* feat: add --headless flag to Argo CD CLI command
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* docs: add headless installation manifests and documentation
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* Apply reviewer notes
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* Remove port forwarding logs
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* initial draft of adding tests for OCI
Signed-off-by: May Zhang <may_zhang@intuit.com>
* fix: initial draft of adding tests for OCI
Signed-off-by: May Zhang <may_zhang@intuit.com>
* bring up registry for tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* bring up registry for tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* bring up registry for tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* fix: just to test if PR is working
Signed-off-by: May Zhang <may_zhang@intuit.com>
* adding additional helm oci dependencies tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* feat: Dockerized *-docs Makefile commands
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* removed the deprecated target(publish-docs) and added a local build and serve target
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* chore: Add a GitHub action that runs unit tests with -race to CI build (#4774)
Signed-off-by: Jonathan West <jonwest@redhat.com>
* chore: Add a GitHub action that runs unit tests with -race to CI build (#4774)
Signed-off-by: Jonathan West <jonwest@redhat.com>
* Add "chown" to gpg/keys in "start-local" target that so that repo-server can access gpg keys.
* * Set -u uid:gid in the docker run commands so that test images are run under the current user.
* test Procfile processes will not need to perform "su" to default user (which has the current user's uid/gid)
* Remove chown in start-e2e-local
* clean up, remove "bash -c"
* Test containers are run as uid 0 which allows uid_entrypoint.sh to perform some user setup. uid_entrypoint.sh creates a non-root user (default) and enables passwordless sudo for that user. The container entry point command is run as the non-root user. "goreman start" does "sudo" to to the processes that need root permission including sshd, fcgiwrap, and nginix. The other processes are running as the non-root user.
* use /bin/bash
* change back to sh
* Docker image to create unpriveleged testuser and enable passwordless sudo for that user
* Use kustomize v3 to build ArgoCD manifests
* Update to test-tools-image v0.3.0
* Reorder patches so Kustomize v3 will properly find targets
* adding back these changes
* Use the generated files.
* changed the namespace
* changed kustomize version to 3.8.1 to be in sync with the one in tool-version.sh
* revert changes in makefile
* Re-run codegen
Co-authored-by: Zhang <may_zhang@intuit.com>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* fix: Do not use -i flag when building CLI
* Debug output
* re-disable CGO
* increase timeout
* correctly create dist directory before e2e server
* Revert
* chore: make make cli use virtualized toolchain
Signed-off-by: darshanime <deathbullet@gmail.com>
* chore: use cli-local in Dockerfile
Signed-off-by: darshanime <deathbullet@gmail.com>
* chore: use cli-local in Dockerfile
Signed-off-by: darshanime <deathbullet@gmail.com>
* Add initial primitives and tests for GPG related operations
* More tests and test documentation
* Move gpg primitives to own module
* Add initial primitives for running git verify-commit and tests
* Improve and better comment test
* Implement VerifyCommitSignature() primitive for metrics wrapper
* More commentary
* Make reposerver verify gpg signatures when generating manifests
* Make signature validation optional
* Forbid use of local manifests when signature verification is enabled
* Introduce new signatureKeys field in project CRD
* Initial support for only syncing against signed revisions
* Updates to GnuPG primitives and more test cases
* Move signature verification to correct place and add tests
* Add signature verification result to revision metadata and display it in UI
* Add more primitives and move out some stuff to common module
* Add more testdata
* Add key management primitives to ArgoDB
* Move type GnuPGPublicKey to appsv1 package
* Add const ArgoCDGPGKeysConfigMapName
* Handle key operations with appsv1.GnuPGPublicKey
* Add initial API for managing GPG keys
* Remove deprecated code
* Add primitives for adding public keys to configuration
* Change semantics of ValidateGPGKeys to return more key information
* Add key import functionality to public key API
* Fix code quirks reported by linter
* More code quirks fixes
* Fix test
* Add primitives for deleting keys from configuration
* Add delete key operation to API and CLI
* Cosmetics
* Implement logic to sync configuration to keyring in repo-server
* Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes
* Use gpg.IsGPGEnabled() instead of custom test
* Remove all keyring manipulating methods from DB
* Cosmetics/comments
* Require grpc methods from argoproj pkg
* Enable setting config path via ARGOCD_GPG_DATA_PATH
* Allow "no" and any cases in ARGOCD_GPG_ENABLED
* Enable GPG feature on start and start-e2e and set required environment
* Cosmetics/comments
* Cosmetics and commentary
* Update API documentation
* Fix comment
* Only run GPG related operations if GPG is enabled
* Allow setting ARGOCD_GPG_ENABLE from the environment
* Create GPG ConfigMap resource during installation
* Use function instead of constant to get the watcher path
* Re-watch source path in case it gets recreated. Also, error on finish
* Add End-to-End tests for GPG commit verification
* Introduce SignatureKey type for AppProject CRD
* Fix merge error from previous commit
* Adapt test for additional manifest (argocd-gpg-keys-cm.yaml)
* Fix linter issues
* Adapt CircleCI configuration to enable running tests
* Add wrapper scripts for git and gpg
* Sigh.
