* chore: simplify sync status comparison
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* add tests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* more tests, some docs
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---------
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* chore: transmit manifest-generate-path resources to the cmp-server for plugin-based applications
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* use SecureJoin
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* make cmp manifests generation using manifest generate path annotation configurable by environment variable
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* fix missing doc running codegen-local
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* set reposerver.plugin.enable.manifests.generation.using.annotations false by default
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* define ARGOCD_REPO_SERVER_PLUGIN_ENABLE_GENERATE_MANIFESTS_USING_MANIFEST_GENERATE_PATHS_ANNOTATION properly
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* define ARGOCD_REPO_SERVER_PLUGIN_ENABLE_GENERATE_MANIFESTS_USING_MANIFEST_GENERATE_PATHS_ANNOTATION properly
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* Fix conflict
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* autogenerate install manifests
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* add note about common root path calculation for manifest paths annotation
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* log common root path calculated
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* app path must be the lower common path
Signed-off-by: Javier Solana <javier.solana@cabify.com>
* tweaks
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---------
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Javier Solana <javier.solana@cabify.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* feat: collect and log hydration commands
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix tests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* don't actually log for now
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* add helm test, handle random values file path
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* simplify; only return commands on success; only return helm template command, not helm dependency
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* kustomize test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* only return commands on success, to match Helm
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix import order
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* simplify, since we're not collecting non-template Helm commands
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fixes from comments
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---------
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* feat(helm): support `--kube-version`, `--api-versions`, and `--namespace` (#19325)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* codegen
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* handle kube and api versions per-source
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* lint
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix nil ref error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix nil ref error due to not handling multi-source in verify path
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* change casing to be more consistent with helm
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* Kustomize too
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* simplify verify path
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* add e2e tests for kustomize
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* reorder for consistency, and add more tests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* Update docs/operator-manual/application.yaml
Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
---------
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
* fix(appset): store sha from webhook to get latest change during reconcile (#16062)
Signed-off-by: dhruvang1 <dhruvang1@users.noreply.github.com>
* fix(appset): Don't use revision cache when reconciling after webhook(#16062)
Signed-off-by: dhruvang1 <dhruvang1@users.noreply.github.com>
---------
Signed-off-by: dhruvang1 <dhruvang1@users.noreply.github.com>
* fix: loosen source not permitted helm errors
With #12255, we check if a source is first permitted before running
`helm template`. This works a bit too well, since this may break
previously working manifests. If an `AppProject` has a set of
`sourceRepos` which are more restrictive than `*`, and it also has Helm
public dependencies (repos with credentials would not work with 2.7x
due to the fact they get filtered out before ending up on the repo
server). Whereas before this would work, this currently fails on
`HEAD` but not in `2.7x`.
What we instead do here is that we only run this check if the chart
failed to download - if it does then we run a check to see if the repo
is in the allowed repos list. If the repo is not in the allowed repos
list, we return the same error as in #12555, otherwise we bubble up the
error.
Should fix#13833.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: check for 401 unauthorized in error
The regex check works fine for OCI artifacts, but the flow is slightly
different for standard Helm charts (specifically when running
`helm repo add`). To get around that, we also check the error for
`401 Unauthorized`.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: loosen string check
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* Revert "chore: revert #12255 (#14858)"
This reverts commit c8ae5bc3e7.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: reword test to reduce confusion
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
---------
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
This reverts commit c651bd8de5.
Due to the imminent release of 2.8, this needs to be rolled back since
the proposed fix in #14210 cannot make it in time.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: surface source not permitted errors
For Git and Helm repositories, we filter out non-permitted urls before
submitting a `ManifestRequest` to the repo-server. While that works
fine, this also leads to very hard to debug issues in particular when
using Helm dependencies.
This (very) WIP PR adds `ProjectSourceRepos` as a parameter to
`ManifestRequest`, so we can verify that a source is in fact
permitted in order to distinguish between actual 40x errors (caused
by e.g misconfiguration) and "source not permitted" caused by not
adding the relevant sources to the AppProject config.
