argoproj · crenshaw-dev · Sep 30, 2024
@@ -26,7 +26,7 @@ type Dependencies interface {
  GetProcessableAppProj(app *appv1.Application) (*appv1.AppProject, error)
  GetProcessableApps() (*appv1.ApplicationList, error)
  GetRepoObjs(app *appv1.Application, source appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)
- GetWriteCredentials(ctx context.Context, repoURL string) (*appv1.Repository, error)
+ GetWriteCredentials(ctx context.Context, repoURL string, project string) (*appv1.Repository, error)
  ResolveGitRevision(repoURL, targetRevision string) (string, error)
  RequestAppRefresh(appName string)
  // TODO: only allow access to the hydrator status
@@ -284,7 +284,8 @@ func (h *Hydrator) hydrate(apps []*appv1.Application, revision string) (string,
  })
  }
 
- repo, err := h.dependencies.GetWriteCredentials(context.Background(), repoURL)
+ // FIXME: handle project-scoped credentials
+ repo, err := h.dependencies.GetWriteCredentials(context.Background(), repoURL, "")
  if err != nil {
  return "", fmt.Errorf("failed to get hydrator credentials: %w", err)
  }

@@ -51,8 +51,8 @@ func (ctrl *ApplicationController) GetRepoObjs(app *appv1.Application, source ap
  return objs, resp[0], nil
 }
 
-func (ctrl *ApplicationController) GetWriteCredentials(ctx context.Context, repoURL string) (*appv1.Repository, error) {
- return ctrl.db.GetWriteCredentials(ctx, repoURL)
+func (ctrl *ApplicationController) GetWriteCredentials(ctx context.Context, repoURL string, project string) (*appv1.Repository, error) {
+ return ctrl.db.GetWriteRepository(ctx, repoURL, project)
 }
 
 func (ctrl *ApplicationController) ResolveGitRevision(repoURL, targetRevision string) (string, error) {

@@ -480,7 +480,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
  if hasMultipleSources {
  return &comparisonResult{
  syncStatus: &v1alpha1.SyncStatus{
- ComparedTo: v1alpha1.ComparedTo{Destination: app.Spec.Destination, Sources: sources, IgnoreDifferences: app.Spec.IgnoreDifferences},
+ ComparedTo: app.Spec.BuildComparedToStatus(),
  Status: v1alpha1.SyncStatusCodeUnknown,
  Revisions: revisions,
  },
@@ -489,7 +489,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
  } else {
  return &comparisonResult{
  syncStatus: &v1alpha1.SyncStatus{
- ComparedTo: v1alpha1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination, IgnoreDifferences: app.Spec.IgnoreDifferences},
+ ComparedTo: app.Spec.BuildComparedToStatus(),
  Status: v1alpha1.SyncStatusCodeUnknown,
  Revision: revisions[0],
  },

@@ -1664,6 +1664,12 @@ spec:
  key: applicationsetcontroller.enable.progressive.syncs
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
+ valueFrom:
+ configMapKeyRef:
+ key: applicationsetcontroller.enable.tokenref.strict.mode
+ name: argocd-cmd-params-cm
+ optional: true
  - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
  valueFrom:
  configMapKeyRef:
@@ -1724,6 +1730,12 @@ spec:
  key: applicationsetcontroller.webhook.parallelism.limit
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
+ valueFrom:
+ configMapKeyRef:
+ key: applicationsetcontroller.requeue.after
+ name: argocd-cmd-params-cm
+ optional: true
  image: quay.io/argoproj/argocd:latest
  imagePullPolicy: Always
  name: argocd-applicationset-controller
@@ -1754,6 +1766,8 @@ spec:
  name: tmp
  - mountPath: /app/config/reposerver/tls
  name: argocd-repo-server-tls
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-applicationset-controller
  volumes:
  - configMap:
@@ -2036,6 +2050,8 @@ spec:
  name: static-files
  - mountPath: /tmp
  name: dexconfig
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-dex-server
  volumes:
  - emptyDir: {}
@@ -2125,6 +2141,8 @@ spec:
  - mountPath: /app/config/reposerver/tls
  name: argocd-repo-server-tls
  workingDir: /app
+ nodeSelector:
+ kubernetes.io/os: linux
  securityContext:
  runAsNonRoot: true
  seccompProfile:
@@ -2435,6 +2453,12 @@ spec:
  key: reposerver.plugin.tar.exclusions
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
+ valueFrom:
+ configMapKeyRef:
+ key: reposerver.plugin.use.manifest.generate.paths
+ name: argocd-cmd-params-cm
+ optional: true
  - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
  valueFrom:
  configMapKeyRef:
@@ -2573,6 +2597,8 @@ spec:
  volumeMounts:
  - mountPath: /var/run/argocd
  name: var-files
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-repo-server
  volumes:
  - configMap:
@@ -2956,6 +2982,8 @@ spec:
  name: tmp
  - mountPath: /home/argocd/params
  name: argocd-cmd-params-cm
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-server
  volumes:
  - emptyDir: {}
@@ -3113,6 +3141,24 @@ spec:
  key: controller.self.heal.timeout.seconds
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
+ valueFrom:
+ configMapKeyRef:
+ key: controller.self.heal.backoff.timeout.seconds
+ name: argocd-cmd-params-cm
+ optional: true
+ - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
+ valueFrom:
+ configMapKeyRef:
+ key: controller.self.heal.backoff.factor
+ name: argocd-cmd-params-cm
+ optional: true
+ - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
+ valueFrom:
+ configMapKeyRef:
+ key: controller.self.heal.backoff.cap.seconds
+ name: argocd-cmd-params-cm
+ optional: true
  - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
  valueFrom:
  configMapKeyRef:
@@ -3255,6 +3301,8 @@ spec:
  - mountPath: /home/argocd/params
  name: argocd-cmd-params-cm
  workingDir: /home/argocd
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-application-controller
  volumes:
  - emptyDir: {}

