diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 2a0c3c6d..96b26dc4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - argocd_version: ["v1.6.1", "v1.5.8", "v1.4.3"] + argocd_version: ["v1.6.2", "v1.5.8"] steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v1 diff --git a/README.md b/README.md index e772835e..bcd479cf 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,14 @@ --- +## Compatibility promise + +This provider is compatible with _at least_ the last 2 major releases of ArgoCD (e.g, ranging from 1.(n).m, to 1.(n-1).0, where `n` is the latest available major version). + +Older releases are not supported and some resources may not work as expected. + +--- + ## Requirements - [Terraform](https://www.terraform.io/downloads.html) 0.12.24+ diff --git a/argocd/features_test.go b/argocd/features_test.go index aa2086b1..c35205cd 100644 --- a/argocd/features_test.go +++ b/argocd/features_test.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/Masterminds/semver" "github.com/argoproj/argo-cd/pkg/apiclient/version" + "github.com/stretchr/testify/assert" "math/rand" "testing" ) @@ -14,12 +15,10 @@ const ( semverLess ) -func serverInterfaceTestData(argocdVersion string, semverOperator int) ServerInterface { - +func serverInterfaceTestData(t *testing.T, argocdVersion string, semverOperator int) ServerInterface { v, err := semver.NewVersion(argocdVersion) - if err != nil { - panic(err) - } + assert.NoError(t, err) + incPatch := rand.Int63n(100) incMinor := rand.Int63n(100) incMajor := rand.Int63n(100) @@ -27,26 +26,23 @@ func serverInterfaceTestData(argocdVersion string, semverOperator int) ServerInt switch semverOperator { case semverEquals: case semverGreater: - if v, err = semver.NewVersion( + v, err = semver.NewVersion( fmt.Sprintf("%d.%d.%d", v.Major()+incMajor, v.Minor()+incMinor, v.Patch()+incPatch, - )); err != nil { - panic(err) - } - + )) + assert.NoError(t, err) case semverLess: - if v, err = semver.NewVersion( + v, err = semver.NewVersion( fmt.Sprintf("%d.%d.%d", v.Major()-incMajor%v.Major(), v.Minor()-incMinor%v.Minor(), v.Patch()-incPatch%v.Patch(), - )); err != nil { - panic(err) - } + )) + assert.NoError(t, err) default: - panic("unsupported semver test semverOperator") + t.Error("unsupported semver test semverOperator") } vm := &version.VersionMessage{ @@ -72,21 +68,21 @@ func TestServerInterface_isFeatureSupported(t *testing.T) { }{ { name: "featureTokenID-1.5.3", - fields: serverInterfaceTestData("1.5.3", semverEquals), + fields: serverInterfaceTestData(t, "1.5.3", semverEquals), args: args{feature: featureTokenIDs}, want: true, wantErr: false, }, { name: "featureTokenID-1.5.3+", - fields: serverInterfaceTestData("1.5.3", semverGreater), + fields: serverInterfaceTestData(t, "1.5.3", semverGreater), args: args{feature: featureTokenIDs}, want: true, wantErr: false, }, { name: "featureTokenID-1.5.3-", - fields: serverInterfaceTestData("1.5.3", semverLess), + fields: serverInterfaceTestData(t, "1.5.3", semverLess), args: args{feature: featureTokenIDs}, want: false, wantErr: false, diff --git a/argocd/resource_argocd_project_token_test.go b/argocd/resource_argocd_project_token_test.go index 69ba1b85..6d39fbd6 100644 --- a/argocd/resource_argocd_project_token_test.go +++ b/argocd/resource_argocd_project_token_test.