Merge branch 'argoproj:master' into master

SECURITY.md

@@ -1,6 +1,6 @@
 # Security Policy for Argo CD
 
-Version: **v1.3 (2021-12-08)**
+Version: **v1.4 (2022-01-23)**
 
 ## Preface
 
@@ -26,8 +26,12 @@ are well aware of the issues that may affect Argo CD and are constantly
 working on the remediation of those that affect Argo CD and our users.
 
 If you believe that we might have missed an issue that we should take a look
-at (that can happen), then please discuss it with us. But please, do validate
-that assumption before at least roughly.
+at (that can happen), then please discuss it with us. If there is a CVE
+assigned to the issue, please do open an issue on our GitHub tracker instead
+of writing to the security contact e-mail, since things reported by scanners
+are public already and the discussion that might emerge is of benefit to the
+general community. However, please validate your scanner results and its
+impact on Argo CD before opening an issue at least roughly.
 
 ## Supported Versions
 

cmd/argocd/commands/headless/headless.go

@@ -16,6 +16,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
+	"k8s.io/utils/pointer"
 
 	argoapi "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
@@ -91,7 +92,7 @@ func InitCommand(cmd *cobra.Command, clientOpts *argoapi.ClientOptions, port *in
 		log.SetLevel(log.ErrorLevel)
 		os.Setenv(v1alpha1.EnvVarFakeInClusterConfig, "true")
 		if address == nil {
-			*address = "localhost"
+			address = pointer.String("localhost")
 		}
 		if port == nil || *port == 0 {
 			addr := fmt.Sprintf("%s:0", *address)

docs/operator-manual/application.yaml

@@ -4,7 +4,7 @@ metadata:
   name: guestbook
   # You'll usually want to add your resources to the argocd namespace.
   namespace: argocd
-  # Add a this finalizer ONLY if you want these to cascade delete.
+  # Add this finalizer ONLY if you want these to cascade delete.
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
@@ -13,11 +13,12 @@ spec:
 
   # Source of the application manifests
   source:
-    repoURL: https://github.com/argoproj/argocd-example-apps.git
-    targetRevision: HEAD
-    path: guestbook
+    repoURL: https://github.com/argoproj/argocd-example-apps.git  # Can point to either a Helm chart repo or a git repo.
+    targetRevision: HEAD  # For Helm, this refers to the chart version.
+    path: guestbook  # This has no meaning for Helm charts pulled directly from a Helm repo instead of git.
 
     # helm specific config
+    chart: chart-name  # Set this when pulling directly from a Helm repo. DO NOT set for git-hosted Helm charts.
     helm:
       # Extra parameters to set (same as setting through values.yaml, but these take precedence)
       parameters:

docs/operator-manual/notifications/catalog.md

@@ -72,6 +72,7 @@ slack:
       {{end}}
       ]
     }]
+  deliveryPolicy: Post
   groupingKey: ""
   notifyBroadcast: false
 teams:
@@ -154,6 +155,7 @@ slack:
       {{end}}
       ]
     }]
+  deliveryPolicy: Post
   groupingKey: ""
   notifyBroadcast: false
 teams:
@@ -232,6 +234,7 @@ slack:
       {{end}}
       ]
     }]
+  deliveryPolicy: Post
   groupingKey: ""
   notifyBroadcast: false
 teams:
@@ -314,6 +317,7 @@ slack:
       {{end}}
       ]
     }]
+  deliveryPolicy: Post
   groupingKey: ""
   notifyBroadcast: false
 teams:
@@ -400,6 +404,7 @@ slack:
       {{end}}
       ]
     }]
+  deliveryPolicy: Post
   groupingKey: ""
   notifyBroadcast: false
 teams:
@@ -477,6 +482,7 @@ slack:
       {{end}}
       ]
     }]
+  deliveryPolicy: Post
   groupingKey: ""
   notifyBroadcast: false
 teams:

