add certificate to argocd cm

Signed-off-by: Noam Gal <[email protected]>
argoproj-labs · Nov 18, 2022 · 652b142 · 652b142
1 parent a668e8a
commit 652b142
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 7 deletions.
diff --git a/cmd/commands/repo.go b/cmd/commands/repo.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -235,7 +236,7 @@ func RunRepoBootstrap(ctx context.Context, opts *RepoBootstrapOptions) error {
 
 	log.G(ctx).Infof("using revision: \"%s\", installation path: \"%s\"", opts.CloneOptions.Revision(), opts.CloneOptions.Path())
 	err = validateRepo(repofs, opts.Recover)
-	if err != nil{
+	if err != nil {
 		return err
 	}
 
@@ -624,7 +625,7 @@ func buildBootstrapManifests(namespace, appSpecifier string, cloneOpts *git.Clon
 		return nil, err
 	}
 
-	k, err := createBootstrapKustomization(namespace, cloneOpts.URL(), appSpecifier)
+	k, err := createBootstrapKustomization(namespace, appSpecifier, cloneOpts)
 	if err != nil {
 		return nil, err
 	}
@@ -691,8 +692,8 @@ func writeManifestsToRepo(repoFS fs.FS, manifests *bootstrapManifests, installat
 	return fsutils.BulkWrite(repoFS, bulkWrites...)
 }
 
-func createBootstrapKustomization(namespace, repoURL, appSpecifier string) (*kusttypes.Kustomization, error) {
-	credsYAML, err := createCreds(repoURL)
+func createBootstrapKustomization(namespace, appSpecifier string, cloneOpts *git.CloneOptions) (*kusttypes.Kustomization, error) {
+	credsYAML, err := createCreds(cloneOpts.URL())
 	if err != nil {
 		return nil, err
 	}
@@ -721,6 +722,30 @@ func createBootstrapKustomization(namespace, repoURL, appSpecifier string) (*kus
 		Namespace: namespace,
 	}
 
+	cert, err := cloneOpts.Auth.GetCertificate()
+	if err != nil {
+		return nil, err
+	}
+
+	if cert != nil {
+		u, err := url.Parse(cloneOpts.URL())
+		if err != nil {
+			return nil, err
+		}
+
+		k.ConfigMapGenerator = append(k.ConfigMapGenerator, kusttypes.ConfigMapArgs{
+			GeneratorArgs: kusttypes.GeneratorArgs{
+				Name: "argocd-tls-certs-cm",
+				Behavior: kusttypes.BehaviorMerge.String(),
+				KvPairSources: kusttypes.KvPairSources{
+					LiteralSources: []string{
+						u.Host + "=" + string(cert),
+					},
+				},
+			},
+		})
+	}
+
 	k.FixKustomizationPostUnmarshalling()
 	errs := k.EnforceFields()
 	if len(errs) > 0 {

diff --git a/pkg/git/provider.go b/pkg/git/provider.go
@@ -129,7 +129,7 @@ func getRootCas(certFile string) (*x509.CertPool, error) {
 	return rootCAs, nil
 }
 
-func (a *Auth) getCertificate() ([]byte, error) {
+func (a *Auth) GetCertificate() ([]byte, error) {
 	if a.CertFile == "" {
 		return nil, nil
 	}

diff --git a/pkg/git/repository.go b/pkg/git/repository.go
@@ -275,7 +275,7 @@ func (r *repo) Persist(ctx context.Context, opts *PushOptions) (string, error) {
 		progress = r.progress
 	}
 
-	cert, err := r.auth.getCertificate()
+	cert, err := r.auth.GetCertificate()
 	if err != nil {
 		return "", fmt.Errorf("failed reading git certificate file: %w", err)
 	}
@@ -411,7 +411,7 @@ var clone = func(ctx context.Context, opts *CloneOptions) (*repo, error) {
 		progress = os.Stderr
 	}
 
-	cert, err := opts.Auth.getCertificate()
+	cert, err := opts.Auth.GetCertificate()
 	if err != nil {
 		return nil, fmt.Errorf("failed reading git certificate file: %w", err)
 	}