diff options
Diffstat (limited to 'pkg/argocd')
| -rw-r--r-- | pkg/argocd/git.go | 4 | ||||
| -rw-r--r-- | pkg/argocd/gitcreds.go | 18 | ||||
| -rw-r--r-- | pkg/argocd/update.go | 10 | ||||
| -rw-r--r-- | pkg/argocd/update_test.go | 42 |
4 files changed, 61 insertions, 13 deletions
diff --git a/pkg/argocd/git.go b/pkg/argocd/git.go index 86d9bfa..4f1de57 100644 --- a/pkg/argocd/git.go +++ b/pkg/argocd/git.go @@ -131,7 +131,7 @@ func commitChangesGit(app *v1alpha1.Application, wbc *WriteBackConfig, changeLis logCtx := log.WithContext().AddField("application", app.GetName()) creds, err := wbc.GetCreds(app) if err != nil { - return fmt.Errorf("could not get creds for repo '%s': %v", app.Spec.Source.RepoURL, err) + return fmt.Errorf("could not get creds for repo '%s': %v", wbc.GitRepo, err) } var gitC git.Client if wbc.GitClient == nil { @@ -145,7 +145,7 @@ func commitChangesGit(app *v1alpha1.Application, wbc *WriteBackConfig, changeLis logCtx.Errorf("could not remove temp dir: %v", err) } }() - gitC, err = git.NewClientExt(app.Spec.Source.RepoURL, tempRoot, creds, false, false, "") + gitC, err = git.NewClientExt(wbc.GitRepo, tempRoot, creds, false, false, "") if err != nil { return err } diff --git a/pkg/argocd/gitcreds.go b/pkg/argocd/gitcreds.go index 470cea2..d799602 100644 --- a/pkg/argocd/gitcreds.go +++ b/pkg/argocd/gitcreds.go @@ -14,39 +14,39 @@ import ( ) // getGitCredsSource returns git credentials source that loads credentials from the secret or from Argo CD settings -func getGitCredsSource(creds string, kubeClient *kube.KubernetesClient) (GitCredsSource, error) { +func getGitCredsSource(creds string, kubeClient *kube.KubernetesClient, wbc *WriteBackConfig) (GitCredsSource, error) { switch { case creds == "repocreds": return func(app *v1alpha1.Application) (git.Creds, error) { - return getCredsFromArgoCD(app, kubeClient) + return getCredsFromArgoCD(wbc, kubeClient) }, nil case strings.HasPrefix(creds, "secret:"): return func(app *v1alpha1.Application) (git.Creds, error) { - return getCredsFromSecret(app, creds[len("secret:"):], kubeClient) + return getCredsFromSecret(wbc, creds[len("secret:"):], kubeClient) }, nil } return nil, fmt.Errorf("unexpected credentials format. Expected 'repocreds' or 'secret:<namespace>/<secret>' but got '%s'", creds) } // getCredsFromArgoCD loads repository credentials from Argo CD settings -func getCredsFromArgoCD(app *v1alpha1.Application, kubeClient *kube.KubernetesClient) (git.Creds, error) { +func getCredsFromArgoCD(wbc *WriteBackConfig, kubeClient *kube.KubernetesClient) (git.Creds, error) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() settingsMgr := settings.NewSettingsManager(ctx, kubeClient.Clientset, kubeClient.Namespace) argocdDB := db.NewDB(kubeClient.Namespace, settingsMgr, kubeClient.Clientset) - repo, err := argocdDB.GetRepository(ctx, app.Spec.Source.RepoURL) + repo, err := argocdDB.GetRepository(ctx, wbc.GitRepo) if err != nil { return nil, err } if !repo.HasCredentials() { - return nil, fmt.Errorf("credentials for '%s' are not configured in Argo CD settings", app.Spec.Source.RepoURL) + return nil, fmt.Errorf("credentials for '%s' are not configured in Argo CD settings", wbc.GitRepo) } return repo.GetGitCreds(nil), nil } // getCredsFromSecret loads repository credentials from secret -func getCredsFromSecret(app *v1alpha1.Application, credentialsSecret string, kubeClient *kube.KubernetesClient) (git.Creds, error) { +func getCredsFromSecret(wbc *WriteBackConfig, credentialsSecret string, kubeClient *kube.KubernetesClient) (git.Creds, error) { var credentials map[string][]byte var err error s := strings.SplitN(credentialsSecret, "/", 2) @@ -59,13 +59,13 @@ func getCredsFromSecret(app *v1alpha1.Application, credentialsSecret string, kub return nil, fmt.Errorf("secret ref must be in format 'namespace/name', but is '%s'", credentialsSecret) } - if ok, _ := git.IsSSHURL(app.Spec.Source.RepoURL); ok { + if ok, _ := git.IsSSHURL(wbc.GitRepo); ok { var sshPrivateKey []byte if sshPrivateKey, ok = credentials["sshPrivateKey"]; !ok { return nil, fmt.Errorf("invalid secret %s: does not contain field sshPrivateKey", credentialsSecret) } return git.NewSSHCreds(string(sshPrivateKey), "", true), nil - } else if git.IsHTTPSURL(app.Spec.Source.RepoURL) { + } else if git.IsHTTPSURL(wbc.GitRepo) { var username, password []byte if username, ok = credentials["username"]; !ok { return nil, fmt.Errorf("invalid secret %s: does not contain field username", credentialsSecret) diff --git a/pkg/argocd/update.go b/pkg/argocd/update.go index a020c44..2910d99 100644 --- a/pkg/argocd/update.go +++ b/pkg/argocd/update.go @@ -70,6 +70,7 @@ type WriteBackConfig struct { GitCommitMessage string KustomizeBase string Target string + GitRepo string } // The following are helper structs to only marshal the fields we require @@ -525,7 +526,12 @@ func parseGitConfig(app *v1alpha1.Application, kubeClient *kube.KubernetesClient wbc.GitWriteBranch = branches[1] } } - credsSource, err := getGitCredsSource(creds, kubeClient) + wbc.GitRepo = app.Spec.Source.RepoURL + repo, ok := app.Annotations[common.GitRepositoryAnnotation] + if ok { + wbc.GitRepo = repo + } + credsSource, err := getGitCredsSource(creds, kubeClient, wbc) if err != nil { return fmt.Errorf("invalid git credentials source: %v", err) } @@ -535,7 +541,7 @@ func parseGitConfig(app *v1alpha1.Application, kubeClient *kube.KubernetesClient func commitChangesLocked(app *v1alpha1.Application, wbc *WriteBackConfig, state *SyncIterationState, changeList []ChangeEntry) error { if wbc.RequiresLocking() { - lock := state.GetRepositoryLock(app.Spec.Source.RepoURL) + lock := state.GetRepositoryLock(wbc.GitRepo) lock.Lock() defer lock.Unlock() } diff --git a/pkg/argocd/update_test.go b/pkg/argocd/update_test.go index 830b495..1d26dd5 100644 --- a/pkg/argocd/update_test.go +++ b/pkg/argocd/update_test.go @@ -1718,6 +1718,48 @@ func Test_GetGitCreds(t *testing.T) { require.Error(t, err) require.Nil(t, creds) }) + + t.Run("SSH creds from Argo CD settings with Helm Chart repoURL", func(t *testing.T) { + argoClient := argomock.ArgoCD{} + argoClient.On("UpdateSpec", mock.Anything, mock.Anything).Return(nil, nil) + secret := fixture.NewSecret("argocd-image-updater", "git-creds", map[string][]byte{ + "sshPrivateKey": []byte("foo"), + }) + kubeClient := kube.KubernetesClient{ + Clientset: fake.NewFakeClientsetWithResources(secret), + } + + app := v1alpha1.Application{ + ObjectMeta: v1.ObjectMeta{ + Name: "testapp", + Annotations: map[string]string{ + "argocd-image-updater.argoproj.io/image-list": "nginx", + "argocd-image-updater.argoproj.io/write-back-method": "git:secret:argocd-image-updater/git-creds", + "argocd-image-updater.argoproj.io/git-repository": "git@github.com:example/example.git", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Source: v1alpha1.ApplicationSource{ + RepoURL: "https://example-helm-repo.com/example", + TargetRevision: "main", + }, + }, + Status: v1alpha1.ApplicationStatus{ + SourceType: v1alpha1.ApplicationSourceTypeKustomize, + }, + } + + wbc, err := getWriteBackConfig(&app, &kubeClient, &argoClient) + require.NoError(t, err) + require.Equal(t, wbc.GitRepo, "git@github.com:example/example.git") + + creds, err := wbc.GetCreds(&app) + require.NoError(t, err) + require.NotNil(t, creds) + // Must have SSH creds + _, ok := creds.(git.SSHCreds) + require.True(t, ok) + }) } func Test_CommitUpdates(t *testing.T) { |