Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-05-23 01:08:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
argo-cd/controller/state_test.go

773 lines
27 KiB
Go
Raw Normal View History

Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
package controller
import (
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
"encoding/json"
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
"io/ioutil"
"os"
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
"testing"
feat: add time taken to complete deployment (#3715) * feat: add time taken to complete deployment Signed-off-by: darshanime <deathbullet@gmail.com> * feat: add test for adding deploy started at time Signed-off-by: darshanime <deathbullet@gmail.com> * feat: use hourglass for time to deploy Signed-off-by: darshanime <deathbullet@gmail.com> * feat: add comments to RevisionHistory fields Signed-off-by: darshanime <deathbullet@gmail.com>
2020-06-10 12:28:40 +00:00
"time"
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
fix: upgrade gitops engine dependency (#3668)
2020-05-29 01:42:01 +00:00
"github.com/argoproj/gitops-engine/pkg/health"
synccommon "github.com/argoproj/gitops-engine/pkg/sync/common"
feat: move engine code to argoproj/gitops-engine repo (#3599)
2020-05-15 21:39:29 +00:00
"github.com/argoproj/gitops-engine/pkg/utils/kube"
. "github.com/argoproj/gitops-engine/pkg/utils/testing"
Sync wave (#1634)
2019-06-05 01:17:41 +00:00
"github.com/stretchr/testify/assert"
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
v1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
"k8s.io/apimachinery/pkg/runtime"
chore: Upgrade Go module to v2 (#5931) * chore: Upgrade Go module to v2 Signed-off-by: jannfis <jann@mistrust.net> * Restore import order Signed-off-by: jannfis <jann@mistrust.net> * fix knowntypes_normalizer codegen error Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * fix codegen Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * fix Procfile Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-04-01 18:44:18 +00:00
"github.com/argoproj/argo-cd/v2/common"
argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
"github.com/argoproj/argo-cd/v2/test"
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
)
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
// TestCompareAppStateEmpty tests comparison when both git and live have no objects
func TestCompareAppStateEmpty(t *testing.T) {
app := newFakeApp()
data := fakeData{
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
}
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
assert.NotNil(t, compRes)
Support --kube-version. (#2276)
2019-09-11 23:37:00 +00:00
assert.NotNil(t, compRes.syncStatus)
Promote resources field in ComparisonStatus to application.status Fix pruning/syncing when changing application namespace Rename DeploymentInfo to RevisionHistory to be consistent with k8s
2018-12-04 10:52:57 +00:00
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
Support --kube-version. (#2276)
2019-09-11 23:37:00 +00:00
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
Issue #2453 - Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2454)
2019-10-11 00:26:53 +00:00
assert.Len(t, app.Status.Conditions, 0)
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
}
Adds support for Helm 1st-class. Closes #1145 (#1865)
2019-09-06 22:37:25 +00:00
// TestCompareAppStateMissing tests when there is a manifest defined in the repo which doesn't exist in live
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
func TestCompareAppStateMissing(t *testing.T) {
app := newFakeApp()
data := fakeData{
apps: []runtime.Object{app},
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
Manifests: []string{PodManifest},
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
assert.NotNil(t, compRes)
Support --kube-version. (#2276)
2019-09-11 23:37:00 +00:00
assert.NotNil(t, compRes.syncStatus)
Promote resources field in ComparisonStatus to application.status Fix pruning/syncing when changing application namespace Rename DeploymentInfo to RevisionHistory to be consistent with k8s
2018-12-04 10:52:57 +00:00
assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status)
