nil, err
+	}
+
+	validPasswordRegexp, err := regexp.Compile(passwordPattern)
+	if err != nil {
+		return nil, err
+	}
+
+	if !validPasswordRegexp.Match([]byte(q.NewPassword)) {
+		err := fmt.Errorf("New password does not match the following expression: %s.", passwordPattern)
+		return nil, err
+	}
+
 	hashedPassword, err := password.HashPassword(q.NewPassword)
 	if err != nil {
 		return nil, err

server/server.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	goio "io"
 	"io/fs"
 	"math"
 	"net"
@@ -12,7 +11,6 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"regexp"
 	"strings"
 	gosync "sync"
@@ -134,7 +132,6 @@ var (
 	maxConcurrentLoginRequestsCount = 50
 	replicasCount                   = 1
 	enableGRPCTimeHistogram         = true
-	staticAssets                    = http.FS(&subDirFs{dir: "dist/app", fs: ui.Embedded})
 )
 
 func init() {
@@ -167,12 +164,14 @@ type ArgoCDServer struct {
 	indexDataInit    gosync.Once
 	indexData        []byte
 	indexDataErr     error
+	staticAssets     http.FileSystem
 }
 
 type ArgoCDServerOpts struct {
 	DisableAuth         bool
 	EnableGZip          bool
 	Insecure            bool
+	StaticAssetsDir     string
 	ListenPort          int
 	MetricsPort         int
 	Namespace           string
@@ -236,6 +235,11 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer {
 	policyEnf := rbacpolicy.NewRBACPolicyEnforcer(enf, projLister)
 	enf.SetClaimsEnforcerFunc(policyEnf.EnforceClaims)
 
+	var staticFS fs.FS = io.NewSubDirFS("dist/app", ui.Embedded)
+	if opts.StaticAssetsDir != "" {
+		staticFS = io.NewComposableFS(staticFS, os.DirFS(opts.StaticAssetsDir))
+	}
+
 	return &ArgoCDServer{
 		ArgoCDServerOpts: opts,
 		log:              log.NewEntry(log.StandardLogger()),
@@ -248,6 +252,7 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer {
 		appLister:        appLister,
 		policyEnforcer:   policyEnf,
 		userStateStorage: userStateStorage,
+		staticAssets:     http.FS(staticFS),
 	}
 }
 
@@ -842,8 +847,8 @@ func (s *ArgoCDServer) getIndexData() ([]byte, error) {
 	return s.indexData, s.indexDataErr
 }
 
-func uiAssetExists(filename string) bool {
-	f, err := staticAssets.Open(strings.Trim(filename, "/"))
+func (server *ArgoCDServer) uiAssetExists(filename string) bool {
+	f, err := server.staticAssets.Open(strings.Trim(filename, "/"))
 	if err != nil {
 		return false
 	}
@@ -866,7 +871,7 @@ func (server *ArgoCDServer) newStaticAssetsHandler() func(http.ResponseWriter, *
 			}
 		}
 
-		fileRequest := r.URL.Path != "/index.html" && uiAssetExists(r.URL.Path)
+		fileRequest := r.URL.Path != "/index.html" && server.uiAssetExists(r.URL.Path)
 
 		// Set X-Frame-Options according to configuration
 		if server.XFrameOptions != "" {
@@ -889,50 +894,13 @@ func (server *ArgoCDServer) newStaticAssetsHandler() func(http.ResponseWriter, *
 			if err != nil {
 				modTime = time.Now()
 			}
-			http.ServeContent(w, r, "index.html", modTime, byteReadSeeker{data: data})
+			http.ServeContent(w, r, "index.html", modTime, io.NewByteReadSeeker(data))
 		} else {
-			http.FileServer(staticAssets).ServeHTTP(w, r)
+			http.FileServer(server.staticAssets).ServeHTTP(w, r)
 		}
 	}
 }
 
