From 05b165bcc89988b3e2d54bd13524ea5350ad2279 Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Fri, 10 Sep 2021 11:13:10 +0200 Subject: [PATCH] Supports both basicAuth & Token Signed-off-by: Tom Chauveau --- docs/reference/argocd.md | 111 ++++++++++++-------------- stdlib/.dagger/env/argocd/values.yaml | 14 ++-- stdlib/argocd/argocd.cue | 62 ++++++++++---- stdlib/argocd/tests/argocd.cue | 12 +-- stdlib/universe.bats | 12 +-- 5 files changed, 120 insertions(+), 91 deletions(-) diff --git a/docs/reference/argocd.md b/docs/reference/argocd.md index 40241cf5..26230c96 100644 --- a/docs/reference/argocd.md +++ b/docs/reference/argocd.md @@ -16,28 +16,26 @@ Create an ArgoCD application ### argocd.#App Inputs -| Name | Type | Description | -| ------------- |:-------------: |:-------------: | -|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*config.server* | `string` |ArgoCD server | -|*config.project* | `*"default" \| string` |ArgoCD project | -|*config.username* | `string` |Username | -|*config.password* | `dagger.#Secret` |Password | -|*name* | `string` |App name | -|*repo* | `string` |Repository url (git or helm) | -|*path* | `string` |Folder to deploy | -|*server* | `*"https://kubernetes.default.svc" \| string` |Destination server | -|*namespace* | `*"default" \| string` |Destination namespace | -|*ctr.image.config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*ctr.image.config.server* | `string` |ArgoCD server | -|*ctr.image.config.project* | `*"default" \| string` |ArgoCD project | -|*ctr.image.config.username* | `string` |Username | -|*ctr.image.config.password* | `dagger.#Secret` |Password | -|*ctr.env.APP_NAME* | `string` |- | -|*ctr.env.APP_REPO* | `string` |- | -|*ctr.env.APP_PATH* | `string` |- | -|*ctr.env.APP_SERVER* | `*"https://kubernetes.default.svc" \| string` |- | -|*ctr.env.APP_NAMESPACE* | `*"default" \| string` |- | +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*config.server* | `string` |ArgoCD server | +|*config.project* | `*"default" \| string` |ArgoCD project | +|*config.token* | `dagger.#Secret` |ArgoCD authentication token | +|*name* | `string` |App name | +|*repo* | `string` |Repository url (git or helm) | +|*path* | `string` |Folder to deploy | +|*server* | `*"https://kubernetes.default.svc" \| string` |Destination server | +|*namespace* | `*"default" \| string` |Destination namespace | +|*ctr.image.config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*ctr.image.config.server* | `string` |ArgoCD server | +|*ctr.image.config.project* | `*"default" \| string` |ArgoCD project | +|*ctr.image.config.token* | `dagger.#Secret` |ArgoCD authentication token | +|*ctr.env.APP_NAME* | `string` |- | +|*ctr.env.APP_REPO* | `string` |- | +|*ctr.env.APP_PATH* | `string` |- | +|*ctr.env.APP_SERVER* | `*"https://kubernetes.default.svc" \| string` |- | +|*ctr.env.APP_NAMESPACE* | `*"default" \| string` |- | ### argocd.#App Outputs @@ -49,13 +47,12 @@ Re-usable CLI component ### argocd.#CLI Inputs -| Name | Type | Description | -| ------------- |:-------------: |:-------------: | -|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*config.server* | `string` |ArgoCD server | -|*config.project* | `*"default" \| string` |ArgoCD project | -|*config.username* | `string` |Username | -|*config.password* | `dagger.#Secret` |Password | +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*config.server* | `string` |ArgoCD server | +|*config.project* | `*"default" \| string` |ArgoCD project | +|*config.token* | `dagger.#Secret` |ArgoCD authentication token | ### argocd.#CLI Outputs @@ -67,13 +64,12 @@ ArgoCD configuration ### argocd.#Config Inputs -| Name | Type | Description | -| ------------- |:-------------: |:-------------: | -|*version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*server* | `string` |ArgoCD server | -|*project* | `*"default" \| string` |ArgoCD project | -|*username* | `string` |Username | -|*password* | `dagger.#Secret` |Password | +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*server* | `string` |ArgoCD server | +|*project* | `*"default" \| string` |ArgoCD project | +|*token* | `dagger.