Support --kube-version. (#2276)
2019-09-11 23:37:00 +00:00
assert.Len(t, compRes.resources, 1)
assert.Len(t, compRes.managedResources, 1)
Issue #2453 - Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2454)
2019-10-11 00:26:53 +00:00
assert.Len(t, app.Status.Conditions, 0)
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
}
Issue #355 - Treat 'crd-install' hooks as normal k8s resource (#792)
2018-11-17 01:12:21 +00:00
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
// TestCompareAppStateExtra tests when there is an extra object in live but not defined in git
func TestCompareAppStateExtra(t *testing.T) {
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
pod := NewPod()
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
pod.SetNamespace(test.FakeDestNamespace)
app := newFakeApp()
Issue #747 - Declaratively add helm repositories (#864)
2018-12-03 23:15:37 +00:00
key := kube.ResourceKey{Group: "", Kind: "Pod", Namespace: test.FakeDestNamespace, Name: app.Name}
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
data := fakeData{
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
key: pod,
},
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
assert.NotNil(t, compRes)
Promote resources field in ComparisonStatus to application.status Fix pruning/syncing when changing application namespace Rename DeploymentInfo to RevisionHistory to be consistent with k8s
2018-12-04 10:52:57 +00:00
assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status)
assert.Equal(t, 1, len(compRes.resources))
assert.Equal(t, 1, len(compRes.managedResources))
Issue #2453 - Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2454)
2019-10-11 00:26:53 +00:00
assert.Equal(t, 0, len(app.Status.Conditions))
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
}
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
// TestCompareAppStateHook checks that hooks are detected during manifest generation, and not
// considered as part of resources when assessing Synced status
func TestCompareAppStateHook(t *testing.T) {
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
pod := NewPod()
pod.SetAnnotations(map[string]string{synccommon.AnnotationKeyHook: "PreSync"})
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
podBytes, _ := json.Marshal(pod)
app := newFakeApp()
data := fakeData{
apps: []runtime.Object{app},
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
Manifests: []string{string(podBytes)},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
assert.NotNil(t, compRes)
Promote resources field in ComparisonStatus to application.status Fix pruning/syncing when changing application namespace Rename DeploymentInfo to RevisionHistory to be consistent with k8s
2018-12-04 10:52:57 +00:00
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Equal(t, 0, len(compRes.resources))
assert.Equal(t, 0, len(compRes.managedResources))
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
assert.Equal(t, 1, len(compRes.reconciliationResult.Hooks))
Issue #2453 - Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2454)
2019-10-11 00:26:53 +00:00
assert.Equal(t, 0, len(app.Status.Conditions))
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
}
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
fix: skipped resources should not impact sync status (#3986) * fix: skipped resources should not impact sync status Signed-off-by: darshanime <deathbullet@gmail.com>
2020-07-30 17:09:12 +00:00
// TestCompareAppStateSkipHook checks that skipped resources are detected during manifest generation, and not
// considered as part of resources when assessing Synced status
func TestCompareAppStateSkipHook(t *testing.T) {
pod := NewPod()
pod.SetAnnotations(map[string]string{synccommon.AnnotationKeyHook: "Skip"})
podBytes, _ := json.Marshal(pod)
app := newFakeApp()
data := fakeData{
apps: []runtime.Object{app},
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{string(podBytes)},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
fix: skipped resources should not impact sync status (#3986) * fix: skipped resources should not impact sync status Signed-off-by: darshanime <deathbullet@gmail.com>
2020-07-30 17:09:12 +00:00
assert.NotNil(t, compRes)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Equal(t, 1, len(compRes.resources))
assert.Equal(t, 1, len(compRes.managedResources))
assert.Equal(t, 0, len(compRes.reconciliationResult.Hooks))
assert.Equal(t, 0, len(app.Status.Conditions))
}
Adds Prune=false and IgnoreExtraneous options (#1680)
2019-06-07 15:46:11 +00:00
// checks that ignore resources are detected, but excluded from status
func TestCompareAppStateCompareOptionIgnoreExtraneous(t *testing.T) {
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
pod := NewPod()
Adds Prune=false and IgnoreExtraneous options (#1680)
2019-06-07 15:46:11 +00:00
pod.SetAnnotations(map[string]string{common.AnnotationCompareOptions: "IgnoreExtraneous"})
app := newFakeApp()
data := fakeData{
apps: []runtime.Object{app},
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
Adds Prune=false and IgnoreExtraneous options (#1680)
2019-06-07 15:46:11 +00:00
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Adds Prune=false and IgnoreExtraneous options (#1680)
2019-06-07 15:46:11 +00:00
assert.NotNil(t, compRes)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
Issue #2453 - Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2454)
2019-10-11 00:26:53 +00:00
assert.Len(t, app.Status.Conditions, 0)
Adds Prune=false and IgnoreExtraneous options (#1680)
2019-06-07 15:46:11 +00:00
}
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
// TestCompareAppStateExtraHook tests when there is an extra _hook_ object in live but not defined in git
func TestCompareAppStateExtraHook(t *testing.T) {
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
pod := NewPod()
pod.SetAnnotations(map[string]string{synccommon.AnnotationKeyHook: "PreSync"})
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
pod.SetNamespace(test.FakeDestNamespace)
app := newFakeApp()
Issue #747 - Declaratively add helm repositories (#864)
2018-12-03 23:15:37 +00:00
key := kube.ResourceKey{Group: "", Kind: "Pod", Namespace: test.FakeDestNamespace, Name: app.Name}
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
data := fakeData{
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
key: pod,
},
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Issue #2146 - Fix nil pointer dereference error during app reconciliation (#2170)
2019-08-20 15:43:29 +00:00
Proper treatment of resource lifecycle hooks: (#859) * do not allow hooks to affect Synced or Health status * do not delete hooks during a sync --prune * add health statuses for jobs and pods
2018-12-03 18:27:43 +00:00
assert.NotNil(t, compRes)
Promote resources field in ComparisonStatus to application.status Fix pruning/syncing when changing application namespace Rename DeploymentInfo to RevisionHistory to be consistent with k8s
2018-12-04 10:52:57 +00:00
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Equal(t, 1, len(compRes.resources))
assert.Equal(t, 1, len(compRes.managedResources))
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
assert.Equal(t, 0, len(compRes.reconciliationResult.Hooks))
Issue #2453 - Application controller sometimes accidentally removes duplicated/excluded resource warning condition (#2454)
2019-10-11 00:26:53 +00:00
assert.Equal(t, 0, len(app.Status.Conditions))
Fix issue where helm hooks were being deployed as part of sync (issue #605)
2018-09-15 10:20:58 +00:00
}
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
func toJSON(t *testing.T, obj *unstructured.Unstructured) string {
data, err := json.Marshal(obj)
assert.NoError(t, err)
return string(data)
}
func TestCompareAppStateDuplicatedNamespacedResources(t *testing.T) {
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
obj1 := NewPod()
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
obj1.SetNamespace(test.FakeDestNamespace)
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
obj2 := NewPod()
obj3 := NewPod()
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
obj3.SetNamespace("kube-system")
fix: allow duplicates when using generateName (#3878) * Generate Name field generates names when created so should not cause a duplication warning * Updating existing test case to check no additional conditions are added
