From 4bc4545ba9707eeef8a2ed4abca7941d6b2125bf Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 18 Sep 2025 15:42:59 +0200 Subject: [PATCH 1/2] Default TOKEN_NAMESPACE to openshift-operators This way it does not need to be passed explicitely by a user in the default case. What happens is the secret will be in that namespace and the patterns-operator will copy it over to the namespaced argo once it is in place. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index cbaddcfe2..a47fb477d 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,7 @@ endif # Set the secret name *and* its namespace when deploying from private repositories # The format of said secret is documented here: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories TOKEN_SECRET ?= -TOKEN_NAMESPACE ?= +TOKEN_NAMESPACE ?= openshift-operators ifeq ($(TOKEN_SECRET),) # SSH agents are not created for public repos (repos with no secret token) by the patterns operator so we convert to HTTPS From b1663adc4fa24cb4774daffbb5048a69e3e1ce62 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 18 Sep 2025 20:18:49 +0200 Subject: [PATCH 2/2] Disable validate_origin if a token_secret is set No point in having the user set DISABLE_VALIDATE_ORIGIN=true when they also pass a TOKEN_SECRET, just skip the validation entirely in that case. --- Makefile | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index a47fb477d..64dd0811c 100644 --- a/Makefile +++ b/Makefile @@ -4,14 +4,6 @@ ifneq ($(origin TARGET_SITE), undefined) TARGET_SITE_OPT=--set main.clusterGroupName=$(TARGET_SITE) endif -# Set this to true if you want to skip any origin validation -DISABLE_VALIDATE_ORIGIN ?= false -ifeq ($(DISABLE_VALIDATE_ORIGIN),true) - VALIDATE_ORIGIN := -else - VALIDATE_ORIGIN := validate-origin -endif - # This variable can be set in order to pass additional helm arguments from the # the command line. I.e. we can set things without having to tweak values files EXTRA_HELM_OPTS ?= @@ -48,6 +40,18 @@ endif TOKEN_SECRET ?= TOKEN_NAMESPACE ?= openshift-operators +# Set this to true if you want to skip any origin validation +# if TOKEN_SECRET is set to something then we skip the validation as well +DISABLE_VALIDATE_ORIGIN ?= false +ifeq ($(DISABLE_VALIDATE_ORIGIN),true) + VALIDATE_ORIGIN := +else ifneq ($(TOKEN_SECRET),) + VALIDATE_ORIGIN := +else + VALIDATE_ORIGIN := validate-origin +endif + + ifeq ($(TOKEN_SECRET),) # SSH agents are not created for public repos (repos with no secret token) by the patterns operator so we convert to HTTPS TARGET_REPO := $(shell echo "$(TARGET_REPO_RAW)" | sed 's/^git@\(.*\):\(.*\)/https:\/\/\1\/\2/')