docs/operator-manual/notifications/services/slack.md

@@ -145,3 +145,5 @@ template.app-sync-failed: |
     groupingKey: "{{.app.status.sync.revision}}"
     notifyBroadcast: true
 ```
+
+The message is sent according to the `deliveryPolicy` string field under the `slack` field. The available modes are `Post` (default), `PostAndUpdate`, and `Update`. The `PostAndUpdate` and `Update` settings require `groupingKey` to be set.

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/alicebob/miniredis v2.5.0+incompatible
 	github.com/alicebob/miniredis/v2 v2.14.2
 	github.com/argoproj/gitops-engine v0.5.1-0.20220119211147-b5600162862f
-	github.com/argoproj/notifications-engine v0.3.0
+	github.com/argoproj/notifications-engine v0.3.1-0.20220124172652-14e7f52eb33e
 	github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0
 	github.com/bombsimon/logrusr/v2 v2.0.1
 	github.com/bradleyfalzon/ghinstallation/v2 v2.0.4

go.sum

@@ -127,8 +127,8 @@ github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb
 github.com/appscode/go v0.0.0-20190808133642-1d4ef1f1c1e0/go.mod h1:iy07dV61Z7QQdCKJCIvUoDL21u6AIceRhZzyleh2ymc=
 github.com/argoproj/gitops-engine v0.5.1-0.20220119211147-b5600162862f h1:9ZEZZ5vgvaWLeAZnrZEpBh9UdW+RD19odD6YziYc5/8=
 github.com/argoproj/gitops-engine v0.5.1-0.20220119211147-b5600162862f/go.mod h1:t/X9eVdopmPIYO0LTCqZirEXCQn1tzXxxQpEgMtTwWI=
-github.com/argoproj/notifications-engine v0.3.0 h1:1KMVYwXlg7SGzX00eg/bU0YupXDVdfpm8FlpNbrkUxM=
-github.com/argoproj/notifications-engine v0.3.0/go.mod h1:0TEB4QbOsNN8URcsUJpAFuuG6aw8KS8ZY/YCzsss9JQ=
+github.com/argoproj/notifications-engine v0.3.1-0.20220124172652-14e7f52eb33e h1:px7jeBJNoRF84tcik7Iw7MtXOUiqqNhYLf3UapYhJBM=
+github.com/argoproj/notifications-engine v0.3.1-0.20220124172652-14e7f52eb33e/go.mod h1:fONJdKbHnb3uhczfCXfJhlk87RPKCqt489KX+AaXurA=
 github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 h1:Cfp7rO/HpVxnwlRqJe0jHiBbZ77ZgXhB6HWlYD02Xdc=
 github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0/go.mod h1:ra+bQPmbVAoEL+gYSKesuigt4m49i3Qa3mE/xQcjCiA=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
@@ -165,8 +165,6 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
 github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM=
 github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio=
-github.com/bradleyfalzon/ghinstallation v1.1.1 h1:pmBXkxgM1WeF8QYvDLT5kuQiHMcmf+X015GI0KM/E3I=
-github.com/bradleyfalzon/ghinstallation v1.1.1/go.mod h1:vyCmHTciHx/uuyN82Zc3rXN3X2KTK8nUTCrTMwAhcug=
 github.com/bradleyfalzon/ghinstallation/v2 v2.0.4 h1:tXKVfhE7FcSkhkv0UwkLvPDeZ4kz6OXd0PKPlFqf81M=
 github.com/bradleyfalzon/ghinstallation/v2 v2.0.4/go.mod h1:B40qPqJxWE0jDZgOR1JmaMy+4AY1eBP+IByOvqyAKp0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
@@ -242,7 +240,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
 github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
@@ -407,8 +404,8 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaELYAEARXRkq2LrJ0yDDv1rW7+wrTEdVL3uaU=
-github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM=
+github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.4.0 h1:Mr3JcvBjQEhCN9wld6OHKHuHxWaoXTaQfYKmj7QwP18=
+github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.4.0/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8=
 github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho=
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
@@ -475,10 +472,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-github/v29 v29.0.2 h1:opYN6Wc7DOz7Ku3Oh4l7prmkOMwEcQxpFtxdU8N8Pts=
-github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E=
-github.com/google/go-github/v33 v33.0.0 h1:qAf9yP0qc54ufQxzwv+u9H0tiVOnPJxo0lI/JXqw3ZM=
-github.com/google/go-github/v33 v33.0.0/go.mod h1:GMdDnVZY/2TsWgp/lkYnpSAh6TrzhANBBwm6k6TTEXg=
 github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg=
 github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg=
 github.com/google/go-jsonnet v0.18.0 h1:/6pTy6g+Jh1a1I2UMoAODkqELFiVIdOxbNwv0DDzoOg=
@@ -962,8 +955,6 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/technoweenie/multipartstreamer v1.0.1 h1:XRztA5MXiR1TIRHxH2uNxXxaIkKQDeX7m2XsSOlQEnM=
-github.com/technoweenie/multipartstreamer v1.0.1/go.mod h1:jNVxdtShOxzAsukZwTSw6MDx5eUJoiEBsSvzDU9uzog=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=

notifications_catalog/install.yaml

@@ -50,6 +50,7 @@ data:
           {{end}}
           ]
         }]
+      deliveryPolicy: Post
       groupingKey: ""
       notifyBroadcast: false
     teams:
@@ -128,6 +129,7 @@ data:
           {{end}}
           ]
         }]
+      deliveryPolicy: Post
       groupingKey: ""
       notifyBroadcast: false
     teams:
@@ -202,6 +204,7 @@ data:
           {{end}}
           ]
         }]
+      deliveryPolicy: Post
       groupingKey: ""
       notifyBroadcast: false
     teams:
@@ -280,6 +283,7 @@ data:
           {{end}}
           ]
         }]
+      deliveryPolicy: Post
       groupingKey: ""
       notifyBroadcast: false
     teams:
@@ -362,6 +366,7 @@ data:
           {{end}}
           ]
         }]
+      deliveryPolicy: Post
       groupingKey: ""
       notifyBroadcast: false
     teams:
@@ -435,6 +440,7 @@ data:
           {{end}}
           ]
         }]
+      deliveryPolicy: Post
       groupingKey: ""
       notifyBroadcast: false
     teams: