diff --git a/bundle/manifests/argoproj.io_argocds.yaml b/bundle/manifests/argoproj.io_argocds.yaml index 9a4ca5030..bfe63c0f0 100644 --- a/bundle/manifests/argoproj.io_argocds.yaml +++ b/bundle/manifests/argoproj.io_argocds.yaml @@ -454,32 +454,245 @@ spec: description: Principal defines configurations for the Principal component of Argo CD Agent. properties: - allowedNamespaces: - description: AllowedNamespaces is the list of namespaces that - the Principal component is allowed to access. - items: - type: string - type: array - auth: - description: Auth is the authentication method for the Principal - component. - type: string enabled: description: Enabled is the flag to enable the Principal component during Argo CD installation. (optional, default `false`) type: boolean - image: - description: Image is the name of Argo CD Agent image - type: string - jwtAllowGenerate: - description: JWTAllowGenerate is the flag to enable the JWT - generation during Argo CD installation. - type: boolean - logLevel: - description: LogLevel refers to the log level used by the - Principal component. Defaults to info if not configured. - Valid options are debug, info, trace, error, and warn. - type: string + jwt: + description: JWT defines the JWT options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own private key for signing + JWT tokens (insecure). + type: boolean + secretName: + description: SecretName is the name of the secret containing + the JWT signing key. + type: string + type: object + namespace: + description: Namespace is the configuration for the Principal + component namespace. + properties: + allowedNamespaces: + description: AllowedNamespaces is a list of namespaces + the principal shall watch and process Argo CD resources + in. + items: + type: string + type: array + enableNamespaceCreate: + description: EnableNamespaceCreate is the flag to enable + namespace creation for agents. + type: boolean + namespaceCreateLabels: + description: 'NamespaceCreateLabels is the set of labels + to apply to namespaces created for agents. Ex: "foo=bar,bar=baz"' + items: + type: string + type: array + namespaceCreatePattern: + description: NamespaceCreatePattern is a regexp pattern + to restrict the names of namespaces to be created. + type: string + type: object + redis: + description: Redis defines the Redis options for the Principal + component. + properties: + compressionType: + description: CompressionType is the compression type to + be used by Redis. + type: string + serverAddress: + description: ServerAddress is the address of the Redis + server to be used by the Principal component. + type: string + type: object + resourceProxy: + description: ResourceProxy defines the Resource Proxy options + for the Principal component. + properties: + caSecretName: + description: CASecretName is the name of the secret containing + the CA certificate for the resource proxy. + type: string + secretName: + description: SecretName is the name of the secret containing + the TLS certificate and key for the resource proxy. + type: string + type: object + server: + description: Server defines the server options for the Principal + component. + properties: + auth: + description: Auth is the authentication method for the + Principal component. + type: string + enableWebSocket: + description: EnableWebSocket is the flag to enable the + WebSocket on gRPC to stream events to the Agent. + type: boolean + env: + description: Env lets you specify environment for principal + pods + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the name of Argo CD Agent image + type: string + keepAliveMinInterval: + description: KeepAliveMinInterval is the minimum interval + between keep-alive messages sent by the Agent to the + Principal. + type: string + logFormat: + description: LogFormat refers to the log format used by + the Principal component. + type: string + logLevel: + description: LogLevel refers to the log level used by + the Principal component. + type: string + type: object + tls: + description: TLS defines the TLS options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own set of TLS cert and key + on startup when none are configured + type: boolean + rootCASecretName: + description: RootCASecretName is the name of the secret + containing the root CA TLS certificate + type: string + secretName: + description: SecretName is The name of the secret containing + the TLS certificate and key. + type: string + type: object type: object type: object banner: @@ -10198,32 +10411,245 @@ spec: description: Principal defines