* Refactor application controller sync/apply loop
* always run kubectl apply --dry-run before the actual apply
* remove incorrect logic skip apply if comparator reported Synced
* rename status to phase
* distinguish failures from errors
* consolidate fields between OperationState and SyncOperationResult
* Disable migration code which referenced removed fields
* Add temp migrate utility
* Fix errors, separate out migrate for now
* Update script with suggestions from @jessesuen
* Check for localhost, server address now; print with log, not fmt
* Add more log lines, standardize output, fix args
* Improve feedback, thanks @alexmt
* Rename migration script, thanks @jessesuen
* Don't run UpdateSpec unless a change has occurred
* Move migrate => hack/migrate, thanks @jessesuen
* Support OAuth2 login flow from CLI (resolves#172)
* Refactor SessionManager to handle local and OAuth2 logins.
* argo login will request permanent credentials after OAuth2 flow
* Implement proper OIDC app state nonce. Add explicit `--sso` flag to `argo login`
* Issue #146 - ArgoCD applications should have a rolled up health status
* Apply reviewer notes: rename healthState to health; rename HealthState to HealthStatus
* added a general purpose GetFile RPC and remove GetKsonnetApp RPC
* reposerver did not talk to kubernetes -- removed all k8s imports
* git client refactored to simply method signatures
* Expand unit tests for Git functions
* Update tests for IsSSHUrl
* Add TODO
* Add EnsureSuffix tests
* Add EnsureSuffix function
* Lowercase repo name in secret name
* Expand normalization and related tests
* Add tests for EnsurePrefix
* Rm redundant strings.ToLower
* Update repository names to fix broken tests
* Expand tests some more to include missing .git suffix, thanks @jessesuen
* Add additional repository tests, thanks @jessesuen
* Fix typo in comment
* Add prototype script and temp README
* Clean up code and support command-line args
* Flesh out logic more now
* Start workflow
* Update Blue-Green workflow
* Rm original example script
* Update comments
* Add argo parameters; use compact output for jq
* Fix some missing values, use workflow parameters
* Separate out necessary parameters/outputs
* Get bluegreen workflow working
* Mv bluegreen.yaml to workflows/, thanks @jessesuen
* Rm TODO statements
This change implements SSO support.
dex is run as a sidecar to the ArgoCD API server, which fronts dex using a reverse proxy. The end result is that the ArgoCD acts as an OIDC provider serving under /api/dex. The login flow begins at /auth/login, which redirects to the Dex's OAuth2 consent page and ultimately directed to the IdP provider's login page, where they enter their credentials. After logging in, the OAuth2 redirect flows back to the client app, ultimately reaching /auth/callback, where the OIDC token claims are signed, and persisted in the users's cookie.
The dex configuration YAML is formulated during startup (through the argocd-util utility), with the configuration values taken from the argocd-cm configmap and the argocd-secret.
The build process was refactored to build argocd-util statically, so that it could be run inside off-the-shelf dex, which is built from alpine. Also, build speed was improved by expanding the default make targets in the Dockerfile, to avoid rebuilding each binary from scratch
Session management was refactored to use more bare-bones jwt library constructs, so we could reuse code from the user/password flow vs. OAuth2 flow.
* Initial SSO support. Run dex as sidecar. Generate dex config from ArgoCD cm and secret
* Sign and write SSO claims to JWT cookie during SSO login. Refactor session manager
* Build argo-util statically so it can run in dex sidecar. Redirect after SSO login
* Simplify app creation process to not require communication to dex gRPC server
* Redact sensitive cluster information upon retrieval
* Redact git username for now, too
* Revert "Redact git username for now, too"
This reverts commit d9e2eba37e.
* Issue #139 - Application sync should delete 'unexpected' resources
* Issue #139 - Add --prune flag to app sync and rollback commands
* Apply reviewer notes: s/skipped/ignored/g; take pruned flag into consideration in dry mode
* store credentials in files (instead of encoded in URL) to prevent leakage during git errors
* fix issue where HEAD would not track updates from origin/HEAD (resolves#133)
* refactor git library to promote code reuse, and remove shell invocations
* Make sure endpoints resources is detected as child resource for correspoinding service
* Issue #104 - Populated 'unexpected' resources while comparing target and live states
* Add comments to comparator CompareAppState method