2020-07-21 17:15:41 +00:00
obj4 := NewPod()
obj4.SetGenerateName("my-pod")
obj4.SetName("")
obj5 := NewPod()
obj5.SetName("")
obj5.SetGenerateName("my-pod")
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
app := newFakeApp()
data := fakeData{
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
fix: allow duplicates when using generateName (#3878) * Generate Name field generates names when created so should not cause a duplication warning * Updating existing test case to check no additional conditions are added
2020-07-21 17:15:41 +00:00
Manifests: []string{toJSON(t, obj1), toJSON(t, obj2), toJSON(t, obj3), toJSON(t, obj4), toJSON(t, obj5)},
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
kube.GetResourceKey(obj1): obj1,
kube.GetResourceKey(obj3): obj3,
},
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Issue #2146 - Fix nil pointer dereference error during app reconciliation (#2170)
2019-08-20 15:43:29 +00:00
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
assert.NotNil(t, compRes)
Add Time to ApplicationCondition. (#2417)
2019-10-17 02:29:52 +00:00
assert.Equal(t, 1, len(app.Status.Conditions))
assert.NotNil(t, app.Status.Conditions[0].LastTransitionTime)
assert.Equal(t, argoappv1.ApplicationConditionRepeatedResourceWarning, app.Status.Conditions[0].Type)
assert.Equal(t, "Resource /Pod/fake-dest-ns/my-pod appeared 2 times among application resources.", app.Status.Conditions[0].Message)
fix: allow duplicates when using generateName (#3878) * Generate Name field generates names when created so should not cause a duplication warning * Updating existing test case to check no additional conditions are added
2020-07-21 17:15:41 +00:00
assert.Equal(t, 4, len(compRes.resources))
Issue #1070 - Handle duplicated resource definitions (#1284)
2019-03-18 20:21:03 +00:00
}
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
var defaultProj = argoappv1.AppProject{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: test.FakeArgoCDNamespace,
},
Spec: argoappv1.AppProjectSpec{
SourceRepos: []string{"*"},
Destinations: []argoappv1.ApplicationDestination{
{
Server: "*",
Namespace: "*",
},
},
},
}
func TestSetHealth(t *testing.T) {
app := newFakeApp()
deployment := kube.MustToUnstructured(&v1.Deployment{
TypeMeta: metav1.TypeMeta{
APIVersion: "apps/v1beta1",
Kind: "Deployment",
},
ObjectMeta: metav1.ObjectMeta{
Name: "demo",
Namespace: "default",
},
})
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app, &defaultProj},
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
kube.GetResourceKey(deployment): deployment,
},
})
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
assert.Equal(t, compRes.healthStatus.Status, health.HealthStatusHealthy)
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
}
func TestSetHealthSelfReferencedApp(t *testing.T) {
app := newFakeApp()
unstructuredApp := kube.MustToUnstructured(app)
deployment := kube.MustToUnstructured(&v1.Deployment{
TypeMeta: metav1.TypeMeta{
APIVersion: "apps/v1beta1",
Kind: "Deployment",
},
ObjectMeta: metav1.ObjectMeta{
Name: "demo",
Namespace: "default",
},
})
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app, &defaultProj},
Issues #1513 - Make sure insecure flag works for remote Kustomize bases (#1934) * Make sure insecure flag works for remote Kustomize bases
2019-07-13 00:17:23 +00:00
manifestResponse: &apiclient.ManifestResponse{
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
},
managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{
kube.GetResourceKey(deployment): deployment,
kube.GetResourceKey(unstructuredApp): unstructuredApp,
},
})
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
assert.Equal(t, compRes.healthStatus.Status, health.HealthStatusHealthy)
ISsue #1557 - Controller incorrectly report health state of self managed application (#1558)
2019-05-02 21:38:37 +00:00
}
Issue #1167 - Implement orphan resources support (#2103)
2019-08-19 15:14:48 +00:00
func TestSetManagedResourcesWithOrphanedResources(t *testing.T) {
proj := defaultProj.DeepCopy()
proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{}