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/stretchr/testify/assert" "math" "math/rand" "regexp" @@ -14,9 +15,7 @@ import ( func TestAccArgoCDProjectToken(t *testing.T) { expiresInDurationFunc := func(i int) time.Duration { d, err := time.ParseDuration(fmt.Sprintf("%ds", i)) - if err != nil { - panic(err) - } + assert.NoError(t, err) return d } count := 3 + rand.Intn(7) diff --git a/argocd/resource_argocd_repository.go b/argocd/resource_argocd_repository.go index bb61474b..ca289eaa 100644 --- a/argocd/resource_argocd_repository.go +++ b/argocd/resource_argocd_repository.go @@ -38,6 +38,9 @@ func resourceArgoCDRepositoryCreate(d *schema.ResourceData, meta interface{}) er if err != nil { return err } + if r == nil { + return fmt.Errorf("ArgoCD did not return an error or a repository result") + } if r.ConnectionState.Status == application.ConnectionStatusFailed { return fmt.Errorf( "could not connect to repository %s: %s", @@ -56,7 +59,7 @@ func resourceArgoCDRepositoryRead(d *schema.ResourceData, meta interface{}) erro featureRepositoryGetSupported, err := server.isFeatureSupported(featureRepositoryGet) if err != nil { - panic(err) + return err } switch featureRepositoryGetSupported { @@ -100,7 +103,6 @@ func resourceArgoCDRepositoryRead(d *schema.ResourceData, meta interface{}) erro return nil } } - } return flattenRepository(r, d) } @@ -123,6 +125,9 @@ func resourceArgoCDRepositoryUpdate(d *schema.ResourceData, meta interface{}) er return err } } + if r == nil { + return fmt.Errorf("ArgoCD did not return an error or a repository result") + } if r.ConnectionState.Status == application.ConnectionStatusFailed { return fmt.Errorf( "could not connect to repository %s: %s", diff --git a/argocd/resource_argocd_repository_credentials_test.go b/argocd/resource_argocd_repository_credentials_test.go index 34d2606f..26a29b88 100644 --- a/argocd/resource_argocd_repository_credentials_test.go +++ b/argocd/resource_argocd_repository_credentials_test.go @@ -6,20 +6,17 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/stretchr/testify/assert" "testing" ) func TestAccArgoCDRepositoryCredentials(t *testing.T) { - repoUrl := fmt.Sprintf("https://git.local/%s/%s", - acctest.RandString(10), - acctest.RandString(10)) - username := fmt.Sprintf(acctest.RandString(10)) + repoUrl := "https://private-git-repository.argocd.svc.clusterlocal/project.git" + username := "git" sshPrivateKey, err := generateSSHPrivateKey() - if err != nil { - panic(err) - } + assert.NoError(t, err) + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, @@ -65,3 +62,9 @@ func generateSSHPrivateKey() (privateKey string, err error) { } return string(pem.EncodeToMemory(&privBlock)), nil } + +func mustGenerateSSHPrivateKey(t *testing.T) string { + pk, err := generateSSHPrivateKey() + assert.NoError(t, err) + return pk +} diff --git a/argocd/resource_argocd_repository_test.go b/argocd/resource_argocd_repository_test.go index b825dc6d..0dcfed24 100644 --- a/argocd/resource_argocd_repository_test.go +++ b/argocd/resource_argocd_repository_test.go @@ -7,27 +7,54 @@ import ( ) func TestAccArgoCDRepository(t *testing.T) { + repoUrl := "git@private-git-repository.argocd.svc.cluster.local:project.git" + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ + //{ + // Config: testAccArgoCDRepositorySimple(), + // Check: resource.ComposeTestCheckFunc( + // resource.TestCheckResourceAttr( + // "argocd_repository.simple", + // "connection_state_status", + // "Successful", + // ), + // ), + //}, + //{ + // Config: testAccArgoCDRepositoryHelm(), + // Check: resource.ComposeTestCheckFunc( + // resource.TestCheckResourceAttr( + // "argocd_repository.helm", + // "connection_state_status", + // "Successful", + // ), + // ), + //}, + //{ + // Config: testAccArgoCDRepositoryPublicUsageInApplication(acctest.RandString(10)), + // Check: resource.ComposeTestCheckFunc( + // resource.TestCheckResourceAttrSet( + // "argocd_application.public", + // "metadata.0.uid", + // ), + // ), + //}, { - Config: testAccArgoCDRepositorySimple(), + Config: testAccArgoCDRepositoryPrivateGitSSH(repoUrl), + //ExpectNonEmptyPlan: true, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( - "argocd_repository.simple", + "argocd_repository.private", "connection_state_status", "Successful", ), - ), - }, - { - Config: testAccArgoCDRepositoryHelm(), - Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( - "argocd_repository.helm", - "connection_state_status", - "Successful", + "argocd_repository.private", + "inherited_creds", + "false", ), ), }, @@ -52,3 +79,35 @@ resource "argocd_repository" "helm" { } `) } + +func testAccArgoCDRepositoryPublicUsageInApplication(name string) string { + return testAccArgoCDRepositorySimple() + fmt.Sprintf(` +resource "argocd_application" "public" { + metadata { + name = "%s" + namespace = "argocd" + } + spec { + source { + repo_url = argocd_repository.simple.repo + path = "examples/helloWorld" + } + destination { + server = "https://kubernetes.default.svc" + namespace = "default" + } + } +} +`, name) +} + +func testAccArgoCDRepositoryPrivateGitSSH(repoUrl string) string { + return fmt.Sprintf(` +resource "argocd_repository" "private" { + repo = "%s" + type = "git" + insecure = true + ssh_private_key = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZgAAAJB9cNEifXDR\nIgAAAAtzc2gtZWQyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZg\nAAAEAJeUrObjoTbGO1Sq4TXHl/j4RJ5aKMC1OemWuHmLK7XYZ7pXHSBsqooIjTAimV+Ark\nkGMIM7duG1Texl8uh5RmAAAAC3Rlc3RAYXJnb2NkAQI=\n-----END OPENSSH PRIVATE KEY-----" +} +`, repoUrl) +} diff --git a/argocd/schema_repository.go b/argocd/schema_repository.go index 1ae6797e..11a534d8 100644 --- a/argocd/schema_repository.go +++ b/argocd/schema_repository.go @@ -10,6 +10,7 @@ func repositorySchema() map[string]*schema.Schema { "repo": { Type: schema.TypeString, Description: "URL of the repo", + ForceNew: true, Required: true, }, "enable_lfs": { @@ -20,7 +21,7 @@ func repositorySchema() map[string]*schema.Schema { "inherited_creds": { Type: schema.TypeBool, Description: "Whether credentials were inherited from a credential set", - Optional: true, + Computed: true, }, "insecure": { Type: schema.TypeBool, @@ -44,11 +45,11 @@ func repositorySchema() map[string]*schema.Schema { Optional: true, }, "ssh_private_key": { - Type: schema.TypeString, - Sensitive: true, - Description: "SSH private key data for authenticating at the repo server only for Git repos", - // TODO: add a validator - Optional: true, + Type: schema.TypeString, + Sensitive: false, + Description: "SSH private key data for authenticating at the repo server only for Git repos", + ValidateFunc: validateSSHPrivateKey, + Optional: true, }, "tls_client_cert_data": { Type: schema.TypeString, diff --git a/argocd/schema_repository_credentials.go b/argocd/schema_repository_credentials.go index 6cb0da97..0ce00559 100644 --- a/argocd/schema_repository_credentials.go +++ b/argocd/schema_repository_credentials.go @@ -19,21 +19,15 @@ func repositoryCredentialsSchema() map[string]*schema.Schema { "password": { Type: schema.TypeString, Sensitive: true, - Description: "Password for authenticating at the repo server, cannot be managed once created!", + Description: "Password for authenticating at the repo server", Optional: true, - DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - return true - }, }, "ssh_private_key": { - Type: schema.TypeString, - Sensitive: true, - Description: "SSH private key data for authenticating at the repo server only for Git repos, cannot be managed once created!", - // TODO: add a validator - Optional: true, - DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - return true - }, + Type: schema.TypeString, + Sensitive: true, + Description: "SSH private key data for authenticating at the repo server only for Git repos", + ValidateFunc: validateSSHPrivateKey, + Optional: true, }, "tls_client_cert_data": { Type: schema.TypeString, diff --git a/argocd/structure_repository.go b/argocd/structure_repository.go index 394d58d6..8b71fdff 100644 --- a/argocd/structure_repository.go +++ b/argocd/structure_repository.go @@ -31,9 +31,7 @@ func expandRepository(d *schema.ResourceData) *application.Repository { if v, ok := d.GetOk("password"); ok { repository.Password = v.(string) } - if v, ok := d.GetOk("ssh_private_key"); ok { - repository.SSHPrivateKey = v.(string) - } + repository.SSHPrivateKey = d.Get("ssh_private_key").(string) if v, ok := d.GetOk("tls_client_cert_data"); ok { repository.TLSClientCertData = v.(string) } @@ -57,11 +55,12 @@ func flattenRepository(repository *application.Repository, d *schema.ResourceDat "insecure": repository.Insecure, "name": repository.Name, "username": repository.Username, - "password": repository.Password, - "ssh_private_key": repository.SSHPrivateKey, - "tls_client_cert_data": repository.TLSClientCertData, - "tls_client_cert_key": repository.TLSClientCertKey, - "type": repository.Type, + // TODO: ArgoCD API does not return sensitive data! + //"password": repository.Password, + //"ssh_private_key": repository.SSHPrivateKey, + //"tls_client_cert_key": repository.TLSClientCertKey, + "tls_client_cert_data": repository.TLSClientCertData, + "type": repository.Type, } for k, v := range r { if err := persistToState(k, v, d); err != nil { diff --git a/argocd/structure_repository_credentials.go b/argocd/structure_repository_credentials.go index d7724916..235218f3 100644 --- a/argocd/structure_repository_credentials.go +++ b/argocd/structure_repository_credentials.go @@ -35,12 +35,13 @@ func expandRepositoryCredentials(d *schema.ResourceData) *application.RepoCreds func flattenRepositoryCredentials(repository application.RepoCreds, d *schema.ResourceData) error { r := map[string]interface{}{ - "url": repository.URL, - "username": repository.Username, - "password": repository.Password, - "ssh_private_key": repository.SSHPrivateKey, + "url": repository.URL, + "username": repository.Username, + // TODO: ArgoCD API does not return sensitive data! + //"password": repository.Password, + //"ssh_private_key": repository.SSHPrivateKey, + //"tls_client_cert_key": repository.TLSClientCertKey, "tls_client_cert_data": repository.TLSClientCertData, - "tls_client_cert_key": repository.TLSClientCertKey, } for k, v := range r { if err := persistToState(k, v, d); err != nil { diff --git a/argocd/validators.go b/argocd/validators.go index 8ec4183e..35266b3a 100644 --- a/argocd/validators.go +++ b/argocd/validators.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/argoproj/pkg/time" "github.com/robfig/cron" + "golang.org/x/crypto/ssh" apiValidation "k8s.io/apimachinery/pkg/api/validation" utilValidation "k8s.io/apimachinery/pkg/util/validation" "regexp" @@ -107,3 +108,11 @@ func validateDuration(value interface{}, key string) (ws []string, es []error) { } return } + +func validateSSHPrivateKey(value interface{}, key string) (ws []string, es []error) { + v := value.