* Display gpg version in CircleCI
* Install gnupg2 and link it to gpg in CI
* Try to install gnupg2 in CircleCI image
* More CircleCI tweaks
* # This is a combination of 10 commits.
# This is the 1st commit message:
Containerize tests - test cycle
# This is the commit message #2:
adapt working directory
# This is the commit message #3:
Build before running tests (so we might have a cache)
# This is the commit message #4:
Test limiting parallelism
# This is the commit message #5:
Remove unbound variable
# This is the commit message #6:
Decrease parallelism to find out limit
# This is the commit message #7:
Use correct flag
# This is the commit message #8:
Update Docker image
# This is the commit message #9:
Remove build phase and increase parallelism
# This is the commit message #10:
Further increase parallelism
* Dockerize toolchain
* Add new targets to Makefile
* Codegen
* Properly handle permissions for E2E tests
* Remove gnupg2 installation from CircleCI configuration
* Limit parallelism of build
* Fix Yarn lint
* Retrigger CI for possible flaky test
* Codegen
* Remove duplicate target in Makefile
* Pull in pager from dep ensure -v
* Adapt to gitops-engine changes and codegen
* Use new health package for health status constants
* Add GPG methods to ArgoDB mock module
* Fix possible nil pointer dereference
* Fix linter issue in imports
* Introduce RBAC resource type 'gpgkeys' and adapt policies
* Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration
Also remove some deprecated unit tests.
* Also register GPG keys API with gRPC-GW
* Update from codegen
* Update GPG key API
* Add web UI to manage GPG keys
* Lint updates
* Change wording
* Add some plausibility checks for supplied data on key creation
* Update from codegen
* Re-allow binary keys and move check for ASCII armoured to UI
* Make yarn lint happy
* Add editing signature keys for projects in UI
* Add ability to configure signature keys for project in CLI
* Change default value to use for GNUPGHOME
* Do not include data section in default gpg keys CM
* Adapt Docker image for GnuPG feature
* Add required configuration to installation manifests
* Add add-signature-key and remove-signature-key commands to project CLI
* Fix typo
* Add initial user documentation for GnuPG verification
* Fix role name - oops
* Mention required RBAC roles in docs
* Support GPG verification of git annotated tags as well
* Ensure CLI can build succesfully
* Better support verification on tags
* Print key type in upper case
* Update user documentation
* Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false
* Clarify that this feature is only available with Git repositories
* codegen
* Move verification code to own function
* Remove deprecated check
* Make things more developer friendly when running locally
* Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set
* Revert changes to manifests to reflect default enable state
* Codegen
* chore: Migrate CI to GitHub actions
* Do not install golangci-lint, we use the action
* Integrate codecov.io upload
* Use some better names for analyze job & steps
* go mod tidy
* Update tools
* Disable CircleCI completely
* Satisfy CircleCI with a dummy step until it's disabled
* chore: Migrate to Go modules
* Update CircleCI config
* Fix path
* Attach vendor for test step correctly
* restore_vendor -> attach_vendor
* Update cache path
* Checkout code before attaching vendor
* Move checkout to even earlier in job
* Don't restore cache for e2e step
* .
* Explicitly set GOPATH
* Restore Build cache
* Fix permissions
* Set correct environment for docker env
* Uncache everything
* Fix permissions
* Use workspace for caching Go code
* .
