feat(cli): Add Plugin Support to the Argo CD CLI

[nitishfy]

Ref: #19624
Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

🔴 Preview Environment stopped on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔵 /bns:start to start the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[bunnyshell]

✅ Preview Environment created on Bunnyshell but will not be auto-deployed

See: Environment Details

Available commands (reply to this comment):

• 🚀 /bns:deploy to deploy the environment

[codecov]

Codecov Report

Attention: Patch coverage is 80.76923% with 25 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@e66068c). Learn more about missing BASE report.
Report is 14 commits behind head on master.

Files with missing lines	Patch %	Lines
cmd/argocd/commands/plugin.go	85.71%	12 Missing and 3 partials ⚠️
cmd/main.go	60.00%	9 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #20074   +/-   ##
=========================================
  Coverage          ?   59.07%           
=========================================
  Files             ?      338           
  Lines             ?    57159           
  Branches          ?        0           
=========================================
  Hits              ?    33768           
  Misses            ?    20579           
  Partials          ?     2812           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[leoluz]

Please consider adding a new documentation page explaining how to write plugins and how to install and consume them.

[nitishfy]

plugin_test.go is kept in separate package because keeping it in the util will create circular dependency.

Update: Resolved

[leoluz]

@nitishfy Great progress. I think this PR needs to be reviewed by someone from the security sig as I see some potential risks in the code. I added comments to the security issues that I identified at first but a more security driven review would be important in this case.
cc @jannfis @crenshaw-dev

[leoluz]

This may lead to security implications. For example: if someone has their PATH configured as PATH=.:/usr/bin, the first . makes the current directory available in the PATH which enables different types of exploits. Go 1.19+ will return ErrDot to notify us that the return value from LookPath() is a relative path. We shouldn't ignore this error. Instead, we should fail and return an error stating that the executable wasn't found. Also, we must state in the docs that the plugin executable must be in the path and should not be provided as relative path.

[nitishfy]

We are not using the cmd.Find() anymore.

[leoluz]

Please check my comments

[nitishfy]

PTAL.

[nitishfy]

Also, I think I'll have to restructure the entire tests for plugin_test.go once the change is accepted.

[leoluz]

Great progress. Tks @nitishfy!
There are a few more open items to be addressed in this PR before we merge.
Please take a look.

[blakepettersson]

I think you should probably revert the changes in go.mod in order for there not to be any conflicts with master.

[nitishfy]

this will lead to dependency issues, resulting in failure of CI checks.

[leoluz]

@nitishfy You probably need to run go mod tidy and push the changes.

[blakepettersson]

Can you run

git checkout origin/master -- go.mod

?

[blakepettersson]

I think this needs to be done again once you sync your hook with argocd/master and then pulling in the latest changes from your hook on the master branch.

[nitishfy]

Few suggestions needed and once done, I'll start with improving the comments and add the docs. Thanks!

[blakepettersson]

Added a few pointers which I think would be good to do before proceeding further.

[nitishfy]

@leoluz I'm personally in the opinion of searching for a plugin, starting with the longest prefix. Why would you want to follow another approach?

[blakepettersson]

I think there's a lot of room to simplify this further - there's also a bunch of test code existing which does not exercise a lot of the actual code (as well as there being a lot of test code which seems redundant?).

By abstracting away exec.LookPath and cmd.Run tests can be written which exercises the actual implementation of DefaultPluginHandler (just create custom functions for lookPath and run in your tests)

[blakepettersson]

Can you run

git checkout origin/master -- go.mod

?

[nitishfy]

@blakebarnett PTAL

[nitishfy]

@leoluz @blakepettersson I'd need your feedback on this PR. Having said that, there are a few things I'd like to mention:

1. We need to decide if we would like to follow the longest executable search performed or not.
2. I can see a lot of code optimization and few testcases can be added. I'm thinking if it would be okay to add them as some separate PR.
3. I'll start working on writing the docs as soon as I get confirmation about if we'd like to have longest executable search operation in code or not.

[blakepettersson]

I can see a lot of code optimization and few testcases can be added. I'm thinking if it would be okay to add them as some separate PR.

What kind of code optimizations and test cases can be done? Why can't they be done in this PR?

[blakepettersson]

I think this needs to be done again once you sync your hook with argocd/master and then pulling in the latest changes from your hook on the master branch.

[leoluz]

shouldn't this error be logged so users know why their plugins are not being registered?

[nitishfy]

we are not logging the error here because we try to search for another plugin name based on the longest prefix match. For eg. If a plugin argocd demo plugin is not found, the err will be non-nil and we then search for a plugin named argocd demo. This is getting done by ranging over the valid prefixes.

[leoluz]

If they don't have executable permissions

I don't see the executable validation logic as part of this function. Please just document the function specific behaviour and move this doc to where the validation is actually implemented.

[leoluz]

We should define how this error should be handled as part of this PR.