(string) + if _, err := ssh.ParsePrivateKey([]byte(v)); err != nil { + es = append(es, fmt.Errorf("%s: invalid ssh private key: %s", key, err)) + } + return +} diff --git a/argocd/validators_test.go b/argocd/validators_test.go new file mode 100644 index 00000000..a85ecb29 --- /dev/null +++ b/argocd/validators_test.go @@ -0,0 +1,41 @@ +package argocd + +import ( + "fmt" + "reflect" + "testing" +) + +func Test_validateSSHPrivateKey(t *testing.T) { + + tests := []struct { + name string + value interface{} + wantWs []string + wantEs []error + }{ + { + name: "Invalid ssh private key", + value: "foo", + wantWs: nil, + wantEs: []error{fmt.Errorf("ssh_private_key: invalid ssh private key: ssh: no key found")}, + }, + { + name: "Valid ssh private key", + value: mustGenerateSSHPrivateKey(t), + wantWs: nil, + wantEs: nil, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotWs, gotEs := validateSSHPrivateKey(tt.value, "ssh_private_key") + if !reflect.DeepEqual(gotWs, tt.wantWs) { + t.Errorf("validateSSHPrivateKey() gotWs = %v, want %v", gotWs, tt.wantWs) + } + if !reflect.DeepEqual(gotEs, tt.wantEs) { + t.Errorf("validateSSHPrivateKey() gotEs = %v, want %v", gotEs, tt.wantEs) + } + }) + } +} diff --git a/go.mod b/go.mod index eb3fa376..9915fa7e 100644 --- a/go.mod +++ b/go.mod @@ -4,13 +4,15 @@ go 1.14 require ( github.com/Masterminds/semver v1.5.0 - github.com/argoproj/argo-cd v1.6.1 - github.com/argoproj/gitops-engine v0.1.2 + github.com/argoproj/argo-cd v1.6.2 + github.com/argoproj/gitops-engine v0.1.3 github.com/argoproj/pkg v0.0.0-20200319004004-f46beff7cd54 - github.com/cristalhq/jwt/v3 v3.0.0 + github.com/cristalhq/jwt/v3 v3.0.2 github.com/golang/protobuf v1.3.4 github.com/hashicorp/terraform-plugin-sdk v1.14.0 github.com/robfig/cron v1.1.0 + github.com/stretchr/testify v1.5.1 + golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 k8s.io/apimachinery v0.16.6 ) diff --git a/go.sum b/go.sum index d33d0668..996b222b 100644 --- a/go.sum +++ b/go.sum @@ -63,10 +63,10 @@ github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFU github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= -github.com/argoproj/argo-cd v1.6.1 h1:xluKFCEBxzAkYzUHrqjYF3LPnityAzVQ9Qy9n1oChO8= -github.com/argoproj/argo-cd v1.6.1/go.mod h1:qRyKHxh5BLUVheMoMU0uq1/wwRMgmbpEGc8Csd61MRI= -github.com/argoproj/gitops-engine v0.1.2 h1:tUDt0DR3axmHLmEJwgqWnr+cHHSK6cJLJef3YTLkQ+E= -github.com/argoproj/gitops-engine v0.1.2/go.mod h1:UmBGlQLT/MPNiMmbnouZRWhkk3slPuozMsENdXMkIMs= +github.com/argoproj/argo-cd v1.6.2 h1:kpoS3TxMJYkUmtri6sXe1QbyjGkC9OaHT43K1B/8y6E= +github.com/argoproj/argo-cd v1.6.2/go.mod h1:VHSJfpnOXUjtaDyb4C34YPO4pnZ79vRqa5nDeqh3PO8= +github.com/argoproj/gitops-engine v0.1.3 h1:eQp1bfqaeaATcu4XErlxNb6aVsN4rC7suL/Fqx/9E+k= +github.com/argoproj/gitops-engine v0.1.3/go.mod h1:UmBGlQLT/MPNiMmbnouZRWhkk3slPuozMsENdXMkIMs= github.com/argoproj/pkg v0.0.0-20200102163130-2dd1f3f6b4de/go.mod h1:2EZ44RG/CcgtPTwrRR0apOc7oU6UIw8GjCUJWZ8X3bM= github.com/argoproj/pkg v0.0.0-20200319004004-f46beff7cd54 h1:hDn02iEkh5EUl4TJfOo6AI9uSgh0vt/qh66ODuQl/YE= github.com/argoproj/pkg v0.0.0-20200319004004-f46beff7cd54/go.mod h1:2EZ44RG/CcgtPTwrRR0apOc7oU6UIw8GjCUJWZ8X3bM= @@ -136,6 +136,8 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/cristalhq/jwt/v3 v3.0.0 h1:0PtBLOa6XEZj6powOaneZCxU3+yiFSYwVeL2wmbavnY= github.com/cristalhq/jwt/v3 v3.0.0/go.mod h1:XOnIXst8ozq/esy5N1XOlSyQqBd+84fxJ99FK+1jgL8= +github.com/cristalhq/jwt/v3 v3.0.2 h1:y5aYVOJysyPRZvRGblEAYfphqERNPgTGWOA9DUUK1t8= +github.com/cristalhq/jwt/v3 v3.0.2/go.mod