#Secret` |ArgoCD authentication token | ### argocd.#Config Outputs @@ -85,14 +81,13 @@ Get application's status ### argocd.#Status Inputs -| Name | Type | Description | -| ------------- |:-------------: |:-------------: | -|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*config.server* | `string` |ArgoCD server | -|*config.project* | `*"default" \| string` |ArgoCD project | -|*config.username* | `string` |Username | -|*config.password* | `dagger.#Secret` |Password | -|*name* | `string` |ArgoCD application | +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*config.server* | `string` |ArgoCD server | +|*config.project* | `*"default" \| string` |ArgoCD project | +|*config.token* | `dagger.#Secret` |ArgoCD authentication token | +|*name* | `string` |ArgoCD application | ### argocd.#Status Outputs @@ -111,21 +106,19 @@ Sync an application to its targer state ### argocd.#Sync Inputs -| Name | Type | Description | -| ------------- |:-------------: |:-------------: | -|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*config.server* | `string` |ArgoCD server | -|*config.project* | `*"default" \| string` |ArgoCD project | -|*config.username* | `string` |Username | -|*config.password* | `dagger.#Secret` |Password | -|*application* | `string` |ArgoCD application | -|*wait* | `*false \| bool` |Wait the application to sync correctly | -|*ctr.image.config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | -|*ctr.image.config.server* | `string` |ArgoCD server | -|*ctr.image.config.project* | `*"default" \| string` |ArgoCD project | -|*ctr.image.config.username* | `string` |Username | -|*ctr.image.config.password* | `dagger.#Secret` |Password | -|*ctr.env.APPLICATION* | `string` |- | +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*config.server* | `string` |ArgoCD server | +|*config.project* | `*"default" \| string` |ArgoCD project | +|*config.token* | `dagger.#Secret` |ArgoCD authentication token | +|*application* | `string` |ArgoCD application | +|*wait* | `*false \| bool` |Wait the application to sync correctly | +|*ctr.image.config.version* | `*"v2.0.5" \| string` |ArgoCD CLI binary version | +|*ctr.image.config.server* | `string` |ArgoCD server | +|*ctr.image.config.project* | `*"default" \| string` |ArgoCD project | +|*ctr.image.config.token* | `dagger.#Secret` |ArgoCD authentication token | +|*ctr.env.APPLICATION* | `string` |- | ### argocd.#Sync Outputs diff --git a/stdlib/.dagger/env/argocd/values.yaml b/stdlib/.dagger/env/argocd/values.yaml index 90edff9b..484b4e88 100644 --- a/stdlib/.dagger/env/argocd/values.yaml +++ b/stdlib/.dagger/env/argocd/values.yaml @@ -13,14 +13,14 @@ sops: - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuV3FTdWpWRjUxSS9hcVU4 - T094TC9GRkcxQThPMVI3NzVCb2d3Q2cvUFRvClVHT1J6OFRVY1ZTYWQ2eDZmWXN3 - N1VjdC9WNnlBNzRIdFVBN0E4Zm0xUzAKLS0tIEc2VFFSYmRqYUI5VDBDRGtTK2k1 - WG5JdHlKYUlnZnZlMVNIRjczSld5ek0KF0z0UqtoGcYFFeOyMwIDAY1pyKosaOii - IVqsMSYfj4+vz7mRd8HoXoSiSnuc7mLJek/izsdZtYUTfD/QnTC71Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZEhvaGFiVGVUcWZhcjVj + WmthWWRMMmFXSmRIbzNKUm9IMms0TUltcjBvClE4UHlwcHVGcjVJTHRhNUx1Lyt4 + UHZlTlBRRnhtMmMzcmFPUGlBTXlVMncKLS0tIFpkSXU1SDUvZTR4MVgxNWxKV3V3 + LzM4MENHSVZFNVJza3FhVGkyd0R4d3cKPI6V2o1BR8WVrsAdsuuKOW9Lw32c+KUh + WBHXbYucWjPeogNVIZK+/iJs4Pz92fQ1awdj0H47ro3d7I3QfZoeJQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-09-09T12:42:58Z" - mac: ENC[AES256_GCM,data:CMNfY3kBAbDOkyh1s3csD7uGToV/5TubN/0z3NaG0rVOeHzgPx//PUw7jfhBe3iTCe5m7z5jpGwbI9h6+GoANrsPX887/XYvC22JLQ7vqfOqJYOrYY9YbEJnYK+GXthQB7bqn5Yh2+yiNRVk9vHJkXyhqea9/ud32kiKhG2tE3o=,iv:eT3sjgmh4NF1sS+MSsOEZbgvAiWOwep72aM2fDenG0s=,tag:HcKVlnDpn6kQxFdlKSCALg==,type:str] + lastmodified: "2021-09-10T09:08:35Z" + mac: ENC[AES256_GCM,data:RhRtuEL1xqfJ8pvofq91JMKElZY4Pqvb3SY3IhVevotGBAR6UvmKBA6Nfi3VsvbjfAlbA8/Ip+ifHNhuv6iS1kcj+u5Y7E+6esMdXoXlPmry1Jpt8fWu+zeO2t2XiVGsSEw8nLhPyZfMsp0KBoec1I43NUIKQXoPMbUFMMy1rLQ=,iv:Q817XyIlU/0BgUc6tNVZ8f9cz83I/3FbF8wvqaWNtso=,tag:/Ui9/AAT4RnnwfrOw83xew==,type:str] pgp: [] encrypted_suffix: secret version: 3.7.1 diff --git a/stdlib/argocd/argocd.cue b/stdlib/argocd/argocd.cue index 75648379..348cdb57 100644 --- a/stdlib/argocd/argocd.cue +++ b/stdlib/argocd/argocd.cue @@ -18,11 +18,17 @@ import ( // ArgoCD project project: *"default" | dagger.