* go mod tidy
* Try to speed up builds
* Make mod target implicit dependencies
* Do not call make mod-download or mod-vendor
* Fix permissions
* Don't have modules dependendencies on test-e2e-local
* Fix confgi
* Bye bye
* Remove test parallelism
* Get max test parallelism back in, but with lower value
* Run "dep check" in CircleCI pipeline to detect for changes in Gopkg.lock
* Run dep check after restoring vendor cache
* Use -skip-vendor on dep check
Necessary STDIN changes to support Windows
Added support for SE Linux
Informational message about linting OOM
Updated due to latest helm stable being 3.x
* util/localconfig: prefer HOME env var over os/user
The os/user package requires that the current user be in /etc/passwd.
That complicates executing the argocd command in a docker container
when the UID:GID of the executing user is overridden.
This is often done in order to have files generated inside a docker
container have their ownership set to match the uid/gid of the host
user.
For example,
```sh
docker run -ti -u "$(id -u "${USER}"):$(id -g "${USER}")" argocd:latest ...
```
* Makefile: use pinned dev image dependencies to run make lint
* Update Gopkg.toml
* Update Gopkg.lock
* Add new test-coverage command
* Update .gitignore to ignore coverage.out
* Test injection of COVERALLS_TOKEN variable
* Add draft of .travis.yml
* Rm recursive coveralls token
* Ensure that goveralls gets installed
* Rm second Go version
* Update workflow with coverage testing
* Change service from argo to argo-ci
* Rm .travis.yml
* Try setting coveralls token more explicitly
* Try file-based instead of env-based token
* Try both methods of providing token
* Go back to just env-based token
* Update with another printout test
* Try using container, thanks @alexmt
* Simplify for now, take 2
* Rm quotes
* Move env to ci-builder template
* Rm coveralls token
* Add coverage badge for current branch, take 2
* Add else statement for output in case of missing token
* Ensure we use the race detector
* Don't install goveralls with dep ensure
* Update generated files
* Try ignoring intermediate files
* Don't use race detector for now
* Try new pattern to ignore
* Try different pattern now
* Try different ignore path
* Try a different ignore style
* Ignore generated protobuf files properly now
* Rm standalone test since we have test-coverage
* update getting started to work for post 0.6
* create central install manifest from individual manifests
* point e2e tests to correct manifests dir
* Update roles required by api-server and application-controller to include CRUD on appproject CRD.
* Added back explanations of keys in the secret manifests
NOTE: install.yaml will need change to use a hard wired version (e.g. v0.6.0) in a subsequent checkin.
* Take first shot at enable CGO on Linux
* Simplify CGO_ENABLED flag check
* Use curly braces for consistency
* Build CLI with CGO if possible, thanks @jessesuen
This change implements SSO support.
dex is run as a sidecar to the ArgoCD API server, which fronts dex using a reverse proxy. The end result is that the ArgoCD acts as an OIDC provider serving under /api/dex. The login flow begins at /auth/login, which redirects to the Dex's OAuth2 consent page and ultimately directed to the IdP provider's login page, where they enter their credentials. After logging in, the OAuth2 redirect flows back to the client app, ultimately reaching /auth/callback, where the OIDC token claims are signed, and persisted in the users's cookie.
The dex configuration YAML is formulated during startup (through the argocd-util utility), with the configuration values taken from the argocd-cm configmap and the argocd-secret.
The build process was refactored to build argocd-util statically, so that it could be run inside off-the-shelf dex, which is built from alpine. Also, build speed was improved by expanding the default make targets in the Dockerfile, to avoid rebuilding each binary from scratch
Session management was refactored to use more bare-bones jwt library constructs, so we could reuse code from the user/password flow vs. OAuth2 flow.
* Initial SSO support. Run dex as sidecar. Generate dex config from ArgoCD cm and secret
* Sign and write SSO claims to JWT cookie during SSO login. Refactor session manager
* Build argo-util statically so it can run in dex sidecar. Redirect after SSO login
* Simplify app creation process to not require communication to dex gRPC server
* Don't ask for user credentials if username and password are specified as arguments
* Add cli image make target
* Don't re-prompt username/password in PromptCredentials