configurations for the Principal component of Argo CD Agent. properties: - allowedNamespaces: - description: AllowedNamespaces is the list of namespaces that - the Principal component is allowed to access. - items: - type: string - type: array - auth: - description: Auth is the authentication method for the Principal - component. - type: string enabled: description: Enabled is the flag to enable the Principal component during Argo CD installation. (optional, default `false`) type: boolean - image: - description: Image is the name of Argo CD Agent image - type: string - jwtAllowGenerate: - description: JWTAllowGenerate is the flag to enable the JWT - generation during Argo CD installation. - type: boolean - logLevel: - description: LogLevel refers to the log level used by the - Principal component. Defaults to info if not configured. - Valid options are debug, info, trace, error, and warn. - type: string + jwt: + description: JWT defines the JWT options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own private key for signing + JWT tokens (insecure). + type: boolean + secretName: + description: SecretName is the name of the secret containing + the JWT signing key. + type: string + type: object + namespace: + description: Namespace is the configuration for the Principal + component namespace. + properties: + allowedNamespaces: + description: AllowedNamespaces is a list of namespaces + the principal shall watch and process Argo CD resources + in. + items: + type: string + type: array + enableNamespaceCreate: + description: EnableNamespaceCreate is the flag to enable + namespace creation for agents. + type: boolean + namespaceCreateLabels: + description: 'NamespaceCreateLabels is the set of labels + to apply to namespaces created for agents. Ex: "foo=bar,bar=baz"' + items: + type: string + type: array + namespaceCreatePattern: + description: NamespaceCreatePattern is a regexp pattern + to restrict the names of namespaces to be created. + type: string + type: object + redis: + description: Redis defines the Redis options for the Principal + component. + properties: + compressionType: + description: CompressionType is the compression type to + be used by Redis. + type: string + serverAddress: + description: ServerAddress is the address of the Redis + server to be used by the Principal component. + type: string + type: object + resourceProxy: + description: ResourceProxy defines the Resource Proxy options + for the Principal component. + properties: + caSecretName: + description: CASecretName is the name of the secret containing + the CA certificate for the resource proxy. + type: string + secretName: + description: SecretName is the name of the secret containing + the TLS certificate and key for the resource proxy. + type: string + type: object + server: + description: Server defines the server options for the Principal + component. + properties: + auth: + description: Auth is the authentication method for the + Principal component. + type: string + enableWebSocket: + description: EnableWebSocket is the flag to enable the + WebSocket on gRPC to stream events to the Agent. + type: boolean + env: + description: Env lets you specify environment for principal + pods + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the name of Argo CD Agent image + type: string + keepAliveMinInterval: + description: KeepAliveMinInterval is the minimum interval + between keep-alive messages sent by the Agent to the + Principal. + type: string + logFormat: + description: LogFormat refers to the log format used by + the Principal component. + type: string + logLevel: + description: LogLevel refers to the log level used by + the Principal component. + type: string + type: object + tls: + description: TLS defines the TLS options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own set of TLS cert and key + on startup when none are configured + type: boolean + rootCASecretName: + description: RootCASecretName is the name of the secret + containing the root CA TLS certificate + type: string + secretName: + description: SecretName is The name of the secret containing + the TLS certificate and key. + type: string + type: object type: object type: object banner: diff --git a/cmd/main.go b/cmd/main.go index c7b7d240a..3c6d25252 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -36,6 +36,7 @@ import ( argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" argocdcommon "github.com/argoproj-labs/argocd-operator/common" argocdprovisioner "github.com/argoproj-labs/argocd-operator/controllers/argocd" + "github.com/argoproj-labs/argocd-operator/controllers/argoutil" notificationsprovisioner "github.com/argoproj-labs/argocd-operator/controllers/notificationsconfiguration" appsv1 "github.com/openshift/api/apps/v1" configv1 "github.com/openshift/api/config/v1" @@ -231,6 +232,7 @@ func main() { LocalUsers: &argocdprovisioner.LocalUsersInfo{ TokenRenewalTimers: map[string]*argocdprovisioner.TokenRenewalTimer{}, }, + FipsConfigChecker: argoutil.NewLinuxFipsConfigChecker(), }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Argo CD") os.Exit(1) diff --git a/config/crd/bases/argoproj.io_argocds.yaml b/config/crd/bases/argoproj.io_argocds.yaml index 52a308f44..c4832b802 100644 --- a/config/crd/bases/argoproj.io_argocds.yaml +++ b/config/crd/bases/argoproj.io_argocds.yaml @@ -443,32 +443,245 @@ spec: description: Principal defines configurations for the Principal component of Argo CD Agent. properties: - allowedNamespaces: - description: AllowedNamespaces is the list of namespaces that - the Principal component is allowed to access. - items: - type: string - type: array - auth: - description: Auth is the authentication method for the Principal - component. - type: string enabled: description: Enabled is the flag to enable the Principal component during Argo CD installation. (optional, default `false`) type: boolean - image: - description: Image is the name of Argo CD Agent image - type: string - jwtAllowGenerate: - description: JWTAllowGenerate is the flag to enable the JWT - generation during Argo CD installation. - type: boolean - logLevel: - description: LogLevel refers to the log level used by the - Principal component. Defaults to info if not configured. - Valid options are debug, info, trace, error, and warn. - type: string + jwt: + description: JWT defines the JWT options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own private key for signing + JWT tokens (insecure). + type: boolean + secretName: + description: SecretName is the name of the secret containing + the JWT signing key. + type: string + type: object + namespace: + description: Namespace is the configuration for the Principal + component namespace. + properties: + allowedNamespaces: + description: AllowedNamespaces is a list of namespaces + the principal shall watch and process Argo CD resources + in. + items: + type: string + type: array + enableNamespaceCreate: + description: EnableNamespaceCreate is the flag to enable + namespace creation for agents. + type: boolean + namespaceCreateLabels: + description: 'NamespaceCreateLabels is the set of labels + to apply to namespaces created for agents. Ex: "foo=bar,bar=baz"' + items: + type: string + type: array + namespaceCreatePattern: + description: NamespaceCreatePattern is a regexp pattern + to restrict the names of namespaces to be created. + type: string + type: object + redis: + description: Redis defines the Redis options for the Principal + component. + properties: + compressionType: + description: CompressionType is the compression type to + be used by Redis. + type: string + serverAddress: + description: ServerAddress is the address of the Redis + server to be used by the Principal component. + type: string + type: object + resourceProxy: + description: ResourceProxy defines the Resource Proxy options + for the Principal component. + properties: + caSecretName: + description: CASecretName is the name of the secret containing + the CA certificate for the resource proxy. + type: string + secretName: + description: SecretName is the name of the secret containing + the TLS certificate and key for the resource proxy. + type: string + type: object + server: + description: Server defines the server options for the Principal + component. + properties: + auth: + description: Auth is the authentication method for the + Principal component. + type: string + enableWebSocket: + description: EnableWebSocket is the flag to enable the + WebSocket on gRPC to stream events to the Agent. + type: boolean + env: + description: Env lets you specify environment for principal + pods + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the name of Argo CD Agent image + type: string + keepAliveMinInterval: + description: KeepAliveMinInterval is the minimum interval + between keep-alive messages sent by the Agent to the + Principal. + type: string + logFormat: + description: LogFormat refers to the log format used by + the Principal component. + type: string + logLevel: + description: LogLevel refers to the log level used by + the Principal component. + type: string + type: object + tls: + description: TLS defines