app := newFakeApp()
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app, proj},
namespacedResources: map[kube.ResourceKey]namespacedResource{
kube.NewResourceKey("apps", kube.DeploymentKind, app.Namespace, "guestbook"): {
ResourceNode: argoappv1.ResourceNode{
ResourceRef: argoappv1.ResourceRef{Kind: kube.DeploymentKind, Name: "guestbook", Namespace: app.Namespace},
},
AppName: "",
},
},
})
tree, err := ctrl.setAppManagedResources(app, &comparisonResult{managedResources: make([]managedResource, 0)})
assert.NoError(t, err)
assert.Equal(t, len(tree.OrphanedNodes), 1)
assert.Equal(t, "guestbook", tree.OrphanedNodes[0].Name)
assert.Equal(t, app.Namespace, tree.OrphanedNodes[0].Namespace)
}
func TestSetManagedResourcesWithResourcesOfAnotherApp(t *testing.T) {
proj := defaultProj.DeepCopy()
proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{}
app1 := newFakeApp()
app1.Name = "app1"
app2 := newFakeApp()
app2.Name = "app2"
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app1, app2, proj},
namespacedResources: map[kube.ResourceKey]namespacedResource{
kube.NewResourceKey("apps", kube.DeploymentKind, app2.Namespace, "guestbook"): {
ResourceNode: argoappv1.ResourceNode{
ResourceRef: argoappv1.ResourceRef{Kind: kube.DeploymentKind, Name: "guestbook", Namespace: app2.Namespace},
},
AppName: "app2",
},
},
})
tree, err := ctrl.setAppManagedResources(app1, &comparisonResult{managedResources: make([]managedResource, 0)})
assert.NoError(t, err)
assert.Equal(t, len(tree.OrphanedNodes), 0)
}
Issue #2146 - Fix nil pointer dereference error during app reconciliation (#2170)
2019-08-20 15:43:29 +00:00
func TestReturnUnknownComparisonStateOnSettingLoadError(t *testing.T) {
proj := defaultProj.DeepCopy()
proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{}
app := newFakeApp()
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app, proj},
configMapData: map[string]string{
"resource.customizations": "invalid setting",
},
})
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
Issue #2146 - Fix nil pointer dereference error during app reconciliation (#2170)
2019-08-20 15:43:29 +00:00
feat: Gitops engine (#3066) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes
2020-05-15 17:01:18 +00:00
assert.Equal(t, health.HealthStatusUnknown, compRes.healthStatus.Status)
Issue #2146 - Fix nil pointer dereference error during app reconciliation (#2170)
2019-08-20 15:43:29 +00:00
assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status)
}
Issue #1167 - Excluded known orphaned resources exceptions (#2178)
2019-08-20 22:48:37 +00:00
func TestSetManagedResourcesKnownOrphanedResourceExceptions(t *testing.T) {
proj := defaultProj.DeepCopy()
proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{}
app := newFakeApp()
app.Namespace = "default"
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app, proj},
namespacedResources: map[kube.ResourceKey]namespacedResource{
kube.NewResourceKey("apps", kube.DeploymentKind, app.Namespace, "guestbook"): {
ResourceNode: argoappv1.ResourceNode{ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: kube.DeploymentKind, Name: "guestbook", Namespace: app.Namespace}},
},
kube.NewResourceKey("", kube.ServiceAccountKind, app.Namespace, "default"): {
ResourceNode: argoappv1.ResourceNode{ResourceRef: argoappv1.ResourceRef{Kind: kube.ServiceAccountKind, Name: "default", Namespace: app.Namespace}},
},
kube.NewResourceKey("", kube.ServiceKind, app.Namespace, "kubernetes"): {
ResourceNode: argoappv1.ResourceNode{ResourceRef: argoappv1.ResourceRef{Kind: kube.ServiceAccountKind, Name: "kubernetes", Namespace: app.Namespace}},
},
},
})
tree, err := ctrl.setAppManagedResources(app, &comparisonResult{managedResources: make([]managedResource, 0)})
assert.NoError(t, err)
assert.Len(t, tree.OrphanedNodes, 1)
assert.Equal(t, "guestbook", tree.OrphanedNodes[0].Name)
}
Fix bug preventing Helm CRDs from being installed (#2500)
2019-10-16 17:12:38 +00:00
Adds revision history limit. Closes #2790 (#2818) * Adds revision history limit. Closes #2790
2019-12-13 19:14:43 +00:00
func Test_appStateManager_persistRevisionHistory(t *testing.T) {
app := newFakeApp()