@@ -781,6 +781,12 @@ spec:
  key: applicationsetcontroller.enable.progressive.syncs
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
+ valueFrom:
+ configMapKeyRef:
+ key: applicationsetcontroller.enable.tokenref.strict.mode
+ name: argocd-cmd-params-cm
+ optional: true
  - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
  valueFrom:
  configMapKeyRef:
@@ -841,6 +847,12 @@ spec:
  key: applicationsetcontroller.webhook.parallelism.limit
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
+ valueFrom:
+ configMapKeyRef:
+ key: applicationsetcontroller.requeue.after
+ name: argocd-cmd-params-cm
+ optional: true
  image: quay.io/argoproj/argocd:latest
  imagePullPolicy: Always
  name: argocd-applicationset-controller
@@ -871,6 +883,8 @@ spec:
  name: tmp
  - mountPath: /app/config/reposerver/tls
  name: argocd-repo-server-tls
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-applicationset-controller
  volumes:
  - configMap:
@@ -1153,6 +1167,8 @@ spec:
  name: static-files
  - mountPath: /tmp
  name: dexconfig
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-dex-server
  volumes:
  - emptyDir: {}
@@ -1242,6 +1258,8 @@ spec:
  - mountPath: /app/config/reposerver/tls
  name: argocd-repo-server-tls
  workingDir: /app
+ nodeSelector:
+ kubernetes.io/os: linux
  securityContext:
  runAsNonRoot: true
  seccompProfile:
@@ -1336,6 +1354,8 @@ spec:
  runAsNonRoot: true
  seccompProfile:
  type: RuntimeDefault
+ nodeSelector:
+ kubernetes.io/os: linux
  securityContext:
  runAsNonRoot: true
  runAsUser: 999
@@ -1505,6 +1525,12 @@ spec:
  key: reposerver.plugin.tar.exclusions
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
+ valueFrom:
+ configMapKeyRef:
+ key: reposerver.plugin.use.manifest.generate.paths
+ name: argocd-cmd-params-cm
+ optional: true
  - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
  valueFrom:
  configMapKeyRef:
@@ -1643,6 +1669,8 @@ spec:
  volumeMounts:
  - mountPath: /var/run/argocd
  name: var-files
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-repo-server
  volumes:
  - configMap:
@@ -2024,6 +2052,8 @@ spec:
  name: tmp
  - mountPath: /home/argocd/params
  name: argocd-cmd-params-cm
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-server
  volumes:
  - emptyDir: {}
@@ -2181,6 +2211,24 @@ spec:
  key: controller.self.heal.timeout.seconds
  name: argocd-cmd-params-cm
  optional: true
+ - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
+ valueFrom:
+ configMapKeyRef:
+ key: controller.self.heal.backoff.timeout.seconds
+ name: argocd-cmd-params-cm
+ optional: true
+ - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
+ valueFrom:
+ configMapKeyRef:
+ key: controller.self.heal.backoff.factor
+ name: argocd-cmd-params-cm
+ optional: true
+ - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
+ valueFrom:
+ configMapKeyRef:
+ key: controller.self.heal.backoff.cap.seconds
+ name: argocd-cmd-params-cm
+ optional: true
  - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
  valueFrom:
  configMapKeyRef:
@@ -2323,6 +2371,8 @@ spec:
  - mountPath: /home/argocd/params
  name: argocd-cmd-params-cm
  workingDir: /home/argocd
+ nodeSelector:
+ kubernetes.io/os: linux
  serviceAccountName: argocd-application-controller
  volumes:
  - emptyDir: {}