the TLS options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own set of TLS cert and key + on startup when none are configured + type: boolean + rootCASecretName: + description: RootCASecretName is the name of the secret + containing the root CA TLS certificate + type: string + secretName: + description: SecretName is The name of the secret containing + the TLS certificate and key. + type: string + type: object type: object type: object banner: @@ -10187,32 +10400,245 @@ spec: description: Principal defines configurations for the Principal component of Argo CD Agent. properties: - allowedNamespaces: - description: AllowedNamespaces is the list of namespaces that - the Principal component is allowed to access. - items: - type: string - type: array - auth: - description: Auth is the authentication method for the Principal - component. - type: string enabled: description: Enabled is the flag to enable the Principal component during Argo CD installation. (optional, default `false`) type: boolean - image: - description: Image is the name of Argo CD Agent image - type: string - jwtAllowGenerate: - description: JWTAllowGenerate is the flag to enable the JWT - generation during Argo CD installation. - type: boolean - logLevel: - description: LogLevel refers to the log level used by the - Principal component. Defaults to info if not configured. - Valid options are debug, info, trace, error, and warn. - type: string + jwt: + description: JWT defines the JWT options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own private key for signing + JWT tokens (insecure). + type: boolean + secretName: + description: SecretName is the name of the secret containing + the JWT signing key. + type: string + type: object + namespace: + description: Namespace is the configuration for the Principal + component namespace. + properties: + allowedNamespaces: + description: AllowedNamespaces is a list of namespaces + the principal shall watch and process Argo CD resources + in. + items: + type: string + type: array + enableNamespaceCreate: + description: EnableNamespaceCreate is the flag to enable + namespace creation for agents. + type: boolean + namespaceCreateLabels: + description: 'NamespaceCreateLabels is the set of labels + to apply to namespaces created for agents. Ex: "foo=bar,bar=baz"' + items: + type: string + type: array + namespaceCreatePattern: + description: NamespaceCreatePattern is a regexp pattern + to restrict the names of namespaces to be created. + type: string + type: object + redis: + description: Redis defines the Redis options for the Principal + component. + properties: + compressionType: + description: CompressionType is the compression type to + be used by Redis. + type: string + serverAddress: + description: ServerAddress is the address of the Redis + server to be used by the Principal component. + type: string + type: object + resourceProxy: + description: ResourceProxy defines the Resource Proxy options + for the Principal component. + properties: + caSecretName: + description: CASecretName is the name of the secret containing + the CA certificate for the resource proxy. + type: string + secretName: + description: SecretName is the name of the secret containing + the TLS certificate and key for the resource proxy. + type: string + type: object + server: + description: Server defines the server options for the Principal + component. + properties: + auth: + description: Auth is the authentication method for the + Principal component. + type: string + enableWebSocket: + description: EnableWebSocket is the flag to enable the + WebSocket on gRPC to stream events to the Agent. + type: boolean + env: + description: Env lets you specify environment for principal + pods + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the name of Argo CD Agent image + type: string + keepAliveMinInterval: + description: KeepAliveMinInterval is the minimum interval + between keep-alive messages sent by the Agent to the + Principal. + type: string + logFormat: + description: LogFormat refers to the log format used by + the Principal component. + type: string + logLevel: + description: LogLevel refers to the log level used by + the Principal component. + type: string + type: object + tls: + description: TLS defines the TLS options for the Principal + component. + properties: + insecureGenerate: + description: InsecureGenerate is the flag to allow the + principal to generate its own set of TLS cert and key + on startup when none are configured + type: boolean + rootCASecretName: + description: RootCASecretName