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app},
})
manager := ctrl.appStateManager.(*appStateManager)
setRevisionHistoryLimit := func(value int) {
i := int64(value)
app.Spec.RevisionHistoryLimit = &i
}
addHistory := func() {
feat: add time taken to complete deployment (#3715) * feat: add time taken to complete deployment Signed-off-by: darshanime <deathbullet@gmail.com> * feat: add test for adding deploy started at time Signed-off-by: darshanime <deathbullet@gmail.com> * feat: use hourglass for time to deploy Signed-off-by: darshanime <deathbullet@gmail.com> * feat: add comments to RevisionHistory fields Signed-off-by: darshanime <deathbullet@gmail.com>
2020-06-10 12:28:40 +00:00
err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, metav1.Time{})
Adds revision history limit. Closes #2790 (#2818) * Adds revision history limit. Closes #2790
2019-12-13 19:14:43 +00:00
assert.NoError(t, err)
}
addHistory()
assert.Len(t, app.Status.History, 1)
addHistory()
assert.Len(t, app.Status.History, 2)
addHistory()
assert.Len(t, app.Status.History, 3)
addHistory()
assert.Len(t, app.Status.History, 4)
addHistory()
assert.Len(t, app.Status.History, 5)
addHistory()
assert.Len(t, app.Status.History, 6)
addHistory()
assert.Len(t, app.Status.History, 7)
addHistory()
assert.Len(t, app.Status.History, 8)
addHistory()
assert.Len(t, app.Status.History, 9)
addHistory()
assert.Len(t, app.Status.History, 10)
// default limit is 10
addHistory()
assert.Len(t, app.Status.History, 10)
// increase limit
setRevisionHistoryLimit(11)
addHistory()
assert.Len(t, app.Status.History, 11)
// decrease limit
setRevisionHistoryLimit(9)
addHistory()
assert.Len(t, app.Status.History, 9)
feat: add time taken to complete deployment (#3715) * feat: add time taken to complete deployment Signed-off-by: darshanime <deathbullet@gmail.com> * feat: add test for adding deploy started at time Signed-off-by: darshanime <deathbullet@gmail.com> * feat: use hourglass for time to deploy Signed-off-by: darshanime <deathbullet@gmail.com> * feat: add comments to RevisionHistory fields Signed-off-by: darshanime <deathbullet@gmail.com>
2020-06-10 12:28:40 +00:00
metav1NowTime := metav1.NewTime(time.Now())
err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, metav1NowTime)
assert.NoError(t, err)
fix: use *metav1.Time for deployStartedAt (#3782) Signed-off-by: darshanime <deathbullet@gmail.com>
2020-06-16 17:10:31 +00:00
assert.Equal(t, app.Status.History.LastRevisionHistory().DeployStartedAt, &metav1NowTime)
Adds revision history limit. Closes #2790 (#2818) * Adds revision history limit. Closes #2790
2019-12-13 19:14:43 +00:00
}
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
// helper function to read contents of a file to string
// panics on error
func mustReadFile(path string) string {
b, err := ioutil.ReadFile(path)
if err != nil {
panic(err.Error())
}
return string(b)
}
var signedProj = argoappv1.AppProject{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: test.FakeArgoCDNamespace,
},
Spec: argoappv1.AppProjectSpec{
SourceRepos: []string{"*"},
Destinations: []argoappv1.ApplicationDestination{
{
Server: "*",
Namespace: "*",
},
},
SignatureKeys: []argoappv1.SignatureKey{
{
KeyID: "4AEE18F83AFDEB23",
},
},
},
}
func TestSignedResponseNoSignatureRequired(t *testing.T) {
oldval := os.Getenv("ARGOCD_GPG_ENABLED")
os.Setenv("ARGOCD_GPG_ENABLED", "true")
defer os.Setenv("ARGOCD_GPG_ENABLED", oldval)
// We have a good signature response, but project does not require signed commits
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/good_signature.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 0)
}
// We have a bad signature response, but project does not require signed commits
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/bad_signature_bad.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, "", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 0)
}
}
func TestSignedResponseSignatureRequired(t *testing.T) {
oldval := os.Getenv("ARGOCD_GPG_ENABLED")
os.Setenv("ARGOCD_GPG_ENABLED", "true")
defer os.Setenv("ARGOCD_GPG_ENABLED", oldval)
// We have a good signature response, valid key, and signing is required - sync!
