* Add "chown" to gpg/keys in "start-local" target that so that repo-server can access gpg keys.
* * Set -u uid:gid in the docker run commands so that test images are run under the current user.
* test Procfile processes will not need to perform "su" to default user (which has the current user's uid/gid)
* Remove chown in start-e2e-local
* clean up, remove "bash -c"
* Test containers are run as uid 0 which allows uid_entrypoint.sh to perform some user setup. uid_entrypoint.sh creates a non-root user (default) and enables passwordless sudo for that user. The container entry point command is run as the non-root user. "goreman start" does "sudo" to to the processes that need root permission including sshd, fcgiwrap, and nginix. The other processes are running as the non-root user.
* use /bin/bash
* change back to sh
* Docker image to create unpriveleged testuser and enable passwordless sudo for that user
* feat: adding disable-validation for app create and app set
* feat: adding disable-validation for app create and app set
* feat: change test func name
* feat: added support of app unset and app edit in addition to app create and app set.
* feat: remove extra space.
* Include sub and and iat in PermissionDenied message
* iat fromat changing
* Adding MapClaims convertion
* Adding Orphaned exception list
* Adding group kind label
* Fixed lint errors
* Method rename
* fix: don't refresh if dry run
Signed-off-by: darshanime <deathbullet@gmail.com>
* fix: add e2e test for sync with dry-run
Signed-off-by: darshanime <deathbullet@gmail.com>
* fix: refresh only if not dryRun for sync command
Signed-off-by: darshanime <deathbullet@gmail.com>
* jwtTokens are reset when applying AppProjects
* fix unit tests in server_test.go
checking in generated.pb.go
* fix unit tests in rbackpolicy_test.go
* fix yarnl lint errors
* fix delete token in both spec and status
* add tests
* fixing failed test
* fixing failed test
* retry 3 times during update
* renamed CRD fields.
Updated nomalize method.
* fixed UI
* fixing merge conflicts
* fixing merge conflicts
* removed unused variables in UI
renamed a CRD field
updated combineToken logic using map
* Only update project which needs normalize token.
* Changed logging.
* check for nil
* Fix UI
* added project role get tests
* rename variables
* clean up
* fixing failed tests
* fixing failed tests
* fixing error handling for remove token
* log err when we have retried 3 times
* sort tokens
* sort tokens
* Add initial primitives and tests for GPG related operations
* More tests and test documentation
* Move gpg primitives to own module
* Add initial primitives for running git verify-commit and tests
* Improve and better comment test
* Implement VerifyCommitSignature() primitive for metrics wrapper
* More commentary
* Make reposerver verify gpg signatures when generating manifests
* Make signature validation optional
* Forbid use of local manifests when signature verification is enabled
* Introduce new signatureKeys field in project CRD
* Initial support for only syncing against signed revisions
* Updates to GnuPG primitives and more test cases
* Move signature verification to correct place and add tests
* Add signature verification result to revision metadata and display it in UI
* Add more primitives and move out some stuff to common module
* Add more testdata
* Add key management primitives to ArgoDB
* Move type GnuPGPublicKey to appsv1 package
* Add const ArgoCDGPGKeysConfigMapName
* Handle key operations with appsv1.GnuPGPublicKey
* Add initial API for managing GPG keys
* Remove deprecated code
* Add primitives for adding public keys to configuration
* Change semantics of ValidateGPGKeys to return more key information
* Add key import functionality to public key API
* Fix code quirks reported by linter
* More code quirks fixes
* Fix test
* Add primitives for deleting keys from configuration
* Add delete key operation to API and CLI
* Cosmetics
* Implement logic to sync configuration to keyring in repo-server
* Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes
* Use gpg.IsGPGEnabled() instead of custom test
* Remove all keyring manipulating methods from DB
* Cosmetics/comments
* Require grpc methods from argoproj pkg
* Enable setting config path via ARGOCD_GPG_DATA_PATH
* Allow "no" and any cases in ARGOCD_GPG_ENABLED
* Enable GPG feature on start and start-e2e and set required environment
* Cosmetics/comments
* Cosmetics and commentary
* Update API documentation
* Fix comment
* Only run GPG related operations if GPG is enabled
* Allow setting ARGOCD_GPG_ENABLE from the environment
* Create GPG ConfigMap resource during installation
* Use function instead of constant to get the watcher path
* Re-watch source path in case it gets recreated. Also, error on finish
* Add End-to-End tests for GPG commit verification
* Introduce SignatureKey type for AppProject CRD
* Fix merge error from previous commit
* Adapt test for additional manifest (argocd-gpg-keys-cm.yaml)
* Fix linter issues
* Adapt CircleCI configuration to enable running tests
* Add wrapper scripts for git and gpg
* Sigh.
* Display gpg version in CircleCI
* Install gnupg2 and link it to gpg in CI
* Try to install gnupg2 in CircleCI image
* More CircleCI tweaks
* # This is a combination of 10 commits.
