From 66e2f985e418a6a1e66430ab065761f2f8ba8ac3 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 17 Nov 2022 13:19:45 -0800 Subject: [PATCH] add certificate to argocd cm Signed-off-by: Noam Gal --- cmd/commands/repo.go | 33 +++++++++++++++++++++++++++++---- pkg/git/provider.go | 2 +- pkg/git/repository.go | 4 ++-- 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/cmd/commands/repo.go b/cmd/commands/repo.go index 0ce7f10c..ebb6815f 100644 --- a/cmd/commands/repo.go +++ b/cmd/commands/repo.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + "net/url" "os" "path/filepath" "strings" @@ -235,7 +236,7 @@ func RunRepoBootstrap(ctx context.Context, opts *RepoBootstrapOptions) error { log.G(ctx).Infof("using revision: \"%s\", installation path: \"%s\"", opts.CloneOptions.Revision(), opts.CloneOptions.Path()) err = validateRepo(repofs, opts.Recover) - if err != nil{ + if err != nil { return err } @@ -624,7 +625,7 @@ func buildBootstrapManifests(namespace, appSpecifier string, cloneOpts *git.Clon return nil, err } - k, err := createBootstrapKustomization(namespace, cloneOpts.URL(), appSpecifier) + k, err := createBootstrapKustomization(namespace, appSpecifier, cloneOpts) if err != nil { return nil, err } @@ -691,8 +692,8 @@ func writeManifestsToRepo(repoFS fs.FS, manifests *bootstrapManifests, installat return fsutils.BulkWrite(repoFS, bulkWrites...) } -func createBootstrapKustomization(namespace, repoURL, appSpecifier string) (*kusttypes.Kustomization, error) { - credsYAML, err := createCreds(repoURL) +func createBootstrapKustomization(namespace, appSpecifier string, cloneOpts *git.CloneOptions) (*kusttypes.Kustomization, error) { + credsYAML, err := createCreds(cloneOpts.URL()) if err != nil { return nil, err } @@ -721,6 +722,30 @@ func createBootstrapKustomization(namespace, repoURL, appSpecifier string) (*kus Namespace: namespace, } + cert, err := cloneOpts.Auth.GetCertificate() + if err != nil { + return nil, err + } + + if cert != nil { + u, err := url.Parse(cloneOpts.URL()) + if err != nil { + return nil, err + } + + k.ConfigMapGenerator = append(k.ConfigMapGenerator, kusttypes.ConfigMapArgs{ + GeneratorArgs: kusttypes.GeneratorArgs{ + Name: "argocd-tls-certs-cm", + Behavior: kusttypes.BehaviorMerge.String(), + KvPairSources: kusttypes.KvPairSources{ + LiteralSources: []string{ + u.Host + "=" + string(cert), + }, + }, + }, + }) + } + k.FixKustomizationPostUnmarshalling() errs := k.EnforceFields() if len(errs) > 0 { diff --git a/pkg/git/provider.go b/pkg/git/provider.go index 1ebeed73..d75d2cd7 100644 --- a/pkg/git/provider.go +++ b/pkg/git/provider.go @@ -129,7 +129,7 @@ func getRootCas(certFile string) (*x509.CertPool, error) { return rootCAs, nil } -func (a *Auth) getCertificate() ([]byte, error) { +func (a *Auth) GetCertificate() ([]byte, error) { if a.CertFile == "" { return nil, nil } diff --git a/pkg/git/repository.go b/pkg/git/repository.go index ae76ae7e..e4b1e691 100644 --- a/pkg/git/repository.go +++ b/pkg/git/repository.go @@ -275,7 +275,7 @@ func (r *repo) Persist(ctx context.Context, opts *PushOptions) (string, error) { progress = r.progress } - cert, err := r.auth.getCertificate() + cert, err := r.auth.GetCertificate() if err != nil { return "", fmt.Errorf("failed reading git certificate file: %w", err) } @@ -411,7 +411,7 @@ var clone = func(ctx context.Context, opts *CloneOptions) (*repo, error) { progress = os.Stderr } - cert, err := opts.Auth.getCertificate() + cert, err := opts.Auth.GetCertificate() if err != nil { return nil, fmt.Errorf("failed reading git certificate file: %w", err) }