h1:XOnIXst8ozq/esy5N1XOlSyQqBd+84fxJ99FK+1jgL8= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/manifests/install/git-private-repository.yml b/manifests/install/git-private-repository.yml new file mode 100644 index 00000000..4966fde7 --- /dev/null +++ b/manifests/install/git-private-repository.yml @@ -0,0 +1,108 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-authorized-ssh-keys + namespace: argocd +type: Opaque +stringData: + sshUsername: git + sshPublicKey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ7pXHSBsqooIjTAimV+ArkkGMIM7duG1Texl8uh5Rm test@argocd" + sshPrivateKey: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZgAAAJB9cNEifXDR + IgAAAAtzc2gtZWQyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZg + AAAEAJeUrObjoTbGO1Sq4TXHl/j4RJ5aKMC1OemWuHmLK7XYZ7pXHSBsqooIjTAimV+Ark + kGMIM7duG1Texl8uh5RmAAAAC3Rlc3RAYXJnb2NkAQI= + -----END OPENSSH PRIVATE KEY----- + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: git-private-repository-contents + namespace: argocd +data: + configmap.yml: | + apiVersion: v1 + kind: Configmap + metadata: + name: testdata + namespace: default + data: + foo: bar + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: private-git-repository + namespace: argocd +spec: + selector: + matchLabels: + app.kubernetes.io/name: private-git-repository + template: + metadata: + labels: + app.kubernetes.io/name: private-git-repository + spec: + volumes: + - name: repo-contents + configMap: + optional: false + name: git-private-repository-contents + containers: + - name: private-git-repository + image: alpine:3 + volumeMounts: + - mountPath: /mnt/testdata + name: repo-contents + readOnly: true + ports: + - containerPort: 22 + protocol: TCP + name: sshd + readinessProbe: + tcpSocket: + port: 22 + command: + - sh + - -c + args: + - 'apk add --no-cache --update git sudo openssh && + adduser git -D && + echo "git:2S8RrPQgxGdAv3Wp2ALKsWQLT5WLj66R3JxuJU35dCemwqLVfd"|chpasswd && + sudo -u git sh -c " + cd && + mkdir .ssh && + chmod 700 .ssh && + echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ7pXHSBsqooIjTAimV+ArkkGMIM7duG1Texl8uh5Rm test@argocd > .ssh/authorized_keys && + chmod 600 .ssh/authorized_keys && + mkdir project.git && + cd project.git && + git config --global user.email \"test@argocd\" && + git config --global user.name \"acctest\" && + git init && + cp /mnt/testdata/configmap.yml . && + git add . && + git commit -m init" && + ssh-keygen -A && + /usr/sbin/sshd -p 22 -D' + +--- +apiVersion: v1 +kind: Service +metadata: + name: private-git-repository + namespace: argocd +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: private-git-repository + ports: + - port: 22 + targetPort: sshd + name: sshd + protocol: TCP \ No newline at end of file diff --git a/manifests/install/kustomization.yml b/manifests/install/kustomization.yml index 9b66f299..59ef936a 100644 --- a/manifests/install/kustomization.yml +++ b/manifests/install/kustomization.yml @@ -5,6 +5,7 @@ namespace: argocd resources: - namespace.yml - install.yml + - git-private-repository.yml patchesStrategicMerge: - patches/deployment.yml - patches/secret.yml \ No newline at end of file diff --git a/manifests/install/ssh-identity.key b/manifests/install/ssh-identity.key new file mode 100644 index 00000000..54c9fc5c --- /dev/null +++ b/manifests/install/ssh-identity.key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZgAAAJB9cNEifXDR +IgAAAAtzc2gtZWQyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZg +AAAEAJeUrObjoTbGO1Sq4TXHl/j4RJ5aKMC1OemWuHmLK7XYZ7pXHSBsqooIjTAimV+Ark +kGMIM7duG1Texl8uh5RmAAAAC3Rlc3RAYXJnb2NkAQI= +-----END OPENSSH PRIVATE KEY-----