is the name of the secret + containing the root CA TLS certificate + type: string + secretName: + description: SecretName is The name of the secret containing + the TLS certificate and key. + type: string + type: object type: object type: object banner: diff --git a/go.mod b/go.mod index dddf7cc05..2fcad6652 100644 --- a/go.mod +++ b/go.mod @@ -4,9 +4,9 @@ go 1.24.6 require ( github.com/argoproj-labs/argo-rollouts-manager v0.0.6-0.20250731075119-a100fc1d88b8 - github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20250828161935-75b2e086ba21 - github.com/argoproj/argo-cd/v3 v3.1.1 - github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58 + github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20251003130632-ef7197954c1d + github.com/argoproj/argo-cd/v3 v3.1.8 + github.com/argoproj/gitops-engine v0.7.1-0.20250905160054-e48120133eec github.com/go-logr/logr v1.4.3 github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.1-0.20241114170450-2d3c2a9cc518 diff --git a/go.sum b/go.sum index 1364b8e3f..070479741 100644 --- a/go.sum +++ b/go.sum @@ -31,12 +31,12 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/argoproj-labs/argo-rollouts-manager v0.0.6-0.20250731075119-a100fc1d88b8 h1:6+eo7BKrNkSIhQ1nnyCUloSNrGzghlb8r8e7GokoeBo= github.com/argoproj-labs/argo-rollouts-manager v0.0.6-0.20250731075119-a100fc1d88b8/go.mod h1:yTwzKUV79YyI764hkXdVojGYBA9yKJk3qXx5mRuQ2Xc= -github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20250828161935-75b2e086ba21 h1:3hrm9AsOV10mEKS7E7GRbpI4Zb391lw11wGM+/2hh7g= -github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20250828161935-75b2e086ba21/go.mod h1:fhN/hOiIuSANIgYxF3sxjVfTbj7MR9pkp73om6zYKMA= -github.com/argoproj/argo-cd/v3 v3.1.1 h1:5qzZUtfpHTwrySprpQwpvjPUHKUz7gBs/wK7PSiVQ8I= -github.com/argoproj/argo-cd/v3 v3.1.1/go.mod h1:QqvzXzddclRLN7m9XrMb1SM6rOTFP9druSh7wrapZbw= -github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58 h1:9ESamu44v3dR9j/I4/4Aa1Fx3QSIE8ElK1CR8Z285uk= -github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw= +github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20251003130632-ef7197954c1d h1:slrUXHB/GMsy/UFKi4zggjtNfmSFX6XXlxw094InwEU= +github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20251003130632-ef7197954c1d/go.mod h1:sxYdfg7RtkSZt7F9jdDq8lha1AqpsTNeMhWFUXNEg0o= +github.com/argoproj/argo-cd/v3 v3.1.8 h1:NkLPiRI5qGkV+q1EN3O7/0Wb9O/MVl62vadKteZqMUw= +github.com/argoproj/argo-cd/v3 v3.1.8/go.mod h1:ZHb/LOz/hr88VWMJiVTd8DGYL7MheHCAT8S6DgYOBFo= +github.com/argoproj/gitops-engine v0.7.1-0.20250905160054-e48120133eec h1:rNAwbRQFvRIuW/e2bU+B10mlzghYXsnwZedYeA7Drz4= +github.com/argoproj/gitops-engine v0.7.1-0.20250905160054-e48120133eec/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw= github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5 h1:YBoLSjpoaJXaXAldVvBRKJuOPvIXz9UOv6S96gMJM/Q= github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5/go.mod h1:ebVOzFJphdN1p6EG2mIMECv/3Rk/almSaxIYuFAmsSw= github.com/argoproj/pkg/v2 v2.0.1 h1:O/gCETzB/3+/hyFL/7d/VM/6pSOIRWIiBOTb2xqAHvc= @@ -124,8 +124,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM= github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= -github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY= -github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw= +github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI= +github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= diff --git a/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go b/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go index 45ffc7ef4..9d81ade4f 100644 --- a/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go +++ b/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go @@ -319,7 +319,7 @@ func HaveContainerCommandSubstring(expectedCommandSubstring string, containerInd GinkgoWriter.Println("HaveContainerCommandSubstring: Have:") GinkgoWriter.Println(cmdLine) - GinkgoWriter.Println("HaveContainerCommandSubstring: Expect:") + GinkgoWriter.Println("HaveContainerCommandSubstring: Expect substring:") GinkgoWriter.Println(expectedCommandSubstring) return strings.Contains(cmdLine, expectedCommandSubstring) diff --git a/test/openshift/e2e/ginkgo/fixture/fixture.go b/test/openshift/e2e/ginkgo/fixture/fixture.go index 246309f85..dc95dcb86 100644 --- a/test/openshift/e2e/ginkgo/fixture/fixture.go +++ b/test/openshift/e2e/ginkgo/fixture/fixture.go @@ -19,7 +19,6 @@ import ( "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/util/retry" - "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" rolloutmanagerv1alpha1 "github.com/argoproj-labs/argo-rollouts-manager/api/v1alpha1" @@ -275,7 +274,7 @@ func CreateNamespace(name string) *corev1.Namespace { // If the Namespace already exists, delete it first if err := k8sClient.Get(context.Background(), client.ObjectKeyFromObject(ns), ns); err == nil { // Namespace exists, so delete it first - Expect(deleteNamespace(context.Background(), ns.Name, k8sClient)).To(Succeed()) + Expect(deleteNamespaceAndVerify(context.Background(), ns.Name, k8sClient)).To(Succeed()) } ns = &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{ @@ -304,7 +303,7 @@ func CreateManagedNamespace(name string, managedByNamespace string) *corev1.Name // If the Namespace already exists, delete it first if err := k8sClient.Get(context.Background(), client.ObjectKeyFromObject(ns), ns); err == nil { // Namespace exists, so delete it first - Expect(deleteNamespace(context.Background(), ns.Name, k8sClient)).To(Succeed()) + Expect(deleteNamespaceAndVerify(context.Background(), ns.Name, k8sClient)).To(Succeed()) } ns = &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{ @@ -344,12 +343,10 @@ func DeleteNamespace(ns *corev1.Namespace) { k8sClient, _, err := utils.GetE2ETestKubeClientWithError() Expect(err).ToNot(HaveOccurred()) - err = k8sClient.Delete(context.Background(), ns, &client.DeleteOptions{PropagationPolicy: ptr.To(metav1.DeletePropagationForeground)}) - // Error shouldn't occur, UNLESS it's because the NS no longer exists - if err != nil && !apierr.IsNotFound(err) { - Expect(err).ToNot(HaveOccurred()) - } + err = deleteNamespaceAndVerify(context.Background(), ns.Name, k8sClient) + Expect(err).ToNot(HaveOccurred()) + } // EnvNonOLM checks if NON_OLM var is set; this variable is set when testing on GitOps operator that is not installed via OLM @@ -708,15 +705,15 @@ func ensureTestNamespacesDeleted(ctx context.Context, k8sClient client.Client) e // delete selected namespaces for _, namespace := range nsList.Items { - if err := deleteNamespace(ctx, namespace.Name, k8sClient); err != nil { + if err := deleteNamespaceAndVerify(ctx, namespace.Name, k8sClient); err != nil { return fmt.Errorf("unable to delete namespace '%s': %w", namespace.Name, err) } } return nil } -// deleteNamespace deletes a namespace, and waits for it to be reported as deleted. -func deleteNamespace(ctx context.Context, namespaceParam string, k8sClient client.Client) error { +// deleteNamespaceAndVerify deletes a namespace, and waits for it to be reported as deleted. +func deleteNamespaceAndVerify(ctx context.Context, namespaceParam string, k8sClient client.Client) error { GinkgoWriter.Println("Deleting Namespace", namespaceParam) @@ -980,3 +977,7 @@ func outputPodLog(podSubstring string) { GinkgoWriter.Println("----------------------------------------------------------------") } + +func IsUpstreamOperatorTests() bool { + return false // This function should return true if running from argocd-operator repo, false if running from gitops-operator repo. This is to distinguish between tests in upstream argocd-operator and downstream gitops-operator repos. +} diff --git a/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go b/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go index d5bba8423..b3f066790 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go @@ -42,8 +42,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-023_validate_repo_server_tls", func() { var ( - ctx context.Context - k8sClient client.Client + ctx context.Context + k8sClient client.Client + nsTest_1_23_custom *corev1.Namespace + cleanupFunc func() ) BeforeEach(func() { @@ -52,12 +54,16 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { ctx = context.Background() }) + AfterEach(func() { + defer cleanupFunc() + fixture.OutputDebugOnFail(nsTest_1_23_custom) + }) + It("verifying ArgoCD .spec.repo AutoTLS and verifyTLS work as expected", func() { By("creating a namespace scoped Argo instance with AutoTLS set to 'openshift'") - nsTest_1_23_custom, cleanupFn1 := fixture.CreateNamespaceWithCleanupFunc("test-1-23-custom") - defer cleanupFn1() + nsTest_1_23_custom, cleanupFunc = fixture.CreateNamespaceWithCleanupFunc("test-1-23-custom") argoCDTest_1_23_custom := &argov1beta1api.ArgoCD{ ObjectMeta: metav1.ObjectMeta{Name: "argocd", Namespace: nsTest_1_23_custom.Name}, diff --git a/test/openshift/e2e/ginkgo/parallel/1-042_restricted_pss_compliant_test.go b/test/openshift/e2e/ginkgo/parallel/1-042_restricted_pss_compliant_test.go index 92782bbc0..e8d08db58 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-042_restricted_pss_compliant_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-042_restricted_pss_compliant_test.go @@ -55,9 +55,9 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { AfterEach(func() { Expect(ns).ToNot(BeNil()) + defer fixture.DeleteNamespace(ns) fixture.OutputDebugOnFail(ns.Name) - fixture.DeleteNamespace(ns) }) It("verifies that all Argo CD components can run with pod-security enforce, warn, and audit of 'restricted'", func() { diff --git a/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go b/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go index 02bc26a10..4d4851f3f 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go @@ -32,6 +32,7 @@ import ( statefulsetFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/statefulset" fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -41,8 +42,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-066_validate_redis_secure_comm_no_autotls_no_ha", func() { var ( - k8sClient client.Client - ctx context.Context + k8sClient client.Client + ctx context.Context + ns *corev1.Namespace + cleanupFunc func() ) BeforeEach(func() { @@ -51,11 +54,15 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { ctx = context.Background() }) + AfterEach(func() { + defer cleanupFunc() + fixture.OutputDebugOnFail(ns) + }) + It("validates that Argo CD components correctly inherit 'argocd-operator-redis-tls' Secret once it is created", func() { By("creating simple namespace-scoped Argo CD instance") - ns, cleanupFunc := fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() - defer cleanupFunc() + ns, cleanupFunc = fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() expectComponentsAreRunning := func() { @@ -116,12 +123,15 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { ) Expect(err).ToNot(HaveOccurred()) - _, err = osFixture.ExecCommand("oc", "create", "secret", "tls", "argocd-operator-redis-tls", "--key="+redis_key_File.Name(), "--cert="+redis_crt_File.Name(), "-n", ns.Name) + By("creating argocd-operator-redis-tls secret from that cert") + + _, err = osFixture.ExecCommand("kubectl", "create", "secret", "tls", "argocd-operator-redis-tls", "--key="+redis_key_File.Name(), "--cert="+redis_crt_File.Name(), "-n", ns.Name) Expect(err).ToNot(HaveOccurred()) expectComponentsAreRunning() - _, err = osFixture.ExecCommand("oc", "annotate", "secret", "argocd-operator-redis-tls", "argocds.argoproj.io/name=argocd", "-n", ns.Name) + By("adding argo cd label to argocd-operator-redis-tls secret") + _, err = osFixture.ExecCommand("kubectl", "annotate", "secret", "argocd-operator-redis-tls", "argocds.argoproj.io/name=argocd", "-n", ns.Name) Expect(err).ToNot(HaveOccurred()) By("verifying that all the components restart successfully once we define the argocd-operator-redis-tls Secret") @@ -132,7 +142,14 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { By("expecting redis-server to have desired container process command/arguments") - Expect(redisDepl).To(deplFixture.HaveContainerCommandSubstring("redis-server --protected-mode no --save \"\" --appendonly no --requirepass "+"$(REDIS_PASSWORD)"+" --tls-port 6379 --port 0 --tls-cert-file /app/config/redis/tls/tls.crt --tls-key-file /app/config/redis/tls/tls.key --tls-auth-clients no", 0), + expectedString := "--save \"\" --appendonly no --requirepass " + "$(REDIS_PASSWORD)" + " --tls-port 6379 --port 0 --tls-cert-file /app/config/redis/tls/tls.crt --tls-key-file /app/config/redis/tls/tls.key --tls-auth-clients no" + + if !fixture.IsUpstreamOperatorTests() { + // Downstream operator adds these arguments + expectedString = "redis-server --protected-mode no " + expectedString + } + + Expect(redisDepl).To(deplFixture.HaveContainerCommandSubstring(expectedString, 0), "TLS .spec.template.spec.containers.args for argocd-redis deployment are wrong") repoServerDepl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "argocd-repo-server", Namespace: ns.Name}} diff --git a/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go b/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go index 0aaa1f79d..c0732dd49 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go @@ -32,6 +32,7 @@ import ( statefulsetFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/statefulset" fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -41,8 +42,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-067_validate_redis_secure_comm_no_autotls_ha", func() { var ( - k8sClient client.Client - ctx context.Context + k8sClient client.Client + ctx context.Context + ns *corev1.Namespace + cleanupFunc func() ) BeforeEach(func() { @@ -52,6 +55,11 