-type subDirFs struct {
-	dir string
-	fs  fs.FS
-}
-
-func (s subDirFs) Open(name string) (fs.File, error) {
-	return s.fs.Open(filepath.Join(s.dir, name))
-}
-
-type byteReadSeeker struct {
-	data   []byte
-	offset int64
-}
-
-func (f byteReadSeeker) Read(b []byte) (int, error) {
-	if f.offset >= int64(len(f.data)) {
-		return 0, goio.EOF
-	}
-	n := copy(b, f.data[f.offset:])
-	f.offset += int64(n)
-	return n, nil
-}
-
-func (f byteReadSeeker) Seek(offset int64, whence int) (int64, error) {
-	switch whence {
-	case 1:
-		offset += f.offset
-	case 2:
-		offset += int64(len(f.data))
-	}
-	if offset < 0 || offset > int64(len(f.data)) {
-		return 0, &fs.PathError{Op: "seek", Err: fs.ErrInvalid}
-	}
-	f.offset = offset
-	return offset, nil
-}
-
 type registerFunc func(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) error
 
 // mustRegisterGWHandler is a convenience function to register a gateway handler

server/settings/settings.go

@@ -99,6 +99,7 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin
 		UserLoginsDisabled: userLoginsDisabled,
 		KustomizeVersions:  kustomizeVersions,
 		UiCssURL:           argoCDSettings.UiCssURL,
+		PasswordPattern:    argoCDSettings.PasswordPattern,
 	}
 
 	if sessionmgr.LoggedIn(ctx) || s.disableAuth {

server/settings/settings.proto

@@ -33,6 +33,7 @@ message Settings {
     string uiCssURL = 14;
     string uiBannerContent = 15;
     string uiBannerURL = 16;
+    string passwordPattern = 17;
 }
 
 message GoogleAnalyticsConfig {

test/container/Dockerfile

@@ -74,7 +74,7 @@ COPY --from=node /usr/local/bin/node /usr/local/bin
 COPY --from=node /opt/yarn-v1.22.4 /opt/yarn-v1.22.4
 
 # Entrypoint is required for container's user management
-COPY ./test/container/uid_entrypoint.sh /usr/local/bin
+COPY ./test/container/entrypoint.sh /usr/local/bin
 
 ARG UID
 
@@ -104,4 +104,4 @@ RUN useradd -l -u ${UID} -d /home/user -s /bin/bash user && \
     ln -s /opt/yarn-v1.22.4/bin/yarnpkg /usr/local/bin/yarnpkg && \
     mkdir -p /var/lib/registry && chmod -R 777 /var/lib/registry
 
-ENTRYPOINT ["/usr/local/bin/uid_entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

test/remote/Dockerfile

@@ -36,7 +36,7 @@ COPY ./test/fixture/certs/argocd-e2e-server.key /etc/certs/argocd-test-server.ke
 COPY ./test/fixture/certs/argocd-test-ca.crt /etc/certs/argocd-test-ca.crt
 
 # Entrypoint is required for container's user management
-COPY ./test/remote/uid_entrypoint.sh /usr/local/bin
+COPY ./test/remote/entrypoint.sh /usr/local/bin
 COPY ./test/remote/Procfile /Procfile
 
 # We need goreman
@@ -83,4 +83,4 @@ RUN echo "[http]" >> /tmp/argo-e2e/submodule.git/config && \
 RUN echo "[http]" >> /tmp/argo-e2e/submoduleParent.git/config && \
     echo "  receivepack = true" >> /tmp/argo-e2e/submoduleParent.git/config 
 
-ENTRYPOINT ["/usr/local/bin/uid_entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

ui/src/app/applications/components/resource-details/resource-details.tsx

@@ -114,13 +114,13 @@ export const ResourceDetails = (props: ResourceDetailsProps) => {
                 }
             ]);
         }
-        if (ExtensionComponent) {
+        if (ExtensionComponent && state) {
             tabs.push({
                 title: 'More',
                 key: 'extension',
                 content: (
                     <div>
-                        <ExtensionComponent node={node} tree={tree} />
+                        <ExtensionComponent tree={tree} resource={state} />
                     </div>
                 )
             });

ui/src/app/shared/services/extensions-service.ts

@@ -1,5 +1,5 @@
 import * as React from 'react';
-import {ApplicationTree, ResourceNode} from '../models';
+import {ApplicationTree, State} from '../models';
 
 const extensions: {[key: string]: Extension} = {};
 const cache = new Map<string, Promise<Extension>>();
@@ -9,7 +9,7 @@ export interface Extension {
 }
 
 export interface ExtensionComponentProps {
-    node: ResourceNode;
+    resource: State;
     tree: ApplicationTree;
 }
 

util/io/bytereadseeker.go

@@ -0,0 +1,38 @@
+package io
+
+import (
+	"io"
+	"io/fs"
+)
+
+func NewByteReadSeeker(data []byte) *byteReadSeeker {
+	return &byteReadSeeker{data: data}
+}
+
+type byteReadSeeker struct {
+	data   []byte
+	offset int64
+}
+
+func (f byteReadSeeker) Read(b []byte) (int, error) {
+	if f.offset >= int64(len(f.data)) {
+		return 0, io.EOF
+	}
+	n := copy(b, f.data[f.offset:])
+	f.offset += int64(n)
+	return n, nil
+}
+
+func (f byteReadSeeker) Seek(offset int64, whence int) (int64, error) {
+	switch whence {
+	case 1:
+		offset += f.offset
+	case 2:
+		offset += int64(len(f.data))
+	}
+	if offset < 0 || offset > int64(len(f.data)) {
+		return 0, &fs.PathError{Op: "seek", Err: fs.ErrInvalid}
+	}
+	f.offset = offset
+	return offset, nil
+}

util/io/componsablefs.go

@@ -0,0 +1,23 @@
+package io
+
+import "io/fs"
+
+type composableFS struct {
+	innerFS []fs.FS
+}
+
+// NewComposableFS creates files system that attempts reading file from multiple wrapped file systems
+func NewComposableFS(innerFS ...fs.FS) *composableFS {
+	return &composableFS{innerFS: innerFS}
+}
+
+// Open attempts open file in wrapped file systems and returns first successful
+func (c composableFS) Open(name string) (f fs.File, err error) {
+	for i := range c.innerFS {
+		f, err = c.innerFS[i].Open(name)
+		if err == nil {
+			break
+		}
+	}
+	return
+}

util/io/subdirfs.go

@@ -0,0 +1,20 @@
+package io
+
+import (
+	"io/fs"
+	"path/filepath"
+)
+
+type subDirFs struct {
+	dir string
+	fs  fs.FS
+}
+
+func (s subDirFs) Open(name string) (fs.File, error) {
+	return s.fs.Open(filepath.Join(s.dir, name))
+}
+
+// NewSubDirFS returns file system that represents sub-directory in a wrapped file system
+func NewSubDirFS(dir string, fs fs.FS) *subDirFs {
+	return &subDirFs{dir: dir, fs: fs}
+}

util/settings/settings.go

@@ -82,6 +82,8 @@ type ArgoCDSettings struct {
 	UiBannerContent string `json:"uiBannerContent,omitempty"`
 	// URL for UI Banner
 	UiBannerURL string `json:"uiBannerURL,omitempty"`
+	// PasswordPattern for password regular expression
+	PasswordPattern string `json:"passwordPattern,omitempty"`
 }
 
 type GoogleAnalytics struct {
@@ -309,6 +311,8 @@ const (
 	externalServerTLSSecretName = "argocd-server-tls"
 	// partOfArgoCDSelector holds label selector that should be applied to config maps and secrets used to manage Argo CD
 	partOfArgoCDSelector = "app.kubernetes.io/part-of=argocd"
+	// settingsPasswordPatternKey is the key to configure user password regular expression
+	settingsPasswordPatternKey = "passwordPattern"
 )
 
 // SettingsManager holds config info for a new manager with which to access Kubernetes ConfigMaps.
@@ -515,6 +519,18 @@ func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error) {
 	return label, nil
 }
 
+func (mgr *SettingsManager) GetPasswordPattern() (string, error) {
+	argoCDCM, err := mgr.getConfigMap()
+	if err != nil {
+		return "", err
+	}
+	label := argoCDCM.Data[settingsPasswordPatternKey]
+	if label == "" {
+		return common.PasswordPatten, nil
+	}
+	return label, nil
+}
+
 func (mgr *SettingsManager) GetConfigManagementPlugins() ([]v1alpha1.ConfigManagementPlugin, error) {
 	argoCDCM, err := mgr.getConfigMap()
 	if err != nil {
@@ -1039,6 +1055,10 @@ func updateSettingsFromConfigMap(settings *ArgoCDSettings, argoCDCM *apiv1.Confi
 	} else {
 		settings.UserSessionDuration = time.Hour * 24
 	}
+	settings.PasswordPattern = argoCDCM.Data[settingsPasswordPatternKey]
+	if settings.PasswordPattern == "" {
+		settings.PasswordPattern = common.PasswordPatten
+	}
 }
 
 // validateExternalURL ensures the external URL that is set on the configmap is valid