# This is the 1st commit message:
Containerize tests - test cycle
# This is the commit message #2:
adapt working directory
# This is the commit message #3:
Build before running tests (so we might have a cache)
# This is the commit message #4:
Test limiting parallelism
# This is the commit message #5:
Remove unbound variable
# This is the commit message #6:
Decrease parallelism to find out limit
# This is the commit message #7:
Use correct flag
# This is the commit message #8:
Update Docker image
# This is the commit message #9:
Remove build phase and increase parallelism
# This is the commit message #10:
Further increase parallelism
* Dockerize toolchain
* Add new targets to Makefile
* Codegen
* Properly handle permissions for E2E tests
* Remove gnupg2 installation from CircleCI configuration
* Limit parallelism of build
* Fix Yarn lint
* Retrigger CI for possible flaky test
* Codegen
* Remove duplicate target in Makefile
* Pull in pager from dep ensure -v
* Adapt to gitops-engine changes and codegen
* Use new health package for health status constants
* Add GPG methods to ArgoDB mock module
* Fix possible nil pointer dereference
* Fix linter issue in imports
* Introduce RBAC resource type 'gpgkeys' and adapt policies
* Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration
Also remove some deprecated unit tests.
* Also register GPG keys API with gRPC-GW
* Update from codegen
* Update GPG key API
* Add web UI to manage GPG keys
* Lint updates
* Change wording
* Add some plausibility checks for supplied data on key creation
* Update from codegen
* Re-allow binary keys and move check for ASCII armoured to UI
* Make yarn lint happy
* Add editing signature keys for projects in UI
* Add ability to configure signature keys for project in CLI
* Change default value to use for GNUPGHOME
* Do not include data section in default gpg keys CM
* Adapt Docker image for GnuPG feature
* Add required configuration to installation manifests
* Add add-signature-key and remove-signature-key commands to project CLI
* Fix typo
* Add initial user documentation for GnuPG verification
* Fix role name - oops
* Mention required RBAC roles in docs
* Support GPG verification of git annotated tags as well
* Ensure CLI can build succesfully
* Better support verification on tags
* Print key type in upper case
* Update user documentation
* Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false
* Clarify that this feature is only available with Git repositories
* codegen
* Move verification code to own function
* Remove deprecated check
* Make things more developer friendly when running locally
* Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set
* Revert changes to manifests to reflect default enable state
* Codegen
* feat: Allow --local with automatic sync for --dry-run
Signed-off-by: darshanime <deathbullet@gmail.com>
* feat: add e2e test for local sync with dry run
Signed-off-by: darshanime <deathbullet@gmail.com>
* support partial sync with namespace.
* corrected test folder name
* Trying to fix lint error
* 1. in test, delete ns after test
2. in test, created new methods for ResourceSyncStatusWithNamespaceIs and ResourceHealthWithNamespaceIs.
* reformat imports
* simplify code
* remove timeout
* chore: Migrate CI to GitHub actions
* Do not install golangci-lint, we use the action
* Integrate codecov.io upload
* Use some better names for analyze job & steps
* go mod tidy
* Update tools
* Disable CircleCI completely
* Satisfy CircleCI with a dummy step until it's disabled
* fix: Allow unsetting the last values file (#3644)
Because the `setHelmOpt()` function does not act on empty inputs, it
would do nothing when removing the last values file using `argocd app
unset`.
The parameter overrides are actually being unset correctly, so this has
been changed to work the same way by manipulating `app.Spec.Source.Helm`
directly.
This fixes#3644.
* fix: Allow unsetting the last values file, add tests
* Retrigger CI pipeline
* feat: CLI: Allow setting Helm values literal (#3601)
While you could already set values files using the `--values` flag with external data using the CLI with `argocd app create` and `argocd app set`, this was not yet possible for managing the literal `.spec.source.helm.values` value in an Application without resorting to a complicated `argocd app patch` escaped parameter or by generating the entire application YAML manifest by yourself.
Therefore, this PR adds a `--values-literal-file` flag to the `argocd app create` and `argocd app set` commands, which accepts a local file name or URL to a values file, which will be read and included as a multiline string in the application manifest. This is different from the `--helm-set-file` flag which expects the file in the chart itself.
The `argocd app unset` command is expanded with a `--values-literal` flag, so we can also unset this field again.
I hope I chose nice enough names for the flags, I wanted to make clear it expects a file name, but also distinguish it enough from the existing `--values` flag which actually points to values files.
Because the current `setHelmOpt()` functionality would not work for unsetting things to an empty value and it was difficult to do these changes independently, this PR also contains the fix for issue #3644. A separate PR has still been created for that one because I think it should end up as a separate issue in the release notes.
* feat: CLI: Allow setting Helm values literal, add tests
* Move utils packages that are required for gitops engine under engine/pkg/utils package.
Following changes were implemented:
* util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils
* utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package
* packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils
* Move single cluster caching into engine/kube/cache package
* move sync functionality to engine/kube/sync package
* remove dependency on metrics package from engine/pkg/utils/kube/cache
* move annotation label definitions into engine/pkg/utils/kube/sync
* make sure engine/pkg has no dependencies on other argo-cd packages
* allow importing engine as a go module
* implement a high-level interface that might be consumed by flux
* fix deadlock caused by cluster cache event handler
* ClusterCache should return error if requested group kind not found
* remove obsolete tests
* apply reviewer notes
* Fixing argocd app diff when using helm repo
* adding test code
* get rid of optional parameter
* get rid of optional parameter
* Added test case
* Fix failed tests
* Fixing could not find plugin issue when app sync and app diff
* Fixing codegen error
* Revert "Fixing codegen error"
This reverts commit b2dcfb81
* Fixing codegen error
* If user is logged in, settings API would return ConfigManagementPlugins
* For helm3, add flag --include-crds when calling helm template to support helm3 crd
* Fixing typo.
* Added further assertion of ResourceSyncStatusIs for CRD resources.