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { ctx = context.Background() }) + AfterEach(func() { + defer cleanupFunc() + fixture.OutputDebugOnFail(ns) + }) + It("ensures that redis HA can be enabled with tls with generated certificate", func() { By("verifying we are running on a cluster with at least 3 nodes. This is required for Redis HA") nodeFixture.ExpectHasAtLeastXNodes(3) @@ -59,8 +67,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { // Note: Redis HA requires a cluster which contains multiple nodes By("creating simple namespace-scoped Argo CD instance") - ns, cleanupFunc := fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() - defer cleanupFunc() + ns, cleanupFunc = fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() argoCD := &argov1beta1api.ArgoCD{ ObjectMeta: metav1.ObjectMeta{Name: "argocd", Namespace: ns.Name}, @@ -140,19 +147,19 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { By("creating argocd-operator-redis-tls secret from that cert") - _, err = osFixture.ExecCommand("oc", "create", "secret", "tls", "argocd-operator-redis-tls", "--key="+redis_key_File.Name(), "--cert="+redis_crt_File.Name(), "-n", ns.Name) + _, err = osFixture.ExecCommand("kubectl", "create", "secret", "tls", "argocd-operator-redis-tls", "--key="+redis_key_File.Name(), "--cert="+redis_crt_File.Name(), "-n", ns.Name) Expect(err).ToNot(HaveOccurred()) expectComponentsAreRunning() By("adding argo cd label to argocd-operator-redis-tls secret") - _, err = osFixture.ExecCommand("oc", "annotate", "secret", "argocd-operator-redis-tls", "argocds.argoproj.io/name=argocd", "-n", ns.Name) + _, err = osFixture.ExecCommand("kubectl", "annotate", "secret", "argocd-operator-redis-tls", "argocds.argoproj.io/name=argocd", "-n", ns.Name) Expect(err).ToNot(HaveOccurred()) expectComponentsAreRunning() By("extracting the contents of /data/conf/redis.conf and checking it contains expected values") - redisConf, err := osFixture.ExecCommandWithOutputParam(false, "oc", "exec", "-i", "pod/argocd-redis-ha-server-0", "-n", ns.Name, "-c", "redis", "--", "cat", "/data/conf/redis.conf") + redisConf, err := osFixture.ExecCommandWithOutputParam(false, "kubectl", "exec", "-i", "pod/argocd-redis-ha-server-0", "-n", ns.Name, "-c", "redis", "--", "cat", "/data/conf/redis.conf") Expect(err).ToNot(HaveOccurred()) expectedRedisConfig := []string{ "port 0", @@ -168,7 +175,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } By("extracting the contents of /data/conf/sentinel.conf and checking it contains expected values") - sentinelConf, err := osFixture.ExecCommandWithOutputParam(false, "oc", "exec", "-i", "pod/argocd-redis-ha-server-0", "-n", ns.Name, "-c", "redis", "--", "cat", "/data/conf/sentinel.conf") + sentinelConf, err := osFixture.ExecCommandWithOutputParam(false, "kubectl", "exec", "-i", "pod/argocd-redis-ha-server-0", "-n", ns.Name, "-c", "redis", "--", "cat", "/data/conf/sentinel.conf") Expect(err).ToNot(HaveOccurred()) expectedSentinelConfig := []string{ "port 0", diff --git a/test/openshift/e2e/ginkgo/parallel/1-069_validate_redis_secure_comm_autotls_ha_test.go b/test/openshift/e2e/ginkgo/parallel/1-069_validate_redis_secure_comm_autotls_ha_test.go index e1ffc961a..7c8cce09c 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-069_validate_redis_secure_comm_autotls_ha_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-069_validate_redis_secure_comm_autotls_ha_test.go @@ -40,8 +40,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-069_validate_redis_secure_comm_autotls_ha", func() { var ( - k8sClient client.Client - ctx context.Context + k8sClient client.Client + ctx context.Context + ns *corev1.Namespace + cleanupFunc func() ) BeforeEach(func() { @@ -51,6 +53,11 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { ctx = context.Background() }) + AfterEach(func() { + defer cleanupFunc() + fixture.OutputDebugOnFail(ns) + }) + It("verifying when HA is enabled that Argo CD starts successfully in HA mode, and that AutoTLS can be enabled", func() { By("verifying we are running on a cluster with at least 3 nodes. This is required for Redis HA") @@ -59,8 +66,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { // Note: Redis HA requires a cluster which contains multiple nodes By("creating simple namespace-scoped Argo CD instance with HA enabled") - ns, cleanupFunc := fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() - defer cleanupFunc() + ns, cleanupFunc = fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() argoCD := &argov1beta1api.ArgoCD{ ObjectMeta: metav1.ObjectMeta{Name: "argocd", Namespace: ns.Name},