#Input & {string} - // Username - username: dagger.#Input & {string} + // Basic authentification to login + basicAuth: { + // Username + username: dagger.#Input & {string} - // Password - password: dagger.#Input & {dagger.#Secret} + // Password + password: dagger.#Input & {dagger.#Secret} + } | *null + + // ArgoCD authentication token + token: dagger.#Input & {*null | dagger.#Secret} } // Re-usable CLI component @@ -49,17 +55,45 @@ import ( env: VERSION: config.version }, - // Login to ArgoCD server - op.#Exec & { - args: ["sh", "-c", #""" - argocd login "$ARGO_SERVER" --username "$ARGO_USERNAME" --password $(cat /run/secrets/password) --insecure - """#, - ] - env: { - ARGO_SERVER: config.server - ARGO_USERNAME: config.username + if config.basicAuth != null && config.token == null { + // Login to ArgoCD server + op.#Exec & { + args: ["sh", "-c", #""" + argocd login "$ARGO_SERVER" --username "$ARGO_USERNAME" --password $(cat /run/secrets/password) --insecure + """#, + ] + env: { + ARGO_SERVER: config.server + ARGO_USERNAME: config.basicAuth.username + } + mount: "/run/secrets/password": secret: config.basicAuth.password } - mount: "/run/secrets/password": secret: config.password }, + + if config.token != null && config.basicAuth == null { + // Write config file + op.#Exec & { + args: ["sh", "-c", + #""" + mkdir -p ~/.argocd && cat > ~/.argocd/config << EOF + contexts: + - name: "$SERVER" + server: "$SERVER" + user: "$SERVER" + current-context: "$SERVER" + servers: + - grpc-web-root-path: "" + server: "$SERVER" + users: + - auth-token: $(cat /run/secrets/token) + name: "$SERVER" + EOF + """#, + ] + mount: "/run/secrets/token": secret: config.token + env: SERVER: config.server + } + }, + ] } diff --git a/stdlib/argocd/tests/argocd.cue b/stdlib/argocd/tests/argocd.cue index dde89457..b172cd5f 100644 --- a/stdlib/argocd/tests/argocd.cue +++ b/stdlib/argocd/tests/argocd.cue @@ -6,10 +6,12 @@ import ( ) TestConfig: argocdConfig: #Config & { - version: dagger.#Input & {*"v2.0.5" | string} - server: dagger.#Input & {*"dagger-example-argocd-server.tld" | string} - username: dagger.#Input & {*"admin" | string} - password: dagger.#Input & {dagger.#Secret} + version: dagger.#Input & {*"v2.0.5" | string} + server: dagger.#Input & {*"dagger-example-argocd-server.tld" | string} + basicAuth: { + username: dagger.#Input & {*"admin" | string} + password: dagger.#Input & {dagger.#Secret} + } } TestClient: os.#Container & { @@ -19,7 +21,7 @@ TestClient: os.#Container & { command: #""" argocd account list | grep "$ARGOCD_USERNAME" """# - env: ARGOCD_USERNAME: TestConfig.argocdConfig.username + env: ARGOCD_USERNAME: TestConfig.argocdConfig.basicAuth.username } TestApp: #App & { diff --git a/stdlib/universe.bats b/stdlib/universe.bats index f7717afd..a05d40a0 100644 --- a/stdlib/universe.bats +++ b/stdlib/universe.bats @@ -223,15 +223,15 @@ setup() { dagger -e argocd-infra up # Forward port + # We need to kill subprocess to avoid infinity loop kubectl port-forward svc/argocd-server -n argocd 8080:443 >/dev/null 2>/dev/null & - sleep 3 + sleep 3 || (pkill kubectl && exit 1) # Run test - dagger -e argocd input secret TestConfig.argocdConfig.password "$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)" - dagger -e up - dagger -e argocd input unset TestConfig.argocdConfig.password + dagger -e argocd input secret TestConfig.argocdConfig.basicAuth.password "$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)" || (pkill kubectl && exit 1) + dagger -e argocd up || (pkill kubectl && exit 1) + dagger -e argocd input unset TestConfig.argocdConfig.basicAuth.password || (pkill kubectl && exit 1) # Kill Pid - pkill kubectl - + pgrep kubectl && pkill kubectl }