feat: add resource argocd_repository_certificate (#185)

* feat: add resource argocd_certificate (ssh)

* feat: https certificate + explicit ssh/https first-level resource property

* RetryContext around repository creation in case of we just created a repository certificate

* feat: add feature check for RepositoryCertificates

* docs: argocd_certificate

* test: more argocd_certificate

* fix: remove argocd_certificate import since it cannot be updated

* fix: guard against already existing https cert

* rename resource argocd_certificate to argocd_repository_certificate

* fix: race-condition in resourceArgoCDRepositoryCertificates existing check

Author: MrLuje

argocd/features.go

@@ -8,6 +8,7 @@ import (
 	"github.com/Masterminds/semver"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/certificate"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/project"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/repocreds"
@@ -25,6 +26,7 @@ const (
 	featureTokenIDs
 	featureProjectScopedClusters
 	featureClusterMetadata
+	featureRepositoryCertificates
 )
 
 var (
@@ -35,12 +37,14 @@ var (
 		featureTokenIDs:                    semver.MustParse("1.5.3"),
 		featureProjectScopedClusters:       semver.MustParse("2.2.0"),
 		featureClusterMetadata:             semver.MustParse("2.2.0"),
+		featureRepositoryCertificates:      semver.MustParse("1.2.0"),
 	}
 )
 
 type ServerInterface struct {
 	ApiClient            *apiclient.Client
 	ApplicationClient    *application.ApplicationServiceClient
+	CertificateClient    *certificate.CertificateServiceClient
 	ClusterClient        *cluster.ClusterServiceClient
 	ProjectClient        *project.ProjectServiceClient
 	RepositoryClient     *repository.RepositoryServiceClient
@@ -79,6 +83,14 @@ func (p *ServerInterface) initClients() error {
 		p.ClusterClient = &clusterClient
 	}
 
+	if p.CertificateClient == nil {
+		_, certClient, err := (*p.ApiClient).NewCertClient()
+		if err != nil {
+			return err
+		}
+		p.CertificateClient = &certClient
+	}
+
 	if p.ApplicationClient == nil {
 		_, applicationClient, err := (*p.ApiClient).NewApplicationClient()
 		if err != nil {

argocd/provider.go

@@ -156,6 +156,7 @@ func Provider() *schema.Provider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"argocd_application":            resourceArgoCDApplication(),
+			"argocd_repository_certificate": resourceArgoCDRepositoryCertificates(),
 			"argocd_cluster":                resourceArgoCDCluster(),
 			"argocd_project":                resourceArgoCDProject(),
 			"argocd_project_token":          resourceArgoCDProjectToken(),

argocd/resource_argocd_repository.go

@@ -3,11 +3,13 @@ package argocd
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/repository"
 	application "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -40,46 +42,44 @@ func resourceArgoCDRepositoryCreate(ctx context.Context, d *schema.ResourceData,
 	c := *server.RepositoryClient
 	repo := expandRepository(d)
 
-	tokenMutexConfiguration.Lock()
-	r, err := c.CreateRepository(
-		ctx,
-		&repository.RepoCreateRequest{
-			Repo:   repo,
-			Upsert: false,
-		},
-	)
-	tokenMutexConfiguration.Unlock()
-
-	if err != nil {
-		return []diag.Diagnostic{
-			{
-				Severity: diag.Error,
-				Summary:  fmt.Sprintf("Repository %s not found", repo.Repo),
-				Detail:   err.Error(),
+	err := resource.RetryContext(ctx, d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
+		tokenMutexConfiguration.Lock()
+		r, err := c.CreateRepository(
+			ctx,
+			&repository.RepoCreateRequest{
+				Repo:   repo,
+				Upsert: false,
 			},
+		)
+		tokenMutexConfiguration.Unlock()
+
+		if err != nil {
+			// TODO: better way to detect ssh handshake failing ?
+			if matched, _ := regexp.MatchString("ssh: handshake failed: knownhosts: key is unknown", err.Error()); matched {
+				return resource.RetryableError(fmt.Errorf("Hanshake failed for repository %s, retrying in case a repository certificate has been set recently", repo.Repo))
+			}
+			return resource.NonRetryableError(fmt.Errorf("Repository %s not found: %s", repo.Repo, err))
 		}
-	}
-	if r == nil {
-		return []diag.Diagnostic{
-			{
-				Severity: diag.Error,
-				Summary:  fmt.Sprintf("ArgoCD did not return an error or a repository result"),
-			},
+		if r == nil {
+			return resource.NonRetryableError(fmt.Errorf("ArgoCD did not return an error or a repository result: %s", err))
 		}
-	}
-	if r.ConnectionState.Status == application.ConnectionStatusFailed {
+		if r.ConnectionState.Status == application.ConnectionStatusFailed {
+			return resource.NonRetryableError(fmt.Errorf("could not connect to repository %s: %s", repo.Repo, r.ConnectionState.Message))
+		}
+		d.SetId(r.Repo)
+		return nil
+	})
+
+	if err != nil {
 		return []diag.Diagnostic{
 			{
 				Severity: diag.Error,
-				Summary: fmt.Sprintf(
-					"could not connect to repository %s: %s",
-					repo.Repo,
-					r.ConnectionState.Message,
-				),
+				Summary:  fmt.Sprintf("Error while creating repository %s", repo.Name),
+				Detail:   err.Error(),
 			},
 		}
 	}
-	d.SetId(r.Repo)
+
 	return resourceArgoCDRepositoryRead(ctx, d, meta)
 }