This still needs documentation, tests and some basic sanity checking
before proceeding further, as well as resolving whatever is causing
`make codegen` to not properly work.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: propagate project values to repo-server
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: fix failing unit tests
now onto the e2e tests...
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: fix failing e2e test(s)
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: add project params
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: add e2e test
Add Helm dependency check test.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: remove git source check
Discussed over Slack and deemed this to not be necessary at this time.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* make codegen
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: cr tweaks
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: code review tweaks
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: fix
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: wip
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: typo
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: typo
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* chore: rebase fixes
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* test: oci:// is not prefixed
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
---------
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* fix: prevent app enumeration
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
fix tests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
better comments
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
tests for streaming API calls
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
fix logging
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
logs
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
warn
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
fix reversed arg order
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* more tests, fix incorrect param use
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
similar requests
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix merge issue
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix CLI to understand permission denied is not a fatal error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix test to expect permission denied instead of validation error
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* upgrade notes
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---------
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* feat: parameterized CMPs
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* values types for parameters
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Add types for CMP announcement
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Reorg
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* finish type
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* First pass at working GetParametersAnnouncement
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Typos
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Make all fields optional
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Make sure response makes it to repo server
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Refactor for testing
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* lint
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* send build env to param announcement gen
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* test parameter announcement
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* tests
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* environ tests
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Rename workdir to app dir
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* handle empty command, start ui work (#11)
* Add types for CMP announcement
Signed-off-by: zachaller <zachaller@hotmail.com>
* Reorg
Signed-off-by: zachaller <zachaller@hotmail.com>
* finish type
Signed-off-by: zachaller <zachaller@hotmail.com>
* First pass at working GetParametersAnnouncement
Signed-off-by: zachaller <zachaller@hotmail.com>
* Typos
Signed-off-by: zachaller <zachaller@hotmail.com>
* Make all fields optional
Signed-off-by: zachaller <zachaller@hotmail.com>
* Make sure response makes it to repo server
Signed-off-by: zachaller <zachaller@hotmail.com>
* Refactor for testing
Signed-off-by: zachaller <zachaller@hotmail.com>
* values types for parameters
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* lint
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* send build env to param announcement gen
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* test parameter announcement
* tests
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* environ tests
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Rename workdir to app dir
Signed-off-by: zachaller <zachaller@hotmail.com>
* handle empty command, start ui work
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix order
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix map merging, make params read-only
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Co-authored-by: zachaller <zachaller@hotmail.com>
* Add helm PoC example plugin
Signed-off-by: zachaller <zachaller@hotmail.com>
* example as kustomize overlay
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* Parameterized cmps docs (#12)
* use printf instead of echo
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* docs
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* test for temp dir cleanup
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* handle empty params
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* handle empty values
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* consolidate types
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix tests
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* docs
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* docs
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* remove duplicate info
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* add warning about param announcements vs param values
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* tests (#13)
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* tests
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix types
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix test
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix codegen
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix codegen
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* revert test hack
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* docs correction
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix indentation
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
* fix spacing
Signed-off-by: CI <michael@crenshaw.dev>
* move util function to util file and add test
Signed-off-by: CI <michael@crenshaw.dev>
* wrap error
Signed-off-by: CI <michael@crenshaw.dev>
* correct version number
Signed-off-by: CI <michael@crenshaw.dev>
* document necessity of collectionType param
Signed-off-by: CI <michael@crenshaw.dev>
* remove part of error message that's not useful (dir name is now randomized)
Signed-off-by: CI <michael@crenshaw.dev>
* fix things so that they are not broken
Signed-off-by: CI <michael@crenshaw.dev>
* don't close file before caller gets a chance to use it
Signed-off-by: CI <michael@crenshaw.dev>
* codegen
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* comments
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix test
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* DON'T PANIC
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Signed-off-by: zachaller <zachaller@hotmail.com>
Signed-off-by: CI <michael@crenshaw.dev>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: zachaller <zachaller@hotmail.com>
