added "codefresh-gitops-runtime.argocd-token-auth"

simplified event-terpoter/sources-server/gitops-operator argo-cd auth secret name/key injection

Author: ATGardner

charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl

@@ -1,4 +1,5 @@
 {{- define "cf-argocd-extras.default-values" }}
+  {{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-token-auth" . | fromYaml) }}
 global: {}
 
 externalRedis:
@@ -84,8 +85,7 @@ eventReporter:
             name: argocd-cmd-params-cm
             key: server.rootpath
             optional: true
-      ARGO_CD_TOKEN_SECRET_NAME: argocd-token
-      ARGO_CD_TOKEN_SECRET_KEY: token
+{{ $argoCdAuth | toYaml | indent 6 }}
       BINARY_NAME: event-reporter
       CODEFRESH_SSL_CERT_PATH: ""
       CODEFRESH_TLS_INSECURE:
@@ -392,8 +392,7 @@ sourcesServer:
           configMapKeyRef:
             name: sources-server-cmd-params-cm
             key: argocd.server
-      ARGO_CD_TOKEN_SECRET_NAME: argocd-token
-      ARGO_CD_TOKEN_SECRET_KEY: token
+{{ $argoCdAuth | toYaml | indent 6}}
       ARGOCD_SERVER_ROOTPATH:
         valueFrom:
           configMapKeyRef:

charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml

@@ -15,19 +15,6 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }}
-{{- if (eq $argoCdAuth.type "token") }}
-  {{- if $argoCdAuth.token }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- else if $argoCdAuth.tokenSecretKeyRef }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
-  {{- else }}
-    {{ fail ".Values.global.integrations.argo-cd.auth.type is 'token' and .Values.global.integrations.argo-cd.auth.token or .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef are not set" }}
-  {{- end }}
-{{- end }}
-
 {{- if and (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
   {{- $_ := set $context.Values.container.env "ARGOCD_SERVER_ROOTPATH" (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
 {{- end }}

charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml

@@ -15,19 +15,6 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }}
-{{- if (eq $argoCdAuth.type "token") }}
-  {{- if $argoCdAuth.token }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- else if $argoCdAuth.tokenSecretKeyRef }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
-  {{- else }}
-    {{ fail ".Values.global.integrations.argo-cd.auth.type is 'token' and .Values.global.integrations.argo-cd.auth.token or .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef are not set" }}
-  {{- end }}
-{{- end }}
-
 {{- if and (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
   {{- $_ := set $context.Values.container.env "ARGOCD_SERVER_ROOTPATH" (index $context.Values "global" "external-argo-cd" "server" "rootpath") }}
 {{- end }}

charts/gitops-runtime/templates/_components/gitops-operator/_deployment.yaml

@@ -3,8 +3,9 @@
 {{/* Merge environment variables from calculated, defaults and overwrites */}}
 {{- $defaults := (include "gitops-operator.resources.environment-variables.defaults" . | fromYaml) }}
 {{- $calculated := (include "gitops-operator.resources.environment-variables.calculated" . | fromYaml) }}
+{{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-token-auth" . | fromYaml) }}
 {{- $overrides := .Values.env }}
-{{- $mergedValues := mergeOverwrite $defaults $calculated $overrides }}
+{{- $mergedValues := mergeOverwrite $defaults $calculated $argoCdAuth $overrides }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml

@@ -8,28 +8,28 @@ to keep the separation of components as pseudo library charts, they are defined
 CF_CA_CERT: {{ printf "/app/config/codefresh-tls/%s" .Values.global.codefresh.tls.caCerts.secretKeyRef.key  }}
   {{- end }}
 CF_URL: {{ .Values.global.codefresh.url }}
+COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }}
 GITOPS_OPERATOR_VERSION: {{ .Values.image.tag }}
+  {{- if (gt (int .Values.replicaCount) 1 ) }}
+LEADER_ELECT: true
+  {{- else }}
+LEADER_ELECT: false
+  {{- end }}
+MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }}
+PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }}
 RUNTIME: {{ .Values.global.runtime.name }}
 TASK_POLLING_INTERVAL: {{ .Values.config.taskPollingInterval }}
-COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }}
 WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }}
-MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }}
-PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }}
 {{- end }}
 
 {{- define "gitops-operator.resources.environment-variables.defaults" -}}
 AP_URL: http://cap-app-proxy:3017
-ARGO_CD_URL: argo-cd-server:80
-ARGO_CD_TOKEN_SECRET_NAME: argocd-token
-ARGO_CD_TOKEN_SECRET_KEY: token
-ARGO_WF_URL: http://argo-server:2746
 CF_TOKEN:
   valueFrom:
     secretKeyRef:
       name: codefresh-token
       key: token
 HEALTH_PROBE_BIND_ADDRESS: :8081
-LEADER_ELECT: true
 METRICS_BIND_ADDRESS: :8080
 METRICS_SECURE: false
 NAMESPACE:

charts/gitops-runtime/templates/_helpers.tpl

@@ -263,11 +263,32 @@ ARGO_CD_TOKEN:
       {{- if and (hasKey $argoCdAuth.tokenSecretKeyRef "name") (hasKey $argoCdAuth.tokenSecretKeyRef "key") }}
         {{- $argoCdAuth.tokenSecretKeyRef | toYaml | nindent 6 }}
       {{- else }}
-        {{- fail "Both 'name' and 'key' must be set in .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef" }}
+        {{- fail "Both 'name' and 'key' must be set in .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef" }}
       {{- end }}
     {{- end }}
   {{- else }}
-    {{ fail (printf "Invalid value for .Values.global.integrations.argo-cd.auth.type: %s. Allowed values are: [password token]" $argoCdAuth.type) }}
+    {{ fail (printf "Invalid value for .Values.global.integrations.argo-cd.server.auth.type: %s. Allowed values are: [password token]" $argoCdAuth.type) }}
+  {{- end }}
+{{- end }}
+
+{{/*
+Used by gitops-operator, event-reporter and sources-server to use the correct secret name/key for argo-cd token
+*/}}
+{{- define "codefresh-gitops-runtime.argocd-token-auth" }}
+  {{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }}
+  {{- if (eq $argoCdAuth.type "password") }}
+ARGO_CD_TOKEN_SECRET_NAME: argocd-token
+ARGO_CD_TOKEN_SECRET_KEY: token
+  {{- else if (eq $argoCdAuth.type "token") }}
+    {{- if $argoCdAuth.token }}
+ARGO_CD_TOKEN_SECRET_NAME: gitops-runtime-argo-cd-token
+ARGO_CD_TOKEN_SECRET_KEY: token
+    {{- else if $argoCdAuth.tokenSecretKeyRef }}
+ARGO_CD_TOKEN_SECRET_NAME: {{ required ".Values.global.integrations.argo-cd.server.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name }}
+ARGO_CD_TOKEN_SECRET_KEY: {{ required ".Values.global.integrations.argo-cd.server.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key }}
+    {{- end }}
+  {{- else }}
+    {{ fail (printf "Invalid value for .Values.global.integrations.argo-cd.server.auth.type: %s. Allowed values are: [password token]" $argoCdAuth.type) }}
   {{- end }}
 {{- end }}
 

charts/gitops-runtime/templates/gitops-operator/deployment.yaml

@@ -6,19 +6,6 @@
 {{- $_ := set $context "Values" $vals }}
 {{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }}
 
-{{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }}
-{{- if (eq $argoCdAuth.type "token") }}
-  {{- if $argoCdAuth.token }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- else if $argoCdAuth.tokenSecretKeyRef }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
-  {{- else }}
-    {{ fail ".Values.global.integrations.argo-cd.auth.type is 'token' and .Values.global.integrations.argo-cd.auth.token or .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef are not set" }}
-  {{- end }}
-{{- end }}
-
 {{/* Set argo-cd-server service and port */}}
 {{ if not (index $context.Values "env" "ARGO_CD_URL") }}
 {{- $_ := set $context.Values.env "ARGO_CD_URL" (include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . ) }}
@@ -38,10 +25,4 @@
   {{- $_ := set $context.Values.global.codefresh.tls.caCerts.secretKeyRef "key" ($context.Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" $context.Values.global.codefresh.tls.caCerts.secret.key) $context.Values.global.codefresh.tls.caCerts.secretKeyRef.key) }}
 {{- end }}
 
-{{- if and (gt (int $context.Values.replicaCount) 1 ) }}
-  {{- $_ := set $context.Values.env "LEADER_ELECT" "true" }}
-{{- else }}
-  {{- $_ := set $context.Values.env "LEADER_ELECT" "false" }}
-{{- end }}
-
 {{- include "gitops-operator.resources.deployment" $context }}

charts/gitops-runtime/tests/external_argocd_test.yaml

@@ -715,7 +715,7 @@ tests:
                 type: invalid
     asserts:
       - failedTemplate:
-          errorMessage: "Invalid value for .Values.global.integrations.argo-cd.auth.type: invalid. Allowed values are: [password token]"
+          errorMessage: "Invalid value for .Values.global.integrations.argo-cd.server.auth.type: invalid. Allowed values are: [password token]"
 
   - it: event-reporter StatefulSet should have valid ARGOCD_SERVER_ROOTPATH env var
     template: cf-argocd-extras/event-reporter/statefulset.yaml
@@ -858,7 +858,7 @@ tests:
                   key: null
     asserts:
       - failedTemplate:
-          errorMessage: ".Values.global.integrations.argo-cd.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.auth.tokenSecretKeyRef.name is required"
+          errorMessage: ".Values.global.integrations.argo-cd.server.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef.name is required"
 
   - it: should require ArgoCd server address if it's not provided
     template: cf-argocd-extras/sources-server/deployment.yaml