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/good_signature.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 0)
}
// We have a bad signature response and signing is required - do not sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/bad_signature_bad.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "abc123", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 1)
}
// We have a malformed signature response and signing is required - do not sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/bad_signature_malformed1.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "abc123", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 1)
}
// We have no signature response (no signature made) and signing is required - do not sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: "",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "abc123", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 1)
}
// We have a good signature and signing is required, but key is not allowed - do not sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/good_signature.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
testProj := signedProj
testProj.Spec.SignatureKeys[0].KeyID = "4AEE18F83AFDEB24"
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &testProj, "abc123", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 1)
assert.Contains(t, app.Status.Conditions[0].Message, "key is not allowed")
}
// Signature required and local manifests supplied - do not sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: "",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
// it doesn't matter for our test whether local manifests are valid
localManifests := []string{"foobar"}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "abc123", app.Spec.Source, false, false, localManifests)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 1)
assert.Contains(t, app.Status.Conditions[0].Message, "Cannot use local manifests")
}
os.Setenv("ARGOCD_GPG_ENABLED", "false")
// We have a bad signature response and signing would be required, but GPG subsystem is disabled - sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: mustReadFile("../util/gpg/testdata/bad_signature_bad.txt"),
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "abc123", app.Spec.Source, false, false, nil)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 0)
}
// Signature required and local manifests supplied and GPG subystem is disabled - sync
{
app := newFakeApp()
data := fakeData{
manifestResponse: &apiclient.ManifestResponse{
Manifests: []string{},
Namespace: test.FakeDestNamespace,
Server: test.FakeClusterURL,
Revision: "abc123",
VerifyResult: "",
},
managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
}
// it doesn't matter for our test whether local manifests are valid
localManifests := []string{""}
ctrl := newFakeController(&data)
feat: cache resolved git/helm repository revisions (#6102) * feat: cache resolved git/helm repository revisions Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2021-05-19 19:30:15 +00:00
compRes := ctrl.appStateManager.CompareAppState(app, &signedProj, "abc123", app.Spec.Source, false, false, localManifests)
feat: GPG commit signature verification (#2492) (#3242) * Add initial primitives and tests for GPG related operations * More tests and test documentation * Move gpg primitives to own module * Add initial primitives for running git verify-commit and tests * Improve and better comment test * Implement VerifyCommitSignature() primitive for metrics wrapper * More commentary * Make reposerver verify gpg signatures when generating manifests * Make signature validation optional * Forbid use of local manifests when signature verification is enabled * Introduce new signatureKeys field in project CRD * Initial support for only syncing against signed revisions * Updates to GnuPG primitives and more test cases * Move signature verification to correct place and add tests * Add signature verification result to revision metadata and display it in UI * Add more primitives and move out some stuff to common module * Add more testdata * Add key management primitives to ArgoDB * Move type GnuPGPublicKey to appsv1 package * Add const ArgoCDGPGKeysConfigMapName * Handle key operations with appsv1.GnuPGPublicKey * Add initial API for managing GPG keys * Remove deprecated code * Add primitives for adding public keys to configuration * Change semantics of ValidateGPGKeys to return more key information * Add key import functionality to public key API * Fix code quirks reported by linter * More code quirks fixes * Fix test * Add primitives for deleting keys from configuration * Add delete key operation to API and CLI * Cosmetics * Implement logic to sync configuration to keyring in repo-server * Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes * Use gpg.IsGPGEnabled() instead of custom test * Remove all keyring manipulating methods from DB * Cosmetics/comments * Require grpc methods from argoproj pkg * Enable setting config path via ARGOCD_GPG_DATA_PATH * Allow "no" and any cases in ARGOCD_GPG_ENABLED * Enable GPG feature on start and start-e2e and set required environment * Cosmetics/comments * Cosmetics and commentary * Update API documentation * Fix comment * Only run GPG related operations if GPG is enabled * Allow setting ARGOCD_GPG_ENABLE from the environment * Create GPG ConfigMap resource during installation * Use function instead of constant to get the watcher path * Re-watch source path in case it gets recreated. Also, error on finish * Add End-to-End tests for GPG commit verification * Introduce SignatureKey type for AppProject CRD * Fix merge error from previous commit * Adapt test for additional manifest (argocd-gpg-keys-cm.yaml) * Fix linter issues * Adapt CircleCI configuration to enable running tests * Add wrapper scripts for git and gpg * Sigh. * Display gpg version in CircleCI * Install gnupg2 and link it to gpg in CI * Try to install gnupg2 in CircleCI image * More CircleCI tweaks * # This is a combination of 10 commits. # This is the 1st commit message: Containerize tests - test cycle # This is the commit message #2: adapt working directory # This is the commit message #3: Build before running tests (so we might have a cache) # This is the commit message #4: Test limiting parallelism # This is the commit message #5: Remove unbound variable # This is the commit message #6: Decrease parallelism to find out limit # This is the commit message #7: Use correct flag # This is the commit message #8: Update Docker image # This is the commit message #9: Remove build phase and increase parallelism # This is the commit message #10: Further increase parallelism * Dockerize toolchain * Add new targets to Makefile * Codegen * Properly handle permissions for E2E tests * Remove gnupg2 installation from CircleCI configuration * Limit parallelism of build * Fix Yarn lint * Retrigger CI for possible flaky test * Codegen * Remove duplicate target in Makefile * Pull in pager from dep ensure -v * Adapt to gitops-engine changes and codegen * Use new health package for health status constants * Add GPG methods to ArgoDB mock module * Fix possible nil pointer dereference * Fix linter issue in imports * Introduce RBAC resource type 'gpgkeys' and adapt policies * Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration Also remove some deprecated unit tests. * Also register GPG keys API with gRPC-GW * Update from codegen * Update GPG key API * Add web UI to manage GPG keys * Lint updates * Change wording * Add some plausibility checks for supplied data on key creation * Update from codegen * Re-allow binary keys and move check for ASCII armoured to UI * Make yarn lint happy * Add editing signature keys for projects in UI * Add ability to configure signature keys for project in CLI * Change default value to use for GNUPGHOME * Do not include data section in default gpg keys CM * Adapt Docker image for GnuPG feature * Add required configuration to installation manifests * Add add-signature-key and remove-signature-key commands to project CLI * Fix typo * Add initial user documentation for GnuPG verification * Fix role name - oops * Mention required RBAC roles in docs * Support GPG verification of git annotated tags as well * Ensure CLI can build succesfully * Better support verification on tags * Print key type in upper case * Update user documentation * Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false * Clarify that this feature is only available with Git repositories * codegen * Move verification code to own function * Remove deprecated check * Make things more developer friendly when running locally * Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set * Revert changes to manifests to reflect default enable state * Codegen
2020-06-22 16:21:53 +00:00
assert.NotNil(t, compRes)
assert.NotNil(t, compRes.syncStatus)
assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status)
assert.Len(t, compRes.resources, 0)
assert.Len(t, compRes.managedResources, 0)
assert.Len(t, app.Status.Conditions, 0)
}
}
feat: implement 'argocd-util apps get-reconcile-results command' (#3888) * feat: implement 'argocd-util apps get-reconcile-results' command * implement missing unit tests
2020-07-02 20:47:56 +00:00
func TestComparisonResult_GetHealthStatus(t *testing.T) {
status := &argoappv1.HealthStatus{Status: health.HealthStatusMissing}
res := comparisonResult{
healthStatus: status,
}
assert.Equal(t, status, res.GetHealthStatus())
}
func TestComparisonResult_GetSyncStatus(t *testing.T) {
status := &argoappv1.SyncStatus{Status: argoappv1.SyncStatusCodeOutOfSync}
res := comparisonResult{
syncStatus: status,
}
assert.Equal(t, status, res.GetSyncStatus())
}
Reference in a new issue Copy permalink